Error detection/correction and fault detection/recovery – Data processing system error or fault handling – Reliability and availability
Reexamination Certificate
2004-10-07
2009-11-24
Yigdall, Michael J. (Department: 2192)
Error detection/correction and fault detection/recovery
Data processing system error or fault handling
Reliability and availability
C717S124000, C726S022000, C726S025000
Reexamination Certificate
active
07624304
ABSTRACT:
Various techniques can be used to detect programming defects relating to the use of integers. A data structure can be created to represent ordering relationships in software instructions. Such ordering relationships can represent common unsound programmer assumptions. After annotating the data structure, unvalidated ordering relationships can be identified. Validation can use both explicit and implicit techniques. Filtering can be used to focus on only significant integer expressions, such as those used in buffer operations. For example, buffer accesses that attempt out-of-bounds buffer accesses due to integer overflow can be detected.
REFERENCES:
patent: 5175856 (1992-12-01), Van Dyke et al.
patent: 5193180 (1993-03-01), Hastings
patent: 5535329 (1996-07-01), Hastings
patent: 5581695 (1996-12-01), Knoke et al.
patent: 5581696 (1996-12-01), Kolawa et al.
patent: 6292934 (2001-09-01), Davidson et al.
patent: 6314558 (2001-11-01), Angel et al.
patent: 6460178 (2002-10-01), Chan et al.
patent: 6470493 (2002-10-01), Smith et al.
patent: 6662356 (2003-12-01), Edwards et al.
patent: 6802056 (2004-10-01), Chaiken et al.
patent: 7284274 (2007-10-01), Walls et al.
patent: 2003/0204836 (2003-10-01), Srivastava et al.
patent: 2004/0117771 (2004-06-01), Vankatapathy
Wagner et al., “A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities”, 2000, NDSS, pp. 1-15.
David A. Wagner, “Static Analysis and Computer Security: New Techniques for Software Assurance”, 2000, U. of California at Berkeley, pp. 1-114.
Shankar et al., “Detecting Format String Vulnerabilities with Type Qualifiers”, May 11, 2001, University of Califonia at Berkeley, pp. 1-16.
Larochelle et al., “Statically Detecting Likely Buffer Overflow Vulnerabilities”, Aug. 13, 2001, USENIX, pp. 1-14.
Belli et al., “Logic Representation of Programs to Detect Arithmetic Anomalies”, 2000, pp. 216-223.
Sarkar et al., “Flow-insensitive Static Analysis for Detecting Integer Anomalies in Programs”, Apr. 2006, Microsoft Research, pp. 1-14.
Ganapathy et al., “Buffer Overrun Detection using Linear Programming and Static Analysis”, CCS'03 Oct. 27, 2003, Washington, DC, USA, ACM, pp. 345-354.
BoundsChecker, http://www.compuware.com/products/devpartner/bounds/, 2 pages, viewed Nov. 13, 2002.
Bush et al, “A static analyzer for finding dynamic programming errors,”Software: Practice and Experience, pp. 775-802, 2000.
Dor et al., “Cleanness Checking of String Manipulations in C Programs via Integer Analysis,”Proc. 8thInt 'l Static Analysis Symposium, 19 pages, Jun. 2001.
Dor et al., “CSSV: Towards a Realistic Tool for Statically Detecting All Buffer Overflows in C,”PLDI'03, San Diego, California, pp. 155-167, Jun. 9-11, 2003.
Edwards, “Black-Box Testing Using Flowgraphs: An Experimental Assessment of Effectiveness and Automation Potential,”Software Testing, Verification and Reliability, vol. 10, No. 4, 13 pages, Dec. 2000.
Evans et al., “Improving Security Using Extensible Lightweight Static Analysis,”IEEE Software, pp. 42-51, Jan./Feb. 2002.
Evans et al., “LCLint: A Tool for Using Specifications to Check Code,”SIGSOFT Symposium on the Foundations of Software Engineering, 10 pages, Dec. 1994.
Evans et al., “Splint Manual, Version 3.1.1-1,”Secure Programming Group, University of Virginia Department of Computer Science, 121 pages, Jun. 5, 2003.
U.S. Appl. No. 09/712,063, filed Nov. 14, 2000, Wang et al.
U.S. Appl. No. 10/608,985, filed Jun. 26, 2003, Srivastava et al.
U.S. Appl. No. 10/638,116, filed Aug. 8, 2003, Srivastava et al.
U.S. Appl. No. 10/679,254, filed Oct. 2, 2003, Das et al.
U.S. Appl. No. 10/788,948, filed Feb. 27, 2004, Venkatapathy et al.
Evans, “Static Detection of Dynamic Memory Errors,”SIGPLAN Conf. on Programming Language&Design Implementation, Philadelphia, 10 pages, May 1996.
Evans, “Using Specifications to Check Source Code,”TR-628, MIT Lab for Computer Science, 97 pages, Jun. 1994.
Foster et al., “A Theory of Type Qualifiers,”Proc. ACM SIGPLAN '99 Conf. on Programming Language and Design Implementation(PLDI), Atlanta, Georgia, 12 pages, May 1999.
Guyer et al., “An Annotation Language for Optimizing Software Libraries,”Proc. Second Conf. on Domain Specific Languages, Austin, Texas, 14 pages, Oct. 1999.
Horning, “The Larch Shared Language: Some Open Problems,”Compass/ADT Workshop, Oslo, Norway, 16 pages, Sep. 1995.
Khurshid et al., “An Analyzable Annotation Language,”OOPSLA '02, Seattle, Washington, 15 pages, Nov. 2002.
Kramer, “Examples of Design by Contract in Java Using Contract, the Design by Contract™ Tool for Java™,”Object World Berlin '99, Design&Components, 26 pages, May 17-20, 1999.
Larochelle et al., “Statistically Detecting Likely Buffer Overflow Vulnerabilities,”2001 USENIX Security Symposium, Washington D.C., 5 pages, Aug. 2001.
Leavens et al., “Enhancing the Pre- and Postcondition Technique for More Expressive Specifications,”Proc. World Congress on Formal Methods in the Development of Computing Systems, Toulouse, France, 21 pages, Sep. 1999.
Leavens et al., “Preliminary Design of JML,”Technical Report 98-06v, Iowa State University Department of Computer Science, 94 pages, Jun. 1998-2003, revised May 2003.
Leino, “Checking correctness properties of object-oriented programs,”Internet, http://research.microsoft.com/leino/papers/1, 49 pages, Aug. 19, 2002.
Microsoft Corp., “Scalable Program Analysis,”Internet, http://research.microsoft.com/spa/, 3 pages, downloaded on Sep. 5, 2003.
Rational® Purify® for Windows, http://www.rational.com/products/purify—nt/index.jsp, 3 pages, viewed Nov. 13, 2002.
Srivastava et al., “Vulcan Binary transformation in a distributed environment” Technical Report, pp. 1-12, Apr. 2001.
Srivastava et al., “Effectively Prioritizing Tests in Development Environment,” International Symposium on Software Testing and Analysis, 11 pages, Jul. 2002.
Tech-FAQ “What is an Integer?” screenshots, 3 pages, http://www.tech-faq.com/computers/integer-overflow.html, website visited on Sep. 23, 2004.
Wahls et al., “The Direct Execution of SPECS-C++: A Model-Based Specification Language for C++ Classes,”Technical Report TR94-02b, Iowa State University Department of Computer Science, 52 pages, Nov. 18, 1994.
Wang et al., BMAT—A Binary Matching Tool for Stale Profile Propagation, Journal of Instruction—Level Parallelism 2, pp. 1-20, Apr. 2000.
Thiagarajan Jayaraman
Venkatapathy Ramanathan
Klarquist & Sparkman, LLP
Microsoft Corporation
Wang Ben C
Yigdall Michael J.
LandOfFree
Defect detection for integers does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Defect detection for integers, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Defect detection for integers will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4059265