Content deleted Content added
→Origin: Added notice that 64 bit personal computers are the most common |
→Techniques for mitigating integer overflow problems: Alternate solutions for mitigation: other languages |
||
Line 31:
* The effects of integer-based attacks for C/C++ and how to defend against them by using subtyping in [http://www.cs.cmu.edu/~dbrumley/pubs/integer-ndss-07.pdf Efficient and Accurate Detection of Integer-based Attacks].
* [[CERT]] As-if Infinitely Ranged (AIR) integer model - a largely automated mechanism for eliminating integer overflow and integer truncation [http://www.cert.org/archive/pdf/09tn023.pdf As-if Infinitely Ranged Integer Model]
In languages with native support for [[Arbitrary-precision arithmetic]] and [[type safety]] (an example being [[Common Lisp]]), numbers are promoted to a larger size automatically when overflows occur, or exceptions thrown (conditions signaled) when a range constraint exists. Using such languages may thus be helpful to mitigate this issue. In some such languages, situations are however still possible where an integer overflow could occur. An example is explicit optimization of a code path which is considered a bottleneck by the profiler. In the case of Common Lisp, this is possible by using an explicit declaration to type-annotate a variable to a machine-size word (fixnum) [http://www.lispworks.com/documentation/HyperSpec/Body/d_type.htm] and lower the type safety level to zero [http://www.lispworks.com/documentation/HyperSpec/Body/d_optimi.htm] for a particular code block.<ref name="reddy">{{cite web
| url = http://random-state.net/features-of-common-lisp.html
| title = Features of Common Lisp
| first = Abhishek | last = Reddy
| date = 2008-08-22
}}</ref><ref>{{Cite book|authorlink=Benjamin C. Pierce |last=Pierce |first=Benjamin C. |title=Types and Programming Languages |publisher=MIT Press |year=2002 |isbn=0-262-16209-1 |url=http://www.cis.upenn.edu/~bcpierce/tapl/}}</ref><ref>{{Cite journal|last=Wright |first=Andrew K. |coauthors=[[Matthias Felleisen]] |title=A Syntactic Approach to Type Soundness |journal=Information and Computation |volume=115 |issue=1 |pages=38–94 |year=1994 |url=http://citeseer.ist.psu.edu/wright92syntactic.html |doi=10.1006/inco.1994.1093}}</ref><ref>{{Cite journal|first=Stavros |last=Macrakis |title=Safety and power |journal=ACM SIGSOFT Software Engineering Notes |volume=7 |issue=2 |pages=25–26 |month=April |year=1982 |url=http://portal.acm.org/citation.cfm?id=1005937.1005941 |format=requires subscription |doi=10.1145/1005937.1005941}}</ref>
==See also==
| |||