论文信息 - Undefined behavior: what happened to my code?

Undefined behavior: what happened to my code?

System programming languages such as C grant compiler writers freedom to generate efficient code for a specific instruction set by defining certain language constructs as undefined behavior. Unfortunately, the rules for what is undefined behavior are subtle and programmers make mistakes that sometimes lead to security vulnerabilities. This position paper argues that the research community should help address the problems that arise from undefined behavior, and not dismiss them as esoteric C implementation issues. We show that these errors do happen in real-world systems, that the issues are tricky, and that current practices to address the issues are insufficient.

[1] Dawson R. Engler,et al. KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs , 2008, OSDI.

[2] Neal M. Gafter,et al. Java Puzzlers: Traps, Pitfalls, and Corner Cases , 2005 .

[3] Michael Sipser,et al. Introduction to the Theory of Computation , 1996, SIGA.

[4] No License,et al. Intel ® 64 and IA-32 Architectures Software Developer ’ s Manual Volume 3 A : System Programming Guide , Part 1 , 2006 .

[5] Peng Li,et al. Understanding integer overflow in C/C++ , 2012, 2012 34th International Conference on Software Engineering (ICSE).

[6] Chucky Ellison,et al. An executable formal semantics of C with applications , 2011, POPL '12.