DID YOU KNOW? DTIC has over 3.5 million final reports on DoD funded research, development, test, and evaluation activities available to our registered users. Click
HERE to register or log in.
Accession Number:
AD1085458
Title:
Automated Code Repair (ACR) to Ensure Memory Safety
Descriptive Note:
Technical Report
Corporate Author:
Carnegie Mellon University Software Engineering Institute Pittsburgh United States
Report Date:
2019-01-29
Pagination or Media Count:
21.0
Abstract:
Automated Code Repair ACR for Memory Safety Problem Software vulnerabilities constitute a major threat to DoD. Memory violations are among the most common and most severe types of vulnerabilities. Static analysis helps find bugs, but the volume of alerts is often overwhelming. Huge amount of code is in use by DoD, with unknown number of security vulnerabilities. Solution Repair code to enable proof of mem safety. Approach Transform source code to an intermediate representation IR. Try to prove that each memory access is within bounds spatial memory safety and not to a deallocated region temporal memory safety. If unable to prove, repair code so that proof succeeds. Map the transformed IR back to source code.
Distribution Statement:
APPROVED FOR PUBLIC RELEASE
