A Static Defect Checker for Interprocedural Array Bound
Array bound is a concealed security defect. It generally cannot be found in the compiling progress, so it is extremely easy to cause a system crash. In this paper, we describe a static array bound checker, which concentrates on the defect of interprocedural array bound. This method is achieved by using the technology of static analysis, interval arithmetic and procedure summary, so it can detect the faults before the progress running. We finally give an experiment to verify the effectiveness and the high precision of this method. The method has been applied to practical projects.
Helen Zhang and David Jin
H. H. Chen et al., "A Static Defect Checker for Interprocedural Array Bound", Applied Mechanics and Materials, Vols. 63-64, pp. 808-813, 2011