Secure Coding Tools and Advancements Publications
• Collection
Publisher
Software Engineering Institute
Topic or Tag
Abstract
The documents in this collection describe tools useful to Secure Coding developed or advanced by the SEI:
- Clang Thread Safety Analysis, a tool that uses annotations to enforce thread safety policies in C and C++ programs
- how the DidFail tool was enhanced to improve its effectiveness
- the Pointer Ownership Model, which can statically identify classes of errors involving dynamic memory in C/C++ programs
- the as-if infinitely ranged (AIR) integer model, a mechanism for eliminating integral exceptional conditions
Collection Items
C/C++ Thread Safety Analysis
• Article
By DeLesley Hutchins (Google, Inc.), Aaron Ballman, Dean Sutherland
In this paper, the authors describe Clang Thread Safety Analysis, a tool that uses annotations to enforce thread safety policies in C and C++ programs.
Read
Making DidFail Succeed: Enhancing the CERT Static Taint Analyzer for Android App Sets
• Technical Report
By Jonathan Burket, Lori Flynn, William Klieber, Jonathan Lim, Wei Shen, William Snavely
In this report, the authors describe how the DidFail tool was enhanced to improve its effectiveness.
Read
Pointer Ownership Model
• White Paper
By David Svoboda
In this paper, David Svoboda describes the Pointer Ownership Model, which can statically identify classes of errors involving dynamic memory in C/C++ programs.
Read
As-If Infinitely Ranged Integer Model, Second Edition
• Technical Note
By Roger Dannenberg (School of Computer Science, Carnegie Mellon University), Will Dormann, David Keaton, Thomas Plum (Plum Hall, Inc.), Robert C. Seacord, David Svoboda, Alex Volkovitsky, Timothy Wilson
In this report, the authors present the as-if infinitely ranged (AIR) integer model, a mechanism for eliminating integral exceptional conditions.
Read