Browse > Article

Eliminating Redundant Alarms of Buffer Overflow Analysis Using Context Refinements  

Kim, You-Il (서울대학교 컴퓨터공학과)
Han, Hwan-Soo (성균관대학교 정보통신공학부)
Publication Information
Journal of KIISE:Software and Applications / v.37, no.12, 2010 , pp. 942-945 More about this Journal
Abstract
In order to reduce the efforts to inspect the reported alarms from a static buffer overflow analyzer, we present an effective method to filter out redundant alarms. In the static analysis, a sequence of multiple alarms are frequently found due to the same cause in the code. In such a case, it is sufficient and reasonable for programmers to examine the first alarm instead of the entire alarms in the same sequence. Based on this observation, we devise a buffer overflow analysis that filters out redundant alarms with our context refinement technique. Our experiment with several open source programs shows that our method reduces the reported alarms by 23% on average.
Keywords
Context Refinement; Redundant Alarm; Buffer Overflow; Program Analysis;
Citations & Related Records
연도 인용수 순위
  • Reference
1 A. Venet, G. P. Brat, Precise and efficient static array bound checking for large embedded C programs, PLDI, 2004.
2 Y. Jung, J Kim, J Shin, K. Yi, Taming false alarms from a domain-unaware C analyzer by a bayesian statistical post analysis, SAS, 2005
3 Y. Kim, J Jeon, H. Han, Development of costeffective buffer overrun analyzer, KIISE SIGPL Transactions on Programming Languages, vol.19, no.2, pp.1 -9, 2005.
4 SLOCCount, http://www.dwheeler.com/sloccount/.
5 Y. Kim, J Lee, H. Han, K.-M. Choe, Filtering false alarms of buffer overflow analysis using SMT solvers, Information and Software Technology, vol.52, no.2, pp.210-219, 2010.   DOI   ScienceOn
6 P. Cousot, R. Cousot, Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints, POPL, 1977
7 P. Cousot, R. Cousot. Systematic Design of Program Analysis Frameworks, POPL, 1979.
8 S. Kim, M. D. Emst, Which Warnings Should I Fix First?, FSE, 2007
9 G. C. Necula, S. McPeak, S. P. Rahul, W. Weimer, CIL: Intermediate language and tools for analysis and transformation of C programs, CC, 2002.
10 S. Lu, Z. Li, F. Qin, L. Tan, P. Zhou, Y. Zhou, Bugbench: Benchmarks for evaluating bug detection tools, Workshop on the Evaluation of Software Defect Detection Tools, 2005.
11 B. Steensgaard, Points-to analysis in almost linear time, POPL, 1996
12 T. Kremenek, D. R. Engler, Z-ranking: Using statistical analysis to counter the impact of static analysis approximations, SAS, 2003.
13 Y. Xie, A. Chou, D. R. Engler, Archer: using symbolic, path-sensitive analysis to detect memory access errors, ESEC/FSE, 2003.
14 N. Dor, M. Rodeh, S. Sagiv, CSSV: towards a realistic tool for statically detecting all buffer overflows in C, PLDI, 2003.
15 W. Le, M. L. Soffa, Marple: A Demand-Driven Path-Sensitive Buffer Overflow Detector, FSE, 2008.