Proceedings of the 2014 International Symposium on Software Testing and Analysis 2014
DOI: 10.1145/2610384.2610417
|View full text |Cite
|
Sign up to set email alerts
|

A type system for format strings

Abstract: Most programming languages support format strings, but their use is error-prone. Using the wrong format string syntax, or passing the wrong number or type of arguments, leads to unintelligible text output, program crashes, or security vulnerabilities.This paper presents a type system that guarantees that calls to format string APIs will never fail. In Java, this means that the API will not throw exceptions. In C, this means that the API will not return negative values, corrupt memory, etc.We instantiated this … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1

Citation Types

0
12
0

Year Published

2014
2014
2024
2024

Publication Types

Select...
4
1

Relationship

2
3

Authors

Journals

citations
Cited by 10 publications
(12 citation statements)
references
References 16 publications
0
12
0
Order By: Relevance
“…Qualifier systems have been developed in these frameworks for checking software properties such as null safety [8], [33], tainting [8], [33], format strings [35], [44], internationalization [33], regular expressions [36], UI threading [17], ownership [20], and immutability [21], [33], [40], [46].…”
Section: Type Qualifiersmentioning
confidence: 99%
See 1 more Smart Citation
“…Qualifier systems have been developed in these frameworks for checking software properties such as null safety [8], [33], tainting [8], [33], format strings [35], [44], internationalization [33], regular expressions [36], UI threading [17], ownership [20], and immutability [21], [33], [40], [46].…”
Section: Type Qualifiersmentioning
confidence: 99%
“…Researchers have developed many qualifier systems to check software properties such as concurrency [17], ownership [20], [39], immutability [21], [40], safety against null dereferences [8], [33], and security [8], [16], [33], [35], [44]. Java 8 supports the syntactic features required by qualifier systems [2].…”
Section: Introductionmentioning
confidence: 99%
“…This paper presents the Format String Checker that is based on the format string type system presented in [3]. The Format String Checker guarantees that calls to Java's Formatter API will not throw exceptions.…”
Section: Introductionmentioning
confidence: 99%
“…In a previous paper [3], we presented the format string type system that promises to detect and prevent the incorrect use of format methods. The paper evaluates an implementation of the type system (Section 7), and compares it to the related work (Section 8).…”
Section: Introductionmentioning
confidence: 99%
See 1 more Smart Citation