Content deleted Content added
Disambiguated: CERT → Computer emergency response team |
|||
Line 30:
* The effects of integer-based attacks for C/C++ and how to defend against them by using subtyping in [http://web.archive.org/web/20121010025025/http://www.cs.cmu.edu/~dbrumley/pubs/integer-ndss-07.pdf Efficient and Accurate Detection of Integer-based Attacks].
* [[Computer emergency response team|CERT]] As-if Infinitely Ranged (AIR) integer model - a largely automated mechanism for eliminating integer overflow and integer truncation [http://www.cert.org/archive/pdf/09tn023.pdf As-if Infinitely Ranged Integer Model]
In languages with native support for [[Arbitrary-precision arithmetic]] and [[type safety]] (an example being [[Common Lisp]]), numbers are promoted to a larger size automatically when overflows occur, or exceptions thrown (conditions signaled) when a range constraint exists. Using such languages may thus be helpful to mitigate this issue. In some such languages, situations are however still possible where an integer overflow could occur. An example is explicit optimization of a code path which is considered a bottleneck by the profiler. In the case of Common Lisp, this is possible by using an explicit declaration to type-annotate a variable to a machine-size word (fixnum) [http://www.lispworks.com/documentation/HyperSpec/Body/d_type.htm] and lower the type safety level to zero [http://www.lispworks.com/documentation/HyperSpec/Body/d_optimi.htm] for a particular code block.<ref name="reddy">{{cite web
| |||