Abstract: Buffer overflow can cause very serious security problems and bring serious threats to networks and distributed systems such as clusters, Grids, P2P systems. Array bounds overflow is an important instance of buffer overflow. How to check array bounds overflow is an important and meaningful issue. In this paper, it presents a runtime verification method for checking array bounds overflow. It analyzes the various classes of array bounds overflow errors. Based on the classification, it investigates the various verification methods. It studies the algorithms for dynamic checking of array bounds overflow based on program instrumentation, implements the algorithms based on the open source compiler Clang. The experimental results show that this method is feasible and efficient.

Key words: array bounds overflow, runtime verification, program instrumentation

摘要： 缓存区溢出能引起非常严重的安全问题，对网络和分布式系统（如机群，网格，P2P系统等）构成严重威胁。数组越界在缓存区溢出中占据重要位置，如何检测数组越界错误是一个重要且极具意义的课题。针对该课题，给出一种对C语言数组越界进行运行时验证的方法。分析了数组越界的错误类型，根据这些类型分别研究了数组越界的运行时验证的思想;设计了基于程序插桩进行数组越界动态检测的算法，给出了该方法基于开源编译器Clang的具体实现;用实验证明了该方法是切实可行并且有效的。

关键词: 数组越界, 运行时验证, 程序插桩