Airac5
Static Analyzer
for Automatic Detection of Buffer Overrun Errors
in C Programs
Airac5´Â ÇÒ´çÇÑ ¸Þ¸ð¸® ¿µ¿ªÀ» ¹þ¾î³ª¼ Á¢±ÙÇÏ´Â C ÇÁ·Î±×·¥
¿À·ù(buffer overrun error)ÀÇ À§Ä¡¸¦ ¹Ì¸® ¸ðµÎ ÀÚµ¿À¸·Î ã¾ÆÁØ´Ù.
¿¹¸¦ µé¾î, ¾Æ·¡ÀÇ ÆĶõ»ö ½ÄµéÁß¿¡¼ ¹è¿ aÀÇ ¹üÀ§¸¦
¹þ¾î³ª´Â ½ÄµéÀ» ¸ðµÎ ã¾ÆÁØ´Ù.
int *a = (int *)malloc(sizeof(int)*10); /* int array of size 10 */
a[i] = 1; a[i + f()]
= 1; a[*k + (*g)()] = 1;
/* accesses to a */
x = a; x[1] = *(x+1)+1; /* a and x are aliases */
y = a + f(); y[*(y+1)]
= 1;
/*
some of a and y are aliases */
z->v = a; (z->v)+i
= 1;
/* a is pointed to by a struct */
Airac5 statically detects all buffer-overrun errors in C
programs.
For example, in the above C expressions where blue-colored expressions
access array a, Airac5 detects all accesses that can overrun
the target array.
Keywords
- C: Airac5 supports the full set of
ANSI C + some GNU C extensions.
- all: Airac5 detects all buffer-overrun
places in source code.
- statically:
Airac5 analyzes source code at their compile-time.
- false alarms: Airac5 inevitably
reports some false alarms.
- always stops: Airac5 always finishes
even for infinite-loop programs.
- automatic: Airac5 is fully automatic.
- modular: Airac5 accepts separate C
files that constitute a program.
- correct: Airac5's design is formally founded.
We prove Airac5 on-site. We don't ask you to ship your code off-site.
- We visit your site in person to run Airac5 for your C code.
- This trial is for corportations only, not for individual C
programmers.
- Individual C programmers can download the free trial version below.
Email us (run@ropaswork DOT com) to
register for a trial.
- Free trial (1008 downloads so far)
- Full version
Prof. Kwangkeun Yi
(office) +82 2 880 1857
(mobile) +82 11 895 9374
(email) kwang@ropaswork/com (with . for /)
Spa-arrow.com
Programming Research Laboratory
Seoul National University
|