I’m excited to announce the publication of the journal version of “Understanding Integer Overflow in C/C++” [1], appearing in TOSEM Volume 25 Issue 1 [2]. This is an updated and expanded version of our ICSE12 paper [3] of the same name. The longer journal format enabled a more thorough treatment of the subject, and we did our best to take advantage of that opportunity.
Thanks to my co-authors for all their efforts, and especially for seeing this work through to the end. It’s been a long run and you guys are great.
Highlights
- Automated large-scale study of overflows in top 10,000 Debian packages (§6)
- More thorough discussion and explanation of integer behavior, including implementation-defined behavior and usual arithmetic conversions (§§ 2, 3.1, 3.2)
- Implementing recoverable checks efficiently: experience and two new optimizations (§4.4)
- Deployment experiences and resulting improvements useful for anyone making compiler-based tools for the real world (§5).
The Debian experiment was particularly fun and had many interesting results. Full results are available on request, and we provide a complete version of selected results presented in Table VI [4] online.
Available Now
Paper is available online [1] (via the ACM digital library) for your reading pleasure.
Let me know if you’d like to discuss our findings or any part of the paper. Enjoy!
Comments !