Automatic Buffer Overflow Warning Validation
Static buffer overflow detection techniques tend to report too many false positives fundamentally due to the lack of software execution information. It is very time consuming to manually inspect all the static warnings. In this paper, we propose BovInspector, a framework for automatically validating...
Saved in:
| Published in: | Journal of computer science and technology Vol. 35; no. 6; pp. 1406 - 1427 |
|---|---|
| Main Authors: | , , , , |
| Format: | Journal Article |
| Language: | English |
| Published: |
Singapore
Springer Singapore
01.11.2020
Springer Springer Nature B.V State Key Laboratory for Novel Software Technology, Nanjing University, Nanjing 210023, China Department of Computer Science and Technology, Nanjing University, Nanjing 210023, China%Department of Computer Science, Western Michigan University, Kalamazoo 49008-5466, U.S.A |
| Subjects: | |
| ISSN: | 1000-9000, 1860-4749 |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Abstract | Static buffer overflow detection techniques tend to report too many false positives fundamentally due to the lack of software execution information. It is very time consuming to manually inspect all the static warnings. In this paper, we propose BovInspector, a framework for automatically validating static buffer overflow warnings and providing suggestions for automatic repair of true buffer overflow warnings for C programs. Given the program source code and the static buffer overflow warnings, BovInspector first performs warning reachability analysis. Then, BovInspector executes the source code symbolically under the guidance of reachable warnings. Each reachable warning is validated and classified by checking whether all the path conditions and the buffer overflow constraints can be satisfied simultaneously. For each validated true warning, BovInspector provides suggestions to automatically repair it with 11 repair strategies. BovInspector is complementary to prior static buffer overflow discovery schemes. Experimental results on real open source programs show that BovInspector can automatically validate on average 60% of total warnings reported by static tools. |
|---|---|
| AbstractList | Static buffer overflow detection techniques tend to report too many false positives fundamentally due to the lack of software execution information. It is very time consuming to manually inspect all the static warnings. In this paper, we propose BovInspector, a framework for automatically validating static buffer overflow warnings and providing suggestions for automatic repair of true buffer overflow warnings for C programs. Given the program source code and the static buffer overflow warnings, BovInspector first performs warning reachability analysis. Then, BovInspector executes the source code symbolically under the guidance of reachable warnings. Each reachable warning is validated and classified by checking whether all the path conditions and the buffer overflow constraints can be satisfied simultaneously. For each validated true warning, BovInspector provides suggestions to automatically repair it with 11 repair strategies. BovInspector is complementary to prior static buffer overflow discovery schemes. Experimental results on real open source programs show that BovInspector can automatically validate on average 60% of total warnings reported by static tools. Static buffer overflow detection techniques tend to report too many false positives fundamentally due to the lack of software execution information. It is very time consuming to manually inspect all the static warnings. In this paper, we propose BovInspector, a framework for automatically validating static buffer overflow warnings and providing suggestions for automatic repair of true buffer overflow warnings for C programs. Given the program source code and the static buffer overflow warnings, BovInspector first performs warning reachability analysis. Then, BovInspector executes the source code symbolically under the guidance of reachable warnings. Each reachable warning is validated and classified by checking whether all the path conditions and the buffer overflow constraints can be satisfied simultaneously. For each validated true warning, BovInspector provides suggestions to automatically repair it with 11 repair strategies. BovInspector is complementary to prior static buffer overflow discovery schemes. Experimental results on real open source programs show that BovInspector can automatically validate on average 60% of total warnings reported by static tools. Static buffer overflow detection techniques tend to report too many false positives fundamentally due to the lack of software execution information. It is very time consuming to manually inspect all the static warnings. In this paper, we propose BovInspector, a framework for automatically validating static buffer overflow warnings and providing suggestions for automatic repair of true buffer overflow warnings for C programs. Given the program source code and the static buffer overflow warnings, BovInspector first performs warning reachability analysis. Then, BovInspector executes the source code symbolically under the guidance of reachable warnings. Each reachable warning is validated and classified by checking whether all the path conditions and the buffer overflow constraints can be satisfied simultaneously. For each validated true warning, BovInspector provides suggestions to automatically repair it with 11 repair strategies. BovInspector is complementary to prior static buffer overflow discovery schemes. Experimental results on real open source programs show that BovInspector can automatically validate on average 60% of total warnings reported by static tools. Keywords buffer overflow, static analysis warning, symbolic execution, automatic repair |
| Audience | Academic |
| Author | Gao, Feng-Juan Wang, Yu Yang, Zijiang Li, Xuan-Dong Wang, Lin-Zhang |
| AuthorAffiliation | State Key Laboratory for Novel Software Technology, Nanjing University, Nanjing 210023, China;Department of Computer Science and Technology, Nanjing University, Nanjing 210023, China%Department of Computer Science, Western Michigan University, Kalamazoo 49008-5466, U.S.A |
| AuthorAffiliation_xml | – name: State Key Laboratory for Novel Software Technology, Nanjing University, Nanjing 210023, China;Department of Computer Science and Technology, Nanjing University, Nanjing 210023, China%Department of Computer Science, Western Michigan University, Kalamazoo 49008-5466, U.S.A |
| Author_xml | – sequence: 1 givenname: Feng-Juan surname: Gao fullname: Gao, Feng-Juan organization: State Key Laboratory for Novel Software Technology, Nanjing University, Department of Computer Science and Technology, Nanjing University – sequence: 2 givenname: Yu surname: Wang fullname: Wang, Yu organization: State Key Laboratory for Novel Software Technology, Nanjing University, Department of Computer Science and Technology, Nanjing University – sequence: 3 givenname: Lin-Zhang surname: Wang fullname: Wang, Lin-Zhang email: lzwang@nju.edu.cn organization: State Key Laboratory for Novel Software Technology, Nanjing University, Department of Computer Science and Technology, Nanjing University – sequence: 4 givenname: Zijiang surname: Yang fullname: Yang, Zijiang organization: Department of Computer Science, Western Michigan University – sequence: 5 givenname: Xuan-Dong surname: Li fullname: Li, Xuan-Dong organization: State Key Laboratory for Novel Software Technology, Nanjing University, Department of Computer Science and Technology, Nanjing University |
| BookMark | eNp9kF1LwzAUhoNMcJv-AO8K3q7zpF9pLufwCwa78eMypGlSUrt0Jp2b-_VmVhgISkhOCO9z3px3hAamNRKhSwxTDECuHcYxhRAiv9MoDfcnaIjzDMKEJHTg7wAQUn-coZFzNUBMIEmGaDLbdO2Kd1oENxulpA2WH9Kqpt0Gr9wabarghTe69IrWnKNTxRsnL37qGD3f3T7NH8LF8v5xPluEIqZRFwrMoSCZyGiRq5hKwgVWIAtRQJzmKqdAIk4yVapcqlQmZSoSKUQsS1HgGEg8RpO-75YbxU3F6nZjjXdktavfdrXbFUxGflbIAIOXX_XytW3fN9J1R31EcZ5CkkWHptNeVfFGMm1U21ku_CrlSgufptL-fUZwnqSQU-oB3APCts5Zqdja6hW3nwwDO4TO-tCZ_wg7hM72niG_GKG77-y8mW7-JaOedN7FVNIeh_gb-gLfTpfi |
| CitedBy_id | crossref_primary_10_35784_jcsi_7389 crossref_primary_10_1155_2021_3963574 crossref_primary_10_3233_JCS_230053 crossref_primary_10_1109_TSE_2023_3329667 |
| Cites_doi | 10.1145/1368088.1368135 10.1109/ASE.2013.6693094 10.1016/j.infsof.2009.10.004 10.1109/SP.2014.44 10.1109/ICST.2016.21 10.1109/TSE.1976.233817 10.1145/2970276.2970282 10.1109/TSE.2017.2755013 10.1145/2001420.2001422 10.1109/ISSRE.2015.7381820 10.1109/52.976940 10.1109/ICSE.2012.6227141 10.1109/ASE.2008.69 10.1007/978-3-642-34281-3_23 10.1145/1453101.1453137 10.1145/367008.367022 10.1145/3105906 10.1145/1390630.1390636 10.1145/2813885.2737988 10.1145/2001420.2001423 10.1145/1041685.1029911 10.1145/2568225.2568254 10.1109/ICSE.2012.6227211 10.21236/AD0772806 10.1109/DSN.2009.5270315 10.1109/ICSE.2019.00025 10.1145/949952.940115 10.1145/2771783.2771791 10.1145/2771284.2771285 10.1109/ASE.2015.60 10.1145/1629575.1629585 |
| ContentType | Journal Article |
| Copyright | Institute of Computing Technology, Chinese Academy of Sciences 2020 COPYRIGHT 2020 Springer Institute of Computing Technology, Chinese Academy of Sciences 2020. Copyright © Wanfang Data Co. Ltd. All Rights Reserved. |
| Copyright_xml | – notice: Institute of Computing Technology, Chinese Academy of Sciences 2020 – notice: COPYRIGHT 2020 Springer – notice: Institute of Computing Technology, Chinese Academy of Sciences 2020. – notice: Copyright © Wanfang Data Co. Ltd. All Rights Reserved. |
| DBID | AAYXX CITATION 3V. 7SC 7WY 7WZ 7XB 87Z 8AL 8FD 8FE 8FG 8FK 8FL ABJCF ABUWG AFKRA ARAPS AZQEC BENPR BEZIV BGLVJ CCPQU DWQXO FRNLG F~G GNUQQ HCIFZ JQ2 K60 K6~ K7- L.- L6V L7M L~C L~D M0C M0N M7S P5Z P62 PHGZM PHGZT PKEHL PQBIZ PQBZA PQEST PQGLB PQQKQ PQUKI PTHSS Q9U 2B. 4A8 92I 93N PSX TCJ |
| DOI | 10.1007/s11390-020-0525-z |
| DatabaseName | CrossRef ProQuest Central (Corporate) Computer and Information Systems Abstracts ABI/INFORM Collection ABI/INFORM Global (PDF only) ProQuest Central (purchase pre-March 2016) ABI/INFORM Global (Alumni Edition) Computing Database (Alumni Edition) Technology Research Database ProQuest SciTech Collection ProQuest Technology Collection ProQuest Central (Alumni) (purchase pre-March 2016) ABI/INFORM Collection (Alumni Edition) Materials Science & Engineering Collection ProQuest Central ProQuest Central UK/Ireland Advanced Technologies & Computer Science Collection ProQuest Central Essentials ProQuest Central Business Premium Collection ProQuest Technology Collection ProQuest One Community College ProQuest Central Korea Business Premium Collection (Alumni) ABI/INFORM Global (Corporate) ProQuest Central Student SciTech Premium Collection ProQuest Computer Science Collection ProQuest Business Collection (Alumni Edition) ProQuest Business Collection Computer Science Database ABI/INFORM Professional Advanced ProQuest Engineering Collection Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Academic Computer and Information Systems Abstracts Professional ABI/INFORM Global Computing Database Engineering Database Advanced Technologies & Aerospace Database ProQuest Advanced Technologies & Aerospace Collection ProQuest Central Premium ProQuest One Academic (New) ProQuest One Academic Middle East (New) ProQuest One Business ProQuest One Business (Alumni) ProQuest One Academic Eastern Edition (DO NOT USE) ProQuest One Applied & Life Sciences ProQuest One Academic (retired) ProQuest One Academic UKI Edition Engineering Collection ProQuest Central Basic Wanfang Data Journals - Hong Kong WANFANG Data Centre Wanfang Data Journals 万方数据期刊 - 香港版 China Online Journals (COJ) China Online Journals (COJ) |
| DatabaseTitle | CrossRef ABI/INFORM Global (Corporate) ProQuest Business Collection (Alumni Edition) ProQuest One Business Computer Science Database ProQuest Central Student Technology Collection Technology Research Database Computer and Information Systems Abstracts – Academic ProQuest One Academic Middle East (New) ProQuest Advanced Technologies & Aerospace Collection ProQuest Central Essentials ProQuest Computer Science Collection Computer and Information Systems Abstracts ProQuest Central (Alumni Edition) SciTech Premium Collection ProQuest One Community College ABI/INFORM Complete ProQuest Central ABI/INFORM Professional Advanced ProQuest One Applied & Life Sciences ProQuest Engineering Collection ProQuest Central Korea ProQuest Central (New) Advanced Technologies Database with Aerospace ABI/INFORM Complete (Alumni Edition) Engineering Collection Advanced Technologies & Aerospace Collection Business Premium Collection ABI/INFORM Global ProQuest Computing Engineering Database ABI/INFORM Global (Alumni Edition) ProQuest Central Basic ProQuest Computing (Alumni Edition) ProQuest One Academic Eastern Edition ProQuest Technology Collection ProQuest SciTech Collection ProQuest Business Collection Computer and Information Systems Abstracts Professional Advanced Technologies & Aerospace Database ProQuest One Academic UKI Edition Materials Science & Engineering Collection ProQuest One Business (Alumni) ProQuest One Academic ProQuest Central (Alumni) ProQuest One Academic (New) Business Premium Collection (Alumni) |
| DatabaseTitleList | ABI/INFORM Global (Corporate) |
| Database_xml | – sequence: 1 dbid: BENPR name: ProQuest Central url: https://www.proquest.com/central sourceTypes: Aggregation Database |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science |
| EISSN | 1860-4749 |
| EndPage | 1427 |
| ExternalDocumentID | jsjkxjsxb_e202006010 A718450899 10_1007_s11390_020_0525_z |
| GrantInformation_xml | – fundername: This work was supported by the National Natural Science Foundation of China under Grant funderid: (No.62032010,and partially by the Postgraduate Research and Practice Innovation Program of Jiangsu Province of China) |
| GroupedDBID | -4Z -59 -5G -BR -EM -SI -S~ -Y2 -~C .86 .VR 06D 0R~ 0VY 1N0 1SB 2.D 28- 29K 2B. 2C0 2J2 2JN 2JY 2KG 2KM 2LR 2VQ 2~H 30V 3V. 4.4 406 408 409 40D 40E 5GY 5QI 5VR 5VS 5XA 5XJ 67Z 6NX 7WY 8FE 8FG 8FL 8TC 8UJ 92H 92I 92R 93N 95- 95. 95~ 96X AAAVM AABHQ AACDK AAHNG AAIAL AAJBT AAJKR AANZL AAOBN AARHV AARTL AASML AATNV AATVU AAUYE AAWCG AAXDM AAYIU AAYQN AAYTO AAYZH ABAKF ABBBX ABBXA ABDZT ABECU ABFTD ABFTV ABHLI ABHQN ABJCF ABJNI ABJOX ABKCH ABKTR ABMNI ABMQK ABNWP ABQBU ABQSL ABSXP ABTEG ABTHY ABTKH ABTMW ABULA ABUWG ABWNU ABXPI ACAOD ACBXY ACDTI ACGFS ACHSB ACHXU ACKNC ACMDZ ACMLO ACOKC ACOMO ACPIV ACSNA ACZOJ ADHHG ADHIR ADINQ ADKNI ADKPE ADRFC ADTPH ADURQ ADYFF ADZKW AEBTG AEFIE AEFQL AEGAL AEGNC AEJHL AEJRE AEKMD AEMSY AENEX AEOHA AEPYU AESKC AETLH AEVLU AEXYK AFBBN AFEXP AFGCZ AFKRA AFLOW AFQWF AFUIB AFWTZ AFZKB AGAYW AGDGC AGGDS AGJBK AGMZJ AGQEE AGQMX AGRTI AGWIL AGWZB AGYKE AHAVH AHBYD AHKAY AHSBF AHYZX AIAKS AIGIU AIIXL AILAN AITGF AJBLW AJRNO ALMA_UNASSIGNED_HOLDINGS ALWAN AMKLP AMXSW AMYLF AMYQR AOCGG ARAPS ARMRJ ASPBG AVWKF AXYYD AZFZN AZQEC B-. BA0 BBWZM BDATZ BENPR BEZIV BGLVJ BGNMA BPHCQ BSONS CAG CAJEI CCEZO CCPQU CHBEP COF CS3 CSCUP CUBFJ CW9 D-I DDRTE DNIVK DPUIP DU5 DWQXO EBLON EBS EIOEI EJD ESBYG F5P FA0 FEDTE FERAY FFXSO FIGPU FINBP FNLPD FRNLG FRRFC FSGXE FWDCC GGCAI GGRSB GJIRD GNUQQ GNWQR GQ6 GQ7 GQ8 GROUPED_ABI_INFORM_COMPLETE GXS H13 HCIFZ HF~ HG6 HMJXF HQYDN HRMNR HVGLF HZ~ IAO IHE IJ- IKXTQ IWAJR IXC IXD IXE IZIGR IZQ I~X I~Z J-C JBSCW JCJTX JZLTJ K60 K6V K6~ K7- KDC KOV LAK LLZTM M0C M0N M4Y M7S MA- N2Q NB0 NDZJH NF0 NPVJJ NQJWS NU0 O9- O93 O9G O9I O9J OAM P19 P2P P62 P9O PF0 PQBIZ PQBZA PQQKQ PROAC PT4 PT5 PTHSS Q-- Q2X QOK QOS R4E R89 R9I RHV RNI RNS ROL RPX RSV RZK S16 S1Z S26 S27 S28 S3B SAP SCJ SCL SCLPG SCO SDH SDM SHX SISQX SJYHP SNE SNPRN SNX SOHCF SOJ SPISZ SRMVM SSLCW STPWE SZN T13 T16 TCJ TGT TSG TSK TSV TUC U1G U2A U5S UG4 UOJIU UTJUX UZXMN VC2 VFIZW W23 W48 WK8 YLTOR Z7R Z7U Z7X Z81 Z83 Z88 Z8R Z8W Z92 ZMTXR ~A9 ~EX AAPKM AAYXX ABBRH ABDBE ABFSG ABRTQ ACSTC ADHKG AEZWR AFDZB AFFHD AFHIU AFOHR AGQPQ AHPBZ AHWEU AIXLP ATHPR AYFIA CITATION ICD IVC PHGZM PHGZT PQGLB TGMPQ 7SC 7XB 8AL 8FD 8FK JQ2 L.- L6V L7M L~C L~D PKEHL PQEST PQUKI Q9U 4A8 PMFND PSX |
| ID | FETCH-LOGICAL-c392t-c1a0b76c69b8f39e7ac1f0ebcb0358f89072a76fdf8ef5e4d5c4ecc3edcb13073 |
| IEDL.DBID | RSV |
| ISICitedReferencesCount | 6 |
| ISICitedReferencesURI | http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000596524900011&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| ISSN | 1000-9000 |
| IngestDate | Thu May 29 04:00:16 EDT 2025 Wed Nov 05 02:56:43 EST 2025 Sat Nov 29 10:10:08 EST 2025 Tue Nov 18 21:16:52 EST 2025 Sat Nov 29 03:05:40 EST 2025 Fri Feb 21 02:40:04 EST 2025 |
| IsPeerReviewed | true |
| IsScholarly | true |
| Issue | 6 |
| Keywords | symbolic execution static analysis warning buffer overflow automatic repair |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-c392t-c1a0b76c69b8f39e7ac1f0ebcb0358f89072a76fdf8ef5e4d5c4ecc3edcb13073 |
| Notes | ObjectType-Article-1 SourceType-Scholarly Journals-1 ObjectType-Feature-2 content type line 14 |
| PQID | 2918504627 |
| PQPubID | 326258 |
| PageCount | 22 |
| ParticipantIDs | wanfang_journals_jsjkxjsxb_e202006010 proquest_journals_2918504627 gale_infotracacademiconefile_A718450899 crossref_primary_10_1007_s11390_020_0525_z crossref_citationtrail_10_1007_s11390_020_0525_z springer_journals_10_1007_s11390_020_0525_z |
| PublicationCentury | 2000 |
| PublicationDate | 2020-11-01 |
| PublicationDateYYYYMMDD | 2020-11-01 |
| PublicationDate_xml | – month: 11 year: 2020 text: 2020-11-01 day: 01 |
| PublicationDecade | 2020 |
| PublicationPlace | Singapore |
| PublicationPlace_xml | – name: Singapore – name: Beijing |
| PublicationTitle | Journal of computer science and technology |
| PublicationTitleAbbrev | J. Comput. Sci. Technol |
| PublicationTitle_FL | Journal of Computer Science & Technology |
| PublicationYear | 2020 |
| Publisher | Springer Singapore Springer Springer Nature B.V State Key Laboratory for Novel Software Technology, Nanjing University, Nanjing 210023, China Department of Computer Science and Technology, Nanjing University, Nanjing 210023, China%Department of Computer Science, Western Michigan University, Kalamazoo 49008-5466, U.S.A |
| Publisher_xml | – name: Springer Singapore – name: Springer – name: Springer Nature B.V – name: Department of Computer Science and Technology, Nanjing University, Nanjing 210023, China%Department of Computer Science, Western Michigan University, Kalamazoo 49008-5466, U.S.A – name: State Key Laboratory for Novel Software Technology, Nanjing University, Nanjing 210023, China |
| References | Anderson J P. Computer security technology planning study. Technical Report, Air Force Electronic Systems Division, 1972. https://apps.dtic.mil/sti/citations/AD0758206, Oct. 2020. Ye T, Zhang L, Wang L, Li X. An empirical study on detecting and fixing buffer overflow bugs. In Proc. the IEEE Int. Conference on Software Testing, Verification and Validation, Apr. 2016, pp.91-101. Smirnov A, Chiueh T C. DIRA: Automatic detection, identification and repair of control-hijacking attacks. In Proc. the Network and Distributed System Security Symp., Feb. 2005. Viega J, Bloch J T, Kohno Y, McGraw G. ITS4: A static vulnerability scanner for C and C++ code. In Proc. the 16th Annual Computer Security Applications Conference, Dec. 2000, pp.257-267. SinhaSHarroldMJRothermelGInterprocedural control dependenceACM Trans. Software Engineering and Methodology200110220925410.1145/367008.367022 le Goues C, Dewey-Vogt M, Forrest S, Weimer W. A systematic study of automated program repair: Fixing 55 out of 105 bugs for $8 each. In Proc. the 34th Int. Conference on Software Engineering, Jun. 2012, pp.3-13. Avgerinos T, Cha S, Hao B, Brumley D. AEG: Automatic exploit generation. In Proc. the Network and Distributed System Security Symp., Feb. 2011, pp.59-66. Perkins J H, Kim S, Larsen S et al. Automatically patching errors in deployed software. In Proc. the 22nd ACM SIGOPS Symp. Operating Systems Principles, Oct. 2009, pp.87-102. Ruthruff J, Penix J, Morgenthaler J, Elbaum S, Rothermel G. Predicting accurate and actionable static analysis warnings. In Proc. the 30th ACM/IEEE Int. Conference on Software Engineering, May 2008, pp.341-350. Yamaguchi F, Golde N, Arp D, Rieck K. Modeling and discovering vulnerabilities with code property graphs. In Proc. the 2014 IEEE Symp. Security and Privacy, May 2014, pp.590-604. Gao F, Wang L, Li X. BovInspector: Automatic inspection and repair of buffer overflow vulnerabilities. In Proc. the 31st IEEE/ACM Int. Conference on Automated Software Engineering, Sept. 2016, pp.786-791. Taneja K, Xie T, Tillmann N, de Halleux J. eXpress: Guided path exploration for efficient regression test generation. In Proc. the 20th Int. Symp. Software Testing and Analysis, Jul. 2011, pp.1-11. Larochelle D, Evans D. Statically detecting likely buffer overflow vulnerabilities. In Proc. the 10th USENIX Security Symp., Aug. 2001, pp.177-190. Qi Z, Long F, Achour S, Rinard M. An analysis of patch plausibility and correctness for generate-and-validate patch generation systems. In Proc. the 2015 Int. Symp. Software Testing and Analysis, Jul. 2015, pp.24-36. Junker M, Huuck R, Fehnker A, Knapp A. SMT-based false positive elimination in static program analysis. In Proc. the 14th Int. Conference on Formal Engineering Methods, Nov. 2012, pp.316-331. Le W, Soffa M L. Marple: A demand-driven path-sensitive buffer overflow detector. In Proc. the 16th ACM SIGSOFT Int. Symp. Foundations of Software Engineering, Nov. 2008, pp.272-282. Wagner D A, Foster J S, Brewer E A, Aiken A. A first step towards automated detection of buffer overrun vulnerabilities. In Proc. the Network and Distributed System Security Symp., Feb. 2000. Sidiroglou-Douskos S, Lahtinen E, Long F, Rinard M. Automatic error elimination by horizontal code transfer across multiple applications. In Proc. the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation, Jun. 2015, pp.43-54. ClarkeLAA system to generate test data and symbolically execute programsIEEE Trans. Software Engineering19762321522242875910.1109/TSE.1976.233817 Burnim J, Sen K. Heuristics for scalable dynamic test generation. In Proc. the 23rd IEEE/ACM Int. Conference on Automated Software Engineering, Sept. 2008, pp.443-446. GazzolaLMicucciDMarianiLAutomatic software repair: A surveyIEEE Trans. Software Engineering2017451346710.1109/TSE.2017.2755013 Sidiroglou-Douskos S, Lahtinen E, Rinard M. Automatic discovery and patching of buffer and integer overflow errors. Technical Report, Massachusetts Institute of Technology, Cambridge, 2015. https://dspace.mit.edu/handle/1721.1/97087, Oct. 2020. Fan G, Wu R, Shi Q, Xiao X, Zhou J, Zhang C. Smoke: Scalable path-sensitive memory leak detection for millions of lines of code. In Proc. the 41st IEEE/ACM Int. Conference on Software Engineering, May 2019, pp.72-82. Qi Y, Mao X, Lei Y, Dai Z, Wang C. The strength of random search on automated program repair. In Proc. the 36th Int. Conference on Software Engineering, May 2014, pp.254-265. Arzt S, Rasthofer S, Hahn R, Bodden E. Using targeted symbolic execution for reducing false-positives in dataflow analysis. In Proc. the 4th ACM SIGPLAN Int. Workshop on State of the Art in Program Analysis, Jun. 2015, pp.1-6. Jones R W, Kelly P H. Backwards-compatible bounds checking for arrays and pointers in C programs. In Proc. the 3rd International Workshop on Automated Debugging, May 1997, pp.13-26. Haugh E, Bishop M. Testing C programs for buffer overflow vulnerabilities. In Proc. the Network and Distributed System Security Symp., Feb. 2003. Xie T, Tillmann N, De Halleux J, SchulteW. Fitness-guided path exploration in dynamic symbolic execution. In Proc. the 2009 IEEE/IFIP Int. Conference on Dependable Systems and Networks, Jun. 2009, pp.359-368. Weimer W, Fry Z P, Forrest S. Leveraging program equivalence for adaptive program repair: Models and first results. In Proc. the 28th IEEE/ACM Int. Conference on Automated Software Engineering, Nov. 2013, pp.356-366. Ke Y, Stolee K T, le Goues C, Brun Y. Repairing programs with semantic code search (T). In Proc. the 30th IEEE/ACM Int. Conference on Automated Software Engineering, Nov. 2015, pp.295-306. Monperrus M. Automatic software repair: A bibliography. ACM Computing Surveys, 2018, 51(1): Article No. 17. Cowan C, Pu C, Maier D, Walpole J, Bakke P, Beattie S, Grier A, Wagle P, Zhang Q, Hinton H. StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proc. the 7th USENIX Security Symp., Jan. 1998, pp.63-78. Cadar C, Dunbar D, Engler D R et al. KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs. In Proc. the 8th USENIX Symp. Operating Systems Design and Implementations, Dec. 2008, pp.209-224. Wagner D, Dean R. Intrusion detection via static analysis. In Proc. the 2001 IEEE Symp. Security and Privacy, May 2001, pp.156-168. Babić D, Martignoni L, McCamant S, Song D. Statically-directed dynamic automated test generation. In Proc. the 20th Int. Symp. Software Testing and Analysis, Jul. 2011, pp.12-22. Muske T, Khedker U P. Efficient elimination of false positives using static analysis. In Proc. the 26th IEEE Int. Symp. Software Reliability Engineering, Nov. 2015, pp.270-280. KimYLeeJHanHChoeKMFiltering false alarms of buffer overflow analysis using SMT solversInformation and Software Technology201052221021910.1016/j.infsof.2009.10.004 Lu S, Li Z, Qin F, Tan L, Zhou P, Zhou Y. BugBench: Benchmarks for evaluating bug detection tools. In Proc. the Workshop on the Evaluation of Software Defect Detection Tools, Jun. 2005. Xie Y, Chou A, Engler D. ARCHER: Using symbolic, path-sensitive analysis to detect memory access errors. In Proc. the 9th European Software Engineering Conference Held Jointly with the 11th ACM SIGSOFT Int. Symp. Foundations of Software Engineering, Sept. 2003, pp.327-336. Zitser M, Lippmann R, Leek T. Testing static analysis tools using exploitable buffer overflows from open source code. In Proc. the 12th ACM SIGSOFT Int. Symp. Foundations of Software Engineering, Oct. 2004, pp.97-106. Xu R G, Godefroid P, Majumdar R. Testing for buffer overflows with length abstraction. In Proc. the 2008 ACM/SIGSOFT Int. Symp. Software Testing and Analysis, Jul. 2008, pp.27-38. Shahzad M, Shafiq M Z, Liu A X. A large scale exploratory analysis of software vulnerability life cycles. In Proc. the 34th Int. Conference on Software Engineering, Jun. 2012, pp.771-781. EvansDLarochelleDImproving security using extensible lightweight static analysisIEEE Software2002191425110.1109/52.976940 L Gazzola (525_CR31) 2017; 45 D Evans (525_CR5) 2002; 19 525_CR1 525_CR4 525_CR3 525_CR2 525_CR30 525_CR10 525_CR32 525_CR12 525_CR34 525_CR11 525_CR33 525_CR14 525_CR36 525_CR13 525_CR35 525_CR38 525_CR15 525_CR37 525_CR18 525_CR17 525_CR39 Y Kim (525_CR42) 2010; 52 525_CR9 525_CR8 LA Clarke (525_CR16) 1976; 2 525_CR7 525_CR41 525_CR6 525_CR40 S Sinha (525_CR19) 2001; 10 525_CR21 525_CR43 525_CR20 525_CR23 525_CR22 525_CR25 525_CR24 525_CR27 525_CR26 525_CR29 525_CR28 |
| References_xml | – reference: Ke Y, Stolee K T, le Goues C, Brun Y. Repairing programs with semantic code search (T). In Proc. the 30th IEEE/ACM Int. Conference on Automated Software Engineering, Nov. 2015, pp.295-306. – reference: Taneja K, Xie T, Tillmann N, de Halleux J. eXpress: Guided path exploration for efficient regression test generation. In Proc. the 20th Int. Symp. Software Testing and Analysis, Jul. 2011, pp.1-11. – reference: Weimer W, Fry Z P, Forrest S. Leveraging program equivalence for adaptive program repair: Models and first results. In Proc. the 28th IEEE/ACM Int. Conference on Automated Software Engineering, Nov. 2013, pp.356-366. – reference: Ruthruff J, Penix J, Morgenthaler J, Elbaum S, Rothermel G. Predicting accurate and actionable static analysis warnings. In Proc. the 30th ACM/IEEE Int. Conference on Software Engineering, May 2008, pp.341-350. – reference: Muske T, Khedker U P. Efficient elimination of false positives using static analysis. In Proc. the 26th IEEE Int. Symp. Software Reliability Engineering, Nov. 2015, pp.270-280. – reference: Smirnov A, Chiueh T C. DIRA: Automatic detection, identification and repair of control-hijacking attacks. In Proc. the Network and Distributed System Security Symp., Feb. 2005. – reference: Junker M, Huuck R, Fehnker A, Knapp A. SMT-based false positive elimination in static program analysis. In Proc. the 14th Int. Conference on Formal Engineering Methods, Nov. 2012, pp.316-331. – reference: Shahzad M, Shafiq M Z, Liu A X. A large scale exploratory analysis of software vulnerability life cycles. In Proc. the 34th Int. Conference on Software Engineering, Jun. 2012, pp.771-781. – reference: ClarkeLAA system to generate test data and symbolically execute programsIEEE Trans. Software Engineering19762321522242875910.1109/TSE.1976.233817 – reference: Perkins J H, Kim S, Larsen S et al. Automatically patching errors in deployed software. In Proc. the 22nd ACM SIGOPS Symp. Operating Systems Principles, Oct. 2009, pp.87-102. – reference: Qi Z, Long F, Achour S, Rinard M. An analysis of patch plausibility and correctness for generate-and-validate patch generation systems. In Proc. the 2015 Int. Symp. Software Testing and Analysis, Jul. 2015, pp.24-36. – reference: Burnim J, Sen K. Heuristics for scalable dynamic test generation. In Proc. the 23rd IEEE/ACM Int. Conference on Automated Software Engineering, Sept. 2008, pp.443-446. – reference: KimYLeeJHanHChoeKMFiltering false alarms of buffer overflow analysis using SMT solversInformation and Software Technology201052221021910.1016/j.infsof.2009.10.004 – reference: Xie Y, Chou A, Engler D. ARCHER: Using symbolic, path-sensitive analysis to detect memory access errors. In Proc. the 9th European Software Engineering Conference Held Jointly with the 11th ACM SIGSOFT Int. Symp. Foundations of Software Engineering, Sept. 2003, pp.327-336. – reference: Wagner D, Dean R. Intrusion detection via static analysis. In Proc. the 2001 IEEE Symp. Security and Privacy, May 2001, pp.156-168. – reference: Xu R G, Godefroid P, Majumdar R. Testing for buffer overflows with length abstraction. In Proc. the 2008 ACM/SIGSOFT Int. Symp. Software Testing and Analysis, Jul. 2008, pp.27-38. – reference: Anderson J P. Computer security technology planning study. Technical Report, Air Force Electronic Systems Division, 1972. https://apps.dtic.mil/sti/citations/AD0758206, Oct. 2020. – reference: Babić D, Martignoni L, McCamant S, Song D. Statically-directed dynamic automated test generation. In Proc. the 20th Int. Symp. Software Testing and Analysis, Jul. 2011, pp.12-22. – reference: Sidiroglou-Douskos S, Lahtinen E, Rinard M. Automatic discovery and patching of buffer and integer overflow errors. Technical Report, Massachusetts Institute of Technology, Cambridge, 2015. https://dspace.mit.edu/handle/1721.1/97087, Oct. 2020. – reference: le Goues C, Dewey-Vogt M, Forrest S, Weimer W. A systematic study of automated program repair: Fixing 55 out of 105 bugs for $8 each. In Proc. the 34th Int. Conference on Software Engineering, Jun. 2012, pp.3-13. – reference: SinhaSHarroldMJRothermelGInterprocedural control dependenceACM Trans. Software Engineering and Methodology200110220925410.1145/367008.367022 – reference: Cowan C, Pu C, Maier D, Walpole J, Bakke P, Beattie S, Grier A, Wagle P, Zhang Q, Hinton H. StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proc. the 7th USENIX Security Symp., Jan. 1998, pp.63-78. – reference: Xie T, Tillmann N, De Halleux J, SchulteW. Fitness-guided path exploration in dynamic symbolic execution. In Proc. the 2009 IEEE/IFIP Int. Conference on Dependable Systems and Networks, Jun. 2009, pp.359-368. – reference: Avgerinos T, Cha S, Hao B, Brumley D. AEG: Automatic exploit generation. In Proc. the Network and Distributed System Security Symp., Feb. 2011, pp.59-66. – reference: Wagner D A, Foster J S, Brewer E A, Aiken A. A first step towards automated detection of buffer overrun vulnerabilities. In Proc. the Network and Distributed System Security Symp., Feb. 2000. – reference: EvansDLarochelleDImproving security using extensible lightweight static analysisIEEE Software2002191425110.1109/52.976940 – reference: Le W, Soffa M L. Marple: A demand-driven path-sensitive buffer overflow detector. In Proc. the 16th ACM SIGSOFT Int. Symp. Foundations of Software Engineering, Nov. 2008, pp.272-282. – reference: Jones R W, Kelly P H. Backwards-compatible bounds checking for arrays and pointers in C programs. In Proc. the 3rd International Workshop on Automated Debugging, May 1997, pp.13-26. – reference: Zitser M, Lippmann R, Leek T. Testing static analysis tools using exploitable buffer overflows from open source code. In Proc. the 12th ACM SIGSOFT Int. Symp. Foundations of Software Engineering, Oct. 2004, pp.97-106. – reference: Haugh E, Bishop M. Testing C programs for buffer overflow vulnerabilities. In Proc. the Network and Distributed System Security Symp., Feb. 2003. – reference: GazzolaLMicucciDMarianiLAutomatic software repair: A surveyIEEE Trans. Software Engineering2017451346710.1109/TSE.2017.2755013 – reference: Ye T, Zhang L, Wang L, Li X. An empirical study on detecting and fixing buffer overflow bugs. In Proc. the IEEE Int. Conference on Software Testing, Verification and Validation, Apr. 2016, pp.91-101. – reference: Lu S, Li Z, Qin F, Tan L, Zhou P, Zhou Y. BugBench: Benchmarks for evaluating bug detection tools. In Proc. the Workshop on the Evaluation of Software Defect Detection Tools, Jun. 2005. – reference: Qi Y, Mao X, Lei Y, Dai Z, Wang C. The strength of random search on automated program repair. In Proc. the 36th Int. Conference on Software Engineering, May 2014, pp.254-265. – reference: Monperrus M. Automatic software repair: A bibliography. ACM Computing Surveys, 2018, 51(1): Article No. 17. – reference: Gao F, Wang L, Li X. BovInspector: Automatic inspection and repair of buffer overflow vulnerabilities. In Proc. the 31st IEEE/ACM Int. Conference on Automated Software Engineering, Sept. 2016, pp.786-791. – reference: Larochelle D, Evans D. Statically detecting likely buffer overflow vulnerabilities. In Proc. the 10th USENIX Security Symp., Aug. 2001, pp.177-190. – reference: Arzt S, Rasthofer S, Hahn R, Bodden E. Using targeted symbolic execution for reducing false-positives in dataflow analysis. In Proc. the 4th ACM SIGPLAN Int. Workshop on State of the Art in Program Analysis, Jun. 2015, pp.1-6. – reference: Fan G, Wu R, Shi Q, Xiao X, Zhou J, Zhang C. Smoke: Scalable path-sensitive memory leak detection for millions of lines of code. In Proc. the 41st IEEE/ACM Int. Conference on Software Engineering, May 2019, pp.72-82. – reference: Yamaguchi F, Golde N, Arp D, Rieck K. Modeling and discovering vulnerabilities with code property graphs. In Proc. the 2014 IEEE Symp. Security and Privacy, May 2014, pp.590-604. – reference: Viega J, Bloch J T, Kohno Y, McGraw G. ITS4: A static vulnerability scanner for C and C++ code. In Proc. the 16th Annual Computer Security Applications Conference, Dec. 2000, pp.257-267. – reference: Cadar C, Dunbar D, Engler D R et al. KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs. In Proc. the 8th USENIX Symp. Operating Systems Design and Implementations, Dec. 2008, pp.209-224. – reference: Sidiroglou-Douskos S, Lahtinen E, Long F, Rinard M. Automatic error elimination by horizontal code transfer across multiple applications. In Proc. the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation, Jun. 2015, pp.43-54. – ident: 525_CR17 – ident: 525_CR38 doi: 10.1145/1368088.1368135 – ident: 525_CR29 doi: 10.1109/ASE.2013.6693094 – volume: 52 start-page: 210 issue: 2 year: 2010 ident: 525_CR42 publication-title: Information and Software Technology doi: 10.1016/j.infsof.2009.10.004 – ident: 525_CR9 doi: 10.1109/SP.2014.44 – ident: 525_CR18 doi: 10.1109/ICST.2016.21 – volume: 2 start-page: 215 issue: 3 year: 1976 ident: 525_CR16 publication-title: IEEE Trans. Software Engineering doi: 10.1109/TSE.1976.233817 – ident: 525_CR3 – ident: 525_CR15 doi: 10.1145/2970276.2970282 – volume: 45 start-page: 34 issue: 1 year: 2017 ident: 525_CR31 publication-title: IEEE Trans. Software Engineering doi: 10.1109/TSE.2017.2755013 – ident: 525_CR24 doi: 10.1145/2001420.2001422 – ident: 525_CR40 doi: 10.1109/ISSRE.2015.7381820 – volume: 19 start-page: 42 issue: 1 year: 2002 ident: 525_CR5 publication-title: IEEE Software doi: 10.1109/52.976940 – ident: 525_CR36 – ident: 525_CR2 doi: 10.1109/ICSE.2012.6227141 – ident: 525_CR11 – ident: 525_CR13 – ident: 525_CR23 doi: 10.1109/ASE.2008.69 – ident: 525_CR39 doi: 10.1007/978-3-642-34281-3_23 – ident: 525_CR4 – ident: 525_CR7 doi: 10.1145/1453101.1453137 – volume: 10 start-page: 209 issue: 2 year: 2001 ident: 525_CR19 publication-title: ACM Trans. Software Engineering and Methodology doi: 10.1145/367008.367022 – ident: 525_CR20 – ident: 525_CR32 doi: 10.1145/3105906 – ident: 525_CR14 doi: 10.1145/1390630.1390636 – ident: 525_CR33 doi: 10.1145/2813885.2737988 – ident: 525_CR8 – ident: 525_CR22 – ident: 525_CR25 doi: 10.1145/2001420.2001423 – ident: 525_CR21 doi: 10.1145/1041685.1029911 – ident: 525_CR28 doi: 10.1145/2568225.2568254 – ident: 525_CR27 doi: 10.1109/ICSE.2012.6227211 – ident: 525_CR10 – ident: 525_CR1 doi: 10.21236/AD0772806 – ident: 525_CR12 – ident: 525_CR26 doi: 10.1109/DSN.2009.5270315 – ident: 525_CR35 – ident: 525_CR41 doi: 10.1109/ICSE.2019.00025 – ident: 525_CR6 doi: 10.1145/949952.940115 – ident: 525_CR30 doi: 10.1145/2771783.2771791 – ident: 525_CR43 doi: 10.1145/2771284.2771285 – ident: 525_CR34 doi: 10.1109/ASE.2015.60 – ident: 525_CR37 doi: 10.1145/1629575.1629585 |
| SSID | ssj0037044 |
| Score | 2.2462702 |
| Snippet | Static buffer overflow detection techniques tend to report too many false positives fundamentally due to the lack of software execution information. It is very... |
| SourceID | wanfang proquest gale crossref springer |
| SourceType | Aggregation Database Enrichment Source Index Database Publisher |
| StartPage | 1406 |
| SubjectTerms | Artificial Intelligence Buffers C plus plus Computer Science Data Structures and Information Theory Information Systems Applications (incl.Internet) Regular Paper Software Software Engineering Source code Source programs Theory of Computation Warning |
| SummonAdditionalLinks | – databaseName: Computer Science Database dbid: K7- link: http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwpV1LT8MwDLZgcODCGzFe6gGEBESkWdu0JzQQCAkJOPC6RU2aIMbUAd0A7dcTtykDDrtwbtK0_RzbsWt_ANuBUWmYsZBkVveRINGUxBFNiYpMlEgaytiYkmyCX17GDw_JtQu4Fe63ylonloo66ymMkR-yxFoWrKTkRy-vBFmjMLvqKDQmYcpnzEc5v-Ck1sQtTksyVwxhEyTHrLOaZemcdX0owcMTMrmR4S-79Fc7_0iTlsU9uUnzxx926Gzuv28wD7POA_XalcgswITOF2GuZnfw3GZfgoP2oN8rG7p6xwNkUfGurNibbu_Du6_CKd6ddeIrTqZluD07vTk5J45bgSjrEfWJ8lMqeaQsILFpJZqnyjdUSyVpK4xNbM_MLOWRyUysTaiDLFSBRbulMyV91Asr0Mh7uV4FT1Imma-CCN0BOy8JtK9ZlHGu4pBntAm0_rJCucbjyH_RFaOWyQiGsGAIBEMMm7D3PeWl6roxbvAuwiVwR9r7qtQVFtinw95Wom3NbxBierMJGzUywm3VQoxgacJ-jfLo8phld5wgjAZ3is7zZ6f4lEIzyspeN3Rt_KLrMINDq_LGDWj03wZ6E6bVe_-peNsq5fkLqJf5gA priority: 102 providerName: ProQuest |
| Title | Automatic Buffer Overflow Warning Validation |
| URI | https://link.springer.com/article/10.1007/s11390-020-0525-z https://www.proquest.com/docview/2918504627 https://d.wanfangdata.com.cn/periodical/jsjkxjsxb-e202006010 |
| Volume | 35 |
| WOSCitedRecordID | wos000596524900011&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| journalDatabaseRights | – providerCode: PRVPQU databaseName: ABI/INFORM Collection customDbUrl: eissn: 1860-4749 dateEnd: 20241209 omitProxy: false ssIdentifier: ssj0037044 issn: 1000-9000 databaseCode: 7WY dateStart: 19970101 isFulltext: true titleUrlDefault: https://www.proquest.com/abicomplete providerName: ProQuest – providerCode: PRVPQU databaseName: ABI/INFORM Global customDbUrl: eissn: 1860-4749 dateEnd: 20241209 omitProxy: false ssIdentifier: ssj0037044 issn: 1000-9000 databaseCode: M0C dateStart: 19970101 isFulltext: true titleUrlDefault: https://search.proquest.com/abiglobal providerName: ProQuest – providerCode: PRVPQU databaseName: Advanced Technologies & Aerospace Database customDbUrl: eissn: 1860-4749 dateEnd: 20241209 omitProxy: false ssIdentifier: ssj0037044 issn: 1000-9000 databaseCode: P5Z dateStart: 19970101 isFulltext: true titleUrlDefault: https://search.proquest.com/hightechjournals providerName: ProQuest – providerCode: PRVPQU databaseName: Computer Science Database customDbUrl: eissn: 1860-4749 dateEnd: 20241209 omitProxy: false ssIdentifier: ssj0037044 issn: 1000-9000 databaseCode: K7- dateStart: 19970101 isFulltext: true titleUrlDefault: http://search.proquest.com/compscijour providerName: ProQuest – providerCode: PRVPQU databaseName: Engineering Database customDbUrl: eissn: 1860-4749 dateEnd: 20241209 omitProxy: false ssIdentifier: ssj0037044 issn: 1000-9000 databaseCode: M7S dateStart: 19970101 isFulltext: true titleUrlDefault: http://search.proquest.com providerName: ProQuest – providerCode: PRVPQU databaseName: ProQuest Central customDbUrl: eissn: 1860-4749 dateEnd: 20241209 omitProxy: false ssIdentifier: ssj0037044 issn: 1000-9000 databaseCode: BENPR dateStart: 19970101 isFulltext: true titleUrlDefault: https://www.proquest.com/central providerName: ProQuest – providerCode: PRVAVX databaseName: SpringerLINK Contemporary 1997-Present customDbUrl: eissn: 1860-4749 dateEnd: 99991231 omitProxy: false ssIdentifier: ssj0037044 issn: 1000-9000 databaseCode: RSV dateStart: 19970101 isFulltext: true titleUrlDefault: https://link.springer.com/search?facet-content-type=%22Journal%22 providerName: Springer Nature |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV3dSxwxEB_8euiLtrbFU3vsQ4tQG8jubTbZx1OUQvF6aKvWl7DJJuIpe-LeWfGv78x-9FSKYF8CyybZMJP5SGZnfgAfY28zkUeC5aj7WJw6zlTCM2YTn6SGC6O8r8Am5GCgTk_TYZPHXbZ_u7chyUpTz5Ld0FnhjI47hL3G7udhEa2dImk8PDpu1W9P8grBle6tGSFitqHMf03xyBg9VckPYqNVRk_hs-L8gfHZX_mvZb-G5cbXDPr15ngDc65YhZUWxyFoxPotfOlPJ-OqdGuwMyW8lOA7bnB_Nf4dnNQXJ8Exuus1-tI7-Lm_92P3K2tQFJhF32fCbJhxIxOLpFe-lzqZ2dBzZ6zhPaG8wtNxlMnE5145L1ycCxsjX3sutyYkDfAeFopx4dYgMDwyUWjjhAw_jktjF7ooyaW0Ssicd4C35NS2KTFOSBdXelYcmaihkRqaqKHvO_D575Drur7Gc523iEeaZA_ntVmTQoCroypWuo-GNhYUyOzAZstG3QhlqaMUnRNKxpUd2G6ZNXv9zGc_NdyfdR6Vo8u7UXlntIt4VFW14esvmnUDXtHIOq9xExYmN1P3AZbs7eSivOnCvDz51YXFnb3B8BCfvkmG7QHfpVYeYTsUZ91q5_8BpKX2KA |
| linkProvider | Springer Nature |
| linkToHtml | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMw1V3NU9QwFH-D6IxcwC-GRdQeZJxRM6bZtGkPjrOiDAy4ekDlFps0YVyZLtJdQf4o_0bfaxsXPeyNg-cmadr3nZf3fgCPpbdFUoqElaj7mMwdZ1nKC2ZTn-aGJybzvgGbUMNhdniYf1iAX6EWhq5VBp3YKOpybOmM_IXI0bJQJaV6dfKdEWoUZVcDhEbLFnvu5xmGbPXL3TdI300htt8ebO2wDlWAWfQFJszGBTcqtbiVzPdzpwobe-6MNbyfZD7DaFEUKvWlz5xPnCwTK_E7-660JiaJwHWvwXUpURzoqiDfCpq_r3gDHktH5ozAOEMWtSnVQ1eLMwrWCDmOXfxlB_-1BpfSsk0xUeWL6uiS3dte-d_-2C1Y7jzsaNCKxG1YcNUdWAnoFVGnzO7C88F0Mm4a1kavp4QSE71HsfbH47Poc3tcFH3CIKXFnLoHH69kz6uwWI0rtwaR4cKI2MqU3B2cl0sXO5GWStksUSXvAQ-U1LZrrE74Hsd61hKaiK-R-JqIry968PTPlJO2q8i8wU-IPTRpHFzXFl3hBO6OenfpAboXMqH0bQ82AifoThXVesYGPXgWuGr2eM5rNzvGmw0e1aNv56P63GgnuGh6-fD1-S99BDd3Dt7t6_3d4d59WKJpbSnnBixOTqfuAdywPyZf69OHjSxF8OWqWfE3-upaVQ |
| linkToPdf | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwpV1ZS8QwEB50FfHFW1zPPiiCGky7bdM-rseiKKvg-RaaNBFX6YrtquyvN9PDVRFBfG46bWcmk0mm830A666WkRc7HolN7CNuqCgJfBoR6Ws_FNQTgdY52QRrt4Pb2_C85DlNq7_dq5Jk0dOAKE1JtvsU691B45tJXCjBrQ_ysJH-MIy4yBmE2_WL6yoUNxjN2VzxDJsgO2ZV1vxJxJeF6Xt4_lQnzbt7Eh0ld58Wotbkvz9hCibKHNRqFk4zDUMqmYHJit_BKqf7LOw0e1k3h3S19nrIo2KdGcfXj91X66Y4ULGuTRpfsDLNwVXr8HL_iJTsCkSanCgj0o6oYL40Jgl0I1QskramSkhBG16gA7NrdiLm61gHSnvKjT3pGns3VCyFjZFhHmpJN1ELYAnqCMeWro8JgbkvdJWtHD9mTAYei2kdaKVaLkvocWTAeOQD0GTUBjfa4KgN3q_D1sctTwXuxm-DN9FeHOekkSujsrXAvB2iW_GmWYBdDwucdViuTMrLyZpyJzRJCzbpsjpsV4YbXP7lsRulJwwGd9LOw1snfRNcOdTJ0W7o4p-krsHY-UGLnx63T5ZgHIUUrY_LUMuee2oFRuVLdp8-r-au_g4vnPul |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Automatic+Buffer+Overflow+Warning+Validation&rft.jtitle=Journal+of+computer+science+and+technology&rft.au=Gao%2C+Feng-Juan&rft.au=Wang%2C+Yu&rft.au=Wang%2C+Lin-Zhang&rft.au=Yang%2C+Zijiang&rft.date=2020-11-01&rft.issn=1000-9000&rft.eissn=1860-4749&rft.volume=35&rft.issue=6&rft.spage=1406&rft.epage=1427&rft_id=info:doi/10.1007%2Fs11390-020-0525-z&rft.externalDBID=n%2Fa&rft.externalDocID=10_1007_s11390_020_0525_z |
| thumbnail_s | http://cvtisr.summon.serialssolutions.com/2.0.0/image/custom?url=http%3A%2F%2Fwww.wanfangdata.com.cn%2Fimages%2FPeriodicalImages%2Fjsjkxjsxb-e%2Fjsjkxjsxb-e.jpg |