Abstract
Many compilers target common back-ends, thereby avoiding the need to implement the same analyses for many different source languages. This has led to interest in static analysis of LLVM code. In LLVM (and similar languages) most signedness information associated with variables has been compiled away. Current analyses of LLVM code tend to assume that either all values are signed or all are unsigned (except where the code specifies the signedness). We show how program analysis can simultaneously consider each bit-string to be both signed and unsigned, thus improving precision, and we implement the idea for the specific case of integer bounds analysis. Experimental evaluation shows that this provides higher precision at little extra cost. Our approach turns out to be beneficial even when all signedness information is available, such as when analysing C or Java code.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Dietz, W., Li, P., Regehr, J., Adve, V.: Understanding integer overflow in C/C++. In: Proc. 34th Int. Conf. Software Eng., pp. 760–770. IEEE (2012)
Falke, S., Kapur, D., Sinz, C.: Termination Analysis of Imperative Programs Using Bitvector Arithmetic. In: Joshi, R., Müller, P., Podelski, A. (eds.) VSTTE 2012. LNCS, vol. 7152, pp. 261–277. Springer, Heidelberg (2012)
Gotlieb, A., Leconte, M., Marre, B.: Constraint solving on modular integers. In: Proc. Ninth Int. Workshop Constraint Modelling and Reformulation (2010)
Miné, A.: The octagon abstract domain. Higher-Order and Symbolic Computation 19(1), 31–100 (2006)
Nielson, F., Riis Nielson, H., Hankin, C.: Principles of Program Analysis. Springer (1999)
Regehr, J., Duongsaa, U.: Deriving abstract transfer functions for analyzing embedded software. In: LCTES 2006: Proc. Conf. Language, Compilers, and Tool Support for Embedded Systems, pp. 34–43. ACM Press (2006)
Sen, R., Srikant, Y.N.: Executable analysis using abstract interpretation with circular linear progressions. In: Proc. Fifth IEEE/ACM Int. Conf. Formal Methods and Models for Codesign, pp. 39–48. IEEE (2007)
Simon, A., King, A.: Taming the Wrapping of Integer Arithmetic. In: Riis Nielson, H., Filé, G. (eds.) SAS 2007. LNCS, vol. 4634, pp. 121–136. Springer, Heidelberg (2007)
do Couto Teixera, D., Pereira, F.M.Q.: The design and implementation of a non-iterative range analysis algorithms on a production compiler. In: Proc. 2011 Brasilian Symp. Programming Languages (2011)
Warren Jr., H.S.: Hacker’s Delight. Addison Wesley (2003)
Zhang, C., Wang, T., Wei, T., Chen, Y., Zou, W.: IntPatch: Automatically Fix Integer-Overflow-to-Buffer-Overflow Vulnerability at Compile-Time. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 71–86. Springer, Heidelberg (2010)
Zhang, C., Zou, W., Wang, T., Chen, Y., Wei, T.: Using type analysis in compiler to mitigate integer-overflow-to-buffer-overflow threat. Journal of Computer Security 19(6), 1083–1107 (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Navas, J.A., Schachte, P., Søndergaard, H., Stuckey, P.J. (2012). Signedness-Agnostic Program Analysis: Precise Integer Bounds for Low-Level Code. In: Jhala, R., Igarashi, A. (eds) Programming Languages and Systems. APLAS 2012. Lecture Notes in Computer Science, vol 7705. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35182-2_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-35182-2_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-35181-5
Online ISBN: 978-3-642-35182-2
eBook Packages: Computer ScienceComputer Science (R0)