Value-Range Analysis of C Programs

Towards Proving the Absence of Buffer Overflow Vulnerabilities

  • Editors
  • Axel Simon

Table of contents

  1. Front Matter
    Pages i-xxii
    1. Pages 1-21
    2. Pages 23-43
  2. Abstracting Soundly

    1. Front Matter
      Pages 46-46
    2. Pages 47-70
    3. Pages 111-124
  3. Ensuring Efficiency

    1. Front Matter
      Pages 126-126
    2. Pages 127-146
    3. Pages 147-163
    4. Pages 165-183
  4. Improving Precision

    1. Front Matter
      Pages 196-196
    2. Pages 197-215
    3. Pages 217-233
    4. Pages 259-276
    5. Pages 277-279
  5. Back Matter
    Pages 281-300

About this book


The use of static analysis techniques to prove the partial correctness of C code has recently attracted much attention due to the high cost of software errors - particularly with respect to security vulnerabilities. However, research into new analysis techniques is often hampered by the technical difficulties of analysing accesses through pointers, pointer arithmetic, coercion between types, integer wrap-around and other low-level behaviour. Axel Simon provides a concise, yet formal description of a value-range analysis that soundly approximates the semantics of C programs using systems of linear inequalities (polyhedra).

The analysis is formally specified down to the bit-level while providing a precise approximation of all low-level aspects of C using polyhedral operations and, as such, it provides a basis for implementing new analyses that are aimed at verifying higher-level program properties precisely. One example of such an analysis is the tracking of the NUL position in C string buffers, which is shown as an extension to the basic analysis and which thereby demonstrates the modularity of the approach.

While the book focuses on a sound analysis of C, it will be useful to any researcher and student with an interest in static analysis of real-world programming languages. In fact, many concepts presented here carry over to other languages such as Java or assembler, to other applications such as taint analysis, array and shape analysis and possibly even to other approaches such as run-time verification and test data generation.


C programming language D programming language Rack Turing Variable abstract interpretation algorithm algorithms buffer overflow vulnerabilities polyhedral analysis programming programming language semantics static analysis value-range analysis

Bibliographic information

  • DOI
  • Copyright Information Springer-Verlag London 2008
  • Publisher Name Springer, London
  • eBook Packages Computer Science
  • Print ISBN 978-1-84800-016-2
  • Online ISBN 978-1-84800-017-9
  • Buy this book on publisher's site
Industry Sectors
Finance, Business & Banking
IT & Software
Consumer Packaged Goods
Oil, Gas & Geosciences