The 11 references with contexts in paper A. Sidorin V., А. Сидорин В. (2016) “Метод поиска обращений по некорректному индексу к строкам C++ // A method for searching of C++ string accesses with an incorrect index” / spz:neicon:technomag:y:2016:i:5:p:175-186

1
Working Draft, Standard for Programming Language C++. ISO/IEC N4296, 2014.
Total in-text references: 1
  1. In-text reference with the coordinate start=1588
    Prefix
    âðåìåíè,òðåáóåòáîëüøîãîêîëè÷åñòâàñïåöèàëèñòîâ,îäíàêîíåãàðàíòèðóåòïîëíîãî èëèäàæåïðèåìëåìîãîïîêðûòèÿïðîãðàììû.Âñâÿçèñýòèìâíàñòîÿùååâðåìÿ âñ¼áîëüøååðàñïðîñòðàíåíèåïîëó÷àþòèíñòðóìåíòû,ïðåäíàçíà÷åííûåäëÿïîèñêà äåôåêòîââïðîãðàììíîìêîäåñòàòè÷åñêîãîàíàëèçàêîäà. ÑòðîêèSTL(êëàññstd::string)ÿâëÿþòñÿîäíèìèçíàèáîëåå÷àñòîèñïîëüçóåìûõ âîçìîæíîñòåé,ïðåäîñòàâëÿåìûõñòàíäàðòíîéáèáëèîòåêîéÿçûêàC++
    Exact
    [1]
    Suffix
    .Ýòî îáóñëîâëåíîòåì,÷òîïðàêòè÷åñêèëþáàÿïðîãðàììàíóæäàåòñÿâñðåäñòâàõòåêñòîâîãî ïðåäñòàâëåíèÿèíôîðìàöèèèå¼îáðàáîòêè.Âìåñòåñòåì,ñòðîêèC++,êàêèìíîãèå ðåàëèçàöèèñòðîêäðóãèõÿçûêîâ,ïîäâåðæåíûïðîáëåìåîáðàùåíèÿêñòðîêåïî íåêîððåêòíîìóèíäåêñó,âûõîäÿùåìóçàïðåäåëûñòðîêè.

2
Robert C. Seacord Secure Coding in C and C++, 2nd Edition. Addison-Wesley Professional, 2013. — 545 p.
Total in-text references: 1
  1. In-text reference with the coordinate start=2432
    Prefix
    ).Âïðîòèâíîìñëó÷àå,ïðèèñïîëüçîâàíèè ìåòîäàat()äîëæíîáûòüñãåíåðèðîâàíîèñêëþ÷åíèå;ïðèèñïîëüçîâàíèèîïåðàòîðà []ïðîâåðêàèíäåêñàíàêîððåêòíîñòüíåâûïîëíÿåòñÿ,èïîâåäåíèåïðîãðàììûâ ýòîìñëó÷àåíåîïðåäåëåíî.Ñëåäñòâèåìïîäîáíîãîäåôåêòàìîæåòñòàòüàâàðèéíîå çàâåðøåíèåïðîãðàììûèèñêàæåíèåäàííûõ,ñêîòîðûìèðàáîòàåòïðîãðàììà,à òàêæåíàðóøåíèÿáåçîïàñíîñòè,÷òîïîçâîëÿåòêëàññèôèöèðîâàòüäàííûéäåôåêòêàê êðèòè÷åñêèé
    Exact
    [2]
    Suffix
    .Ýòîòêëàññäåôåêòîâîïðåäåë¼íâêëàññèôèêàöèèCERTêàêSTR53CPP[3]. Ïîèñêïîäîáíûõäåôåêòîâñïîìîùüþñòàòè÷åñêîãîàíàëèçàÿâëÿåòñÿäîñòàòî÷íî ñëîæíîéçàäà÷åé.Âñâÿçèñâûñîêîéêðèòè÷íîñòüþäàííîãîâèäàäåôåêòîâ, ñòàòè÷åñêîìóïîèñêóñòðîêîâûõïåðåïîëíåíèéäëÿÿçûêàCïîñâÿùåíîìíîãî ðàáîò.

3
STR53-CPP. Range check element access. https:// www.securecoding.cert.org/confluence/display/cplusplus/STR53CPP.+Range+check+element+access (access date 16.02.2016) ScienceandEducationoftheBaumanMSTU185
Total in-text references: 1
  1. In-text reference with the coordinate start=2492
    Prefix
    ÷åíèå;ïðèèñïîëüçîâàíèèîïåðàòîðà []ïðîâåðêàèíäåêñàíàêîððåêòíîñòüíåâûïîëíÿåòñÿ,èïîâåäåíèåïðîãðàììûâ ýòîìñëó÷àåíåîïðåäåëåíî.Ñëåäñòâèåìïîäîáíîãîäåôåêòàìîæåòñòàòüàâàðèéíîå çàâåðøåíèåïðîãðàììûèèñêàæåíèåäàííûõ,ñêîòîðûìèðàáîòàåòïðîãðàììà,à òàêæåíàðóøåíèÿáåçîïàñíîñòè,÷òîïîçâîëÿåòêëàññèôèöèðîâàòüäàííûéäåôåêòêàê êðèòè÷åñêèé[2].Ýòîòêëàññäåôåêòîâîïðåäåë¼íâêëàññèôèêàöèèCERTêàêSTR53CPP
    Exact
    [3]
    Suffix
    . Ïîèñêïîäîáíûõäåôåêòîâñïîìîùüþñòàòè÷åñêîãîàíàëèçàÿâëÿåòñÿäîñòàòî÷íî ñëîæíîéçàäà÷åé.Âñâÿçèñâûñîêîéêðèòè÷íîñòüþäàííîãîâèäàäåôåêòîâ, ñòàòè÷åñêîìóïîèñêóñòðîêîâûõïåðåïîëíåíèéäëÿÿçûêàCïîñâÿùåíîìíîãî ðàáîò.Äëÿïîèñêàïîäîáíûõäåôåêòîâèñïîëüçóþòñÿðàçëè÷íûåìåòîäû:ñèìâîëüíîå âûïîëíåíèå[4,5],àáñòðàêòíàÿèíòåðïðåòàöèÿ[6],àíàëèçïîòîêîâäàííûõ[8,9], îäíàêîèññëåäîâàíèÿäàííîãîäåôåêòàäëÿñòðîêC++íàéòèçíà÷èòåëüíîñëîæíåå

4
Lian Li, Cristina Cifuentes, Nathan Keynes. Practical and effective symbolic analysis for buffer overflow detection. In Proceedings of the Eighteenth ACM SIGSOFT International Symposium on Foundations of Software Engineering, FSE ’10, pages 317–326, New York, NY, USA, 2010. ACM.
Total in-text references: 1
  1. In-text reference with the coordinate start=2764
    Prefix
    Ïîèñêïîäîáíûõäåôåêòîâñïîìîùüþñòàòè÷åñêîãîàíàëèçàÿâëÿåòñÿäîñòàòî÷íî ñëîæíîéçàäà÷åé.Âñâÿçèñâûñîêîéêðèòè÷íîñòüþäàííîãîâèäàäåôåêòîâ, ñòàòè÷åñêîìóïîèñêóñòðîêîâûõïåðåïîëíåíèéäëÿÿçûêàCïîñâÿùåíîìíîãî ðàáîò.Äëÿïîèñêàïîäîáíûõäåôåêòîâèñïîëüçóþòñÿðàçëè÷íûåìåòîäû:ñèìâîëüíîå âûïîëíåíèå
    Exact
    [4,5]
    Suffix
    ,àáñòðàêòíàÿèíòåðïðåòàöèÿ[6],àíàëèçïîòîêîâäàííûõ[8,9], îäíàêîèññëåäîâàíèÿäàííîãîäåôåêòàäëÿñòðîêC++íàéòèçíà÷èòåëüíîñëîæíåå. ×àñòè÷íîýòîîáúÿñíÿåòñÿòåì,÷òîìíîãèåâèäûîïåðàöèéñîñòðîêàìèCíåâîçìîæíî îñóùåñòâèòüòðèâèàëüíûìñïîñîáîìñîñòðîêàìèC++(íàïðèìåð,çàïîëíåíèåñ ïîìîùüþsprintf()),îäíàêîïîëíîñòüþýòàïðîáëåìàíåðåøåíà.

5
Ru-Gang Xu, Patrice Godefroid, Rupak Majumdar. Testing for Buffer Overflows with Length Abstraction. In Proceedings of the 2008 international symposium on Software testing and analysis, ISSTA ’08, pages 27–38, New York, NY, USA, 2008. ACM.
Total in-text references: 1
  1. In-text reference with the coordinate start=2764
    Prefix
    Ïîèñêïîäîáíûõäåôåêòîâñïîìîùüþñòàòè÷åñêîãîàíàëèçàÿâëÿåòñÿäîñòàòî÷íî ñëîæíîéçàäà÷åé.Âñâÿçèñâûñîêîéêðèòè÷íîñòüþäàííîãîâèäàäåôåêòîâ, ñòàòè÷åñêîìóïîèñêóñòðîêîâûõïåðåïîëíåíèéäëÿÿçûêàCïîñâÿùåíîìíîãî ðàáîò.Äëÿïîèñêàïîäîáíûõäåôåêòîâèñïîëüçóþòñÿðàçëè÷íûåìåòîäû:ñèìâîëüíîå âûïîëíåíèå
    Exact
    [4,5]
    Suffix
    ,àáñòðàêòíàÿèíòåðïðåòàöèÿ[6],àíàëèçïîòîêîâäàííûõ[8,9], îäíàêîèññëåäîâàíèÿäàííîãîäåôåêòàäëÿñòðîêC++íàéòèçíà÷èòåëüíîñëîæíåå. ×àñòè÷íîýòîîáúÿñíÿåòñÿòåì,÷òîìíîãèåâèäûîïåðàöèéñîñòðîêàìèCíåâîçìîæíî îñóùåñòâèòüòðèâèàëüíûìñïîñîáîìñîñòðîêàìèC++(íàïðèìåð,çàïîëíåíèåñ ïîìîùüþsprintf()),îäíàêîïîëíîñòüþýòàïðîáëåìàíåðåøåíà.

6
Xavier Allamigeon, Wenceslas Godard, Charles Hymans. Static Analysis of String Manipulations in Critical Embedded C Programs. Static Analysis: 13th International Symposium, SAS 2006, Seoul, Korea, August 29–31, 2006. Proceedings. Pages 35–51, 2006.
Total in-text references: 1
  1. In-text reference with the coordinate start=2794
    Prefix
    Ïîèñêïîäîáíûõäåôåêòîâñïîìîùüþñòàòè÷åñêîãîàíàëèçàÿâëÿåòñÿäîñòàòî÷íî ñëîæíîéçàäà÷åé.Âñâÿçèñâûñîêîéêðèòè÷íîñòüþäàííîãîâèäàäåôåêòîâ, ñòàòè÷åñêîìóïîèñêóñòðîêîâûõïåðåïîëíåíèéäëÿÿçûêàCïîñâÿùåíîìíîãî ðàáîò.Äëÿïîèñêàïîäîáíûõäåôåêòîâèñïîëüçóþòñÿðàçëè÷íûåìåòîäû:ñèìâîëüíîå âûïîëíåíèå[4,5],àáñòðàêòíàÿèíòåðïðåòàöèÿ
    Exact
    [6]
    Suffix
    ,àíàëèçïîòîêîâäàííûõ[8,9], îäíàêîèññëåäîâàíèÿäàííîãîäåôåêòàäëÿñòðîêC++íàéòèçíà÷èòåëüíîñëîæíåå. ×àñòè÷íîýòîîáúÿñíÿåòñÿòåì,÷òîìíîãèåâèäûîïåðàöèéñîñòðîêàìèCíåâîçìîæíî îñóùåñòâèòüòðèâèàëüíûìñïîñîáîìñîñòðîêàìèC++(íàïðèìåð,çàïîëíåíèåñ ïîìîùüþsprintf()),îäíàêîïîëíîñòüþýòàïðîáëåìàíåðåøåíà.

7
James C. King. Symbolic execution and program testing // Communications of the ACM, 1976. no. 7. vol. 19. pp. 385–394
Total in-text references: 1
  1. In-text reference with the coordinate start=3693
    Prefix
    ÍàñòîÿùàÿðàáîòàïîñâÿùåíàïîèñêóîáðàùåíèéêñòðîêàìC++ïîíåêîððåêòíîìó èíäåêñó.Ïðàêòè÷åñêèéèíòåðåññâÿçàíñèñïîëüçîâàíèåìÿçûêàC++äëÿ ïðîãðàììèðîâàíèÿâÎÑTizen.Âíàñòîÿùåéðàáîòåïðåäñòàâëåíñïîñîáïîèñêà äåôåêòîâ,ñâÿçàííûõñîáðàùåíèåìêñòðîêàìC++ïîíåêîððåêòíîìóèíäåêñó,ñ èñïîëüçîâàíèåììåòîäàñèìâîëüíîãîâûïîëíåíèÿ
    Exact
    [7]
    Suffix
    .Îñîáåííîñòüðàáîòûçàêëþ÷àåòñÿ âîòñóòñòâèèìîäåëèðîâàíèÿñîäåðæèìîãîñòðîêè.Âäàííîéðàáîòåìîäåëèðóåòñÿ òîëüêîäëèíàñòðîêè,÷òîÿâëÿåòñÿêîìïðîìèññîììåæäóòî÷íîñòüþïîèñêàèîáú¼ìîì îáðàáàòûâàåìîéèíôîðìàöèè.Êðîìåòîãî,ïîèñêäåôåêòîâïðîèçâîäèòñÿñïîìîùüþ ñòàòè÷åñêîãîàíàëèçà,áåçíåîáõîäèìîñòèâûïîëíåíèÿïðîãîíîâàíàëèçèðóåìîé ïðîãðàììû. 1.

8
David Larochelle, David Evans. Statically detecting likely buffer overflow vulnerabilities. In Proceedings of the 10th conference on USENIX Security Symposium – Volume 10, Article No. 14. USENIX Association Berkeley, CA, USA, 2001.
Total in-text references: 1
  1. In-text reference with the coordinate start=2817
    Prefix
    Ïîèñêïîäîáíûõäåôåêòîâñïîìîùüþñòàòè÷åñêîãîàíàëèçàÿâëÿåòñÿäîñòàòî÷íî ñëîæíîéçàäà÷åé.Âñâÿçèñâûñîêîéêðèòè÷íîñòüþäàííîãîâèäàäåôåêòîâ, ñòàòè÷åñêîìóïîèñêóñòðîêîâûõïåðåïîëíåíèéäëÿÿçûêàCïîñâÿùåíîìíîãî ðàáîò.Äëÿïîèñêàïîäîáíûõäåôåêòîâèñïîëüçóþòñÿðàçëè÷íûåìåòîäû:ñèìâîëüíîå âûïîëíåíèå[4,5],àáñòðàêòíàÿèíòåðïðåòàöèÿ[6],àíàëèçïîòîêîâäàííûõ
    Exact
    [8,9]
    Suffix
    , îäíàêîèññëåäîâàíèÿäàííîãîäåôåêòàäëÿñòðîêC++íàéòèçíà÷èòåëüíîñëîæíåå. ×àñòè÷íîýòîîáúÿñíÿåòñÿòåì,÷òîìíîãèåâèäûîïåðàöèéñîñòðîêàìèCíåâîçìîæíî îñóùåñòâèòüòðèâèàëüíûìñïîñîáîìñîñòðîêàìèC++(íàïðèìåð,çàïîëíåíèåñ ïîìîùüþsprintf()),îäíàêîïîëíîñòüþýòàïðîáëåìàíåðåøåíà.

9
Belevantsev Andrey, Malikov Oleg. Using Data Flow Analysis For Detecting Security Vulnerabilities // Proceedings of ISP RAS. 2006. no. 11, pp. 83–98. 2006.
Total in-text references: 1
  1. In-text reference with the coordinate start=2817
    Prefix
    Ïîèñêïîäîáíûõäåôåêòîâñïîìîùüþñòàòè÷åñêîãîàíàëèçàÿâëÿåòñÿäîñòàòî÷íî ñëîæíîéçàäà÷åé.Âñâÿçèñâûñîêîéêðèòè÷íîñòüþäàííîãîâèäàäåôåêòîâ, ñòàòè÷åñêîìóïîèñêóñòðîêîâûõïåðåïîëíåíèéäëÿÿçûêàCïîñâÿùåíîìíîãî ðàáîò.Äëÿïîèñêàïîäîáíûõäåôåêòîâèñïîëüçóþòñÿðàçëè÷íûåìåòîäû:ñèìâîëüíîå âûïîëíåíèå[4,5],àáñòðàêòíàÿèíòåðïðåòàöèÿ[6],àíàëèçïîòîêîâäàííûõ
    Exact
    [8,9]
    Suffix
    , îäíàêîèññëåäîâàíèÿäàííîãîäåôåêòàäëÿñòðîêC++íàéòèçíà÷èòåëüíîñëîæíåå. ×àñòè÷íîýòîîáúÿñíÿåòñÿòåì,÷òîìíîãèåâèäûîïåðàöèéñîñòðîêàìèCíåâîçìîæíî îñóùåñòâèòüòðèâèàëüíûìñïîñîáîìñîñòðîêàìèC++(íàïðèìåð,çàïîëíåíèåñ ïîìîùüþsprintf()),îäíàêîïîëíîñòüþýòàïðîáëåìàíåðåøåíà.

10
T.N. Romanova, A.V. Sidorin. Metod rezyume dlya razrabotki universalnogo mnogotselevogo analizatora kodov programm s vozmozhnostyu obnaruzheniya razlichnyih klassov defektov v programmah, sozdannyih s ispolzovaniem yazyikov C and C++ [Summary-based interprocedural analysis method for implementation in multi-purpose static C/C++ code analyzer]. Herald of the Bauman Moscow State Technical University, Instrument Engineering, no. 5, 2015. pp. 73–93.
Total in-text references: 1
  1. In-text reference with the coordinate start=12464
    Prefix
    find_last_not_of() Res←    V al:V al>0∧V al6Arg2∧V al < Lobj std::npos rfind(), Äàííûåïðàâèëàìîäåëèðîâàíèÿìåòîäîâïîèñêàïîçâîëÿþòäîñòàòî÷íîòî÷íî ìîäåëèðîâàòüâîçâðàùàåìîåçíà÷åíèå.Áîëååòî÷íîåìîäåëèðîâàíèåóæåäîëæíî ó÷èòûâàòüâîçìîæíîåñîäåðæèìîåñòðîêè. ÍàóêàèÎáðàçîâàíèå.ÌÃÒÓèì.Í.Ý.Áàóìàíà181 4.Ìåæïðîöåäóðíûéàíàëèç Âäàííîéðàáîòåèñïîëüçóåòñÿìåæïðîöåäóðíûéàíàëèçñèñïîëüçîâàíèåìðåçþìå âûçûâàåìîéôóíêöèè
    Exact
    [10]
    Suffix
    .Äàííûéìåòîäïîäðàçóìåâàåòàíàëèçôóíêöèèâíåêîíòåêñòà âûçîâàñîñáîðîìå¼ðåçþìåèïðèìåíåíèåìïîëó÷åííîãîðåçþìå. Âäàííîéðàáîòåðàçäåëðåçþìåôóíêöèèäëÿìîäåëèðîâàíèÿäëèíñòðîê ïðåäñòàâëÿåòñÿñëîâàð¼ì,îòîáðàæàþùèìèäåíòèôèêàòîðûñòðîêíàèõñèìâîëüíûå çíà÷åíèÿäëèí.

11
Clang Static Analyzer. http://clang-analyzer.llvm.org/ (access date 17.02.2016). ScienceandEducationoftheBaumanMSTU186
Total in-text references: 1
  1. In-text reference with the coordinate start=13951
    Prefix
    ÏîñêîëüêóRefStrïåðåäàíàïîíåêîíñòàíòíîéññûëêåèìîäèôèöèðîâàíà,âðåçóëüòàòå âûçîâàôóíêöèèäëèíàñòðîêèLocalñòàíîâèòñÿ(LP aram+ 3) + 5 =LP aram+ 8. Çàêëþ÷åíèå Íàîñíîâåðàçðàáîòàííûõïðàâèëáûëðåàëèçîâàíäîïîëíèòåëüíûéïðîâåðÿþùèé ìîäóëüäëÿñòàòè÷åñêîãîàíàëèçàòîðàClangStaticAnalyzer
    Exact
    [11]
    Suffix
    äëÿâèäàäåôåêòà, ðàíååíåíàõîäèìîãîäàííûìàíàëèçàòîðîì.Ýòîòïðîâåðÿþùèéìîäóëüáûëîïðîáîâàí íàèñõîäíîìêîäåïîëüçîâàòåëüñêèõîêðóæåíèéîïåðàöèîííûõñèñòåìAndroidèTizen.Âðåçóëüòàòåèçìåðåíèÿâðåìåíèðàáîòûáûëîóñòàíîâëåíîçàìåäëåíèåðàáîòû àíàëèçàòîðàâñåãîíà5%,÷òîÿâëÿåòñÿõîðîøèìðåçóëüòàòîì.