Secure Coding Tools and Advancements Publications

• The documents in this collection describe tools useful to Secure Coding developed or advanced by the SEI:

  • Clang Thread Safety Analysis, a tool that uses annotations to enforce thread safety policies in C and C++ programs
  • how the DidFail tool was enhanced to improve its effectiveness
  • the Pointer Ownership Model, which can statically identify classes of errors involving dynamic memory in C/C++ programs
  • the as-if infinitely ranged (AIR) integer model, a mechanism for eliminating integral exceptional conditions

• C/C++ Thread Safety Analysis October 2014 Author(s): DeLesley Hutchins (Google, Inc.), Aaron Ballman, Dean F. Sutherland In this paper, the authors describe Clang Thread Safety Analysis, a tool that uses annotations to enforce thread safety policies in C and C++ programs.
• Making DidFail Succeed: Enhancing the CERT Static Taint Analyzer for Android App Sets March 2015 Author(s): Jonathan Burket, Lori Flynn, Will Klieber, Jonathan Lim, Wei Shen, William Snavely In this report, the authors describe how the DidFail tool was enhanced to improve its effectiveness.
• Pointer Ownership Model June 2013 Author(s): David Svoboda In this paper, David Svoboda describes the Pointer Ownership Model, which can statically identify classes of errors involving dynamic memory in C/C++ programs.
• As-If Infinitely Ranged Integer Model, Second Edition April 2010 Author(s): Roger Dannenberg (School of Computer Science, Carnegie Mellon University), Will Dormann, David Keaton, Thomas Plum (Plum Hall, Inc.), Robert C. Seacord, David Svoboda, Alex Volkovitsky, Timothy Wilson In this report, the authors present the as-if infinitely ranged (AIR) integer model, a mechanism for eliminating integral exceptional conditions.