Re: Compiler detection of buffer overflows

Ben Elliston <bje@air.net.au> writes:


> I am seeking references to work in the area of static and/or dynamic
> detection and prevention of buffer overflows. Can anyone provide
> references (preferrably journal articles, as I am already conducting
> a search on the Web) to such work? Thanks,


There are two articles in


                Proceedings of the SIGPLAN '82 Symposium on Compiler
                Construction (SIGPLAN Notices v. 17, No. 6, June 1982)


which say a little about this. One is


                M. Auslander and M Hopkins, An Overview of the PL.8 Compiler
                (p. 22 in the above)


and the other is


                V. Markstein, J. Cocke, and P. Markstein, Optimization of
                Range Checking (p. 114 in the above)


While both talk primarily about subscript range checking, it is,
nonetheless, the case that the pl.8 compiler produced safe code. That
is, stores into any object (e.g., array, struct, area) were guaranteed
not to fall outside the object. This was helped partly by the
definition of the pl.8 language, which did not include unconstrained
pointers, and partly by the optimization techniques which subjected
such checks to all the general optimizations, as well as some specific
ones described in the second reference above. With the language and
compiler described in these papers, all buffer overflows were
detected.
--
                                                                      Dan Prener (prener@watson.ibm.com)

Return to the comp.compilers page.
Search the comp.compilers archives again.