Value-Range Analysis of C Programs

Focusing on buffer overflow vulnerabilities, this book presents a static analysis method designed to ensure the absence of such issues in C programs. It operates conservatively, identifying all potential overflows without requiring user input annotations. The analysis infers symbolic states at various program points to verify that array indices and pointer offsets remain within safe bounds. By mapping program operations to polyhedral operations, it offers a formal approach to analyzing structures and arrays, particularly addressing the complexities of C strings influenced by specific characters.