Transcription of Understanding Integer Overflow in C/C++
{{id}} {{{paragraph}}}
Appeared inProceedings of the 34th International Conference on Software Engineering (ICSE), Zurich, Switzerland, June Integer Overflow in C/C++ Will Dietz, Peng Li, John Regehr, and Vikram Adve Department of Computer ScienceUniversity of Illinois at School of ComputingUniversity of Integer overflow bugs in C and C++ programsare difficult to track down and may lead to fatal errors orexploitable vulnerabilities. Although a number of tools forfinding these bugs exist, the situation is complicated becausenot all overflows are bugs. Better tools need to be constructed but a thorough Understanding of the issues behind these errorsdoes not yet exist. We developed IOC, a dynamic checking toolfor Integer overflows, and used it to conduct the first detailedempirical study of the prevalence and patterns of occurrenceof Integer overflows in C and C++ code. Our results show thatintentional uses of wraparound behaviors are more commonthan is widely believed; for example, there are over 200distinct locations in the SPEC CINT2000 benchmarks whereoverflow occurs.
construct] it is legal for it to make demons fly out of your nose.” Our experience is that many developers fail to appreciate the full consequences of this. The rest of this section examines these consequences. 1) Silent Breakage: A C or C++ compiler may exploit undefined behavior in optimizations that silently break a program.
Domain:
Source:
Link to this page:
Please notify us if you found a problem with this document:
{{id}} {{{paragraph}}}