10.1184/R1/6572048.v1
Roger Dannenberg
Roger
Dannenberg
Will Dormann
Will
Dormann
David Keaton
David
Keaton
Thomas Plum
Thomas
Plum
Robert Seacord
Robert
Seacord
David Svoboda
David
Svoboda
Alex Volkovitsky
Alex
Volkovitsky
Timothy Wilson
Timothy
Wilson
As-If Infinitely Ranged Integer Model, Second Edition
Carnegie Mellon University
2010
software engineering
technical report
2010-04-01 00:00:00
Report
https://kilthub.cmu.edu/articles/report/As-If_Infinitely_Ranged_Integer_Model_Second_Edition/6572048
Integers represent a growing and underestimated source of vulnerabilities in C and C++ programs. This report presents the as-if infinitely ranged (AIR) integer model that provides a largely automated mechanism for eliminating integer overflow and truncation and other integral exceptional conditions. The AIR integer model either produces a value equivalent to that obtained using infinitely ranged integers or results in a runtime-constraint violation. Instrumented fuzz testing of libraries that have been compiled using a prototype AIR integer compiler has been effective in discovering vulnerabilities in software with low false positive and false negative rates. Furthermore, the runtime overhead of the AIR integer model is low enough for typical applications to enable it in deployed systems for additional runtime protection.