Page 26 - 《软件学报》2020年第10期
P. 26

3002                                  Journal of Software  软件学报 Vol.31, No.10, October 2020

         [29]    Pang  L, Su X,  Ma P,  Zhao L.  Research on  flow sensitive demand driven  alias  analysis. Journal of  Computer  Research  and
             Development, 2015,52(7):1620–1630 (in Chinese with English abstract).
         [30]    Emami M, Ghiya R, Hendren LJ. Context-sensitive interprocedural points-to analysis in the presence of function pointers. ACM
             SIGPLAN Notices, 1994,29(6):242–256.
         [31]    Wilson RP, Lam MS. Efficient context-sensitive pointer analysis for C programs. ACM SIGPLAN Notices, 1995,30(6):1–12.
         [32]    Chase DR, Wegman MN, Zadeck FK. Analysis of pointers and structures. ACM SIGPLAN Notices, 1990,39(4):343–359.
         [33]    Xu Z, Miller BP, Reps T. Safety checking of machine code. ACM SIGPLAN Notices, 2000,35(5):70–82.
         [34]    Detlefs DL, Leino KRM, Nelson G, Saxe JB. Extended Static Checking. 1998. [doi: 10.1007/978-0-387-35358-6_1]
         [35]    Leroy X, Rouaix F. Security properties of typed applets. In: Secure Internet Programming. Berlin, Heidelberg: Springer-Verlag,
             1999. 147–182.
         [36]    Kellogg M, Dort V, Millstein S, Ernst MD. Lightweight verification of array indexing. In: Proc. of the 27th ACM SIGSOFT Int’l
             Symp. on Software Testing and Analysis (ISSTA). ACM, 2018. 3–14.
         [37]    Bodík R, Gupta R, Sarkar V. ABCD: Eliminating array bounds checks on demand. ACM SIGPLAN Notices, 2000,35(5):321–333.
         [38]    Venet  A, Brat G. Precise and efficient  static array  bound checking  for  large embedded C  programs.  ACM  SIGPLAN Notices,
             2004,39(6):231–242.
         [39]    Nguyen TVN,  Irigoin  F. Efficient and  effective array  bound checking. ACM Trans.  on  Programming Languages and  Systems
             (TOPLAS), 2005,27(3):527–570.
         [40]    Popeea C, Xu DN, Chin WN. A practical and precise inference and specializer for array bound checks elimination. In: Proc. of the
             2008 ACM SIGPLAN Symp. on Partial Evaluation and Semantics-based Program Manipulation. ACM, 2008. 177–187.
         [41]    Wang W, Lei Y, Liu D, Kung D, Csallner C, Zhang D, Kacker R, Kuhn R. A combinatorial approach to detecting buffer overflow
             vulnerabilities. In: Proc. of the 41st IEEE/IFIP Int’l Conf. on Dependable Systems & Networks (DSN). IEEE, 2011. 269–278.
         [42]    Dhurjati D, Adve V. Backwards-compatible array bounds checking for C with very low overhead. In: Proc. of the 28th Int’l Conf.
             on Software Engineering (ICSE). ACM, 2006. 162–171.
         [43]    Loginov  A,  Yong  SH,  Horwitz S,  Reps  T. Debugging  via run-time  type  checking. In: Proc. of the Int’l Conf. on Fundamental
             Approaches to Software Engineering. Berlin, Heidelberg: Springer-Verlag, 2001. 217–232.
         [44]    Steffen JL. Adding run-time checking to the portable C compiler. Software: Practice and Experience, 1992,22(4):305–316.
         [45]    Austin TM, Breach SE, Sohi GS. Efficient detection of all pointer and array access errors. In: Proc. of the ACM SIGPLAN 1994
             Conf. on Programming Language Design and Implementation (PLDI). ACM, 1994. 290–301.
         [46]    Hicks M, Morrisett G, Grossman D, Jim T. Experience with safe manual memory-management in cyclone. In: Proc. of the 4th Int’l
             Symp. on Memory Management. ACM, 2004. 73–84.
         [47]    Wang Y, Gao F, Situ L, Wang L, Chen B, Liu Y, Zhao J, Li X. DangDone: Eliminating dangling pointers via intermediate pointers.
             In: Proc. of the 10th Asia-Pacific Symp. on Internetware. ACM, 2018. 6.
         [48]    Abadi M, Budiu M, Erlingsson Ú, Ligatti J. Control-flow integrity principles, implementations, and applications. ACM Trans. on
             Information and System Security (TISSEC), 2009,13(1):4.
         [49]    Sutton M, Greene A, Amini P. Fuzzing: Brute Force Vulnerability Discovery. Pearson Education, 2007.
         [50]    Godefroid P, Kiezun A, Levin MY. Grammar-based whitebox fuzzing. ACM SIGPLAN Notices, 2008,43(6):206–215.
         [51]    Godefroid P, Levin MY, Molnar DA. Automated Whitebox fuzz testing. In: Proc. of the Network and Distributed System Security
             Symp. (NDSS). 2008,8:151–166.
         [52]    McNally R, Yiu K, Grove D, Gerhardy D. Fuzzing: The state of the art. Defence Science and Technology Organisation Edinburgh,
             2012. http://citeseerx.ist.psu.edu/viewdoc/download;jsessionid=15CF9A7FD272D62D76FB5ED26DA3808F?doi=10.1.1.461.4627
             &rep=rep1& type=pdf
         [53]    Cadar C, Ganesh V,  Pawlowski  PM, Dill DL, Engler  DR. EXE: Automatically  generating  inputs  of  death. ACM Trans.  on
             Information and System Security (TISSEC), 2008,12(2):1–38.
         [54]    Godefroid P, Klarlund N, Sen K. DART: Directed automated random testing. ACM SIGPLAN Notices, 2005,40(6):213–223.
         [55]    Xu  RG, Godefroid P,  Majumdar  R.  Testing for buffer overflows  with  length abstraction.  In: Proc. of the 2008 Int’l Symp. on
             Software Testing and Analysis (ISSTA). ACM, 2008. 27–38.
   21   22   23   24   25   26   27   28   29   30   31