Sign In

Communications of the ACM

ACM TechNews

Better Debugger

View as: Print Mobile App Share:
Massachusetts Institute of Technology researchers have developed a new algorithm for identifying integer-overflow bugs.

Integer overflows occur when a computer tries to store too large a number in the memory space reserved for it. The leading digits are discarded much as they are when a car odometer turns over.

Credit: Jose-Luis Olivares/MIT

Massachusetts Institute of Technology (MIT) researchers last week at ACM's International Conference on Architecture Support for Programming Languages and Operating Systems in Istanbul, Turkey, presented a new algorithm for identifying integer-overflow bugs.

The researchers tested the algorithm on five common open source programs and found three known bugs, as well as 11 new ones.

The system, called Directed Integer Overflow Detection (DIODE), starts by feeding the algorithm a single input. As that input is processed, DIODE records each of the operations performed on it by adding new terms to the "symbolic expression."

"This 32-bit integer has been built up of all these complicated bit-level operations that the lower-level parts of your system do to take this out of your input file and construct those integers for you," says MIT professor Martin Rinard.

When the program reaches a point at which an integer is involved in a potentially dangerous operation, DIODE records the current state of the symbolic expression. Although the initial test will not trigger an overflow, DIODE can analyze the symbolic expression to calculate an input that will.

"DIODE provides an effective mechanism for finding dangerous integer overflows that affect memory allocation sites, the source of many critical security vulnerabilities," says Imperial College London senior lecturer Cristian Cadar.

From MIT News
View Full Article


Abstracts Copyright © 2015 Information Inc., Bethesda, Maryland, USA


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account