As-If Infinitely Ranged Integer Model, Second Edition

April 2010 • Technical Note

Roger Dannenberg (School of Computer Science, Carnegie Mellon University), Will Dormann, David Keaton, Thomas Plum (Plum Hall, Inc.), Robert C. Seacord, David Svoboda, Alex Volkovitsky, Timothy Wilson

In this report, the authors present the as-if infinitely ranged (AIR) integer model, a mechanism for eliminating integral exceptional conditions.

Publisher:

Software Engineering Institute

CMU/SEI Report Number

CMU/SEI-2010-TN-008

DOI (Digital Object Identifier):

10.1184/R1/6572048.v1

Subjects

Abstract

Integers represent a growing and underestimated source of vulnerabilities in C and C++ programs. This report presents the as-if infinitely ranged (AIR) integer model that provides a largely automated mechanism for eliminating integer overflow and truncation and other integral exceptional conditions. The AIR integer model either produces a value equivalent to that obtained using infinitely ranged integers or results in a runtime-constraint violation. Instrumented fuzz testing of libraries that have been compiled using a prototype AIR integer compiler has been effective in discovering vulnerabilities in software with low false positive and false negative rates. Furthermore, the runtime overhead of the AIR integer model is low enough for typical applications to enable it in deployed systems for additional runtime protection.

Prototype
GCC 4.5.0

Download PDF

Supplemental Materials

Download Prototype

Part of a Collection

Secure Coding Tools and Advancements Publications

Cite This Report

SEI

Dannenberg, Roger; Dormann, Will; Keaton, David; Plum, Thomas; Seacord, Robert; Svoboda, David; Volkovitsky, Alex; & Wilson, Timothy. As-If Infinitely Ranged Integer Model, Second Edition. CMU/SEI-2010-TN-008. Software Engineering Institute, Carnegie Mellon University. 2010. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9299

IEEE

Dannenberg. Roger, Dormann. Will, Keaton. David, Plum. Thomas, Seacord. Robert, Svoboda. David, Volkovitsky. Alex, and Wilson. Timothy, "As-If Infinitely Ranged Integer Model, Second Edition," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Note CMU/SEI-2010-TN-008, 2010. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9299

APA

Dannenberg, Roger., Dormann, Will., Keaton, David., Plum, Thomas., Seacord, Robert., Svoboda, David., Volkovitsky, Alex., & Wilson, Timothy. (2010). As-If Infinitely Ranged Integer Model, Second Edition (CMU/SEI-2010-TN-008). Retrieved June 10, 2023, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9299

CHI

Roger Dannenberg, Will Dormann, David Keaton, Thomas Plum, Robert Seacord, David Svoboda, Alex Volkovitsky, & Timothy Wilson. As-If Infinitely Ranged Integer Model, Second Edition (CMU/SEI-2010-TN-008). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2010. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9299

MLA

Dannenberg, Roger., Dormann, Will., Keaton, David., Plum, Thomas., Seacord, Robert., Svoboda, David., Volkovitsky, Alex., & Wilson, Timothy. 2010. As-If Infinitely Ranged Integer Model, Second Edition (Technical Report CMU/SEI-2010-TN-008). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9299

BibTex

@techreport{DannenbergAsIfInfinitely2010,
title={As-If Infinitely Ranged Integer Model},
edition={Second},
author={Roger Dannenberg and Will Dormann and David Keaton and Thomas Plum and Robert Seacord and David Svoboda and Alex Volkovitsky and Timothy Wilson},
year={2010},
number={CMU/SEI-2010-TN-008},
institution={Software Engineering Institute, Carnegie Mellon University},
address={Pittsburgh, PA},
url={http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9299} }

Ask a question about this Technical Note

Software Engineering Institute