The 11 references with contexts in paper A. Sidorin V., А. Сидорин В. (2016) “Метод поиска обращений по некорректному индексу к строкам C++ // A method for searching of C++ string accesses with an incorrect index” / spz:neicon:technomag:y:2016:i:5:p:175-186

1
Working Draft, Standard for Programming Language C++. ISO/IEC N4296, 2014.
Total in-text references: 1
  1. In-text reference with the coordinate start=1589
    Prefix
    âðåìåíè,òðåáóåòáîëüøîãîêîëè÷åñòâàñïåöèàëèñòîâ,îäíàêîíåãàðàíòèðóåòïîëíîãî èëèäàæåïðèåìëåìîãîïîêðûòèÿïðîãðàììû.Âñâÿçèñýòèìâíàñòîÿùååâðåìÿ âñ¼áîëüøååðàñïðîñòðàíåíèåïîëó÷àþòèíñòðóìåíòû,ïðåäíàçíà÷åííûåäëÿïîèñêà äåôåêòîââïðîãðàììíîìêîäåñòàòè÷åñêîãîàíàëèçàêîäà. ÑòðîêèSTL(êëàññstd::string)ÿâëÿþòñÿîäíèìèçíàèáîëåå÷àñòîèñïîëüçóåìûõ âîçìîæíîñòåé,ïðåäîñòàâëÿåìûõñòàíäàðòíîéáèáëèîòåêîéÿçûêàC++
    Exact
    [1]
    Suffix
    .Ýòî îáóñëîâëåíîòåì,÷òîïðàêòè÷åñêèëþáàÿïðîãðàììàíóæäàåòñÿâñðåäñòâàõòåêñòîâîãî ïðåäñòàâëåíèÿèíôîðìàöèèèå¼îáðàáîòêè.Âìåñòåñòåì,ñòðîêèC++,êàêèìíîãèå ðåàëèçàöèèñòðîêäðóãèõÿçûêîâ,ïîäâåðæåíûïðîáëåìåîáðàùåíèÿêñòðîêåïî íåêîððåêòíîìóèíäåêñó,âûõîäÿùåìóçàïðåäåëûñòðîêè.

2
Robert C. Seacord Secure Coding in C and C++, 2nd Edition. Addison-Wesley Professional, 2013. — 545 p.
Total in-text references: 1
  1. In-text reference with the coordinate start=2433
    Prefix
    ).Âïðîòèâíîìñëó÷àå,ïðèèñïîëüçîâàíèè ìåòîäàat()äîëæíîáûòüñãåíåðèðîâàíîèñêëþ÷åíèå;ïðèèñïîëüçîâàíèèîïåðàòîðà []ïðîâåðêàèíäåêñàíàêîððåêòíîñòüíåâûïîëíÿåòñÿ,èïîâåäåíèåïðîãðàììûâ ýòîìñëó÷àåíåîïðåäåëåíî.Ñëåäñòâèåìïîäîáíîãîäåôåêòàìîæåòñòàòüàâàðèéíîå çàâåðøåíèåïðîãðàììûèèñêàæåíèåäàííûõ,ñêîòîðûìèðàáîòàåòïðîãðàììà,à òàêæåíàðóøåíèÿáåçîïàñíîñòè,÷òîïîçâîëÿåòêëàññèôèöèðîâàòüäàííûéäåôåêòêàê êðèòè÷åñêèé
    Exact
    [2]
    Suffix
    .Ýòîòêëàññäåôåêòîâîïðåäåë¼íâêëàññèôèêàöèèCERTêàêSTR53CPP[3]. Ïîèñêïîäîáíûõäåôåêòîâñïîìîùüþñòàòè÷åñêîãîàíàëèçàÿâëÿåòñÿäîñòàòî÷íî ñëîæíîéçàäà÷åé.Âñâÿçèñâûñîêîéêðèòè÷íîñòüþäàííîãîâèäàäåôåêòîâ, ñòàòè÷åñêîìóïîèñêóñòðîêîâûõïåðåïîëíåíèéäëÿÿçûêàCïîñâÿùåíîìíîãî ðàáîò.

3
STR53-CPP. Range check element access. https:// www.securecoding.cert.org/confluence/display/cplusplus/STR53CPP.+Range+check+element+access (access date 16.02.2016)
Total in-text references: 1
  1. In-text reference with the coordinate start=2493
    Prefix
    ÷åíèå;ïðèèñïîëüçîâàíèèîïåðàòîðà []ïðîâåðêàèíäåêñàíàêîððåêòíîñòüíåâûïîëíÿåòñÿ,èïîâåäåíèåïðîãðàììûâ ýòîìñëó÷àåíåîïðåäåëåíî.Ñëåäñòâèåìïîäîáíîãîäåôåêòàìîæåòñòàòüàâàðèéíîå çàâåðøåíèåïðîãðàììûèèñêàæåíèåäàííûõ,ñêîòîðûìèðàáîòàåòïðîãðàììà,à òàêæåíàðóøåíèÿáåçîïàñíîñòè,÷òîïîçâîëÿåòêëàññèôèöèðîâàòüäàííûéäåôåêòêàê êðèòè÷åñêèé[2].Ýòîòêëàññäåôåêòîâîïðåäåë¼íâêëàññèôèêàöèèCERTêàêSTR53CPP
    Exact
    [3]
    Suffix
    . Ïîèñêïîäîáíûõäåôåêòîâñïîìîùüþñòàòè÷åñêîãîàíàëèçàÿâëÿåòñÿäîñòàòî÷íî ñëîæíîéçàäà÷åé.Âñâÿçèñâûñîêîéêðèòè÷íîñòüþäàííîãîâèäàäåôåêòîâ, ñòàòè÷åñêîìóïîèñêóñòðîêîâûõïåðåïîëíåíèéäëÿÿçûêàCïîñâÿùåíîìíîãî ðàáîò.Äëÿïîèñêàïîäîáíûõäåôåêòîâèñïîëüçóþòñÿðàçëè÷íûåìåòîäû:ñèìâîëüíîå âûïîëíåíèå[4,5],àáñòðàêòíàÿèíòåðïðåòàöèÿ[6],àíàëèçïîòîêîâäàííûõ[8,9], îäíàêîèññëåäîâàíèÿäàííîãîäåôåêòàäëÿñòðîêC++íàéòèçíà÷èòåëüíîñëîæíåå

4
Lian Li, Cristina Cifuentes, Nathan Keynes. Practical and effective symbolic analysis for buffer overflow detection. In Proceedings of the Eighteenth ACM SIGSOFT International Symposium on Foundations of Software Engineering, FSE ’10, pages 317–326, New York, NY, USA, 2010. ACM.
Total in-text references: 1
  1. In-text reference with the coordinate start=2765
    Prefix
    Ïîèñêïîäîáíûõäåôåêòîâñïîìîùüþñòàòè÷åñêîãîàíàëèçàÿâëÿåòñÿäîñòàòî÷íî ñëîæíîéçàäà÷åé.Âñâÿçèñâûñîêîéêðèòè÷íîñòüþäàííîãîâèäàäåôåêòîâ, ñòàòè÷åñêîìóïîèñêóñòðîêîâûõïåðåïîëíåíèéäëÿÿçûêàCïîñâÿùåíîìíîãî ðàáîò.Äëÿïîèñêàïîäîáíûõäåôåêòîâèñïîëüçóþòñÿðàçëè÷íûåìåòîäû:ñèìâîëüíîå âûïîëíåíèå
    Exact
    [4,5]
    Suffix
    ,àáñòðàêòíàÿèíòåðïðåòàöèÿ[6],àíàëèçïîòîêîâäàííûõ[8,9], îäíàêîèññëåäîâàíèÿäàííîãîäåôåêòàäëÿñòðîêC++íàéòèçíà÷èòåëüíîñëîæíåå. ×àñòè÷íîýòîîáúÿñíÿåòñÿòåì,÷òîìíîãèåâèäûîïåðàöèéñîñòðîêàìèCíåâîçìîæíî îñóùåñòâèòüòðèâèàëüíûìñïîñîáîìñîñòðîêàìèC++(íàïðèìåð,çàïîëíåíèåñ ïîìîùüþsprintf()),îäíàêîïîëíîñòüþýòàïðîáëåìàíåðåøåíà.

5
Ru-Gang Xu, Patrice Godefroid, Rupak Majumdar. Testing for Buffer Overflows with Length Abstraction. In Proceedings of the 2008 international symposium on Software testing and analysis, ISSTA ’08, pages 27–38, New York, NY, USA, 2008. ACM.
Total in-text references: 1
  1. In-text reference with the coordinate start=2765
    Prefix
    Ïîèñêïîäîáíûõäåôåêòîâñïîìîùüþñòàòè÷åñêîãîàíàëèçàÿâëÿåòñÿäîñòàòî÷íî ñëîæíîéçàäà÷åé.Âñâÿçèñâûñîêîéêðèòè÷íîñòüþäàííîãîâèäàäåôåêòîâ, ñòàòè÷åñêîìóïîèñêóñòðîêîâûõïåðåïîëíåíèéäëÿÿçûêàCïîñâÿùåíîìíîãî ðàáîò.Äëÿïîèñêàïîäîáíûõäåôåêòîâèñïîëüçóþòñÿðàçëè÷íûåìåòîäû:ñèìâîëüíîå âûïîëíåíèå
    Exact
    [4,5]
    Suffix
    ,àáñòðàêòíàÿèíòåðïðåòàöèÿ[6],àíàëèçïîòîêîâäàííûõ[8,9], îäíàêîèññëåäîâàíèÿäàííîãîäåôåêòàäëÿñòðîêC++íàéòèçíà÷èòåëüíîñëîæíåå. ×àñòè÷íîýòîîáúÿñíÿåòñÿòåì,÷òîìíîãèåâèäûîïåðàöèéñîñòðîêàìèCíåâîçìîæíî îñóùåñòâèòüòðèâèàëüíûìñïîñîáîìñîñòðîêàìèC++(íàïðèìåð,çàïîëíåíèåñ ïîìîùüþsprintf()),îäíàêîïîëíîñòüþýòàïðîáëåìàíåðåøåíà.

6
Xavier Allamigeon, Wenceslas Godard, Charles Hymans. Static Analysis of String Manipulations in Critical Embedded C Programs. Static Analysis: 13th International Symposium, SAS 2006, Seoul, Korea, August 29–31, 2006. Proceedings. Pages 35–51, 2006.
Total in-text references: 1
  1. In-text reference with the coordinate start=2795
    Prefix
    Ïîèñêïîäîáíûõäåôåêòîâñïîìîùüþñòàòè÷åñêîãîàíàëèçàÿâëÿåòñÿäîñòàòî÷íî ñëîæíîéçàäà÷åé.Âñâÿçèñâûñîêîéêðèòè÷íîñòüþäàííîãîâèäàäåôåêòîâ, ñòàòè÷åñêîìóïîèñêóñòðîêîâûõïåðåïîëíåíèéäëÿÿçûêàCïîñâÿùåíîìíîãî ðàáîò.Äëÿïîèñêàïîäîáíûõäåôåêòîâèñïîëüçóþòñÿðàçëè÷íûåìåòîäû:ñèìâîëüíîå âûïîëíåíèå[4,5],àáñòðàêòíàÿèíòåðïðåòàöèÿ
    Exact
    [6]
    Suffix
    ,àíàëèçïîòîêîâäàííûõ[8,9], îäíàêîèññëåäîâàíèÿäàííîãîäåôåêòàäëÿñòðîêC++íàéòèçíà÷èòåëüíîñëîæíåå. ×àñòè÷íîýòîîáúÿñíÿåòñÿòåì,÷òîìíîãèåâèäûîïåðàöèéñîñòðîêàìèCíåâîçìîæíî îñóùåñòâèòüòðèâèàëüíûìñïîñîáîìñîñòðîêàìèC++(íàïðèìåð,çàïîëíåíèåñ ïîìîùüþsprintf()),îäíàêîïîëíîñòüþýòàïðîáëåìàíåðåøåíà.

7
James C. King. Symbolic execution and program testing // Communications of the ACM, 1976. no. 7. vol. 19. pp. 385–394
Total in-text references: 1
  1. In-text reference with the coordinate start=3694
    Prefix
    ÍàñòîÿùàÿðàáîòàïîñâÿùåíàïîèñêóîáðàùåíèéêñòðîêàìC++ïîíåêîððåêòíîìó èíäåêñó.Ïðàêòè÷åñêèéèíòåðåññâÿçàíñèñïîëüçîâàíèåìÿçûêàC++äëÿ ïðîãðàììèðîâàíèÿâÎÑTizen.Âíàñòîÿùåéðàáîòåïðåäñòàâëåíñïîñîáïîèñêà äåôåêòîâ,ñâÿçàííûõñîáðàùåíèåìêñòðîêàìC++ïîíåêîððåêòíîìóèíäåêñó,ñ èñïîëüçîâàíèåììåòîäàñèìâîëüíîãîâûïîëíåíèÿ
    Exact
    [7]
    Suffix
    .Îñîáåííîñòüðàáîòûçàêëþ÷àåòñÿ âîòñóòñòâèèìîäåëèðîâàíèÿñîäåðæèìîãîñòðîêè.Âäàííîéðàáîòåìîäåëèðóåòñÿ òîëüêîäëèíàñòðîêè,÷òîÿâëÿåòñÿêîìïðîìèññîììåæäóòî÷íîñòüþïîèñêàèîáú¼ìîì îáðàáàòûâàåìîéèíôîðìàöèè.Êðîìåòîãî,ïîèñêäåôåêòîâïðîèçâîäèòñÿñïîìîùüþ ñòàòè÷åñêîãîàíàëèçà,áåçíåîáõîäèìîñòèâûïîëíåíèÿïðîãîíîâàíàëèçèðóåìîé ïðîãðàììû. 1.

8
David Larochelle, David Evans. Statically detecting likely buffer overflow vulnerabilities. In Proceedings of the 10th conference on USENIX Security Symposium – Volume 10, Article No. 14. USENIX Association Berkeley, CA, USA, 2001.
Total in-text references: 1
  1. In-text reference with the coordinate start=2818
    Prefix
    Ïîèñêïîäîáíûõäåôåêòîâñïîìîùüþñòàòè÷åñêîãîàíàëèçàÿâëÿåòñÿäîñòàòî÷íî ñëîæíîéçàäà÷åé.Âñâÿçèñâûñîêîéêðèòè÷íîñòüþäàííîãîâèäàäåôåêòîâ, ñòàòè÷åñêîìóïîèñêóñòðîêîâûõïåðåïîëíåíèéäëÿÿçûêàCïîñâÿùåíîìíîãî ðàáîò.Äëÿïîèñêàïîäîáíûõäåôåêòîâèñïîëüçóþòñÿðàçëè÷íûåìåòîäû:ñèìâîëüíîå âûïîëíåíèå[4,5],àáñòðàêòíàÿèíòåðïðåòàöèÿ[6],àíàëèçïîòîêîâäàííûõ
    Exact
    [8,9]
    Suffix
    , îäíàêîèññëåäîâàíèÿäàííîãîäåôåêòàäëÿñòðîêC++íàéòèçíà÷èòåëüíîñëîæíåå. ×àñòè÷íîýòîîáúÿñíÿåòñÿòåì,÷òîìíîãèåâèäûîïåðàöèéñîñòðîêàìèCíåâîçìîæíî îñóùåñòâèòüòðèâèàëüíûìñïîñîáîìñîñòðîêàìèC++(íàïðèìåð,çàïîëíåíèåñ ïîìîùüþsprintf()),îäíàêîïîëíîñòüþýòàïðîáëåìàíåðåøåíà.

9
Belevantsev Andrey, Malikov Oleg. Using Data Flow Analysis For Detecting Security Vulnerabilities // Proceedings of ISP RAS. 2006. no. 11, pp. 83–98. 2006.
Total in-text references: 1
  1. In-text reference with the coordinate start=2818
    Prefix
    Ïîèñêïîäîáíûõäåôåêòîâñïîìîùüþñòàòè÷åñêîãîàíàëèçàÿâëÿåòñÿäîñòàòî÷íî ñëîæíîéçàäà÷åé.Âñâÿçèñâûñîêîéêðèòè÷íîñòüþäàííîãîâèäàäåôåêòîâ, ñòàòè÷åñêîìóïîèñêóñòðîêîâûõïåðåïîëíåíèéäëÿÿçûêàCïîñâÿùåíîìíîãî ðàáîò.Äëÿïîèñêàïîäîáíûõäåôåêòîâèñïîëüçóþòñÿðàçëè÷íûåìåòîäû:ñèìâîëüíîå âûïîëíåíèå[4,5],àáñòðàêòíàÿèíòåðïðåòàöèÿ[6],àíàëèçïîòîêîâäàííûõ
    Exact
    [8,9]
    Suffix
    , îäíàêîèññëåäîâàíèÿäàííîãîäåôåêòàäëÿñòðîêC++íàéòèçíà÷èòåëüíîñëîæíåå. ×àñòè÷íîýòîîáúÿñíÿåòñÿòåì,÷òîìíîãèåâèäûîïåðàöèéñîñòðîêàìèCíåâîçìîæíî îñóùåñòâèòüòðèâèàëüíûìñïîñîáîìñîñòðîêàìèC++(íàïðèìåð,çàïîëíåíèåñ ïîìîùüþsprintf()),îäíàêîïîëíîñòüþýòàïðîáëåìàíåðåøåíà.

10
T.N. Romanova, A.V. Sidorin. Metod rezyume dlya razrabotki universalnogo mnogotselevogo analizatora kodov programm s vozmozhnostyu obnaruzheniya razlichnyih klassov defektov v programmah, sozdannyih s ispolzovaniem yazyikov C and C++ [Summary-based interprocedural analysis method for implementation in multi-purpose static C/C++ code analyzer]. Herald of the Bauman Moscow State Technical University, Instrument Engineering, no. 5, 2015. pp. 73–93.
Total in-text references: 1
  1. In-text reference with the coordinate start=12465
    Prefix
    ∧V al < Lobj std::npos rfind(), find_last_of(), find_last_not_of() Res←    V al:V al>0∧V al6Arg2∧V al < Lobj std::npos Äàííûåïðàâèëàìîäåëèðîâàíèÿìåòîäîâïîèñêàïîçâîëÿþòäîñòàòî÷íîòî÷íî ìîäåëèðîâàòüâîçâðàùàåìîåçíà÷åíèå.Áîëååòî÷íîåìîäåëèðîâàíèåóæåäîëæíî ó÷èòûâàòüâîçìîæíîåñîäåðæèìîåñòðîêè. 4.Ìåæïðîöåäóðíûéàíàëèç Âäàííîéðàáîòåèñïîëüçóåòñÿìåæïðîöåäóðíûéàíàëèçñèñïîëüçîâàíèåìðåçþìå âûçûâàåìîéôóíêöèè
    Exact
    [10]
    Suffix
    .Äàííûéìåòîäïîäðàçóìåâàåòàíàëèçôóíêöèèâíåêîíòåêñòà âûçîâàñîñáîðîìå¼ðåçþìåèïðèìåíåíèåìïîëó÷åííîãîðåçþìå. Âäàííîéðàáîòåðàçäåëðåçþìåôóíêöèèäëÿìîäåëèðîâàíèÿäëèíñòðîê ïðåäñòàâëÿåòñÿñëîâàð¼ì,îòîáðàæàþùèìèäåíòèôèêàòîðûñòðîêíàèõñèìâîëüíûå çíà÷åíèÿäëèí.

11
Clang Static Analyzer. http://clang-analyzer.llvm.org/ (access date 17.02.2016).
Total in-text references: 1
  1. In-text reference with the coordinate start=13952
    Prefix
    ÏîñêîëüêóRefStrïåðåäàíàïîíåêîíñòàíòíîéññûëêåèìîäèôèöèðîâàíà,âðåçóëüòàòå âûçîâàôóíêöèèäëèíàñòðîêèLocalñòàíîâèòñÿ(LP aram+ 3) + 5 =LP aram+ 8. Çàêëþ÷åíèå Íàîñíîâåðàçðàáîòàííûõïðàâèëáûëðåàëèçîâàíäîïîëíèòåëüíûéïðîâåðÿþùèé ìîäóëüäëÿñòàòè÷åñêîãîàíàëèçàòîðàClangStaticAnalyzer
    Exact
    [11]
    Suffix
    äëÿâèäàäåôåêòà, ðàíååíåíàõîäèìîãîäàííûìàíàëèçàòîðîì.Ýòîòïðîâåðÿþùèéìîäóëüáûëîïðîáîâàí íàèñõîäíîìêîäåïîëüçîâàòåëüñêèõîêðóæåíèéîïåðàöèîííûõñèñòåìAndroidèTizen.Âðåçóëüòàòåèçìåðåíèÿâðåìåíèðàáîòûáûëîóñòàíîâëåíîçàìåäëåíèåðàáîòû àíàëèçàòîðàâñåãîíà5%,÷òîÿâëÿåòñÿõîðîøèìðåçóëüòàòîì.