Value-Range Analysis of C Programs describes a static analysis for detecting buffer overflows. A buffer overflow in a C program occurs when input is read into a memory buffer whose length exceeds that of the buffer. Overflows usually lead to crashes and may even enable a malicious person to gain control over a computer system. They are recognised as one of the most widespread forms of computer vulnerability. Based on the analysis of a standard mail-forwarding program, necessary refinements of the basic analysis are examined, thereby paving the way for an analysis that is precise enough to prove the absence of buffer overflows in legacy C code.
From the reviews: "This book describes a static analysis that aims to prove the absence of buffer overflows in C programs. … The book formally describes how program operations are mapped to operations on polyhedra. … Many concepts presented here carry over to other languages such as Java or assembler. So it will be useful to any researcher and student with an interest in static analysis of real-world programming languages." (Stefan Meyer, Zentralblatt MATH, Vol. 1155, 2009)