The Community for Technology Leaders
Proceedings of the 2013 IEEE/ACM International Symposium on Code Generation and Optimization (CGO) (2013)
Shenzhen, China China
Feb. 23, 2013 to Feb. 27, 2013
ISBN: 978-1-4673-5524-7
pp: 1-11
R. E. Rodrigues , Dept. of Comput. Sci., Fed. Univ. of Minas Gerais (UFMG), Belo Horizonte, Brazil
Victor Hugo Sperle Campos , Dept. of Comput. Sci., Fed. Univ. of Minas Gerais (UFMG), Belo Horizonte, Brazil
Fernando Magno Quintao Pereira , Dept. of Comput. Sci., Fed. Univ. of Minas Gerais (UFMG), Belo Horizonte, Brazil
ABSTRACT
The integer primitive type has upper and lower bounds in many programming languages, including C, and Java. These limits might lead programs that manipulate large integer numbers to produce unexpected results due to overflows. There exists a plethora of works that instrument programs to track the occurrence of these overflows. In this paper we present an algorithm that uses static range analysis to avoid this instrumentation whenever possible. Our range analysis contains novel techniques, such as a notion of “future” bounds to handle comparisons between variables. We have used this algorithm to avoid some checks created by a dynamic instrumentation library that we have implemented in LLVM. This framework has been used to detect overflows in hundreds of C/C++ programs. As a testimony of its effectiveness, our range analysis has been able to avoid 25% of all the overflow checks necessary to secure the C programs in the LLVM test suite. This optimization has reduced the runtime overhead of instrumentation by 50%.
INDEX TERMS
Instruments, Algorithm design and analysis, Computer languages, Lattices, Abstracts, Runtime, Heuristic algorithms,Range analysis, Integer Overflow, Compiler
CITATION
R. E. Rodrigues, Victor Hugo Sperle Campos, Fernando Magno Quintao Pereira, "A fast and low-overhead technique to secure programs against integer overflows", Proceedings of the 2013 IEEE/ACM International Symposium on Code Generation and Optimization (CGO), vol. 00, no. , pp. 1-11, 2013, doi:10.1109/CGO.2013.6494996
188 ms
(Ver 3.3 (11022016))