Computer Software
Print ISSN : 0289-6540
A Quantitative Evaluation of Integer Boundary Values for Detecting Undefined Behaviors on Integer Overflow
Tomoya MORIKAWAYoshitaka ARAHORIKatsuhiko GONDOW
Author information
JOURNAL FREE ACCESS

2014 Volume 31 Issue 1 Pages 1_103-1_109

Details
Abstract

Integer overflows causing an undefined behavior (called time bombs) are a source of serious vulnerabilities. To effectively detect the time bombs in a lightweight way, this paper proposes a method using 6 fixed integer values (called integer boundary values), and provides a quantitative evaluation by applying it to 19 open source programs. The result shows that the integer boundary values detected 36.7% more time bombs on average than the existing random method. The result also shows that the comparison/bitwise operations amount to 61.3% of undefined behaviors in integer operations, while there is no significant difference between the detection rate of time bombs by the integer boundary values for the comparison/bitwise operations and the others.

Content from these authors
© 2014 Japan Society for Software Science and Technology
Previous article Next article
feedback
Top