DID YOU KNOW? DTIC has over 3.5 million final reports on DoD funded research, development, test, and evaluation activities available to our registered users. Click
HERE to register or log in.
Accession Number:
AD1085458
Title:
Automated Code Repair (ACR) to Ensure Memory Safety
Corporate Author:
Carnegie Mellon University Software Engineering Institute Pittsburgh United States
Report Date:
2019-01-29
Abstract:
Automated Code Repair ACR for Memory Safety Problem Software vulnerabilities constitute a major threat to DoD. Memory violations are among the most common and most severe types of vulnerabilities. Static analysis helps find bugs, but the volume of alerts is often overwhelming. Huge amount of code is in use by DoD, with unknown number of security vulnerabilities. Solution Repair code to enable proof of mem safety. Approach Transform source code to an intermediate representation IR. Try to prove that each memory access is within bounds spatial memory safety and not to a deallocated region temporal memory safety. If unable to prove, repair code so that proof succeeds. Map the transformed IR back to source code.
Descriptive Note:
Technical Report
Pages:
0021
Distribution Statement:
Approved For Public Release;
Contract Number:
FA8702-15-D-0002
File Size:
0.89MB
