Re: Compiler detection of buffer overflows

prener <prener@watson.ibm.com>
18 Aug 2001 00:45:04 -0400

          From comp.compilers

Related articles
Compiler detection of buffer overflows bje@air.net.au (Ben Elliston) (2001-08-08)
Re: Compiler detection of buffer overflows derek@knosof.co.uk (2001-08-15)
Re: Compiler detection of buffer overflows daw@mozart.cs.berkeley.edu (2001-08-15)
Re: Compiler detection of buffer overflows prener@watson.ibm.com (prener) (2001-08-18)
| List of all articles for this month |

From: prener <prener@watson.ibm.com>
Newsgroups: comp.compilers
Date: 18 Aug 2001 00:45:04 -0400
Organization: IBM T.J. Watson Research Center, Yorktown Heights, New York
References: 01-08-048
Keywords: debug
Posted-Date: 18 Aug 2001 00:45:04 EDT

Ben Elliston <bje@air.net.au> writes:


> I am seeking references to work in the area of static and/or dynamic
> detection and prevention of buffer overflows. Can anyone provide
> references (preferrably journal articles, as I am already conducting
> a search on the Web) to such work? Thanks,


There are two articles in


                Proceedings of the SIGPLAN '82 Symposium on Compiler
                Construction (SIGPLAN Notices v. 17, No. 6, June 1982)


which say a little about this. One is


                M. Auslander and M Hopkins, An Overview of the PL.8 Compiler
                (p. 22 in the above)


and the other is


                V. Markstein, J. Cocke, and P. Markstein, Optimization of
                Range Checking (p. 114 in the above)


While both talk primarily about subscript range checking, it is,
nonetheless, the case that the pl.8 compiler produced safe code. That
is, stores into any object (e.g., array, struct, area) were guaranteed
not to fall outside the object. This was helped partly by the
definition of the pl.8 language, which did not include unconstrained
pointers, and partly by the optimization techniques which subjected
such checks to all the general optimizations, as well as some specific
ones described in the second reference above. With the language and
compiler described in these papers, all buffer overflows were
detected.
--
                                                                      Dan Prener (prener@watson.ibm.com)


Post a followup to this message

Return to the comp.compilers page.
Search the comp.compilers archives again.