Secure Coding Tools and Advancements Publications
The documents in this collection describe tools useful to secure coding developed or advanced by the SEI.
Abstract
The documents in this collection describe tools useful to Secure Coding developed or advanced by the SEI:
- Clang Thread Safety Analysis, a tool that uses annotations to enforce thread safety policies in C and C++ programs
- how the DidFail tool was enhanced to improve its effectiveness
- the Pointer Ownership Model, which can statically identify classes of errors involving dynamic memory in C/C++ programs
- the as-if infinitely ranged (AIR) integer model, a mechanism for eliminating integral exceptional conditions
Collection Contents
-
C/C++ Thread Safety Analysis
October 15, 2014 • Article
By DeLesley Hutchins (Google, Inc.), Aaron Ballman, Dean F. Sutherland
In this paper, the authors describe Clang Thread Safety Analysis, a tool that uses annotations to enforce thread safety policies in C and C++ programs.
read -
Making DidFail Succeed: Enhancing the CERT Static Taint Analyzer for Android App Sets
March 4, 2015 • Technical Report
By Jonathan Burket, Lori Flynn, Will Klieber, Jonathan Lim, Wei Shen, William Snavely
In this report, the authors describe how the DidFail tool was enhanced to improve its effectiveness.
read -
Pointer Ownership Model
June 10, 2013 • White Paper
By David Svoboda
In this paper, David Svoboda describes the Pointer Ownership Model, which can statically identify classes of errors involving dynamic memory in C/C++ programs.
read -
As-If Infinitely Ranged Integer Model, Second Edition
April 1, 2010 • Technical Note
By Roger Dannenberg (School of Computer Science, Carnegie Mellon University), Will Dormann, David Keaton, Thomas Plum (Plum Hall, Inc.), Robert C. Seacord, David Svoboda, Alex Volkovitsky, Timothy Wilson
In this report, the authors present the as-if infinitely ranged (AIR) integer model, a mechanism for eliminating integral exceptional conditions.
read