Journal of Beijing University of Posts and Telecommunications

  • EI核心期刊

JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM ›› 2008, Vol. 31 ›› Issue (6): 90-93.doi: 10.13190/jbupt.200806.90.193

• Reports • Previous Articles     Next Articles

An Integer Overflow Detection Method Based on Integer Variable Unification

XU Guo-ai1, ZHANG Miao1, CHEN Ai-guo1, LI Zhong-xian2   

  1. (1. National Engineering Laboratory for Disaster Backup and Recovery, Beijing University of Posts and Telecommunications, Beijing 100876, China; 2. National Cybernet Security Limited, Tianjin 300052, China)
  • Received:2008-05-04 Revised:2008-09-11 Online:2008-12-31 Published:2008-12-31
  • Contact: XU Guo-ai

Abstract:

Through analyzing the principium of integer overflow, an integer overflow detection method on software source code is proposed which is based on integer variable unification. We presented the integer variable unification method and defined three unified actions which were used in three given cases. Then the detection process was described, it simplified integer overflow flaw into mathematic inequalities, and removed the influence of context to the objective variable. Finally, instances were provided to demonstrate the effectiveness and practicability of the presented method.

Key words: integer overflow, static analysis, control flow analysis, information security

CLC Number: