File Download
There are no files associated with this item.
SFX Link
- Find it @ UNIST can give you direct access to the published full text of this article. (UNISTARs only)
- Yi, Jooyong
- Programming Languages and Software Engineering Lab.
Views & Downloads
Detailed Information
Cited time in 
Cited time in 
Cited time in
Metadata Downloads
Full metadata record
| DC Field | Value | Language |
|---|---|---|
| dc.citation.endPage | 219 | - |
| dc.citation.number | 2 | - |
| dc.citation.startPage | 210 | - |
| dc.citation.title | INFORMATION AND SOFTWARE TECHNOLOGY | - |
| dc.citation.volume | 52 | - |
| dc.contributor.author | Kim, Youil | - |
| dc.contributor.author | Lee, Jooyong | - |
| dc.contributor.author | Han, Hwansoo | - |
| dc.contributor.author | Choe, Kwang-Moo | - |
| dc.date.accessioned | 2023-12-22T07:12:59Z | - |
| dc.date.available | 2023-12-22T07:12:59Z | - |
| dc.date.created | 2019-02-25 | - |
| dc.date.issued | 2010-02 | - |
| dc.description.abstract | Buffer overflow detection using static analysis can provide a powerful tool for software programmers to find difficult bugs in C programs. Sound static analysis based on abstract interpretation, however, often suffers from false alarm problem. Although more precise abstraction can reduce the number of the false alarms in general, the cost to perform such analysis is often too high to be practical for large software. On the other hand, less precise abstraction is likely to be scalable in exchange for the increased false alarms. In order to attain both precision and scalability, we present a method that first applies less precise abstraction to find buffer overflow alarms fast, and selectively applies a more precise analysis only to the limited areas of code around the potential false alarms. In an attempt to develop the precise analysis of alarm filtering for large C programs, we perform a symbolic execution over the potential alarms found in the previous analysis, which is based on the abstract interpretation. Taking advantage of a state-of-art SMT solver, our precise analysis efficiently filters out a substantial number of false alarms. Our experiment with the test cases from three open source programs shows that our filtering method can reduce about 68% of false alarms on average. (C) 2009 Elsevier B.V. All rights reserved. | - |
| dc.identifier.bibliographicCitation | INFORMATION AND SOFTWARE TECHNOLOGY, v.52, no.2, pp.210 - 219 | - |
| dc.identifier.doi | 10.1016/j.infsof.2009.10.004 | - |
| dc.identifier.issn | 0950-5849 | - |
| dc.identifier.scopusid | 2-s2.0-70450223307 | - |
| dc.identifier.uri | https://scholarworks.unist.ac.kr/handle/201301/26215 | - |
| dc.identifier.url | https://www.sciencedirect.com/science/article/pii/S095058490900175X?via%3Dihub | - |
| dc.identifier.wosid | 000273372400007 | - |
| dc.language | 영어 | - |
| dc.publisher | ELSEVIER SCIENCE BV | - |
| dc.title | Filtering false alarms of buffer overflow analysis using SMT solvers | - |
| dc.type | Article | - |
| dc.description.isOpenAccess | FALSE | - |
| dc.relation.journalWebOfScienceCategory | Computer Science, Information Systems; Computer Science, Software Engineering | - |
| dc.relation.journalResearchArea | Computer Science | - |
| dc.type.docType | Article | - |
| dc.description.journalRegisteredClass | scie | - |
| dc.description.journalRegisteredClass | scopus | - |
| dc.subject.keywordAuthor | Buffer overflow | - |
| dc.subject.keywordAuthor | Program analysis | - |
| dc.subject.keywordAuthor | False alarm | - |
| dc.subject.keywordAuthor | SMT solver | - |
Items in Repository are protected by copyright, with all rights reserved, unless otherwise indicated.