Targeted Automatic Integer Overflow Discovery Using Goal-Directed Conditional Branch Enforcement

Abstract

We present a new technique and system, DIODE, for auto- matically generating inputs that trigger overflows at memory allocation sites. DIODE is designed to identify relevant sanity checks that inputs must satisfy to trigger overflows at target memory allocation sites, then generate inputs that satisfy these sanity checks to successfully trigger the overflow. DIODE works with off-the-shelf, production x86 binaries. Our results show that, for our benchmark set of applications, and for every target memory allocation site exercised by our seed inputs (which the applications process correctly with no overflows), either 1) DIODE is able to generate an input that triggers an overflow at that site or 2) there is no input that would trigger an overflow for the observed target expression at that site.

Document Details

Document Type
Pub Defense Publication
Publication Date
Mar 14, 2015
Source ID
10.1145/2786763.2694389

Entities

People

  • Deokhwan Kim
  • Eric Lahtinen
  • Fan Long
  • Martin Rinard
  • Nathan Rittenhouse
  • Paolo Piselli
  • Stelios Sidiroglou-douskos

Organizations

  • Defense Advanced Research Projects Agency
  • Massachusetts Institute of Technology

Tags

Fields of Study

  • Computer science

Readers

  • Applied Combinatorial Optimization and Logic Circuit Design.
  • Artificial Intelligence
  • Optical Physics and Photonics.