Airac5
Static Analyzer for Automatic Detection of Buffer Overrun Errors in C Programs
Spa-arrow.com/
Programming Research Laboratory
Seoul National University
Introduction
Airac5´Â ÇÒ´çÇÑ ¸Þ¸ð¸® ¿µ¿ªÀ» ¹þ¾î³ª¼ Á¢±ÙÇÏ´Â C ÇÁ·Î±×·¥
¿À·ù(buffer overrun error)ÀÇ À§Ä¡¸¦ ¹Ì¸® ¸ðµÎ ÀÚµ¿À¸·Î ã¾ÆÁØ´Ù.
¿¹¸¦ µé¾î, ¾Æ·¡ÀÇ ÆĶõ»ö ½ÄµéÁß¿¡¼ ¹è¿ aÀÇ ¹üÀ§¸¦
¹þ¾î³ª´Â ½ÄµéÀ» ¸ðµÎ ã¾ÆÁØ´Ù.
a[i] = 1; a[i + f()] = 1; a[*k + (*g)()] = 1; /* accesses to a */
x = a; x[1] = *(x+1)+1; /* a and x are aliases */
y = a + f(); y[*(y+1)] = 1; /* some of a and y are aliases */
z->v = a; (z->v)+i = 1; /* a is pointed to by a struct */
Airac5 statically detects all buffer-overrun errors in C
programs.
For example, in the above C expressions where blue-colored expressions
access array
QnA
Keywords- C: Airac5 supports the full set of ANSI C + some GNU C extensions.
- all: Airac5 detects all buffer-overrun places in source code.
- statically: Airac5 analyzes source code at their compile-time.
- false alarms: Airac5 inevitably reports some false alarms.
- always stops: Airac5 always finishes even for infinite-loop programs.
- automatic: Airac5 is fully automatic.
- modular: Airac5 accepts separate C files that constitute a program.
- correct: Airac5's design is formally founded.
Online Demo
Free On-Site Trial
We prove Airac5 on-site. We don't ask you to ship your code off-site.- We visit your site in person to run Airac5 for your C code.
- This trial is for corportations only, not for individual C programmers.
- Individual C programmers can download the free trial version below.
Download
- Free trial (1007 downloads so far)
- for Linux x86 series
- airac5-public-1.0.tar.gz (2005-12-31; 478kb)
- user's manual (in Korean)
- for Linux x86 series
- Full version
- available upon a license agreement. Just email or call us.
Performance
- Analysis Cost & Accuracy
- Comparison against Covertiy.com's SWAT
- Comparison against Airac (Airac5's old version)
References
- Technical
-
Taming False Alarms from a Domain-Unaware C Analyzer by a Bayesian
Statistical Post Analysis,
SAS'05: International Static Analysis Symposium, London, 2005 -
Soundness by Static Analysis and False-alarm Removal by
Statistical Analysis: Our Airac Experience,
Bugs 2005 Workshop on the Evaluation of Software Defect Detection Tools, Chicago, 2005 - ÀÚµ¿ ¿À·ù °ËÃâÀ» À§ÇÑ ÇÁ·Î±×·¥ ºÐ¼®±â - ¾ÆÀ̶ô, [¸¶ÀÌÅ©·Î ¼ÒÇÁÆ®¿þ¾î], 2005³â6¿ùÈ£
-
Taming False Alarms from a Domain-Unaware C Analyzer by a Bayesian
Statistical Post Analysis,
- Foundational
- Our technology in TVs and newspapers
Contact
Prof. Kwangkeun Yi(office) +82 2 880 1857
(mobile) +82 11 895 9374
(email) kwang@ropaswork/com (with . for /)
Spa-arrow.com
Programming Research Laboratory
Seoul National University
| Introduction |
| QnA |
| Download |
| Free On-site Trial |
| On-line Demo |
| Performance |
| References |
| Contact |
|
|
|
|
|
If you see this, then your browser is too broken to display this site properly. Please consider getting a browser upgrade. |