Buffer overflows are a common cause of security vulnerabilities in system code. Specifically, a buffer overflow occurs when a process stores or reads data in a buffer outside of the memory allocated for the process. The overflow may cause diverse errors including erratic program behavior, memory access errors, incorrect results, program crashes, and security breaches. A variety of techniques have been developed to attempt to locate buffer overflows in code before they occur, including both dynamic and static techniques.
More specifically, a variety of software tools have been developed for performing static analyses of source code. For example, C language source code may be analyzed by a software tool capable of locating suspicious code (e.g., buffer overflows, structured query language injections, deadlocks, race conditions, etc.) that is likely to cause an error. Typically, a static analysis of source code is performed using an abstraction (i.e., a model) of the program associated with the source code. While various techniques have been developed to speed up static analyses, the efficiencies gained from the various techniques typically come at the cost of less accurate results.
In addition, partial evaluation was originally introduced more than 30 years ago, and has been applied in a variety of applications including program optimization by specialization. A partial evaluation may be performed by locating static input data in a program (and propagated in the program flow) and then computing expressions and statements using the static input data at compile-time, which results in a faster but semantically equivalent program. The newly generated program may be referred to as a residual program. However, the application of partial evaluations is typically focused on program optimizations during execution.