%!PS-Adobe-2.0
%%Creator: dvips(k) 5.95a Copyright 2005 Radical Eye Software
%%Title: paper.dvi
%%Pages: 21
%%PageOrder: Ascend
%%BoundingBox: 0 0 612 792
%%DocumentFonts: Times-Bold Times-Roman Times-Italic CMR10 CMMI10 CMSY10
%%+ CMMI8 CMSY8 CMR8 Courier CMR9 MSAM10 CMR7
%%DocumentPaperSizes: Letter
%%EndComments
%DVIPSWebPage: (www.radicaleye.com)
%DVIPSCommandLine: dvips -K -P amz -P cmz -t letter -o paper.ps paper
%DVIPSParameters: dpi=600, comments removed
%DVIPSSource:  TeX output 2006.12.12:1113
%%BeginProcSet: tex.pro 0 0
/TeXDict 300 dict def TeXDict begin/N{def}def/B{bind def}N/S{exch}N/X{S
N}B/A{dup}B/TR{translate}N/isls false N/vsize 11 72 mul N/hsize 8.5 72
mul N/landplus90{false}def/@rigin{isls{[0 landplus90{1 -1}{-1 1}ifelse 0
0 0]concat}if 72 Resolution div 72 VResolution div neg scale isls{
landplus90{VResolution 72 div vsize mul 0 exch}{Resolution -72 div hsize
mul 0}ifelse TR}if Resolution VResolution vsize -72 div 1 add mul TR[
matrix currentmatrix{A A round sub abs 0.00001 lt{round}if}forall round
exch round exch]setmatrix}N/@landscape{/isls true N}B/@manualfeed{
statusdict/manualfeed true put}B/@copies{/#copies X}B/FMat[1 0 0 -1 0 0]
N/FBB[0 0 0 0]N/nn 0 N/IEn 0 N/ctr 0 N/df-tail{/nn 8 dict N nn begin
/FontType 3 N/FontMatrix fntrx N/FontBBox FBB N string/base X array
/BitMaps X/BuildChar{CharBuilder}N/Encoding IEn N end A{/foo setfont}2
array copy cvx N load 0 nn put/ctr 0 N[}B/sf 0 N/df{/sf 1 N/fntrx FMat N
df-tail}B/dfs{div/sf X/fntrx[sf 0 0 sf neg 0 0]N df-tail}B/E{pop nn A
definefont setfont}B/Cw{Cd A length 5 sub get}B/Ch{Cd A length 4 sub get
}B/Cx{128 Cd A length 3 sub get sub}B/Cy{Cd A length 2 sub get 127 sub}
B/Cdx{Cd A length 1 sub get}B/Ci{Cd A type/stringtype ne{ctr get/ctr ctr
1 add N}if}B/CharBuilder{save 3 1 roll S A/base get 2 index get S
/BitMaps get S get/Cd X pop/ctr 0 N Cdx 0 Cx Cy Ch sub Cx Cw add Cy
setcachedevice Cw Ch true[1 0 0 -1 -.1 Cx sub Cy .1 sub]{Ci}imagemask
restore}B/D{/cc X A type/stringtype ne{]}if nn/base get cc ctr put nn
/BitMaps get S ctr S sf 1 ne{A A length 1 sub A 2 index S get sf div put
}if put/ctr ctr 1 add N}B/I{cc 1 add D}B/bop{userdict/bop-hook known{
bop-hook}if/SI save N @rigin 0 0 moveto/V matrix currentmatrix A 1 get A
mul exch 0 get A mul add .99 lt{/QV}{/RV}ifelse load def pop pop}N/eop{
SI restore userdict/eop-hook known{eop-hook}if showpage}N/@start{
userdict/start-hook known{start-hook}if pop/VResolution X/Resolution X
1000 div/DVImag X/IEn 256 array N 2 string 0 1 255{IEn S A 360 add 36 4
index cvrs cvn put}for pop 65781.76 div/vsize X 65781.76 div/hsize X}N
/p{show}N/RMat[1 0 0 -1 0 0]N/BDot 260 string N/Rx 0 N/Ry 0 N/V{}B/RV/v{
/Ry X/Rx X V}B statusdict begin/product where{pop false[(Display)(NeXT)
(LaserWriter 16/600)]{A length product length le{A length product exch 0
exch getinterval eq{pop true exit}if}{pop}ifelse}forall}{false}ifelse
end{{gsave TR -.1 .1 TR 1 1 scale Rx Ry false RMat{BDot}imagemask
grestore}}{{gsave TR -.1 .1 TR Rx Ry scale 1 1 false RMat{BDot}
imagemask grestore}}ifelse B/QV{gsave newpath transform round exch round
exch itransform moveto Rx 0 rlineto 0 Ry neg rlineto Rx neg 0 rlineto
fill grestore}B/a{moveto}B/delta 0 N/tail{A/delta X 0 rmoveto}B/M{S p
delta add tail}B/b{S p tail}B/c{-4 M}B/d{-3 M}B/e{-2 M}B/f{-1 M}B/g{0 M}
B/h{1 M}B/i{2 M}B/j{3 M}B/k{4 M}B/w{0 rmoveto}B/l{p -4 w}B/m{p -3 w}B/n{
p -2 w}B/o{p -1 w}B/q{p 1 w}B/r{p 2 w}B/s{p 3 w}B/t{p 4 w}B/x{0 S
rmoveto}B/y{3 2 roll p a}B/bos{/SS save N}B/eos{SS restore}B end

%%EndProcSet
%%BeginProcSet: 8r.enc 0 0
% File 8r.enc  TeX Base 1 Encoding  Revision 2.0  2002-10-30
%
% @@psencodingfile@{
%   author    = "S. Rahtz, P. MacKay, Alan Jeffrey, B. Horn, K. Berry,
%                W. Schmidt, P. Lehman",
%   version   = "2.0",
%   date      = "30 October 2002",
%   filename  = "8r.enc",
%   email     = "tex-fonts@@tug.org",
%   docstring = "This is the encoding vector for Type1 and TrueType
%                fonts to be used with TeX.  This file is part of the
%                PSNFSS bundle, version 9"
% @}
% 
% The idea is to have all the characters normally included in Type 1 fonts
% available for typesetting. This is effectively the characters in Adobe
% Standard encoding, ISO Latin 1, Windows ANSI including the euro symbol,
% MacRoman, and some extra characters from Lucida.
% 
% Character code assignments were made as follows:
% 
% (1) the Windows ANSI characters are almost all in their Windows ANSI
% positions, because some Windows users cannot easily reencode the
% fonts, and it makes no difference on other systems. The only Windows
% ANSI characters not available are those that make no sense for
% typesetting -- rubout (127 decimal), nobreakspace (160), softhyphen
% (173). quotesingle and grave are moved just because it's such an
% irritation not having them in TeX positions.
% 
% (2) Remaining characters are assigned arbitrarily to the lower part
% of the range, avoiding 0, 10 and 13 in case we meet dumb software.
% 
% (3) Y&Y Lucida Bright includes some extra text characters; in the
% hopes that other PostScript fonts, perhaps created for public
% consumption, will include them, they are included starting at 0x12.
% These are /dotlessj /ff /ffi /ffl.
% 
% (4) hyphen appears twice for compatibility with both ASCII and Windows.
%
% (5) /Euro was assigned to 128, as in Windows ANSI
%
% (6) Missing characters from MacRoman encoding incorporated as follows:
%
%     PostScript      MacRoman        TeXBase1
%     --------------  --------------  --------------
%     /notequal       173             0x16
%     /infinity       176             0x17
%     /lessequal      178             0x18
%     /greaterequal   179             0x19
%     /partialdiff    182             0x1A
%     /summation      183             0x1B
%     /product        184             0x1C
%     /pi             185             0x1D
%     /integral       186             0x81
%     /Omega          189             0x8D
%     /radical        195             0x8E
%     /approxequal    197             0x8F
%     /Delta          198             0x9D
%     /lozenge        215             0x9E
%
/TeXBase1Encoding [
% 0x00
 /.notdef /dotaccent /fi /fl
 /fraction /hungarumlaut /Lslash /lslash
 /ogonek /ring /.notdef /breve
 /minus /.notdef /Zcaron /zcaron
% 0x10
 /caron /dotlessi /dotlessj /ff
 /ffi /ffl /notequal /infinity
 /lessequal /greaterequal /partialdiff /summation
 /product /pi /grave /quotesingle
% 0x20
 /space /exclam /quotedbl /numbersign
 /dollar /percent /ampersand /quoteright
 /parenleft /parenright /asterisk /plus
 /comma /hyphen /period /slash
% 0x30
 /zero /one /two /three
 /four /five /six /seven
 /eight /nine /colon /semicolon
 /less /equal /greater /question
% 0x40
 /at /A /B /C
 /D /E /F /G
 /H /I /J /K
 /L /M /N /O
% 0x50
 /P /Q /R /S
 /T /U /V /W
 /X /Y /Z /bracketleft
 /backslash /bracketright /asciicircum /underscore
% 0x60
 /quoteleft /a /b /c
 /d /e /f /g
 /h /i /j /k
 /l /m /n /o
% 0x70
 /p /q /r /s
 /t /u /v /w
 /x /y /z /braceleft
 /bar /braceright /asciitilde /.notdef
% 0x80
 /Euro /integral /quotesinglbase /florin
 /quotedblbase /ellipsis /dagger /daggerdbl
 /circumflex /perthousand /Scaron /guilsinglleft
 /OE /Omega /radical /approxequal
% 0x90
 /.notdef /.notdef /.notdef /quotedblleft
 /quotedblright /bullet /endash /emdash
 /tilde /trademark /scaron /guilsinglright
 /oe /Delta /lozenge /Ydieresis
% 0xA0
 /.notdef /exclamdown /cent /sterling
 /currency /yen /brokenbar /section
 /dieresis /copyright /ordfeminine /guillemotleft
 /logicalnot /hyphen /registered /macron
% 0xD0
 /degree /plusminus /twosuperior /threesuperior
 /acute /mu /paragraph /periodcentered
 /cedilla /onesuperior /ordmasculine /guillemotright
 /onequarter /onehalf /threequarters /questiondown
% 0xC0
 /Agrave /Aacute /Acircumflex /Atilde
 /Adieresis /Aring /AE /Ccedilla
 /Egrave /Eacute /Ecircumflex /Edieresis
 /Igrave /Iacute /Icircumflex /Idieresis
% 0xD0
 /Eth /Ntilde /Ograve /Oacute
 /Ocircumflex /Otilde /Odieresis /multiply
 /Oslash /Ugrave /Uacute /Ucircumflex
 /Udieresis /Yacute /Thorn /germandbls
% 0xE0
 /agrave /aacute /acircumflex /atilde
 /adieresis /aring /ae /ccedilla
 /egrave /eacute /ecircumflex /edieresis
 /igrave /iacute /icircumflex /idieresis
% 0xF0
 /eth /ntilde /ograve /oacute
 /ocircumflex /otilde /odieresis /divide
 /oslash /ugrave /uacute /ucircumflex
 /udieresis /yacute /thorn /ydieresis
] def


%%EndProcSet
%%BeginProcSet: texps.pro 0 0
TeXDict begin/rf{findfont dup length 1 add dict begin{1 index/FID ne 2
index/UniqueID ne and{def}{pop pop}ifelse}forall[1 index 0 6 -1 roll
exec 0 exch 5 -1 roll VResolution Resolution div mul neg 0 0]FontType 0
ne{/Metrics exch def dict begin Encoding{exch dup type/integertype ne{
pop pop 1 sub dup 0 le{pop}{[}ifelse}{FontMatrix 0 get div Metrics 0 get
div def}ifelse}forall Metrics/Metrics currentdict end def}{{1 index type
/nametype eq{exit}if exch pop}loop}ifelse[2 index currentdict end
definefont 3 -1 roll makefont/setfont cvx]cvx def}def/ObliqueSlant{dup
sin S cos div neg}B/SlantFont{4 index mul add}def/ExtendFont{3 -1 roll
mul exch}def/ReEncodeFont{CharStrings rcheck{/Encoding false def dup[
exch{dup CharStrings exch known not{pop/.notdef/Encoding true def}if}
forall Encoding{]exch pop}{cleartomark}ifelse}if/Encoding exch def}def
end

%%EndProcSet
%%BeginProcSet: special.pro 0 0
TeXDict begin/SDict 200 dict N SDict begin/@SpecialDefaults{/hs 612 N
/vs 792 N/ho 0 N/vo 0 N/hsc 1 N/vsc 1 N/ang 0 N/CLIP 0 N/rwiSeen false N
/rhiSeen false N/letter{}N/note{}N/a4{}N/legal{}N}B/@scaleunit 100 N
/@hscale{@scaleunit div/hsc X}B/@vscale{@scaleunit div/vsc X}B/@hsize{
/hs X/CLIP 1 N}B/@vsize{/vs X/CLIP 1 N}B/@clip{/CLIP 2 N}B/@hoffset{/ho
X}B/@voffset{/vo X}B/@angle{/ang X}B/@rwi{10 div/rwi X/rwiSeen true N}B
/@rhi{10 div/rhi X/rhiSeen true N}B/@llx{/llx X}B/@lly{/lly X}B/@urx{
/urx X}B/@ury{/ury X}B/magscale true def end/@MacSetUp{userdict/md known
{userdict/md get type/dicttype eq{userdict begin md length 10 add md
maxlength ge{/md md dup length 20 add dict copy def}if end md begin
/letter{}N/note{}N/legal{}N/od{txpose 1 0 mtx defaultmatrix dtransform S
atan/pa X newpath clippath mark{transform{itransform moveto}}{transform{
itransform lineto}}{6 -2 roll transform 6 -2 roll transform 6 -2 roll
transform{itransform 6 2 roll itransform 6 2 roll itransform 6 2 roll
curveto}}{{closepath}}pathforall newpath counttomark array astore/gc xdf
pop ct 39 0 put 10 fz 0 fs 2 F/|______Courier fnt invertflag{PaintBlack}
if}N/txpose{pxs pys scale ppr aload pop por{noflips{pop S neg S TR pop 1
-1 scale}if xflip yflip and{pop S neg S TR 180 rotate 1 -1 scale ppr 3
get ppr 1 get neg sub neg ppr 2 get ppr 0 get neg sub neg TR}if xflip
yflip not and{pop S neg S TR pop 180 rotate ppr 3 get ppr 1 get neg sub
neg 0 TR}if yflip xflip not and{ppr 1 get neg ppr 0 get neg TR}if}{
noflips{TR pop pop 270 rotate 1 -1 scale}if xflip yflip and{TR pop pop
90 rotate 1 -1 scale ppr 3 get ppr 1 get neg sub neg ppr 2 get ppr 0 get
neg sub neg TR}if xflip yflip not and{TR pop pop 90 rotate ppr 3 get ppr
1 get neg sub neg 0 TR}if yflip xflip not and{TR pop pop 270 rotate ppr
2 get ppr 0 get neg sub neg 0 S TR}if}ifelse scaleby96{ppr aload pop 4
-1 roll add 2 div 3 1 roll add 2 div 2 copy TR .96 dup scale neg S neg S
TR}if}N/cp{pop pop showpage pm restore}N end}if}if}N/normalscale{
Resolution 72 div VResolution 72 div neg scale magscale{DVImag dup scale
}if 0 setgray}N/psfts{S 65781.76 div N}N/startTexFig{/psf$SavedState
save N userdict maxlength dict begin/magscale true def normalscale
currentpoint TR/psf$ury psfts/psf$urx psfts/psf$lly psfts/psf$llx psfts
/psf$y psfts/psf$x psfts currentpoint/psf$cy X/psf$cx X/psf$sx psf$x
psf$urx psf$llx sub div N/psf$sy psf$y psf$ury psf$lly sub div N psf$sx
psf$sy scale psf$cx psf$sx div psf$llx sub psf$cy psf$sy div psf$ury sub
TR/showpage{}N/erasepage{}N/setpagedevice{pop}N/copypage{}N/p 3 def
@MacSetUp}N/doclip{psf$llx psf$lly psf$urx psf$ury currentpoint 6 2 roll
newpath 4 copy 4 2 roll moveto 6 -1 roll S lineto S lineto S lineto
closepath clip newpath moveto}N/endTexFig{end psf$SavedState restore}N
/@beginspecial{SDict begin/SpecialSave save N gsave normalscale
currentpoint TR @SpecialDefaults count/ocount X/dcount countdictstack N}
N/@setspecial{CLIP 1 eq{newpath 0 0 moveto hs 0 rlineto 0 vs rlineto hs
neg 0 rlineto closepath clip}if ho vo TR hsc vsc scale ang rotate
rwiSeen{rwi urx llx sub div rhiSeen{rhi ury lly sub div}{dup}ifelse
scale llx neg lly neg TR}{rhiSeen{rhi ury lly sub div dup scale llx neg
lly neg TR}if}ifelse CLIP 2 eq{newpath llx lly moveto urx lly lineto urx
ury lineto llx ury lineto closepath clip}if/showpage{}N/erasepage{}N
/setpagedevice{pop}N/copypage{}N newpath}N/@endspecial{count ocount sub{
pop}repeat countdictstack dcount sub{end}repeat grestore SpecialSave
restore end}N/@defspecial{SDict begin}N/@fedspecial{end}B/li{lineto}B
/rl{rlineto}B/rc{rcurveto}B/np{/SaveX currentpoint/SaveY X N 1
setlinecap newpath}N/st{stroke SaveX SaveY moveto}N/fil{fill SaveX SaveY
moveto}N/ellipse{/endangle X/startangle X/yrad X/xrad X/savematrix
matrix currentmatrix N TR xrad yrad scale 0 0 1 startangle endangle arc
savematrix setmatrix}N end

%%EndProcSet
%%BeginProcSet: color.pro 0 0
TeXDict begin/setcmykcolor where{pop}{/setcmykcolor{dup 10 eq{pop
setrgbcolor}{1 sub 4 1 roll 3{3 index add neg dup 0 lt{pop 0}if 3 1 roll
}repeat setrgbcolor pop}ifelse}B}ifelse/TeXcolorcmyk{setcmykcolor}def
/TeXcolorrgb{setrgbcolor}def/TeXcolorgrey{setgray}def/TeXcolorgray{
setgray}def/TeXcolorhsb{sethsbcolor}def/currentcmykcolor where{pop}{
/currentcmykcolor{currentrgbcolor 10}B}ifelse/DC{exch dup userdict exch
known{pop pop}{X}ifelse}B/GreenYellow{0.15 0 0.69 0 setcmykcolor}DC
/Yellow{0 0 1 0 setcmykcolor}DC/Goldenrod{0 0.10 0.84 0 setcmykcolor}DC
/Dandelion{0 0.29 0.84 0 setcmykcolor}DC/Apricot{0 0.32 0.52 0
setcmykcolor}DC/Peach{0 0.50 0.70 0 setcmykcolor}DC/Melon{0 0.46 0.50 0
setcmykcolor}DC/YellowOrange{0 0.42 1 0 setcmykcolor}DC/Orange{0 0.61
0.87 0 setcmykcolor}DC/BurntOrange{0 0.51 1 0 setcmykcolor}DC
/Bittersweet{0 0.75 1 0.24 setcmykcolor}DC/RedOrange{0 0.77 0.87 0
setcmykcolor}DC/Mahogany{0 0.85 0.87 0.35 setcmykcolor}DC/Maroon{0 0.87
0.68 0.32 setcmykcolor}DC/BrickRed{0 0.89 0.94 0.28 setcmykcolor}DC/Red{
0 1 1 0 setcmykcolor}DC/OrangeRed{0 1 0.50 0 setcmykcolor}DC/RubineRed{
0 1 0.13 0 setcmykcolor}DC/WildStrawberry{0 0.96 0.39 0 setcmykcolor}DC
/Salmon{0 0.53 0.38 0 setcmykcolor}DC/CarnationPink{0 0.63 0 0
setcmykcolor}DC/Magenta{0 1 0 0 setcmykcolor}DC/VioletRed{0 0.81 0 0
setcmykcolor}DC/Rhodamine{0 0.82 0 0 setcmykcolor}DC/Mulberry{0.34 0.90
0 0.02 setcmykcolor}DC/RedViolet{0.07 0.90 0 0.34 setcmykcolor}DC
/Fuchsia{0.47 0.91 0 0.08 setcmykcolor}DC/Lavender{0 0.48 0 0
setcmykcolor}DC/Thistle{0.12 0.59 0 0 setcmykcolor}DC/Orchid{0.32 0.64 0
0 setcmykcolor}DC/DarkOrchid{0.40 0.80 0.20 0 setcmykcolor}DC/Purple{
0.45 0.86 0 0 setcmykcolor}DC/Plum{0.50 1 0 0 setcmykcolor}DC/Violet{
0.79 0.88 0 0 setcmykcolor}DC/RoyalPurple{0.75 0.90 0 0 setcmykcolor}DC
/BlueViolet{0.86 0.91 0 0.04 setcmykcolor}DC/Periwinkle{0.57 0.55 0 0
setcmykcolor}DC/CadetBlue{0.62 0.57 0.23 0 setcmykcolor}DC
/CornflowerBlue{0.65 0.13 0 0 setcmykcolor}DC/MidnightBlue{0.98 0.13 0
0.43 setcmykcolor}DC/NavyBlue{0.94 0.54 0 0 setcmykcolor}DC/RoyalBlue{1
0.50 0 0 setcmykcolor}DC/Blue{1 1 0 0 setcmykcolor}DC/Cerulean{0.94 0.11
0 0 setcmykcolor}DC/Cyan{1 0 0 0 setcmykcolor}DC/ProcessBlue{0.96 0 0 0
setcmykcolor}DC/SkyBlue{0.62 0 0.12 0 setcmykcolor}DC/Turquoise{0.85 0
0.20 0 setcmykcolor}DC/TealBlue{0.86 0 0.34 0.02 setcmykcolor}DC
/Aquamarine{0.82 0 0.30 0 setcmykcolor}DC/BlueGreen{0.85 0 0.33 0
setcmykcolor}DC/Emerald{1 0 0.50 0 setcmykcolor}DC/JungleGreen{0.99 0
0.52 0 setcmykcolor}DC/SeaGreen{0.69 0 0.50 0 setcmykcolor}DC/Green{1 0
1 0 setcmykcolor}DC/ForestGreen{0.91 0 0.88 0.12 setcmykcolor}DC
/PineGreen{0.92 0 0.59 0.25 setcmykcolor}DC/LimeGreen{0.50 0 1 0
setcmykcolor}DC/YellowGreen{0.44 0 0.74 0 setcmykcolor}DC/SpringGreen{
0.26 0 0.76 0 setcmykcolor}DC/OliveGreen{0.64 0 0.95 0.40 setcmykcolor}
DC/RawSienna{0 0.72 1 0.45 setcmykcolor}DC/Sepia{0 0.83 1 0.70
setcmykcolor}DC/Brown{0 0.81 1 0.60 setcmykcolor}DC/Tan{0.14 0.42 0.56 0
setcmykcolor}DC/Gray{0 0 0 0.50 setcmykcolor}DC/Black{0 0 0 1
setcmykcolor}DC/White{0 0 0 0 setcmykcolor}DC end

%%EndProcSet
TeXDict begin @defspecial

 /DvipsToPDF { 72.27 mul Resolution div } def /PDFToDvips { 72.27 div
Resolution mul } def /HyperBorder { 1 PDFToDvips } def /H.V {pdf@hoff
pdf@voff null} def /H.B {/Rect[pdf@llx pdf@lly pdf@urx pdf@ury]} def
/H.S { currentpoint HyperBorder add /pdf@lly exch def dup DvipsToPDF
/pdf@hoff exch def HyperBorder sub /pdf@llx exch def } def /H.L { 2
sub dup /HyperBasePt exch def PDFToDvips /HyperBaseDvips exch def currentpoint
HyperBaseDvips sub /pdf@ury exch def /pdf@urx exch def } def /H.A {
H.L currentpoint exch pop vsize 72 sub exch DvipsToPDF HyperBasePt
sub sub /pdf@voff exch def } def /H.R { currentpoint HyperBorder sub
/pdf@ury exch def HyperBorder add /pdf@urx exch def currentpoint exch
pop vsize 72 sub exch DvipsToPDF sub /pdf@voff exch def } def systemdict
/pdfmark known not {userdict /pdfmark systemdict /cleartomark get put}
if
 
@fedspecial end
%%BeginFont: CMR7
%!PS-AdobeFont-1.1: CMR7 1.0
%%CreationDate: 1991 Aug 20 16:39:21
% Copyright (C) 1997 American Mathematical Society. All Rights Reserved.
11 dict begin
/FontInfo 7 dict dup begin
/version (1.0) readonly def
/Notice (Copyright (C) 1997 American Mathematical Society. All Rights Reserved) readonly def
/FullName (CMR7) readonly def
/FamilyName (Computer Modern) readonly def
/Weight (Medium) readonly def
/ItalicAngle 0 def
/isFixedPitch false def
end readonly def
/FontName /CMR7 def
/PaintType 0 def
/FontType 1 def
/FontMatrix [0.001 0 0 0.001 0 0] readonly def
/Encoding 256 array
0 1 255 {1 index exch /.notdef put} for
dup 49 /one put
dup 51 /three put
dup 54 /six put
dup 55 /seven put
dup 56 /eight put
readonly def
/FontBBox{-27 -250 1122 750}readonly def
currentdict end
currentfile eexec
D9D66F633B846A97B686A97E45A3D0AA052A014267B7904EB3C0D3BD0B83D891
016CA6CA4B712ADEB258FAAB9A130EE605E61F77FC1B738ABC7C51CD46EF8171
9098D5FEE67660E69A7AB91B58F29A4D79E57022F783EB0FBBB6D4F4EC35014F
D2DECBA99459A4C59DF0C6EBA150284454E707DC2100C15B76B4C19B84363758
469A6C558785B226332152109871A9883487DD7710949204DDCF837E6A8708B8
2BDBF16FBC7512FAA308A093FE5CF5B8CABB9FFC6CC3F1E9AE32F234EB60FE7D
E34995B1ACFF52428EA20C8ED4FD73E3935CEBD40E0EAD70C0887A451E1B1AC8
47AEDE4191CCDB8B61345FD070FD30C4F375D8418DDD454729A251B3F61DAE7C
8882384282FDD6102AE8EEFEDE6447576AFA181F27A48216A9CAD730561469E4
78B286F22328F2AE84EF183DE4119C402771A249AAC1FA5435690A28D1B47486
1060C8000D3FE1BF45133CF847A24B4F8464A63CEA01EC84AA22FD005E74847E
01426B6890951A7DD1F50A5F3285E1F958F11FC7F00EE26FEE7C63998EA1328B
C9841C57C80946D2C2FC81346249A664ECFB08A2CE075036CEA7359FCA1E90C0
F686C3BB27EEFA45D548F7BD074CE60E626A4F83C69FE93A5324133A78362F30
8E8DCC80DD0C49E137CDC9AC08BAE39282E26A7A4D8C159B95F227BDA2A281AF
A9DAEBF31F504380B20812A211CF9FEB112EC29A3FB3BD3E81809FC6293487A7
455EB3B879D2B4BD46942BB1243896264722CB59146C3F65BD59B96A74B12BB2
9A1354AF174932210C6E19FE584B1B14C00E746089CBB17E68845D7B3EA05105
EEE461E3697FCF835CBE6D46C75523478E766832751CF6D96EC338BDAD57D53B
52F5340FAC9FE0456AD13101824234B262AC0CABA43B62EBDA39795BAE6CFE97
563A50AAE1F195888739F2676086A9811E5C9A4A7E0BF34F3E25568930ADF80F
0BDDAC3B634AD4BA6A59720EA4749236CF0F79ABA4716C340F98517F6F06D9AB
7ED8F46FC1868B5F3D3678DF71AA772CF1F7DD222C6BF19D8EF0CFB7A76FC6D1
0AD323C176134907AB375F20CFCD667AB094E2C7CB2179C4283329C9E435E7A4
1E042AD0BAA059B3F862236180B34D3FCED833472577BACD472A49A93DBF6953
27E62C03870E8063F974AF7FAC75B50210C4D54D66B5B8C0D4614FD5611455BA
3BEA2239FC8C365D607663D509D4373E9FAC1B4DF85C9C371BCA5345FE710867
95C699C4CEF898A8195D49DDE3B8AF4AF8B6DA77AA76B49032FACCE93C3A5680
7C0901FB01381F5C4ACD0C0102D9A125D8D710C845C25A4FE6A4CC05391303F9
50CC6DAE2919D5F4DF5F604158571793648D29FA1350E1555665DDF9621E205A
A317806FA94D9576D457D00B20BA3B92107637FC4EF48A680BDBAE8E7F2D0691
5DD62C7D4555B140D669F57CB744AC032B55752835F549950CEF46149F754AE7
5837F8F719F68D0486827C417C6F6DDF3B4CC9E4034542FC4A1146DF23FD16AB
9C0BBFD037D38534AF9B51B855E35E5FF15B4742E203113116455AA4DD13CD31
4092AB6FE332A9AB88631AA9A4B816813514BB27D4D2613E52238E3C4BBC7E90
33F1E6DB7E264C2B8523E06A18C4657C76A8FBBC71BFFA6D18633EAE3FCC69C3
4DEEB5C36A5AD2CE2D5AFA1538776951ED771ED8D584DC82F4EFD6F099C3A860
B07A136BA9C18EAC6C7C0B6EFDC9792106B339E90B606EF3BB522577EAE9314B
AB914F0D26E2D50D54C37C44DE5B57441131410E73BE164571C6A45770CDD7DF
AEC18E816E3D708D587B07AB4E35274583B316FA8A7930E01446A81C663B52F7
8857E8762166945E97F1D84EF1F2400E72FF92E253415A161C8F726FDE81A573
C82B4FBA6185780F885B00862A54EC649D448A7116E12D26FD00146B08CBEB99
08FDF443ABC6461191E32F978D350E50D309A2A79772218F71D53586879078BB
EF97D34138B8348CBA41AB566D3962FED8BAF41DA07124772F4CE544E04340A5
091947CDD5F21C11C31E579EE560100ED849CAABADB431D5BF652D7749952F21
713BAE6BBE10EC5058F478E6B4C20BBC73487ABB41D9B103FF241FA90953C5D6
BC5D1E0586ACBE1400A8C5EC35485C900B857E93A12FB4E0A07129158A4487CA
4A61A65385B5DA376998F9218A2511B03E9D42D90EC9ECEE193D476C156E944C
A964E010851740397F9ED475C13D587E6958A525B4F7F189C4BE498A562C6685
903D14E90820B9C3C5195878D162420349338B80D6AB62C6CEE2A8B93674FF1C
6EE6C523419102CB1349CC7E8644468AC18126C734BA338D976EEE9C757D7133
4585DDEB1562CC822ACCF96167062BDD3985EA87A8A7DEEE96816B9228F2864D
E07975994694F7A2684695429499C1679244AEB7C99FC236ED786C19DF97DFB0
1C52D49E9223C19F0AC8D5915F8ED6135F04CE73ADAF8C5974F020959CDF4CF1
82BF6B9C032795D8EFB3A68AB72404F8903A72F60586F097123C377BB869D57F
F89D37472B25671E5EF7B1752429
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
cleartomark
%%EndFont 
%%BeginFont: CMR10
%!PS-AdobeFont-1.1: CMR10 1.00B
%%CreationDate: 1992 Feb 19 19:54:52
% Copyright (C) 1997 American Mathematical Society. All Rights Reserved.
11 dict begin
/FontInfo 7 dict dup begin
/version (1.00B) readonly def
/Notice (Copyright (C) 1997 American Mathematical Society. All Rights Reserved) readonly def
/FullName (CMR10) readonly def
/FamilyName (Computer Modern) readonly def
/Weight (Medium) readonly def
/ItalicAngle 0 def
/isFixedPitch false def
end readonly def
/FontName /CMR10 def
/PaintType 0 def
/FontType 1 def
/FontMatrix [0.001 0 0 0.001 0 0] readonly def
/Encoding 256 array
0 1 255 {1 index exch /.notdef put} for
dup 0 /Gamma put
dup 38 /ampersand put
dup 40 /parenleft put
dup 41 /parenright put
dup 48 /zero put
dup 49 /one put
dup 50 /two put
dup 51 /three put
dup 52 /four put
dup 53 /five put
dup 54 /six put
dup 55 /seven put
dup 56 /eight put
dup 57 /nine put
dup 58 /colon put
dup 61 /equal put
dup 100 /d put
dup 109 /m put
dup 111 /o put
readonly def
/FontBBox{-251 -250 1009 969}readonly def
currentdict end
currentfile eexec
D9D66F633B846A97B686A97E45A3D0AA052A014267B7904EB3C0D3BD0B83D891
016CA6CA4B712ADEB258FAAB9A130EE605E61F77FC1B738ABC7C51CD46EF8171
9098D5FEE67660E69A7AB91B58F29A4D79E57022F783EB0FBBB6D4F4EC35014F
D2DECBA99459A4C59DF0C6EBA150284454E707DC2100C15B76B4C19B84363758
469A6C558785B226332152109871A9883487DD7710949204DDCF837E6A8708B8
2BDBF16FBC7512FAA308A093FE5CF7158F1163BC1F3352E22A1452E73FECA8A4
87100FB1FFC4C8AF409B2067537220E605DA0852CA49839E1386AF9D7A1A455F
D1F017CE45884D76EF2CB9BC5821FD25365DDEA6E45F332B5F68A44AD8A530F0
92A36FAC8D27F9087AFEEA2096F839A2BC4B937F24E080EF7C0F9374A18D565C
295A05210DB96A23175AC59A9BD0147A310EF49C551A417E0A22703F94FF7B75
409A5D417DA6730A69E310FA6A4229FC7E4F620B0FC4C63C50E99E179EB51E4C
4BC45217722F1E8E40F1E1428E792EAFE05C5A50D38C52114DFCD24D54027CBF
2512DD116F0463DE4052A7AD53B641A27E81E481947884CE35661B49153FA19E
0A2A860C7B61558671303DE6AE06A80E4E450E17067676E6BBB42A9A24ACBC3E
B0CA7B7A3BFEA84FED39CCFB6D545BB2BCC49E5E16976407AB9D94556CD4F008
24EF579B6800B6DC3AAF840B3FC6822872368E3B4274DD06CA36AF8F6346C11B
43C772CC242F3B212C4BD7018D71A1A74C9A94ED0093A5FB6557F4E0751047AF
D72098ECA301B8AE68110F983796E581F106144951DF5B750432A230FDA3B575
5A38B5E7972AABC12306A01A99FCF8189D71B8DBF49550BAEA9CF1B97CBFC7CC
96498ECC938B1A1710B670657DE923A659DB8757147B140A48067328E7E3F9C3
7D1888B284904301450CE0BC15EEEA00E48CCD6388F3FC3BE5C79A3B8E6D18D7
18CB10253918FB0526410DCD39DC7BF230AAEDB151ACE05AFBFCA3F67F0E4016
2552A51A9C21114523A32079552DCCF39AFEB2860CB7E995D3321EFBB28EF0C7
CD4A976987E1629418A4203F5BB3CC348AC52F4F0862D035E6AC4135C93FDF9A
A2BE70170825BD67D086B2280D22A2C57C040E6A6F6F4C77FEF78091F8E33467
8484A169F8ACD321FC39388733CA1C0B86C4291E60DC73CF1A9075D0F61488AD
74097708FFE51924523600288E374EDCA9ECF658E4B8978DE1907C5B7D40753F
1CB2682E0EF94B6F2C482E965CA923BB65C781AF4A676665462D1FB49CD669AB
A5FD223B416C7989663041F9EFC88D77D02D39EC1157D538C0B41C1685D7C0CF
2B8E9FC3FF3B65E9B480E59D1FDE2AC1E48300B064D30B108DB8458996DE4800
556902C4AD9263473BC3B926DD8420D84FF4FD6D3263FB9E97AEFFFC455301C3
F3A087F4CA424BD07AED277754FC1DBF9E7C5EF405AEEF627834EC97D83D0C20
F1C5F9FB899A326BEAF8EDE7CBFCD53B1C5EB2A498839FB2C86B7EE679DF73F7
FC0EBCBC0DB5368EA374F2D623721D38E3F6F3024C8749A2EEAAFD778855B9AC
3A5C75E6457CBFADCB1D755278485AA815D762A8A823B8E2851965E554304671
8A40EABA66F54C7D0A74C41FE14A36E5F0DA2DCE15C1B1977E90BF18392B4EDA
D7AADF162B023352069DDAEEF15DBDFDBDFB2863570C4D92CE8409960D74CA40
DD30F252043E4DA74037035D2268C5E03D47E85014CED6924340D679C5665677
16626CA7603786D08E169DC5CA7FDD0038746D3E9F1CCFFB3E228B30DF26FC38
1D8D871D0D96566F0E4910D171240573B4F25EA15E67C07A4AD81B3CC862A675
AD5B4524B91FF0437ABABA9A0D0316F88245A78056FBBFAA7885B63D84FFAD93
64EA2EADD5C0B0940737ACEB423C0458269D67C83EA6B9F5351815E66185FEEF
6C72FEB647BD0B993D5A426CCAA11CD55B67739B2771CCA9773E81099DA63D30
2CBCBD80B08416BA3FBA00C420F4413C0DFAAD91E9C3A38989BCA560579F6436
C9B7C89D68F07098D487E8BE15238755E66B2DD98D3966A6D4EB98A7FA755971
8F31EBFD5EBC64404FB0DFC8720511E9754F3D3E68B5D7652489FAE2DBDDE5B2
57EC47B8086E763C186AF4D368749FF7C02F4CC05F0BC5C7A59B86DDE788CF45
44D70446CFD36D3F6C4305AD70FDA6FE120177A151DB177AA72D3AB83EAA300F
8D59880F81D2CAEF08DFC50E8B274374171016781369DD7B9143E47242CC6469
185AA05C520340A14A3D09D0C336BBFF1DA9B0CD40663D572977574386CABBB0
6F2C129479C191CA48ACDD5375C9EB677C8DAB0C9500A62CA47DC893A7F369A0
9BBF962A5BDE1A9C8E29FE0F1F1F82E9F03D958123D6C57E4A0C3D7AA1B40394
E09D48D5B7358AE4D9496866815EE7ECA81A13404608F9F13CADC4310B26F841
5B8E22D2742D3A2054F5D30980AF6EF2C2585383067DE6ED9FB732BE9EEBBB57
78935DA555A5BAB55197EAA14E926753D3F28E72D8AA56814F7B70FD9AF0D443
F4A2001CA3D9B18CE8C9850A327E8E98A04AAE0EAB88580B8919C60BB653E426
CFB0A4A59A347968B1087B479C0082894E3D3F1220A4A05A8446173FD655CCA3
FE8365F38B7C4A4EE94B35DD262C8F85D1D7CE4781284526A5E9C4C6B616E4C2
A67C3657735C74882BD6FF986DAFCE3847F7917824F3D01A154EB3E30FDDC8ED
3C471BA3BC5C5F52494C44BF909B5EA5A5EA682C4D4AE9CFBDB6CBC99F881169
D283CF0CC88CBB3381630B7A829B406CCA19B160D0B0C90A963B85EEE02513F8
AC0FC9BC00FD11E2727AD0CC9B1B1CF4BDFF2C96C54CDE375EB5DC4B2514ADCC
455109479B27260C11818D151842E3A27C6ED765D01E495286ECE408725EF077
CF869C559FEE39CD9ACA5D7F327D6D62F6CF8EF9B1A0E9022AE076AFE5A0D4E5
943DC30F3DAB8C571EEC31DC9A60FDCA5461D77CD09598D6267258A6ED2F0069
201E2AC151924B77FA7C8F60B0C206EEB5B4486ED63A7D36D034B416D8BDD986
D8AB5E2D1BFC0039DE822FD9BA49D8C7A95BB6E8611A6B6EED91E1530E08D6EB
0CA14527702B143F11C3642657A2BBB02D267160FD3EF8837530087BAC883AF8
23651935052F02BAB5B5DA1A3E4526FFC80B3397DAFB04240E5436EABA0C16E4
73B071DAD5BBCDCD137D27F5849D9B1CEEE2AD78869DE9401AC2678844FF9B3A
4F055016D4604F32EAA365C9594B2EA74965E0F777421F96D87A41226D6025F3
E366BDE06532A72EC3D077B9B7A7F9A2565AA0BE1D42A72519F2C490712D4004
D5902A91D28974F56EF289A0A0EAF0FB0A690AE36F72BF9CE6C7B62382FB34CC
D70E3098A7BA126CFCBDAF53FCE515E4633441E6C6090323F82AF21C0BFBFF19
8E0CF3A75EDD243131EC27D173EA897C06B88F798AD5CE7A03E131028990A6C4
3AD347B99966E47AA073B70DA1B52A93FDB6206FCEBA6C49A22CECFD29F82295
91EB454F318CDB5DCE9FB34E6C268F3BF64215AF15F3FE9F05D2B9C660A86F15
4A7B22D52CF156363CFD687DC21D53349A7B45F31BA406685F542F0C627671F5
5E5492081C246B67C6B9C34349ED72901E9A6EC76C831F5463EDFA8734B4BB16
5C240F2463062D2012D15DE8409ABDFA57FAFFF1F70A6927373D32CD208F89BF
CEA2EE43EDB2C71EC3097CDC7EF01B1D426AA11F0A35DEA3995F8F1D9B5E4CC1
6D9D80D9C75DE399E3C472ADAF16E286FE2B76EDB7DA689C7219B864697854ED
B32BFA84C920DDC2B95EEC16F5476907A6F4FCF230B75E83945C2485824FA939
773E433A1D6F11D2BB8A5D392198935C3D9DCC3A16AAA7AFED8F65312C8F9830
8D2D3C983A16F7E244D4319CD6E45BEB9D98A19810FE80C6089EF1F86A4715EF
C011D5C9197F36E004ECA2AECA3D5007ABF40BC989D0B0077D74D6321FD6408D
9258ADD49096891916E999C3D2E56E58C3EEAB3FBE8D9190F2BA097FB162936B
1B026CAB2DE35F6DE4E59D3D29EE476A228EC5C18922A60AD46D82B4BC745E0C
DFC6297A6A007679205FD93B22F30EF43DAC9BEFD961E249092CCE7D93160165
8C2F3CFBD7DA6766439CEBE45606F7FAC0152DADC20FDD8C1770D8B13F2F79F3
1D99DD27E27A2A95A7BDC8A906107D266B4C6DEA393002F0F2167DD105914599
EDC35F0F0D97B58ED948C9A8094E8DE4717466C0944E3FAB4C0E2CB20D43D15B
D7B39585C8892EE1CF27230255AB52E0231B129EC335328697B4D4C8AB9F7A0B
0A9B13232A62113F74CCA2DA29720C2783227BBFC26D6BE2D49BC2725DAFF06B
31CCB808F854F245127834E1CB3A3100B1A4DA3185470B567DAE0BC884ED1997
E31918E96B278191615EA9FB8EC3D9FA65393BC9DC10637E3C6215A3752DB048
82D818C1A80F0BEB1D46147B21021C09D865B47CC111E7685308E49250821FD5
C8896AF8367C749EF6F510738AE8FE508ADA82403F50A1F2B498C852040EA571
CB05FBC3F4A957E49CB314A946F325D0398CB3B8AB3EC6E8EE85C6DA568CF973
053E90C61791DE26F5B784134B0851A17C12B315371A7A63B8803DC3B7B2E1E0
C694E2B7561D4783F168335F3EF1A29A4C544C3B61011EABE0BA37DCE02788C9
3F8B9230B5B1D5BD0BD1D55C71EAC62B4990DC6F382365A62465510385FDEE26
76B0157990697833C75C35217FD259A4DFAF54F5108DA512CFD980E24F2DCE2B
2F95B55C69E23579302A0382E7823DC65803207A1B1F9761E681993D20FC04D9
2243A4D41EB3B82F8D54AEE5DAB8DC232EBA2B78B82C81BEBFD149B5A3D01150
80B02017F1C454E200492E7858D826F7D54218995ECF3B74B55D0F25547BBBF3
3AB13A1E7C961A18E00F1C015E6A9B12F10521FF88142E5EDA57D0D125DA17DA
9D85F0822323D48DB5D92CA62FBF4AB89D486A583E037632246F151AA1472C3D
EBC2E30C9276B04827056E1A94DFE744772E3D9525D9A00383A6830D47A079DD
DD1ADC6A5F0040305FFAD484DC9C1AFC27BDEAD94A6574A070AD7C6FB9245709
4B012692938EF249D7C66CFA55AEFFBBFD05269DF67CD13B9B0B3E2DEA2D81A8
D9C0111AC5C6ABE4BCD97475C32D37070ECE3F7E607A2C47B7EBD8723123D81A
92CBDADFEBA8876897B29EFD47308F0ABE5F78E446855FC7737E32D9A325843F
443F58B36DF46D96794ADE969D1EE3210D14F1BB53DA72020149D034771F808B
4F0518D2D5958419417F09317015070DFA1A86F83F5E6A91E98B0563CF6A7C46
07056FF944BCC8B1F35803CFD4A195EAB6E3676963817F77A534BBDC30F1320D
6AF898F22ECA3B07C5FECF5073CBFDBACAAF774326600E363BEE3C7B633E4F95
BDD17BF013A24C374E84B29656A9C89E80FC7A588979A53870FDD396B0B46D70
61C9B168F7685AED8DA6FC717D2555E077CF5F10972DF03B360CF3FC00904765
5528D25A6917CA1C99FDDD3BF700A7AFD3C38757C17214E1CDEF4F7DDE9204A9
6C2E0894B67E922F385E0BC4AEC14ECE0C7D2196678405332CF0FAD5C9349C59
E841B28E73FC74D4F7950CB81C0F6EE8E61BC3BC954D1A443A99FC72F5690808
BC6205ECE206FC189E517421297EE1BBD4B445BA04D46DE792D9650736E83FF7
C951E372A3EFF1BDDF9E62A42A16391D38A6409178C20D360BE62611AADCB2FF
CF255877BA7B3F373987DF39D8314F27869B586E74395233C7D736DD1BE08D04
3749BC011EFB5E1F1E18E6882D4CC6067B6D48C722348BF8EA82669F1F1F160D
715924CDBA336F4E4E9409CADEA3B7B7FE641A25C6AE1369573D3E5DA7FCD00C
C6F4F876FB5CFD3833BD4BEDF8590CA27C496C7CE6C37C746DCB45A2A3949D6E
C7D98DAF9B8A2E45DE002CA3EE2B750042C068EC47655284775F94B95C3574DB
A6EF4389E5C1E4DF9834FFDD94E04DF0DFE9BDDCEAEBF832FBC4F43D0B92F671
BFD335F0FE8C75B05239ED788B63B9DF386D1DB41F56DC63F8ED3F7EF2A94595
A0E874242AF1C1CC2FA3B5CEB55CE7FAF6506EDA9EBB1E31DC54EFEE2E32204E
E851DE2A310F46B4F3547D8E683D58CD85451804EE6CC9A7F550177153275EEF
59ECAFCC8A843EAEE216D8BA90B9F94E933A6D3747DF7CC14E6891A54050E63F
A62AF3CBDDDAFBC094334D2F589A17869A292AD565C660D67E6C10E08045B164
253697EEB234D1B4AF71387721684069CCC96A4B600021F23C84C557F636F7C2
6BBA938E37AC24361CD96E782BCEE38546AD00FE253E9B3AAAEBCB871DF34FEA
FF1D86DBE38387858E225F1797D26D6766F135665DA2662FE1F6B43DA194C48A
116A80DD997E8288D16BFC27A83ADA0D9AA24D66E74AA0D44B0E1A459F1A4188
E213C88BE2A9CDB061E60EA74C5F9A5384DC13ECE527F7D742BE6CB801F4798F
A9EAF6574E5A5CEA488FA1B8B221B8921F2CABF367861CE4BFC731EA2097E1EC
2530CB48981963B59CCF72E3F8511A0EAF4B1F2D1181CDCE59E05477CBA89346
FBC1F9E4A520B690AF67AA91F229FE07E42EAAAFF16202164AD3B368009EA1C9
AB4FD91DBB8494638E1CCD407B92B2F2CB506AE8B1312EFE0C12A9B7405BE0BA
017FAF49AE2A7A1216539DAF521700B9041084F5193E55A9E587B334CCEF1346
DD511ECF4B52177AC678B21907D923F39F6211915E672B42275EEAA6C2E412EE
51A72025EAC55CFE732597CFAC39BA9F794CA9FC05A7EEEE6EDE77E211FFD2F8
E4EA7F260E166CEFD755F4BE028D6C2E9802122A6A9F6E434AF3FF3337
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
cleartomark
%%EndFont 
%%BeginFont: CMMI10
%!PS-AdobeFont-1.1: CMMI10 1.100
%%CreationDate: 1996 Jul 23 07:53:57
% Copyright (C) 1997 American Mathematical Society. All Rights Reserved.
11 dict begin
/FontInfo 7 dict dup begin
/version (1.100) readonly def
/Notice (Copyright (C) 1997 American Mathematical Society. All Rights Reserved) readonly def
/FullName (CMMI10) readonly def
/FamilyName (Computer Modern) readonly def
/Weight (Medium) readonly def
/ItalicAngle -14.04 def
/isFixedPitch false def
end readonly def
/FontName /CMMI10 def
/PaintType 0 def
/FontType 1 def
/FontMatrix [0.001 0 0 0.001 0 0] readonly def
/Encoding 256 array
0 1 255 {1 index exch /.notdef put} for
dup 27 /sigma put
dup 28 /tau put
dup 29 /upsilon put
dup 58 /period put
dup 60 /less put
dup 62 /greater put
dup 85 /U put
dup 98 /b put
dup 99 /c put
dup 101 /e put
dup 105 /i put
dup 110 /n put
dup 115 /s put
dup 116 /t put
dup 120 /x put
dup 121 /y put
readonly def
/FontBBox{-32 -250 1048 750}readonly def
currentdict end
currentfile eexec
D9D66F633B846A97B686A97E45A3D0AA0529731C99A784CCBE85B4993B2EEBDE
3B12D472B7CF54651EF21185116A69AB1096ED4BAD2F646635E019B6417CC77B
532F85D811C70D1429A19A5307EF63EB5C5E02C89FC6C20F6D9D89E7D91FE470
B72BEFDA23F5DF76BE05AF4CE93137A219ED8A04A9D7D6FDF37E6B7FCDE0D90B
986423E5960A5D9FBB4C956556E8DF90CBFAEC476FA36FD9A5C8175C9AF513FE
D919C2DDD26BDC0D99398B9F4D03D5993DFC0930297866E1CD0A319B6B1FD958
9E394A533A081C36D456A09920001A3D2199583EB9B84B4DEE08E3D12939E321
990CD249827D9648574955F61BAAA11263A91B6C3D47A5190165B0C25ABF6D3E
6EC187E4B05182126BB0D0323D943170B795255260F9FD25F2248D04F45DFBFB
DEF7FF8B19BFEF637B210018AE02572B389B3F76282BEB29CC301905D388C721
59616893E774413F48DE0B408BC66DCE3FE17CB9F84D205839D58014D6A88823
D9320AE93AF96D97A02C4D5A2BB2B8C7925C4578003959C46E3CE1A2F0EAC4BF
8B9B325E46435BDE60BC54D72BC8ACB5C0A34413AC87045DC7B84646A324B808
6FD8E34217213E131C3B1510415CE45420688ED9C1D27890EC68BD7C1235FAF9
1DAB3A369DD2FC3BE5CF9655C7B7EDA7361D7E05E5831B6B8E2EEC542A7B38EE
03BE4BAC6079D038ACB3C7C916279764547C2D51976BABA94BA9866D79F13909
95AA39B0F03103A07CBDF441B8C5669F729020AF284B7FF52A29C6255FCAACF1
74109050FBA2602E72593FBCBFC26E726EE4AEF97B7632BC4F5F353B5C67FED2
3EA752A4A57B8F7FEFF1D7341D895F0A3A0BE1D8E3391970457A967EFF84F6D8
47750B1145B8CC5BD96EE7AA99DDC9E06939E383BDA41175233D58AD263EBF19
AFC0E2F840512D321166547B306C592B8A01E1FA2564B9A26DAC14256414E4C8
42616728D918C74D13C349F4186EC7B9708B86467425A6FDB3A396562F7EE4D8
40B43621744CF8A23A6E532649B66C2A0002DD04F8F39618E4F572819DD34837
B5A08E643FDCA1505AF6A1FA3DDFD1FA758013CAED8ACDDBBB334D664DFF5B53
95601766758B4BB6C93DDBF4C7D28729C5FE8E8BB90DEC23258C756114508426
29FF385ADC86461F50345893AA48DB5A8AF51D3600EB48D845C0AF4E1F7EFFF7
BF635CD6BE851A47C1EF1CFDF3E7C1911E2FE31EBAAE02D18B6B2A31324AA73A
F18973723FC980F822BDEE2FC9BFAD7DC3F958CB24EEBB6994B124DC5756D0EB
9BD9A87F576FF79F004EB815AA5A6ECAE2C9B4F6506974963EC0C07EB711238D
41B4752E98FAD017618EDE1323C66B8960F3352A0F26FB081A4C4DB79D5A6D1E
E2EDFFD95515B89F106DC90A348C6052681057FB365F594A1B30452859A6E754
08604BAC495D35C4938B4F3E706E614F5A6BDF009ADD2C183A261A95DE2ECBB3
9BC9CA10FDDF6D915DCEE1A17944185C1392F3EAF5B529E0413770C1CF80E471
ACFD4FBE318D62747B6B32B701000790B240E7E9B31452B1A4A56CDC034E126F
3B2AC5B380929B02268AA02A6E821AC2EF35C00C45CC7DEBE9B0C13695A395E9
0F46550E7772778035913795C5B93E2BA07490017F072386B92D944B1B96AD9C
FB3D48712D8F092CE3F4AB937CA624C3BEA94651AD765950904886D3E50EF1A5
04194A08CD0F8656DFB41C7802E512D274DC9AFDED96CB70C51CC2905B4C1D4D
9B2763DFF3F3CC50E2CDA74B545C6BDF833762A20227EC2C0B64C930DFC51DED
D937D7F235D27B9EB27622EA984808C67B3563F6EF1BFDBF014E6A79FA7CB084
B4BBF58B6F2948BE8BC085198A7A5DD9E46E5604F49BDA7B49B827CDC0A9952D
311C344D9DEA7B98505CF76187787693F6B3810958C4263CF733B0935BCABDAB
361C079F000C8094ECDCF60AA5463CA7DBC415A5CF9ECECF2BA84498078F542D
B1A5C353B90FB0E516F32F1256A0720851574C004A3CFE4F11EF18DAE11A8B24
039FA7DCD3C6EA8B410DCE8E6CD3D2FEBD7653D7B0FC4D4F0B1A60296B2F5F20
A84D512D1D869DB8E3771328446DF45C00CDC9E961AF8B39D57483FB75D517C5
E19EAFDDA7D30578E403295B184035036C7A24AD53B2F32FDB9A3590C7610EBE
933EA8EF2097D5D13E1E9DBF61EBEBFA98070629A9CDAC1A2B82533F8086AE3C
61EBA214007CFBA7954A0DCC6160AFE6F2827DC63A917887FFDD01622BB0AC11
878AE76F46419589244286EB876825FDBA715FDDF0EE9A641272B9DE8FF11D5F
B7AAC49F00109BDE7E5DC91E750645B6C91F21FF474A67FDFDD0E1DF0C4ACBDB
48A34947D5E5FF5130908CCDE15749DA1194F674DC379F1B9801EA9A9EBFF0FB
6AC24150A57C4B9CE8DA0C45A575F7562D970714A8F87A01812B1C91A791E836
556F785A9D317906ACBF41D9595F9BD2E01D2E1B14C7914BBCB917E16F31DA48
5C3E106964737855F112172056361DC0BFCF437680D754C805224C8CB98B82F7
D9582DC5E82C89B28B7A76A74599923578B9F5C0599B2423B2149ED019913462
672D4DA0D184C191C43E167D620BBF0569EC279413548A31623F2257A6AFAD28
E72BC8CB98C1B04D236309B92DBA01F6FE2AB2F815110A3BD285A31E8726DEEC
6DF431BB9CB96592DE846070E8C3B1551B0276AE14C764BA076BD6477B28BB95
F6D55DF4CB0F19118C59A1AC2A68CC80A402FF3C2671125B818512B94CE103FF
89BCFC3E567E766DA60807EEAA33E2345390CCAF547C462B0E113AFB70CCA588
2F3149B69688B4E2DCD9467E8B05FC50561FA49DE366F96BC1D2ED646053D0C3
8414741FD30692821DACADA3C712BA120D46C88D436CFEC5C19BD95971E770F1
149A50B1D2AEAE4F7E5A30BA48C4F3472CF33D90A709DDBABA781E7664EF9951
1140704E30043E55185B83B4970DC4571A0F8E8FF8033707E9B280D52C7E71B9
823A20B82A33C4D9FFAAB7090683F5BEBE3923E9D13FF93AFCE5D95693CAE843
BA7B3B822A1A720808B924756A4FD1A535E891B0799CC0D35B250618BFD29462
500415A03507A827984500C7900BC64E6619C952D6F6582D31BBEAEAEA694908
E9A03B751E474956E2C29BDA63A7044541E6F8368D6C195826064D7CBAF2B047
22C5E4BB72B41AE72D8E3E901E04E42068C422A343087F5AC837FF0C858A06BF
55A217BD7A6A027836026DC2C2954C835AB550CA612D22D002FC4C84306815B9
C3D41A5D7B191ACDB2C77C22B8C0419C45DFF06035C65E5CBBF3EFCC5F1ED020
9469915A877289A697059030808DC5F6B6E5EAB70399DD82E7456158918E0F7E
D60B38D8A69DBD420ADCAEE50351BAD2604033BD180FC1FFD3D9D370BCA52357
A789F028AF33DFFEF4B43FEF824ACCA1DF970DF11CAE23139FC14F6E8BDF3720
014C82789C00A519C5FE994ACEF1ACD97B9AD0451B4969DF9EA55D0D9732192A
606AB2BCBB3CA16B90C0DC316B16419A875885BC37CDC1B430C968B71AD84716
B4CC1B97B98CE663451CE0CD1BEA24CD05DDB60306398B4E4FE158E4865C435E
700B2657452C409B9DA01F1505DF13D342489B2136ADC20891566D17A3A3CD13
51DD3D2910E40B8BED8DAB8C83E3F9E44A78F2CA0494C079651A042AEF524380
0E8BC2C2D3A7606F1BC2E19C1416625BCEC559776C4DFB338ADADF64CC905D00
8F0E8BA59A4BFBBD38E88AC0673B2D8BE4980E4AA151F88154105709E8B11453
B2E0F32B13BB3D7FD21905178995D1FC3784F01CEC0664161CD9A1CC23B0E51A
E0CB4FE1416FF88A003811A2C3D070953A0F717F241E6DA3A4EF4BE6F7D2013F
043CCF2554EE6EFE9EF6EA47DFC20C58D43C1A89C52BD04BB5907C7AC158264A
1401FDF0EEFD0E69A0323EDA65F8E6BBA712674BE54D58260BE917440E250CF0
A379DBD4A402D0DE566673F36E494D2EEFE52BC409F73C929494F48FCB1FE08C
D4039A31B12253136B913A8E4D62B67FABD4F15E4C72D1E9D1FAA3BD81E57324
FCF7DD47790DE39A2142BECA4139349C5F3D64EACD6636ADC7ADC3F479B54E14
FED21B09E431E60229DA2A449ABF716824284F232E7DA8150655F449D65FC242
31436CD1A3842263C02BEE304F74F40134A06E77B88FCD886F1C0252399D3819
4BFAC5955BCBC19DEBFA4F44ABD80430F25F8C5F29821A13663B8A509058D429
B3F7D098427BC0D0F43DE44A28603EDC255F6BFCA70C21A3CBB2A33ACBE892C8
0727033D8137B8686F29728E68C963B98ED3011D74B6890BB9BBF95322D8AAA5
A646F78960762FA5150294D24B37F18A32B217D45603B45EBF4C85854FD270E6
BD4A2209BE1EB51CE435C5EF6991C0491E5D1EFA083E6C974B659FBA621A7CA3
BF9A017E5790207FF1EF84AB4AF3511E935362CADE0B5DE84C20A16C4A94FA0F
E2E9CFAF837DA6AE267ABD4D4990C9CD6C2197AE92A218F66D49AE8E666BCEBF
315CCC2137F6A53E8A8F7B329A84E2D3E974FA93F69A726B99A528046C47F524
978AC602A1A629928A3C27B3C3712A3D168282CF0F38D0BB8A28E482427FB66E
CBBAB41BD0E39C6C9CFFFCEC934DDC34B96A3C4198CE2380B962EEEDAAB110E2
74AE9DD1A5E3FDA939847653C5D406CD1702AE8E509328145C4A6AA7A67104D9
22D2A9D9188F0C92BA576AEC485D278E8B143D495A9CCA0679464DD481C8E268
D800AA3A0947304EE926A1A64497AE240B8BBFEAAAC1401694F8E2B153A9BD39
463A1DC6E2A0E12372A3AD59DFADDDED786351D64CA25D82EBC32FC2B330A44F
887B9A677F960ED6F9135667A770B60D60D4B9BF9F5343C143E8E848B082715E
0AA74E7E803FFAC954D2E77436B28F881F7B719C52B16E5154A9E51A52023A78
7DAB40434599E609C99F557C162BD38A7C7514CFD991BA06BCA6D6F2BA82EC95
5CA9A8B975514E8599214F54AA899EAB8313C7071F222F8F8EB071B04D85A0F6
4D519992B2ED58406D8D7296E67555EF859D56E4B12D2366D81C2854BD31006F
EE324383E05B712EE2260241705C352A52753E069E26FBEB45BA090BCDA9310C
3757AB1F5B1639601DCC3211FCEE38DF806AEF330C9DD8D8A38E9ED17307CBF4
30
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
cleartomark
%%EndFont 
%%BeginFont: MSAM10
%!PS-AdobeFont-1.1: MSAM10 2.1
%%CreationDate: 1993 Sep 17 09:05:00
% Math Symbol fonts were designed by the American Mathematical Society.
% Copyright (C) 1997 American Mathematical Society. All Rights Reserved.
11 dict begin
/FontInfo 7 dict dup begin
/version (2.1) readonly def
/Notice (Copyright (C) 1997 American Mathematical Society. All Rights Reserved) readonly def
/FullName (MSAM10) readonly def
/FamilyName (Euler) readonly def
/Weight (Medium) readonly def
/ItalicAngle 0 def
/isFixedPitch false def
end readonly def
/FontName /MSAM10 def
/PaintType 0 def
/FontType 1 def
/FontMatrix [0.001 0 0 0.001 0 0] readonly def
/Encoding 256 array
0 1 255 {1 index exch /.notdef put} for
dup 32 /squiggleright put
readonly def
/FontBBox{8 -463 1331 1003}readonly def
currentdict end
currentfile eexec
D9D66F633B846A97B686A97E45A3D0AA052A014267B7904EB3C0D3BD0B83D891
016CA6CA4B712ADEB258FAAB9A130EE605E61F77FC1B738ABC7C51CD46EF8171
9098D5FEE67660E69A7AB91B58F29A4D79E57022F783EB0FBBB6D4F4EC35014F
D2DECBA99459A4C59DF0C6EBA150284454E707DC2100C15B76B4C19B84363758
469A6C558785B226332152109871A9883487DD7710949204DDCF837E6A8708B8
2BDBF16FBC7512FAA308A093FE5CF7158F1163BC1C87678CE98C24B934A76220
4DD9B2FF3A49786028E35DDE10AD2C926BD30AD47015FFE9469DE1F793D1C53A
C8812CBCD402444EAEA7A50EC5FD93D6A04C2783B50EA48059E3E7407537CB8D
4C206846EF0764C05289733920E2399E58AD8F137C229F3CE3E34D2D1EAB2D53
20D44EFAC8EFA4D14A2EFE389D952527F98D0E49BD5BD2C8D58FF9CB9C78D974
75C2AB5467D73D2B5E277A3FDC35909938A9DF0EB91BD9159D3437BE22EE4544
3429AC8E2BFBE34AE54D3BA3AD04BDF3F4F43A2B43992DF88678681B3AB32CFD
A23E2C98D1AF00AB206AC95B78BBE6316F7A0AB6BD3236C28C76288B3C25D1EB
E9ABB3576C5EC15A71D26177F5883E9B48293D59015615E2EEAF2E9BA04151ED
5497B9A1C41CBA44BAFF13EA218F5EAC11952EE336AD1DBE6CE92F002EAA3B3D
3BE4C3792F3405763C4BD93EFC3B4FC34193439561841BA989DD8D9F9AEE7A7B
24AEB4654B35023C9720B8F31AA9452E29753FB7915CB29977E725611E37C0B7
784BCC26FACF8A7A0EB1E54290D27FFE52B2D87FAD080AD15EE1984C37E0EB30
122C3012D3A16B09C28903D138352AB5462674B6CFB63F1371768D094DDF288C
36FB9B58443F872D61F2CD8CED42FE0EFF3D7E9952A172BB1AFECB60BF79F2B6
04265FDE4F78BC9FD619AA733CD0412F1D9A7C13B271BF827DCBDC8ABAE24FF0
74D3C220621D7FF0EFE62D835A221D0A7C139E2E6681FC2BBA58FA3B80D416EC
3854C63BA040A4262B458340DAA18AA6AEA3BBAC61615CB85982B18664D3D3AF
340C65B969071CF2D0CABEB80E04623D0526F862ECA8280EEE236C535F70561A
854181132E677674AD5E14C6636F57541D3C821F0776D2CB9B8526D4B826791A
0B179B387D47B0811BB2C543C33C8D2E85C0963D01F865C6CAF0142A9A2579CD
305FDB83EE4360D6F14FB45F36149F144EDD40F5AD478F2A40A1B0350D02F91A
37C7B0C40EF70EFBAD0C322298C4CF581F1F753F7BEE26B56AB00363E62BA6C3
351EEA00CDE1365BC14698AF4B86193692A9AAB635D6B69B56907F1811021C80
EF24551295EBF4200B50DFAD78089297DA0A3884560E5C026D32A689B70EE227
E06A3F1BB2531E85D1F23E5F91DFFD7E30A94906147DFE3FA8C788274F33B058
E6FF0A3164B000CAAD8EAC5C25EF89B15F5CB1951741A0708953E8C806E7FB7B
6A53147B57BC529C9100D4E207FF508116F90429577F5F7C8E966BE6148C0389
56FDC687BD74BE3DB8B61BDC732603AA0C9CC93CBF48D29D1026BF287A44967D
6B8AC95404C3F61C77C1B892730F2CF825708D99A19086F6B8B6BD2BA84AB231
3A82B074EC6D65ED022C8D3621C9986E8015A00BDEF51970F89FB2B6
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
cleartomark
%%EndFont 
%%BeginFont: CMR9
%!PS-AdobeFont-1.1: CMR9 1.0
%%CreationDate: 1991 Aug 20 16:39:59
% Copyright (C) 1997 American Mathematical Society. All Rights Reserved.
11 dict begin
/FontInfo 7 dict dup begin
/version (1.0) readonly def
/Notice (Copyright (C) 1997 American Mathematical Society. All Rights Reserved) readonly def
/FullName (CMR9) readonly def
/FamilyName (Computer Modern) readonly def
/Weight (Medium) readonly def
/ItalicAngle 0 def
/isFixedPitch false def
end readonly def
/FontName /CMR9 def
/PaintType 0 def
/FontType 1 def
/FontMatrix [0.001 0 0 0.001 0 0] readonly def
/Encoding 256 array
0 1 255 {1 index exch /.notdef put} for
dup 0 /Gamma put
readonly def
/FontBBox{-39 -250 1036 750}readonly def
currentdict end
currentfile eexec
D9D66F633B846A97B686A97E45A3D0AA052A014267B7904EB3C0D3BD0B83D891
016CA6CA4B712ADEB258FAAB9A130EE605E61F77FC1B738ABC7C51CD46EF8171
9098D5FEE67660E69A7AB91B58F29A4D79E57022F783EB0FBBB6D4F4EC35014F
D2DECBA99459A4C59DF0C6EBA150284454E707DC2100C15B76B4C19B84363758
469A6C558785B226332152109871A9883487DD7710949204DDCF837E6A8708B8
2BDBF16FBC7512FAA308A093FE5CF7158F1163BC1F3352E22A1452E73FECA8A4
87100FB1FFC4C8AF409B2067537220E605DA0852CA49839E1386AF9D7A1A455F
D1F017CE45884D76EF2CB9BC5821FD25365DDEA6E45F332B5F68A44AD8A530F0
92A36FADB679CF58BAFDD3E51DFDD314B91A605515D729EE20C42505FD4E0835
3C9D365B14C003BC6DD352F0228A8C161F172D2551CD1C67CD0B1B21DED53203
046FAFF9B1129167921DD82C5964F9DDDFE0D2686875BD075FC81831A941F20E
C5CD90040A092E559F6D1D3B0E9BB71733595AE0EA6093F986377A96060BF12A
A1B525CD9FA741FE051DD54A32BECD55A868DD63119A4370F8322CCBEC889BC2
A723CB4015FC4AA90AE873EA14DE13382CA9CF0D8DFB65F0ABEDFD9A64BB3F4D
731E2E1C9A1789228FF44116230A70C339C9819676022AB31B5C9C589AE9094B
09882051AD4637C1710D93E8DD117B4E7B478493B91EA6306FDB3FA6D738AAB1
49FBB21A00AC2A999C21445DE3177F21D8B6AAB33869C882613EA6B5EC56476B
5634181ECBF03BFEDB57F079EACE3B334F6F384BDF9D70AEBD592C8ECF21378B
54A8B5DBF7CB9282E16AA517E14843909339B5E7C55B038BF3BB493F3B884A1C
C25F9E8FB912CBE23199AD9D2C3E573727701BA301526C66C3617B9514D6F11F
11930B1D97C17816C85B1BFD9B973A191B33CC3B391815AD14F1CBE935942AEC
D4004E6BEF379066FD72209DC88D2E634E79BCC2B98C766CBD92C561F2703F8A
109E6C6CEC7B866F2FC7ADF646BF492E520319F3B949AB5D84AE990B33344A40
3971F58DFDF8D8D67FA0B8F2A0D884F8C09A5A721319B911DBA0A35903877343
C37BC36C5EB32353272D1E6ED5FCA611BE319A7E1E842CB7576E7CDAD2416819
11B86BC0CFA2D1D39AED3522AB976169AA4B1FC29275D63476FCB1B89D6B4E8D
3D66585EEF714BE23515664BA0F62B80B85FEAD89B1FBB5EC26B000B76C44858
18959DD785A6CEBB7CA31E52C45EC74F3FBF51B2992E8C4275B1DB0551DCE857
3A66B90C528BF38374142A3F7AEC4711F69F4054C3264CCD1A0731D3FE8E5803
F97E25A4C76C377C760A3F71E4B4F1A2C2517FA7E9504D89D679D19FE69D2D19
EF655B567D6F0DE157697776A1136B1CD92AD12477E89DF31C7ECC6A2682A466
878ADC1192573F32E35B4E812D41EC7BAF135F08A92F85B39AC1807958EB337F
40AF2E026D20B9833B301A9FC9D87C5994E0574822BF12BF7DD4DFCD74ADE397
AC7D571283
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
cleartomark
%%EndFont 
%%BeginFont: CMSY10
%!PS-AdobeFont-1.1: CMSY10 1.0
%%CreationDate: 1991 Aug 15 07:20:57
% Copyright (C) 1997 American Mathematical Society. All Rights Reserved.
11 dict begin
/FontInfo 7 dict dup begin
/version (1.0) readonly def
/Notice (Copyright (C) 1997 American Mathematical Society. All Rights Reserved) readonly def
/FullName (CMSY10) readonly def
/FamilyName (Computer Modern) readonly def
/Weight (Medium) readonly def
/ItalicAngle -14.035 def
/isFixedPitch false def
end readonly def
/FontName /CMSY10 def
/PaintType 0 def
/FontType 1 def
/FontMatrix [0.001 0 0 0.001 0 0] readonly def
/Encoding 256 array
0 1 255 {1 index exch /.notdef put} for
dup 0 /minus put
dup 3 /asteriskmath put
dup 15 /bullet put
dup 17 /equivalence put
dup 20 /lessequal put
dup 21 /greaterequal put
dup 26 /propersubset put
dup 54 /negationslash put
dup 96 /turnstileleft put
dup 102 /braceleft put
dup 103 /braceright put
readonly def
/FontBBox{-29 -960 1116 775}readonly def
currentdict end
currentfile eexec
D9D66F633B846A97B686A97E45A3D0AA052F09F9C8ADE9D907C058B87E9B6964
7D53359E51216774A4EAA1E2B58EC3176BD1184A633B951372B4198D4E8C5EF4
A213ACB58AA0A658908035BF2ED8531779838A960DFE2B27EA49C37156989C85
E21B3ABF72E39A89232CD9F4237FC80C9E64E8425AA3BEF7DED60B122A52922A
221A37D9A807DD01161779DDE7D31FF2B87F97C73D63EECDDA4C49501773468A
27D1663E0B62F461F6E40A5D6676D1D12B51E641C1D4E8E2771864FC104F8CBF
5B78EC1D88228725F1C453A678F58A7E1B7BD7CA700717D288EB8DA1F57C4F09
0ABF1D42C5DDD0C384C7E22F8F8047BE1D4C1CC8E33368FB1AC82B4E96146730
DE3302B2E6B819CB6AE455B1AF3187FFE8071AA57EF8A6616B9CB7941D44EC7A
71A7BB3DF755178D7D2E4BB69859EFA4BBC30BD6BB1531133FD4D9438FF99F09
4ECC068A324D75B5F696B8688EEB2F17E5ED34CCD6D047A4E3806D000C199D7C
515DB70A8D4F6146FE068DC1E5DE8BC57034F4D9A2152A6B38BAEF33DC201A05
C8314401D1EF6AB12A61389ACC214E61AACCA6B38D58A0B9E1FB847902E51AFB
CE62D86EE1D33F2FD53457E35DA66C98A14FE772D8C5FDAB8D1215A83F1A4F3C
085A019B6D8F97B8656C85857D1DD9AC14D565B86A6537EBBBCF5CAD7EA1DC90
C4EA48B6E510E9F3599656AEAA9B230FA24FD663DE3CF434BA7279746926DD60
95C0A58B87A08D45C965ED6CC231D95A61F8921FDA3A341A183CC8631066934F
9AFD99861AAFAF8A9E17E42774544E70542BDCA878DFA70E786BF7B0CDC39477
14143B5346923D85A6D38412659891AC813E0627DCC3F2988B3C60A199915808
64A44471813DC8E6041DFEF2A1BF0ED0EF1162612B67B900B81D7A1BF81BC3C8
0A53C9AAE574B5F35BE7768EEE08F460218C04E6CFF0CD0B77CCB7E4795E1DAA
95DF6289ACF6E82BB13EFFF569696A1C6E1303F8D2460EC091D4C39183AB5016
97311C5415B9BD26F40131DF923BBD802289953ED0433668E431B452A66DDA4D
9B65FD157E6454EC13B28C710C9CB532456EF9DC9BA7FA65261803B6505879C8
08B1CC1F63E562426A4F068DBF2EB0DAEFE2CCC87596913412536DBB7A2BC5F9
A57521D607D1FE45CFE9D25329464BC2987912834EF98C41F0083A23E9FC6130
F4715D7B1039105AA079E1A8CCB75A69990168873668B6767C75FF9ECA2A0184
820F4CA6433D7F647CD0385292E0353D875C2F4608EC77A39D72CBE1B5825EC2
33C55340D5A797999E68678EBC2C253410F2901C0C5F225F4731CCF666A14C7F
BDCBA83BE5999BD835B3BC239AB265F3D15204C45AE8EDCC24258B893A9FDC94
1744BA770421544B92EC673332B02E217C0E9550FA58FD954F506C5983E40F7C
B2C4113793145741AA3EC13F448C6DA9AC960EBF84B1FB8EC4D7DE1D234A6B9A
D6156F1515D180B256B4BC8BA895FF4B7EB6D55275A9C0109A6706E5E131405C
748F2A4E38755964143E00F667614F36C22C89D91F0B83C88A9341CA2FC16D7A
5F14E42A722EAB5ED8B9AACC7B46E310553C04CAE7BBC23B72F11CC923C3F3B0
36519E97C11B2AEDFB44C09C538A7CFD7994590905911A07481224086E152F89
33EA0C009B050A061F0C86FB30A0741362A58BA305E29DA1BC074EB6A2E0A6BC
1BC4C6B121A8214547ABC710189522FCD24C0DC459E71302FCBD6CC506E2C648
87397F69D3473FB6145BDA459807E5C5FF2131F137403C3305D91E69C2C67D79
B3621C3D1B4DD9C21A46AA29E5C2C3D0ABA075AE1CBDA0206AD93BB77E11F9A9
778055628D30D6D805E31BA9F41A4CCED6982B65E213E3C37F4A2CB0ECCBC3CC
452EBB76FBB32AF1EC3909102BB7B44C6365D09E6CDE671616099E102E0A9CF9
23CB7E640270823EA0A994FDD23A167BE63C20D4273F3F19C731478C094F06C4
E6FDFB3C044B38407BA1A1CA67F44F310B316CBB7A8FD88E52286463B38D575E
5F7D6F00286C69458189F97D49FBDD6B3B1F171023791669E359325F27669895
A623D46892948DE32D79D9580288F51E39EA85519B99FAD7F7A615FC2ADEA4A9
F68BDA9F048E610BDB7CC6881B71298FEEFAE11306F90E9FEF341E6450162AEE
BE92831D4CE25B2BFEDF46F74699FF8658ED2E1EAEA2EFB20578D5354961748A
5664D8FE28A0AEEF58FF90BAA0BD61CB887A22AADA7226F252207677FF692910
49B101A95D68026630B08BF297B6B5023AC332084BF1644272A781C270B82781
BB5F0BB0298313AEBA1A0F80454D3FA1A62C30E7B71DDF6CB291203532C0A46D
F4186B92EED4935C0CB90F597616E02840F10CC38016A212F9C0069BB2566FF0
5B00779357B201E371D74C88102D71C97B1F348094658BA2E963EC36B6438B47
2D5C8DF1F9E45FB6D1D2F9827B0A7E6333AE84CE46E380226534619A78AD8FE9
2E25DED5246241F79A40EC3DD48954254291AF4A2445D667681B683A6B3A5F9F
BF16818ADDDF5C75421F003934F6E61431D279FC8631870774ED924DBADAE392
B48A19D620B9B079F6E8960357EA2C82A8A7138048C2E3AFE15319670FDE56C4
BA880208451CDC6C4D9C35BF8E7C2722321CFDA14AE6A10670088021294DE0FA
8F5C32DB93AB4A004D5D4A23BE253A65F7E83B712DEA7FA98B7D33608933CD8E
CDD2D11809611E5BCC6A768B786239F9DD04F0E5FD008673E5206C15A3B79888
24E0A26E3215F2BB4A2AB025252DEE9E1CC6822124BD5800CC26790FF629E034
E65A26B29C0BBE7D9380BE635259925D34E445AD388FBF886A04A71ADA7E3ECC
2BB80835FD017B69DC177F3E027596B4E1
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
cleartomark
%%EndFont 
%%BeginFont: CMR8
%!PS-AdobeFont-1.1: CMR8 1.0
%%CreationDate: 1991 Aug 20 16:39:40
% Copyright (C) 1997 American Mathematical Society. All Rights Reserved.
11 dict begin
/FontInfo 7 dict dup begin
/version (1.0) readonly def
/Notice (Copyright (C) 1997 American Mathematical Society. All Rights Reserved) readonly def
/FullName (CMR8) readonly def
/FamilyName (Computer Modern) readonly def
/Weight (Medium) readonly def
/ItalicAngle 0 def
/isFixedPitch false def
end readonly def
/FontName /CMR8 def
/PaintType 0 def
/FontType 1 def
/FontMatrix [0.001 0 0 0.001 0 0] readonly def
/Encoding 256 array
0 1 255 {1 index exch /.notdef put} for
dup 40 /parenleft put
dup 41 /parenright put
dup 49 /one put
dup 50 /two put
dup 51 /three put
dup 54 /six put
dup 56 /eight put
readonly def
/FontBBox{-36 -250 1070 750}readonly def
currentdict end
currentfile eexec
D9D66F633B846A97B686A97E45A3D0AA052A014267B7904EB3C0D3BD0B83D891
016CA6CA4B712ADEB258FAAB9A130EE605E61F77FC1B738ABC7C51CD46EF8171
9098D5FEE67660E69A7AB91B58F29A4D79E57022F783EB0FBBB6D4F4EC35014F
D2DECBA99459A4C59DF0C6EBA150284454E707DC2100C15B76B4C19B84363758
469A6C558785B226332152109871A9883487DD7710949204DDCF837E6A8708B8
2BDBF16FBC7512FAA308A093FE5CF4E9D2405B169CD5365D6ECED5D768D66D6C
68618B8C482B341F8CA38E9BB9BAFCFAAD9C2F3FD033B62690986ED43D9C9361
3645B82392D5CAE11A7CB49D7E2E82DCD485CBA1772CE422BB1D7283AD675B65
48A7EA0069A883EC1DAA3E1F9ECE7586D6CF0A128CD557C7E5D7AA3EA97EBAD3
9619D1BFCF4A6D64768741EDEA0A5B0EFBBF347CDCBE2E03D756967A16B613DB
0FC45FA2A3312E0C46A5FD0466AB097C58FFEEC40601B8395E52775D0AFCD7DB
8AB317333110531E5C44A4CB4B5ACD571A1A60960B15E450948A5EEA14DD330F
EA209265DB8E1A1FC80DCD3860323FD26C113B041A88C88A21655878680A4466
FA10403D24BB97152A49B842C180E4D258C9D48F21D057782D90623116830BA3
9902B3C5F2F2DD01433B0D7099C07DBDE268D0FFED5169BCD03D48B2F058AD62
D8678C626DC7A3F352152C99BA963EF95F8AD11DB8B0D351210A17E4C2C55AD8
9EB64172935D3C20A398F3EEEEC31551966A7438EF3FEE422C6D4E05337620D5
ACC7B52BED984BFAAD36EF9D20748B05D07BE4414A63975125D272FAD83F76E6
10FFF8363014BE526D580873C5A42B70FA911EC7B86905F13AFE55EB0273F582
83158793B8CC296B8DE1DCCF1250FD57CB0E035C7EDA3B0092ED940D37A05493
2EC54E09B984FCA4AB7D2EA182BCF1263AA244B07EC0EA901C077A059F709F30
4384CB5FA748F2054FAD9A7A43D4EA427918BD414F766531136B60C3477C6632
BEFE3897B58C19276A301926C2AEF2756B367319772C9B201C49B4D935A8267B
041D6F1783B6AEA4DAC4F5B3507D7032AA640AAB12E343A4E9BDCF419C04A721
3888B25AF4E293AACED9A6BDC78E61DA1C424C6503CC1885F762B36775D22D60
90EAD6264BD19520CAE15B9D10C9EAF67861330EE82CE275B8C8AF5B398B77E6
F6049C7779C0D106E65116356B8B0E5CF6FF8180DBFFDECA4F13894E17CEF1B0
6545D48A3E5CC6D9ACFB835E39171BFE398D6BE08EDE3CB26861A64AAEE03ED0
8B1777B44B79809C398B21727475EB01E20C0FAC29A2AE499CE6B23DA8D2D4AC
10C0C0552BE47F12B955E629431581B898946BAB974BB5EFE5F2D09E733C4F15
41858D8DF7A469AC391926DC96B6CA6A4B3098032D7EAB76B4BDB11CBEEA092A
7458003B4D5C7BEA235EB80D035B9084C1B69000F85F46D1C85678FBF9C90BB0
047515D9285502EABD3154F3F0B47FB772D6ABF3890183B1E3CB032AFE905675
D600BA24F112CC81B183E1129C600FDD9E42A872D5FF5451FD4CB9D0869114F2
FED47EF45C61D6F206BB950BF42D0A14AEF16998E7B173A9CEA32FBBE9E0CEA7
98FC1A98BF1543288273EDA8DD1B9131B913C95E2468CFC1B32106F927360AEA
1AED6075E253B8FE0BA32F7E5CB4394CDD126C7875E1244CF7441496B83EE394
8D02FEDC2E7209B2BEABF69745234EB2BF48A4DA97B5507832F66D6C7BEFE80A
9B5DAB6F3C02308B92DB7798FABCF0DAC375ADC1CD7235CBE31E728A41340068
57E3404472D5195418B24537A3E114C4EA435F421CE9C6FC66B6305303D1EE6A
9921CA34E9B6FF0757A72A12CA0046BEF92F493A77A272ED6F4DBF084AD7B451
D6D05215E6AB612B4394CDC744D02392B850A72CB8C462A60C541C2C8305F878
41FBA534FC4F8B3E0D6EF6567C93282AFFEA2F2D68583CD9DC13CE9A90AE2B3C
2D62168FAD2C976F9E7725C067C0AD29CC968AF9333C59D43E81A05CD5DC072D
077761EF72829BA0CF5821195F83F3C36D3D3C6F617B6C639A6AF1A833B359F9
7EAF894FE1912092CB4CBB363810C4F66BA47D2389DF962205BB747C6C131941
5867125616A3CE00DD1B0290A59401D1F1839BC6C4A19A11C851829D09EC671B
BBBDF7DB999326FF7673DF2F935C50837452DFB4231FDCEF0C0957DF2E2AA910
2C21723361AA0AADED9C31B00B1F4A7C9FFC3CE48A05E1C9E90BEDF9F7C6CA98
3288EBE6C75B0668B36BEE2516BF05EA204C06C32DFB04D925543C27EBAC38BC
F14D4B9AAC6B37FB699723AE94558E0C3DCDA60C5F0FCB0DAD5D70CDB07A9260
2A64576F197E200040717F9456382429DD02A6D0C7D0990E30067BE30723B63F
4A5FD6FA923E29FDCD05415D7242D83A04526E577BEFD79C5E4D536DFEF34206
694C73E74B0B2C03C60EFE906369F71A0E76EA4FCA3938D8BBDA070D311993BA
9D392DDBA1E86BA4EF132C3FF8FE56F3B3B77E0968E5FC39EC4580EE8CC4BC1F
AADE715237B014FDF97AA6F1591CB87030DCACA28F1863B8A00E22794C2C1D36
0248B3E3FF6105320C2F6504992D6E59C65325F1CF2681FD8BF4E4B13D2216B9
EBBF9AA4CB1178C37573125FF9F2FADFA15BEB632FB37AF162C3D3296383A9EC
4FE86824DA7F483E3FEE38ABAB91A396E8D5EF6FE77BA7D293095A442084B2D3
CED068A4E2D034B5C1BD1C7392297E1C450DEA5C8D28F7E663989F9B84DC892A
28582F5430AF8FF9F46D6F7C9A114ADFD4C271B2EBD81483472A3B07511A6743
E752B3324726146D7D3EF69195C77040533C5ADA35B256959A1CC9D06D3C0669
D3888E36C2C03ED88E44BE78869FBB70DFFD4DF6655CBA24FC23121398F39128
F57615101150A2D6B717C24AC74E673EEA98478A
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
cleartomark
%%EndFont 
%%BeginFont: CMSY8
%!PS-AdobeFont-1.1: CMSY8 1.0
%%CreationDate: 1991 Aug 15 07:22:10
% Copyright (C) 1997 American Mathematical Society. All Rights Reserved.
11 dict begin
/FontInfo 7 dict dup begin
/version (1.0) readonly def
/Notice (Copyright (C) 1997 American Mathematical Society. All Rights Reserved) readonly def
/FullName (CMSY8) readonly def
/FamilyName (Computer Modern) readonly def
/Weight (Medium) readonly def
/ItalicAngle -14.035 def
/isFixedPitch false def
end readonly def
/FontName /CMSY8 def
/PaintType 0 def
/FontType 1 def
/FontMatrix [0.001 0 0 0.001 0 0] readonly def
/Encoding 256 array
0 1 255 {1 index exch /.notdef put} for
dup 0 /minus put
dup 3 /asteriskmath put
dup 48 /prime put
readonly def
/FontBBox{-30 -955 1185 779}readonly def
currentdict end
currentfile eexec
D9D66F633B846A97B686A97E45A3D0AA052F09F9C8ADE9D907C058B87E9B6964
7D53359E51216774A4EAA1E2B58EC3176BD1184A633B951372B4198D4E8C5EF4
A213ACB58AA0A658908035BF2ED8531779838A960DFE2B27EA49C37156989C85
E21B3ABF72E39A89232CD9F4237FC80C9E64E8425AA3BEF7DED60B122A52922A
221A37D9A807DD01161779DDE7D5FC1B2109839E5B52DFBB2A7C1B5D8E7E8AA0
5B10EA43D6A8ED61AF5B23D49920D8F79DAB6A59062134D84AC0100187A6CD1F
80F5DDD9D222ACB1C23326A7656A635C4A241CCD32CBFDF8363206B8AA36E107
1477F5496111E055C7491002AFF272E46ECC46422F0380D093284870022523FB
DA1716CC4F2E2CCAD5F173FCBE6EDDB874AD255CD5E5C0F86214393FCB5F5C20
9C3C2BB5886E36FC3CCC21483C3AC193485A46E9D22BD7201894E4D45ADD9BF1
CC5CF6A5010B5654AC0BE0DA903DB563B13840BA3015F72E51E3BC80156388BA
F83C7D393392BCBC227771CDCB976E933025375FFCDD9E2FD073678A57A333F9
6BDA68191ED103DB904FC6A75017A9939B1F14A711BC0B140F6C4E6C217EEADC
2B649171318049FC272C351B1417B517204D5DBE34FA6D6B93E1E6086F880CF6
401E7F67B5A91AD4822EF52F13060CBCF81FCA8120CD5D8360F7D2C81EC04625
72F94F9676DE469FB36857FD8683430A234CE2DDA9FB813F2A4BA76FED8025B4
94499FE3316EA5B81AF1664D5C38FB727E469D20E48EA4E7414B7A5FAD4FCD36
1BA213E004FF647E1ECD343BA1B878BF06B93F7A2EEC08BDB0FBFCCFCAE858BE
EC8D196DEA158F6C2C5CFABF54BC74ABA6E68F1A8B8375FCEE77FB120977DF2B
B551AAC2A1BE3CE4F7997827779418104F0687F9230283B2A6529C861F5CDD3E
5D361F561E3BB620E59469FB7D390DB1372B55007849E0A693509934F5EA9867
1CDFB5791F924619F62539A88DF83D066226958772E256D92A35C07A387D3BBC
38FACDAF330DDCA81F7549FEF0DAD1754E728928C19F18AD255CA4DF8F49BE7D
00CCB80294814C7AE29B6FC5328E389F9F9CFA9068235929A3CB3F59F030F87D
720BFA502FD6007288B79ADE990172DB16D224E0B7FD4B1EF6B080A5298699CA
AF9D8607C0C812994CB80FB108628A6B9533EECEAEB93FB70A305CD7FEDE7873
7E9C3A77EAE67DB899EAE5B2BDCBE463EFBDAE0C19CF14D906BFEE7E13E72786
9127A61632CC57E3ABAF
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
cleartomark
%%EndFont 
%%BeginFont: CMMI8
%!PS-AdobeFont-1.1: CMMI8 1.100
%%CreationDate: 1996 Jul 23 07:53:54
% Copyright (C) 1997 American Mathematical Society. All Rights Reserved.
11 dict begin
/FontInfo 7 dict dup begin
/version (1.100) readonly def
/Notice (Copyright (C) 1997 American Mathematical Society. All Rights Reserved) readonly def
/FullName (CMMI8) readonly def
/FamilyName (Computer Modern) readonly def
/Weight (Medium) readonly def
/ItalicAngle -14.04 def
/isFixedPitch false def
end readonly def
/FontName /CMMI8 def
/PaintType 0 def
/FontType 1 def
/FontMatrix [0.001 0 0 0.001 0 0] readonly def
/Encoding 256 array
0 1 255 {1 index exch /.notdef put} for
dup 27 /sigma put
dup 28 /tau put
dup 59 /comma put
dup 104 /h put
dup 110 /n put
dup 116 /t put
readonly def
/FontBBox{-24 -250 1110 750}readonly def
currentdict end
currentfile eexec
D9D66F633B846A97B686A97E45A3D0AA0529731C99A784CCBE85B4993B2EEBDE
3B12D472B7CF54651EF21185116A69AB1096ED4BAD2F646635E019B6417CC77B
532F85D811C70D1429A19A5307EF63EB5C5E02C89FC6C20F6D9D89E7D91FE470
B72BEFDA23F5DF76BE05AF4CE93137A219ED8A04A9D7D6FDF37E6B7FCDE0D90B
986423E5960A5D9FBB4C956556E8DF90CBFAEC476FA36FD9A5C8175C9AF513FE
D919C2DDD26BDC0D99398B9F4D03D6A8F05B47AF95EF28A9C561DBDC98C47CF5
5250011D19E9366EB6FD153D3A100CAA6212E3D5D93990737F8D326D347B7EDC
4391C9DF440285B8FC159D0E98D4258FC57892DDF753642CD526A96ACEDA4120
788F22B1D09F149794E66DD1AC2C2B3BC6FEC59D626F427CD5AE9C54C7F78F62
C36F49B3C2E5E62AFB56DCEE87445A12A942C14AE618D1FE1B11A9CF9FAA1F32
617B598CE5058715EF3051E228F72F651040AD99A741F247C68007E68C84E9D1
D0BF99AA5D777D88A7D3CED2EA67F4AE61E8BC0495E7DA382E82DDB2B009DD63
532C74E3BE5EC555A014BCBB6AB31B8286D7712E0E926F8696830672B8214E9B
5D0740C16ADF0AFD47C4938F373575C6CA91E46D88DE24E682DEC44B57EA8AF8
4E57D45646073250D82C4B50CBBB0B369932618301F3D4186277103B53B3C9E6
DB42D6B30115F67B9D078220D5752644930643BDF9FACF684EBE13E39B65055E
B1BD054C324962025EC79E1D155936FE32D9F2224353F2A46C3558EF216F6BB2
A304BAF752BEEC36C4440B556AEFECF454BA7CBBA7537BCB10EBC21047333A89
8936419D857CD9F59EBA20B0A3D9BA4A0D3395336B4CDA4BA6451B6E4D1370FA
D9BDABB7F271BC1C6C48D9DF1E5A6FAE788F5609DE3C48D47A67097C547D9817
AD3A7CCE2B771843D69F860DA4059A71494281C0AD8D4BAB3F67BB6739723C04
AE05F9E35B2B2CB9C7874C114F57A185C8563C0DCCA93F8096384D71A2994748
A3C7C8B8AF54961A8838AD279441D9A5EB6C1FE26C98BD025F353124DA68A827
AE2AF8D25CA48031C242AA433EEEBB8ABA4B96821786C38BACB5F58C3D5DA011
85B385124980D8CEA6D6361A74828648588D542A9F3D84048D22F4DAE0578C74
23990672C00AEE4FB1D1E2D8122A181BBD91410FDFA47877864D262E552BBA90
4068EC18808AEF86F684156156092CBE4CB6100152BAE23871BEFCE328D0CA84
69FB1F6835D191123625EBE0C038964379E8C1A69638408629203190C0421C8F
913F927E77C5448706E98A66A22C8B7F1D872C85109F307594818D19630FCFE7
9A80FC6A798433265110E9813E4B21863A4A7BBE6AC5F1737A71D6482FF6CDA2
341FC722D3EFFFA3ABF63361E4BF19203F973F77B74472C1D063A4EB3F8FA1D8
4AD11A903A5305F0C3CAB85882CFC0102A2167C4756A1BCEDDFF49B2DBC2F8F2
40EFB8AF96CA3B01BB7534D8126C0E03516F74B68D9BDBF53A3FD66B2A316874
3807FC93FCB208FBD0C3388EF5CAAC50396D63A1B94DB8CC694426C2BBFDFC7E
9F808CF14775E276D92BE25E7CA68B52F859A5AE86DB95A2174996D80EF6DD18
A9BD8834EA55AD3A1EBCC78EFE08F55B7DF6CCC27654369D44BF175E94CDEEAB
F5E7524C1B028659F1F8AF39AEF96CD941A4861092548B6F83C725FD5301B54D
291AA6615B79073C9FCB8321C89A36DB7D91616EABEFB1BF1BD2AD7853F2FD59
C57814D708C2F1C06159815AE9170DA44013FA210E96E875B1B809CC96EC9C9D
942BC0D7FB39401575FFDBA64171E40A9EAC74443FA363CCF7ED8821F858F6A4
1138E0C18B8A4CE34A345D5D045ACC1B7C37859FB0562BF6E66031DD63F59F2F
BCDB56C16E2322F59A9689A9135E79ACC7F02C2971BE3F4428D3E8462157BA91
8398FED968C9B1CB6330670DBD8A9A597FB5B937C790876409EF65DCC38948FD
8F4A13E07EAF9DB5782999915DBC1063DB5C8ABA3C6DC37FC673D8B3EECD492C
A0E30A8C3AA4847C01CE73A26B643743ED9B1693BD51D3D9DB232371D5FA3693
AEB92FFE6018A46CB2498371968120A5636771C222B63BDF497568AFAD9C8A58
2E8B3A451C87489A0810618666AB4A8391FD2345DE0EE1781373CE85B1B45619
4597DEFCF74C1973BAD777B433D798F7D59E2471A53AC554C96F3BC662599982
59A2B453F0F3485A2DC98CFBB8C4AAAA0C47AAC3A0B1D45F552F99BFB6C59FD6
C65FB4521ED63E5B217AAE3DFEE1EEB3B6AADA945E5AA8BDD1E46CE93200D967
63269C46FE13CEC351A4956513A9F68D2DFDB6043F9B708A4258396F7F2319CD
FFCC68F93D6E3A603B9B8236D78CD2C3B618D9B600F79C40878F6ED175AB5F62
D5C129F15E6600523141184F0AAA541CDC391F7258FE242352C8D8542DFB28E9
83BDE76E0AC8C20DA7CA2B906D3727E60F1B4AE78BB359C3CEEF21B2AA8C0651
12525396F910B1D9D63AB4DA7C979C0CFD1BE11446913C204321DEDD0AA7CFE1
018E0E851500DC8C6BDB59E970CB0A8745AD05E2BEF7C373F969F72077050344
E6717978C5EF7424B7C95A333847585D507E4D28F11A83EC3185D98F644E3EC7
13F7D41F90C4BEE75E331787CDB18502578A64CF1EB4B05D46085CC4DE81D66A
C1BE78A67C7BD601A1B0B75F92E5B8E42EF9A15F0F2D715843527D1E69D8519B
6F876D3D4A8AF1705595B1631B57EBC998BECB044ECD349F4E9817CB52
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000
cleartomark
%%EndFont 
TeXDict begin 40258431 52099146 1000 600 600 (paper.dvi)
@start /Fa 141[60 2[60 9[60 59[60 60 40[{TeXBase1Encoding ReEncodeFont}
5 99.6264 /Courier rf /Fb 199[33 33 33 2[33 1[33 49[{}5
58.1154 /CMR7 rf /Fc 205[42 42 49[{}2 83.022 /CMR10 rf
/Fd 193[65 1[65 60[{}2 83.022 /CMMI10 rf /Fe 223[91 32[{}1
90.9091 /MSAM10 rf /Ff 255[48{}1 74.7198 /CMR9 rf /Fg
152[42 42 98[42 2[65{}4 83.022 /CMSY10 rf /Fh 134[42
42 60 42 42 23 32 28 1[42 42 42 65 23 2[23 42 42 28 37
42 37 42 37 3[28 1[28 5[60 51 46 55 6[60 2[60 1[46 51
60 55 5[47 1[23 23 42 42 1[42 42 42 42 42 42 42 23 21
28 21 47 1[28 28 1[65 4[28 33[{TeXBase1Encoding ReEncodeFont}55
83.022 /Times-Roman rf /Fi 131[55 2[55 55 55 55 55 55
55 55 1[55 55 55 55 55 55 55 55 55 55 55 55 55 55 55
55 1[55 6[55 55 1[55 55 55 55 55 55 2[55 55 55 1[55 55
2[55 2[55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55
55 55 55 55 55 55 55 55 55 55 55 1[55 55 55 55 35[{
TeXBase1Encoding ReEncodeFont}71 90.9091 /Courier rf
/Fj 199[35 1[35 2[35 35 35 7[27 27 40[{}7 66.4176 /CMR8
rf /Fk 207[19 44[35 2[55{}3 66.4176 /CMSY8 rf /Fl 139[25
5[43 5[41 44[20 30[31 40 27[{}6 66.4176 /CMMI8 rf /Fm
152[45 45 5[56 41[0 27[71 4[71 71 2[71 1[45 11[45 2[71{}11
90.9091 /CMSY10 rf /Fn 134[45 52 3[33 43 4[55 4[31 3[42
1[39 39 12[62 22[71 1[71 1[25 28[49 40 52 27[{}16 90.9091
/CMMI10 rf /Fo 144[45 1[76 8[51 38[71 2[25 45 45 45 45
45 45 45 45 45 45 6[35 35 1[71 37[57{}19 90.9091 /CMR10
rf /Fp 201[25 25 25 25 25 25 49[{TeXBase1Encoding ReEncodeFont}6
49.8132 /Times-Roman rf /Fq 135[33 9[33 52 3[18 7[29
11[48 41 37 44 1[37 1[48 1[41 48 1[22 48 48 37 41 48
44 44 48 10[33 33 33 33 33 33 49[{TeXBase1Encoding ReEncodeFont}28
66.4176 /Times-Roman rf /Fr 107[51 51 25[40 40 61 40
45 25 35 35 1[45 45 45 66 25 40 1[25 45 45 25 40 45 40
45 45 8[56 76 1[66 51 45 2[56 66 61 76 51 2[30 1[66 1[56
66 61 56 56 5[30 30 45 45 45 2[45 1[45 45 45 25 23 30
23 61 1[30 30 1[71 35[45 2[{TeXBase1Encoding ReEncodeFont}60
90.9091 /Times-Italic rf /Fs 134[37 37 54 37 37 21 29
25 1[37 37 37 58 21 37 21 21 37 37 25 33 37 33 37 33
9[71 2[46 42 4[54 66 3[25 2[42 2[50 1[54 7[37 10[19 25
19 4[25 35[42 42 2[{TeXBase1Encoding ReEncodeFont}40
74.7198 /Times-Roman rf /Ft 134[45 1[66 45 51 30 35 40
1[51 45 51 76 25 51 1[25 51 45 30 40 51 40 51 45 10[66
66 61 51 66 1[56 1[66 86 1[71 1[35 1[71 1[61 66 66 61
66 6[30 5[45 45 45 45 2[23 30 23 41[51 2[{TeXBase1Encoding ReEncodeFont}
47 90.9091 /Times-Bold rf /Fu 170[53 44 40 49 1[40 1[53
1[44 53 1[24 53 53 40 44 53 49 49 53 65[{TeXBase1Encoding ReEncodeFont}
17 72.7272 /Times-Roman rf /Fv 104[91 45 1[40 40 24[40
45 45 66 45 45 25 35 30 45 45 45 45 71 25 45 25 25 45
45 30 40 45 40 45 40 3[30 1[30 56 66 1[86 66 66 56 51
61 66 51 66 66 81 56 66 35 30 66 66 51 56 66 61 61 66
1[40 1[51 1[25 25 45 45 45 45 45 45 45 45 45 45 25 23
30 23 51 1[30 30 30 1[76 1[45 31[51 51 2[{TeXBase1Encoding ReEncodeFont}
83 90.9091 /Times-Roman rf /Fw 134[50 50 72 50 55 33
39 44 1[55 50 55 83 28 55 1[28 55 50 33 44 55 44 55 50
9[100 72 72 66 55 72 7[50 39 3[66 72 72 66 72 6[33 4[50
50 50 50 50 2[25 33 45[{TeXBase1Encoding ReEncodeFont}44
99.6264 /Times-Bold rf /Fx 134[60 1[86 60 66 40 47 53
1[66 60 66 100 33 66 1[33 66 60 40 53 66 53 66 60 9[120
86 1[80 66 86 2[93 5[47 3[80 86 86 80 86 6[40 3[60 60
60 60 60 60 3[40 45[{TeXBase1Encoding ReEncodeFont}42
119.552 /Times-Bold rf end
%%EndProlog
%%BeginSetup
%%Feature: *Resolution 600dpi
TeXDict begin
%%BeginPaperSize: Letter
letter
%%EndPaperSize
 end
%%EndSetup
%%Page: 1 1
TeXDict begin 1 0 bop 0 0 a
SDict begin /product where{pop product(Distiller)search{pop pop pop
version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto
closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show
grestore}if}{pop}ifelse}{pop}ifelse}if end
 0 0 a 0 0 a
SDict begin [ /Title () /Subject () /Creator (LaTeX with hyperref package)
/Author () /Producer (dvips + Distiller) /Keywords () /DOCINFO pdfmark
end
 0 0 a Black 0
TeXcolorgray 0 0 a
SDict begin H.S end
 0 0 a 0 TeXcolorgray 0 TeXcolorgray
0 0 a
SDict begin H.R end
 0 0 a 0 0 a
SDict begin [ /View [/XYZ H.V] /Dest (page.1) cvn H.B /DEST pdfmark
end
 0 0 a Black Black 0 0 a
SDict begin [ /Count -0 /Dest (section.1) cvn /Title (Introduction)
/OUT pdfmark end
 0 0 a 0 0 a
SDict begin [ /Count -2 /Dest (section.2) cvn /Title (Integer Security Vulnerabilities)
/OUT pdfmark end

0 0 a 0 0 a
SDict begin [ /Count -0 /Dest (subsection.2.1) cvn /Title (Integer Representations and Conversion)
/OUT pdfmark end
 0 0 a 0 0 a
SDict begin [ /Count -0 /Dest (subsection.2.2) cvn /Title (Security Vulnerabilities with Integer Types)
/OUT pdfmark end
 0 0 a 0 0 a
SDict begin [ /Count -5 /Dest (section.3) cvn /Title (Our Approach: Strong Integer Typing)
/OUT pdfmark end
 0 0 a 0 0 a
SDict begin [ /Count -2 /Dest (subsection.3.1) cvn /Title (C Integer Sub-typing Rules for Safe Integer Casts)
/OUT pdfmark end
 0 0 a
0 0 a
SDict begin [ /Count -0 /Dest (subsubsection.3.1.1) cvn /Title (Basic Sub-typing Relationships: T-Sub, t-refl, t-trans)
/OUT pdfmark end
 0 0 a 0 0 a
SDict begin [ /Count -0 /Dest (subsubsection.3.1.2) cvn /Title (Sub-typing Rules for Safe Casts: T-unsigned, t-signed, t-upcast)
/OUT pdfmark end
 0 0 a 0 0 a
SDict begin [ /Count -2 /Dest (subsection.3.2) cvn /Title (C Integer Rewriting Rule for Unsafe Casts)
/OUT pdfmark end
 0 0 a 0 0 a
SDict begin [ /Count -0 /Dest (subsubsection.3.2.1) cvn /Title (General Rewriting Rule for All Unsafe Casts: R-Unsafe)
/OUT pdfmark end
 0 0 a 0 0 a
SDict begin [ /Count -0 /Dest (subsubsection.3.2.2) cvn /Title (Specific check,: d-check, u-s-check, and s-u-check )
/OUT pdfmark end

0 0 a 0 0 a
SDict begin [ /Count -0 /Dest (subsection.3.3) cvn /Title (Dynamic Safety Error Detection: error\(\))
/OUT pdfmark end
 0 0 a 0 0 a
SDict begin [ /Count -0 /Dest (subsection.3.4) cvn /Title (Complex Types)
/OUT pdfmark end
 0 0 a 0 0 a
SDict begin [ /Count -0 /Dest (subsection.3.5) cvn /Title (Where Checks Are Inserted)
/OUT pdfmark end
 0 0 a 0 0 a
SDict begin [ /Count -2 /Dest (section.4) cvn /Title (Implementation and Evaluation)
/OUT pdfmark end
 0 0 a
0 0 a
SDict begin [ /Count -0 /Dest (subsection.4.1) cvn /Title (Implementation)
/OUT pdfmark end
 0 0 a 0 0 a
SDict begin [ /Count -3 /Dest (subsection.4.2) cvn /Title (Evaluation)
/OUT pdfmark end
 0 0 a 0 0 a
SDict begin [ /Count -0 /Dest (subsubsection.4.2.1) cvn /Title (Number of checks inserted)
/OUT pdfmark end
 0 0 a 0 0 a
SDict begin [ /Count -0 /Dest (subsubsection.4.2.2) cvn /Title (Error Analysis)
/OUT pdfmark end
 0 0 a 0 0 a
SDict begin [ /Count -0 /Dest (subsubsection.4.2.3) cvn /Title (Performance)
/OUT pdfmark end

0 0 a 0 0 a
SDict begin [ /Count -0 /Dest (section.5) cvn /Title (Related Work)
/OUT pdfmark end
 0 0 a 0 0 a
SDict begin [ /Count -0 /Dest (section.6) cvn /Title (Conclusion) /OUT
pdfmark end
 0 0 a 0 0 a
SDict begin [ /Count -0 /Dest (section.A) cvn /Title (Types) /OUT pdfmark
end
 0 0 a 0 0 a
SDict begin [ /Count -0 /Dest (section.B) cvn /Title (Disassembly of Inserted Check)
/OUT pdfmark end
 0 0 a
0 0 a
SDict begin [ /Page 1 /View [ /Fit ] /PageMode /UseOutlines  /DOCVIEW
pdfmark end
 0 0 a 0 0 a
SDict begin [ {Catalog} << >> /PUT pdfmark end
 0 0 a 0 0 a
SDict begin H.S end
 0 0 a 0 0 a
SDict begin 13.6 H.A end
 0 0 a 0 0 a
SDict begin [ /View [/XYZ H.V] /Dest (Doc-Start) cvn H.B /DEST pdfmark
end

0 0 a Black Black Black Black 668 917 a Fx(T)-11 b(o)o(wards)29
b(A)-6 b(utomatically)30 b(Eliminating)g(Integer)l(-Based)1577
1066 y(V)-11 b(ulnerabilities)809 1353 y Fw(Da)n(vid)24
b(Brumley)240 b(Dawn)25 b(Song)240 b(J)o(oseph)25 b(Slember)1729
1515 y Fv(March)f(2006)1066 1628 y(Re)n(vision)g(of)g(original)h(paper)
g(from)e(December)l(,)i(2005)1604 1741 y(C)t(M)t(U)t(-)t(C)t(S)t(-)t(0)
t(6)t(-)t(1)5 b(3)g(6)p Black Black 1429 2481 a(School)24
b(of)f(Computer)i(Science)1442 2594 y(Carne)o(gie)g(Mellon)f(Uni)n(v)o
(ersity)1563 2707 y(Pittsb)n(ur)n(gh,)i(P)-8 b(A)22 b(15213)p
Black Black Black 1781 3102 a Ft(Abstract)0 3315 y Fv(Ov)o(er)32
b(100)h(C)e(inte)o(ger)j(vulnerabilities)j(ha)n(v)o(e)c(been)g
(publicly)i(identi\002ed)f(to)e(date,)j(some)e(of)f(which)h(ha)n(v)o(e)
g(resulted)h(in)0 3428 y(serious)f(disasters)g(such)f(as)f(rock)o(et)h
(malfunction.)54 b(C)29 b(inte)o(ger)k(vulnerabilities)i(can)c(arise)h
(when)f(one)g(inte)o(ger)i(type)e(is)0 3541 y(cast)e(to)f(another)i
(incompatible)h(inte)o(ger)f(type.)43 b(The)28 b(rules)h(which)g
(determine)h(inte)o(ger)f(cast)g(safety)g(are)g(cumbersome,)0
3654 y(lengthy)-6 b(,)29 b(and)e(sometimes)h(unintuiti)n(v)o(e.)41
b(As)25 b(a)i(result,)h(it)f(is)f(common)h(to)g(\002nd)f(thousands)k
(of)c(potentially)k(unsafe)e(casts)0 3767 y(in)22 b(e)n(v)o(en)g
(moderately)i(sized)g(programs.)29 b(Despite)23 b(the)g(importance)h
(of)e(writing)h(safe)f(and)h(secure)g(programs,)h(the)e(b)n(urden)0
3880 y(of)h(correctly)j(using)f(\(often)g(necessary\))h(inte)o(ger)f
(casts)f(is)g(placed)h(squarely)h(on)d(de)n(v)o(elopers.)0
3992 y(W)-7 b(e)34 b(sho)n(w)g(that)h(well-kno)n(wn)h(sub-typing)i
(theory)e(commonly)f(found)h(in)e(type-safe)j(languages)h(can)d(ef)n
(fecti)n(v)o(ely)h(an)0 4105 y(automatically)i(be)e(applied)h(to)e
(protect)i(against)f(most)g(inte)o(ger)g(casting)h(vulnerabilities)j
(in)35 b(C.)f(W)-7 b(e)34 b(implement)j(our)0 4218 y(techniques)e(in)c
(a)g(tool)i(called)g(PICK)60 b(which)32 b(statically)i(detects)g
(potential)g(inte)o(ger)f(vulnerabilities)j(and)c(inserts)h(the)0
4331 y(necessary)26 b(dynamic)f(checks)g(to)f(pre)n(v)o(ent)g(e)o
(xploits.)31 b(Our)23 b(e)o(xperiments)j(\(a\))e(con\002rm)f
(potentially)k(unsafe)e(inte)o(ger)g(oper)n(-)0 4444
y(ations)k(are)f(rampant)h(in)f(source)h(code,)g(indicating)i(the)d
(potential)i(number)f(of)e(vulnerabilities)32 b(is)c(great,)h(\(b\))f
(sho)n(w)g(the)0 4557 y(introduced)c(checks)f(protect)g(vulnerable)h
(programs,)f(\(c\))f(sho)n(w)f(no)g(manual)h(modi\002cations)i(are)d
(needed)i(in)e(most)g(cases,)0 4670 y(and)k(\(d\))g(the)g(inserted)i
(checks)g(do)d(not)i(introduce)h(measurable)g(o)o(v)o(erhead.)34
b(Thus,)25 b(our)g(approach)i(and)f(techniques)i(pro-)0
4783 y(vide)d(a)f(practical,)i(ef)n(\002cient,)f(and)g(automatic)h
(method)f(for)g(protecting)i(against)f(inte)o(ger)f(vulnerabilities)k
(for)24 b(e)n(v)o(en)h(lar)n(ge)0 4896 y(programs)g(written)f(in)g(C.)p
Black Black 134 5151 a Fs(This)19 b(w)o(ork)h(is)e(supported)i(by)g
(grants)f(from)g(the)g(National)g(Science)g(F)o(oundation.)p
Black Black Black eop end
%%Page: 2 2
TeXDict begin 2 1 bop 0 0 a
SDict begin /product where{pop product(Distiller)search{pop pop pop
version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto
closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show
grestore}if}{pop}ifelse}{pop}ifelse}if end
 0 0 a Black 0 TeXcolorgray
0 0 a
SDict begin H.S end
 0 0 a 0 TeXcolorgray 0 TeXcolorgray 0 0 a
SDict begin H.R end
 0 0 a
0 0 a
SDict begin [ /View [/XYZ H.V] /Dest (page.2) cvn H.B /DEST pdfmark
end
 0 0 a Black Black 141 5018 a Ft(K)n(eyw)o(ords:)28
b Fv(computer)c(security)-6 b(,)24 b(inte)o(ger)f(vulnerability)-6
b(,)26 b(inte)o(ger)d(o)o(v)o(er\003o)n(w)-6 b(,)22 b(inte)o(ger)h(con)
l(v)o(ersion)i(error)l(,)e(softw)o(are)0 5131 y(security)p
Black Black eop end
%%Page: 1 3
TeXDict begin 1 2 bop 0 0 a
SDict begin /product where{pop product(Distiller)search{pop pop pop
version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto
closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show
grestore}if}{pop}ifelse}{pop}ifelse}if end
 0 0 a Black 0 TeXcolorgray
0 0 a
SDict begin H.S end
 0 0 a 0 TeXcolorgray 0 TeXcolorgray 0 0 a
SDict begin H.R end
 0 0 a
0 0 a
SDict begin [ /View [/XYZ H.V] /Dest (page.1) cvn H.B /DEST pdfmark
end
 0 0 a Black Black 0 0 a
SDict begin H.S end
 0 0 a 0 0 a
SDict begin 13.6 H.A end
 0 0 a 0 0 a
SDict begin [ /View [/XYZ H.V] /Dest (section.1) cvn H.B /DEST pdfmark
end

0 0 a 91 x Fx(1)119 b(Intr)n(oduction)0 298 y Fv(The)31
b(semantics)i(of)f(inte)o(ger)h(operations)h(in)e(C)e(are)i(comple)o(x)
g(and)g(unintuiti)n(v)o(e)i(to)e(man)o(y)-6 b(,)33 b(leading)h(to)d
(insidious)j(b)n(ugs)0 411 y(and)c(vulnerabilities)j(due)d(to)f
(ignored)i(or)e(misunderstood)j(boundary)g(and)d(con)l(v)o(ersion)k
(conditions.)48 b(An)28 b(inte)o(ger)j(cast)0 524 y(con)l(v)o(erts)21
b(between)e(dif)n(ferent)h(inte)o(ger)g(types,)g(and)f(when)f(misused)i
(can)e(cause)i(serious)g(vulnerabilities.)31 b(Although)20
b(there)0 637 y(is)32 b(a)f(body)i(of)f(literature)i(of)n(fering)f
(sage)g(advice)g(on)f(ho)n(w)f(to)h(program)h(securely)h(by)e(a)n(v)n
(oiding)j(pitf)o(alls)e(with)f(inte)o(ger)0 750 y(operations,)39
b(there)c(has)f(been)h(v)o(ery)f(little)h(being)g(done)g(to)e
Fr(automatically)k Fv(secure)f(e)o(xisting)f(C)e(programs.)61
b(The)34 b(179)0 863 y(kno)n(wn)26 b(inte)o(ger)n(-based)j
(vulnerabilities)h([)p 0 0 1 TeXcolorrgb 1356 864 a
SDict begin H.S end
 1356
864 a 0 0 1 TeXcolorrgb -1 x Fv(15)p 0 0 1 TeXcolorrgb
1447 801 a
SDict begin H.R end
 1447 801 a 1447 863 a
SDict begin [ /Color [0 1 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(cite.cve:web) cvn H.B /ANN pdfmark end
 1447 863 a Black Fv(])25
b(\227)g(most)g(of)h(which)g(are)f(inte)o(ger)i(casting)h(b)n(ugs)e
(\227)f(serv)o(e)h(as)f(a)h(testament)0 976 y(to)i(the)g(clear)h(need)f
(for)g(techniques)j(that)e(defend)g(against)g(inte)o(ger)h
(vulnerabilities.)46 b(Inte)o(ger)29 b(casting)g(b)n(ugs)g(ha)n(v)o(e)g
(e)n(v)o(en)0 1089 y(been)21 b(responsible)j(for)d(huge)g(disasters,)i
(such)f(as)e(the)h(Ariane)g(5)f(rock)o(et)i(e)o(xplosion)h(which)e(w)o
(as)f(caused)i(by)f(a)f(con)l(v)o(ersion)0 1202 y(from)28
b(a)g(64-bit)i(\003oating)f(point)h(to)e(a)g(16-bit)i(signed)f(inte)o
(ger)h([)p 0 0 1 TeXcolorrgb 2021 1202 a
SDict begin H.S end
 2021 1202 a
0 0 1 TeXcolorrgb Fv(14)p 0 0 1 TeXcolorrgb 2112 1140
a
SDict begin H.R end
 2112 1140 a 2112 1202 a
SDict begin [ /Color [0 1 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(cite.ariane5:web) cvn H.B /ANN pdfmark end
 2112 1202 a Black Fv(].)43
b(The)28 b(number)h(of)f(kno)n(wn)h(vulnerabilities)k(is)28
b(lik)o(ely)0 1315 y(the)21 b(tip)h(of)f(the)g(iceber)n(g;)k(our)c(e)o
(xperiments)j(indicate)f(that)f(potentially)i(unsafe)f(inte)o(ger)f
(casts)g(are)g(rampant)g(in)f(programs.)0 1427 y(Of)k(our)h(tested)h
(programs)h(\(Section)p 0 0 1 TeXcolorrgb 1201 1427 a
SDict begin H.S end

1201 1427 a 0 0 1 TeXcolorrgb Fv(4)p 0 0 1 TeXcolorrgb
1246 1365 a
SDict begin H.R end
 1246 1365 a 1246 1427 a
SDict begin [ /Color [1 0 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(section.4) cvn H.B /ANN pdfmark end
 1246 1427 a Black
Fv(\),)e(the)g(number)h(of)e(potentially)k(unsafe)e(casts)g(range)g
(from)f(600)g(to)g(almost)g(5000.)0 1540 y(Automatic)f(techniques)h
(are)e(clearly)h(required)h(to)d(handle)i(potentially)i(unsafe)e(casts)
f(found)h(at)e(this)h(scale.)141 1653 y Ft(Moti)o(v)o(ating)33
b(situation.)53 b Fv(A)30 b(system)j(administrator)h(has)e(do)n
(wnloaded)h(an)f(open-source)j(application)f(he)e(w)o(ould)0
1766 y(lik)o(e)26 b(to)g(install.)37 b(The)26 b(administrator)j(is)c
(unlik)o(ely)j(to)e(be)g(f)o(amiliar)h(with)f(the)g(details)h(in)f(the)
g(code,)h(b)n(ut)g(w)o(ants)f(to)g(protect)0 1879 y(his)h(system)g
(from)g(e)o(xploitation)j(in)c(case)i(their)f(are)g(b)n(ugs)h(in)e(the)
h(code.)39 b(F)o(or)26 b(e)o(xample,)i(the)f(system)g(administrator)j
(can)0 1992 y(compile)h(the)e(code)i(with)e(stack-guard)k(to)c(protect)
i(from)f(b)n(uf)n(fer)g(o)o(v)o(erruns)h([)p 0 0 1 TeXcolorrgb
2511 1992 a
SDict begin H.S end
 2511 1992 a 0 0 1 TeXcolorrgb Fv(4)p 0 0 1
TeXcolorrgb 2557 1930 a
SDict begin H.R end
 2557 1930 a 2557 1992 a
SDict begin [ /Color [0 1 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(cite.cowan:1998) cvn H.B /ANN pdfmark end
 2557
1992 a Black Fv(].)46 b(W)-7 b(e)29 b(wish)g(to)g(pro)o(vide)i(a)e
(similar)i(tool)0 2105 y(for)g(protecting)i(against)f(inte)o(ger)g
(vulnerabilities.)55 b(Our)30 b(goal)h(is)g(to)f(allo)n(w)h(the)g
(administrator)j(to)c(protect)j(his)d(system)0 2218 y(from)c(inte)o
(ger)h(vulnerabilities)j(in)25 b(the)h(application)j(while)d(requiring)
i(little)f(if)e(an)o(y)h(code)g(changes)i(\(the)e(typical)h(system)0
2331 y(administrator)g(is)c(lik)o(ely)i(not)f(an)f(e)o(xpert)i
(programmer\))g(nor)f(sacri\002cing)i(performance.)141
2444 y Ft(P)n(ossible)f(appr)n(oaches.)34 b Fv(One)24
b(approach)j(to)d(\002xing)i(inte)o(ger)f(vulnerabilities)30
b(is)24 b(to)h(raise)g(a)f(compile-time)j(w)o(arning)0
2557 y(for)32 b(each)g(potential)i(vulnerability)i(and)c(let)g(the)f
(programmer)j(\002x)c(each)j(one.)53 b(Ho)n(we)n(v)o(er)l(,)34
b(this)e(approach)i(seems)e(im-)0 2669 y(practical)27
b(due)f(to)f(the)g(sheer)h(number)g(of)f(w)o(arnings.)35
b(Another)26 b(approach)h(is)e(to)g(translate)i(the)f(C)e(code)i(into)f
(a)g(type-safe)0 2782 y(v)n(ariant,)36 b(e.g.,)d(Cyclone)h([)p
0 0 1 TeXcolorrgb 859 2782 a
SDict begin H.S end
 859 2782 a 0 0 1 TeXcolorrgb
Fv(11)p 0 0 1 TeXcolorrgb 950 2720 a
SDict begin H.R end
 950 2720 a 950 2782
a
SDict begin [ /Color [0 1 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(cite.jimCYCLONE:2002) cvn H.B /ANN pdfmark end
 950 2782 a Black Fv(])d(or)i(CCured)f([)p 0 0 1 TeXcolorrgb
1463 2783 a
SDict begin H.S end
 1463 2783 a 0 0 1 TeXcolorrgb -1 x Fv(18)p
0 0 1 TeXcolorrgb 1554 2720 a
SDict begin H.R end
 1554 2720 a 1554 2782 a
SDict begin [ /Color [0 1 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(cite.necula:2002) cvn H.B /ANN pdfmark end

1554 2782 a Black Fv(].)54 b(Ho)n(we)n(v)o(er)l(,)34
b(this)f(option)h(may)e(not)h(be)f(practical)i(in)e(man)o(y)g
(settings,)0 2895 y(such)d(as)g(for)f(performance-critical)34
b(applications)e(or)c(when)h(the)g(user)g(isn')n(t)h(intimately)g(f)o
(amiliar)f(with)g(the)f(code.)45 b(Y)-9 b(et)0 3008 y(another)28
b(approach)h(is)d(to)h(try)f(and)h(weed)g(out)f(w)o(arnings)i(for)f
(safe)g(code.)38 b(Our)26 b(e)n(vidence)j(suggests)f(that)f(the)g
(number)g(of)0 3121 y(actual)c(b)n(ugs)h(is)d(an)i(order)g(of)f
(magnitude)i(less)e(than)h(the)g(number)g(of)f(w)o(arnings.)29
b(Ho)n(we)n(v)o(er)l(,)22 b(an)o(y)g(tool)h(that)g(\002nds)f(all)g(b)n
(ugs)0 3234 y(must)27 b(be)g(conserv)n(ati)n(v)o(e,)k(thus)c(will)g
(generally)j(ha)n(v)o(e)d(a)g(high)h(f)o(alse)g(positi)n(v)o(e)h(rate)e
(in)g(which)h(a)e(programmer)j(will)e(again)0 3347 y(be)j(f)o(aced)h
(with)f(a)g(lar)n(ge)h(number)g(of)g(w)o(arnings.)50
b(Ultimately)-6 b(,)32 b(manually)g(\002xing)e(b)n(ugs)i(is)e(una)n(v)n
(oidable.)52 b(Ho)n(we)n(v)o(er)l(,)31 b(it)0 3460 y(w)o(ould)d(be)f
(useful)i(in)f(man)o(y)f(situations)j(to)d(ha)n(v)o(e)h(an)g
Fr(ef)n(\002cient)j Fv(and)d Fr(automatic)h Fv(approach)h(for)e
Fr(pr)l(otecting)i Fv(against)f(\(not)0 3573 y(just)24
b(detecting\))i(an)o(y)e Fr(potential)i Fv(vulnerability)-6
b(.)141 3686 y Ft(Integer)28 b(vulnerabilities.)42 b
Fv(As)27 b(mentioned,)j(most)e(inte)o(ger)g(vulnerabilities)k(are)27
b(due)h(to)g(unsafe)g(casts.)42 b(Ho)n(we)n(v)o(er)l(,)0
3799 y(pre)n(vious)23 b(w)o(ork)d(does)h(not)g(adequately)j(address)e
(protecting)h(against)f(unsafe)g(casts.)29 b(There)20
b(are)h(tw)o(o)f(casting)j(cate)o(gories:)0 3911 y Fr(sign)h(con)l(ver)
o(sions)i Fv(where)e(a)e(signed)i(inte)o(ger)g(can)g(be)f(con)l(v)o
(erted)i(to)e(an)g(unsigned)i(inte)o(ger)f(\(or)f(vice-v)o(ersa\),)j
(and)d(inte)o(ger)0 4024 y Fr(pr)m(ecision)32 b(con)l(ver)o(sions)i
Fv(where)c(the)g(number)g(of)g(bits)g(used)h(to)e(represent)k(the)d
(inte)o(ger)h(is)e(changed.)50 b(At)28 b(a)i(high)g(le)n(v)o(el,)0
4137 y(the)c(problem)i(with)e(sign)h(con)l(v)o(ersions)i(is)d(the)h
(sign)g(bit)f(of)g(a)g(signed)i(inte)o(ger)f(becomes)h(the)e(most)g
(signi\002cant)j(bit)d(in)g(an)0 4250 y(unsigned)e(inte)o(ger)g(\(and)e
(vice-v)o(ersa\).)31 b(As)21 b(a)h(result,)h(ne)o(gati)n(v)o(e)f
(signed)i(inte)o(gers)f(become)g(lar)n(ge)h(unsigned)g(inte)o(gers)f
(\(and)0 4363 y(vice-v)o(ersa\),)h(leading)f(to)e(unintended)k(program)
d(beha)n(vior)-5 b(.)30 b(Precision)23 b(con)l(v)o(ersions)i(can)c
(cause)i(a)d(loss)i(of)f(precision)j(via)0 4476 y(truncation)31
b(when)e(con)l(v)o(erting)j(a)c(v)n(alue)h(of)g(a)f(lar)n(ger)i
(precision)h(type)e(to)g(a)f(smaller)h(precision)i(type,)g(again)e
(leading)h(to)0 4589 y(unintended)d(beha)n(vior)-5 b(.)141
4702 y(There)25 b(are)g(about)h(a)e(dozen)i(rules)f(in)g(the)g(ANSI)e
(C99)h([)p 0 0 1 TeXcolorrgb 1914 4702 a
SDict begin H.S end
 1914 4702 a
0 0 1 TeXcolorrgb Fv(1)p 0 0 1 TeXcolorrgb 1960 4640
a
SDict begin H.R end
 1960 4640 a 1960 4702 a
SDict begin [ /Color [0 1 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(cite.c99) cvn H.B /ANN pdfmark end
 1960 4702 a Black Fv(])g(standard)j
(determining)g(the)e(ef)n(fects)g(of)g(a)f(con)l(v)o(ersion)k(via)0
4815 y(inte)o(ger)c(casting)p 0 0 1 TeXcolorrgb 552 4815
a
SDict begin H.S end
 552 4815 a -33 x Fq(1)589 4815 y
SDict begin 13.6 H.L end
 589 4815 a 589 4815
a
SDict begin [ /Subtype /Link /Dest (Hfootnote.1) cvn /H /I /Border
[0 0 0] /Color [1 0 0] H.B /ANN pdfmark end
 589 4815 a Black Fv(.)k(These)23 b(rules)g(de\002ne)g(the)g
(semantics)h(of)f(a)f(con)l(v)o(ersion)j(based)f(upon)f(an)g(inte)o
(ger)h(ranking)g(system.)29 b(In)p Black 0 4896 1560
4 v 105 4951 a Fp(1)p 0 TeXcolorgray 134 4892 a
SDict begin H.S end
 134 4892
a 0 TeXcolorgray 0 TeXcolorgray 134 4892 a
SDict begin H.R end
 134 4892 a
134 4892 a
SDict begin [ /View [/XYZ H.V] /Dest (Hfootnote.1) cvn H.B /DEST pdfmark
end
 134 4892 a Black 91 x Fs(Man)o(y)20 b(of)f(the)g(C99)h
(rules)f(appear)h(in)e(paragraph)j(form)e(instead)g(of)g(as)g(precise)h
(statements,)e(so)i(it)e(is)g(dif)n(\002cult)h(to)g(judge)g(the)h(e)o
(xact)f(number)h(of)0 5074 y(rules.)p Black Black 1927
5400 a Fv(1)p Black eop end
%%Page: 2 4
TeXDict begin 2 3 bop 0 0 a
SDict begin /product where{pop product(Distiller)search{pop pop pop
version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto
closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show
grestore}if}{pop}ifelse}{pop}ifelse}if end
 0 0 a Black 0 TeXcolorgray
0 0 a
SDict begin H.S end
 0 0 a 0 TeXcolorgray 0 TeXcolorgray 0 0 a
SDict begin H.R end
 0 0 a
0 0 a
SDict begin [ /View [/XYZ H.V] /Dest (page.2) cvn H.B /DEST pdfmark
end
 0 0 a Black Black 91 x Fv(man)o(y)26 b(scenarios,)j(these)e
(rules)g(are)g(comple)o(x)g(and)g(thus)g(easily)g(misunderstood.)40
b(F)o(or)26 b(e)o(xample,)h(it)f(is)g(easy)h(to)f(confuse)0
204 y(whether)i Fo(5)p Fn(U)33 b Fm(\000)22 b Fo(15)27
b Fv(is)f Fm(\000)p Fo(10)h Fv(or)f Fo(4294967286)31
b Fv(based)d(upon)f(the)g(ranking)i(rules)f(\(the)f(answer)g(is)g(the)g
(latter)g(for)g(reasons)0 317 y(detailed)j(in)e(Section)p
0 0 1 TeXcolorrgb 714 318 a
SDict begin H.S end
 714 318 a 0 0 1 TeXcolorrgb
-1 x Fv(2.1)p 0 0 1 TeXcolorrgb 827 255 a
SDict begin H.R end
 827 255 a 827
317 a
SDict begin [ /Color [1 0 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(subsection.2.1) cvn H.B /ANN pdfmark end
 827 317 a Black Fv(\).)43 b(In)28 b(other)h(scenarios,)j(a)c(gi)n
(v)o(en)g(con)l(v)o(ersion)k(is)c(de\002ned)h(as)f
(implementation-speci\002c.)48 b(F)o(or)0 430 y(e)o(xample,)23
b(these)g(rules)g(de\002ne)f(when)g(an)g(inte)o(ger)h(type)g(is)e(con)l
(v)o(erted)k(to)d(another)i(inte)o(ger)f(type)f(where)h(the)f(v)n(alue)
h(cannot)0 543 y(be)h(represented)i(by)e(the)g(ne)n(w)f(type,)h(the)g
(result)g(is)g(a)f(signed)i(inte)o(ger)g(that)f(is)g
(implementation-de\002ned.)33 b(Unfortunately)-6 b(,)0
656 y(this)24 b(implementation-de\002ned)k(beha)n(vior)e(can)e(also)h
(lead)f(to)f(b)n(ugs)i(and)f(vulnerabilities.)141 769
y Ft(This)34 b(paper)-9 b(.)60 b Fv(W)-7 b(e)34 b(protect)i(against)g
(inte)o(ger)f(casting)h(vulnerabilities)j(by)c(re)n(writing)g(unsafe)h
(casts)g(as)e(dynamic)0 882 y(safety)c(checks.)45 b(As)28
b(we)f(will)h(see,)i(inte)o(ger)g(vulnerabilities)j(are)28
b(either)i(o)o(v)o(er\003o)n(w)e(vulnerabilities)33 b(or)28
b(casting)i(vulner)n(-)0 995 y(abilities,)h(the)d(former)g(of)f(which)h
(are)g(already)i(addressed)g(by)e(modern)g(compilers)i(\(Section)p
0 0 1 TeXcolorrgb 3058 996 a
SDict begin H.S end
 3058 996 a 0 0 1 TeXcolorrgb
-1 x Fv(3)p 0 0 1 TeXcolorrgb 3103 933 a
SDict begin H.R end
 3103 933 a 3103
995 a
SDict begin [ /Color [1 0 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(section.3) cvn H.B /ANN pdfmark end
 3103 995 a Black Fv(\).)41 b(At)27 b(a)g(high)h(le)n(v)o(el,)h
(we)0 1108 y(address)d(the)e(lar)n(ger)h(problem)g(of)f(casting)i
(vulnerabilities)i(by)c(using)h(sub-typing)i(relationships)g(to)d
(de\002ne)h(inte)o(ger)g(cast)0 1220 y(safety)-6 b(.)36
b(F)o(or)25 b(e)o(xample,)h(up-casting)j(an)d(inte)o(ger)g(from)g(a)f
(smaller)n(-precision)30 b(type)c(to)g(a)f(lar)n(ger)n(-precision)31
b(type)26 b(is)g(a)f(safe)0 1333 y(sub-typing)32 b(relationship)h
(since)d(a)f(lar)n(ger)i(precision)g(inte)o(ger)g(can)e(al)o(w)o(ays)h
(represent)i(the)d(smaller)i(precision)g(inte)o(ger)-5
b(.)0 1446 y(Do)n(wn-casting)32 b(from)e(a)g(lar)n(ger)i(to)e(smaller)h
(precision)i(violates)f(the)f(typing)h(rules,)h(and)d(thus)h(is)f(not)h
(safe.)50 b(Ho)n(we)n(v)o(er)l(,)0 1559 y(do)n(wn-casting)32
b(\(and)e(other)g(potentially)j(unsafe)e(type)f(con)l(v)o(ersions\))j
(are)c(rampant)i(in)e(source)i(code,)g(and)f(therefore)h(it)0
1672 y(w)o(ould)21 b(be)f(nai)n(v)o(e)g(to)g(belie)n(v)o(e)i(de)n(v)o
(elopers)g(will)e(manually)i(address)f(each)g(potential)i(unsafe)e
(inte)o(ger)h(cast.)28 b(Therefore,)22 b(we)0 1785 y(introduce)31
b(formal)d(re)n(write)h(rules)g(which)f(enable)i(automatic)g
(source-to-source)j(translation)e(where)d(unsafe)i(casts)f(are)0
1898 y(re)n(written)c(as)e(safe)h(dynamic)h(checks.)30
b(The)23 b(dynamic)i(checks)g(raise)g(an)e(error)i(only)f(when)g(a)f
(cast)h(is)f(unsafe)i(at)e(runtime.)141 2011 y Ft(Contrib)n(utions.)34
b Fv(Our)24 b(main)i(contrib)n(ution)j(is)c(we)f(demonstrate)k
(automatic)f(techniques)h(for)d(defending)j(against)f(a)0
2124 y(wide)22 b(class)h(of)f(inte)o(ger)h(vulnerabilities)k(in)22
b(a)f(formal)i(frame)n(w)o(ork.)29 b(W)-7 b(e)21 b(sho)n(w)h(that)h(by)
f(applying)i(sub-typing)h(theory)f(we)0 2237 y(can)30
b(detect)h Fr(and)f(pr)l(otect)j Fv(against)e(a)f(lar)n(ge)h(class)f
(of)g(inte)o(ger)h(vulnerabilities.)51 b(W)-7 b(e)29
b(ha)n(v)o(e)i(implemented)g(a)f(tool)g(called)0 2350
y(PICK)45 b(to)23 b(v)n(alidate)i(that)f(our)g(light-weight)i(approach)
g(is)e(practical)h(and)f(pre)n(v)o(ents)i(inte)o(ger)e
(vulnerabilities.)141 2462 y(Speci\002cally)-6 b(,)25
b(we:)p Black 136 2609 a Fm(\017)p Black 46 w Fv(Pro)o(vide)i(formal)g
(semantics)h(for)e(safe)h(C)e(inte)o(ger)i(casts.)38
b(Our)25 b(semantics)j(replace)g(the)f(cumbersome)g(and)g(unin-)227
2722 y(tuiti)n(v)o(e)e(C99)e(speci\002cations)k(with)c(2)g(simple)h
(sub-typing)j(rules.)p Black 136 2835 a Fm(\017)p Black
46 w Fv(Introduce)32 b(re)n(write)d(rules)g(that)h(turn)f(type)g
(unsafe)i(\(and)e(semantically)i(unsafe\))g(casts)e(into)h(type-safe)h
(dynamic)227 2948 y(checks.)53 b(The)30 b(correct)i(check)h(to)d
(insert)i(does)g(not)f(require)i(e)o(xpensi)n(v)o(e)g(analysis,)h(and)d
(thus)h(scale)g(to)f(an)o(y)g(size)227 3061 y(program.)p
Black 136 3174 a Fm(\017)p Black 46 w Fv(Implement)d(a)e(prototype)k
(called)e(PICK)51 b(\(Pre)n(v)o(enti)n(v)o(e)28 b(Inte)o(ger)g
(Checks\))g(to)e(e)n(v)n(aluate)j(our)e(approach)i(and)e(tech-)227
3287 y(niques.)p Black 136 3400 a Fm(\017)p Black 46
w Fv(Demonstrate)35 b(through)f(e)o(xperiments)h(that)e(potentially)j
(unsafe)e(inte)o(ger)f(casts)h(are)f(rampant)g(in)g(source)h(code,)227
3512 y(indicating)27 b(the)c(number)i(of)e(kno)n(wn)h(vulnerabilities)k
(may)23 b(be)h(the)g(tip)g(of)f(the)h(iceber)n(g.)p Black
136 3625 a Fm(\017)p Black 46 w Fv(Sho)n(w)18 b(the)i(introduced)i
(checks)e(for)g(unsafe)g(casts)g(protect)h(vulnerable)h(programs.)29
b(The)18 b(resulting)k(program)e(is)f(se-)227 3738 y(mantically)26
b(equi)n(v)n(alent)g(to)d(the)h(original)h(program.)30
b(Our)23 b(e)o(xperiments)j(con\002rm)d(our)h(approach)i(and)e
(techniques)227 3851 y(pre)n(v)o(ent)h(real)f(e)o(xploits)h(against)g
(real)f(vulnerabilities)k(from)23 b(w)o(orking.)p Black
136 3964 a Fm(\017)p Black 46 w Fv(Sho)n(w)i(our)h(approach)i(is)d
(fully)i(automatic)g(in)f(most)f(cases.)36 b(1)25 b(manual)i
(modi\002cation)g(w)o(as)e(needed)j(out)e(of)f(thou-)227
4077 y(sands)h(of)f(automatically)j(inserted)e(checks.)34
b(The)24 b(1)h(modi\002cation)h(w)o(as)f(needed)h(because)g(the)f
(programmer)i(had)227 4190 y(inserted)f(a)d(similar)h(check)h(which)f
(handled)h(the)f(unsafe)h(cast)f(in)g(an)f(application-speci\002c)29
b(manner)-5 b(.)p Black 136 4303 a Fm(\017)p Black 46
w Fv(Sho)n(w)30 b(the)h(inserted)i(checks)f(do)f(not)g(introduce)i(an)o
(y)e(measurable)i(o)o(v)o(erhead,)g(and)f(are)e(therefore)j(practical)g
(to)227 4416 y(apply)25 b(to)e(production)k(code.)p Black
136 4529 a Fm(\017)p Black 46 w Fv(Additionally)-6 b(,)26
b(our)e(techniques)j(unco)o(v)o(er)e(and)f(protect)h(against)g(man)o(y)
e(portability)k(b)n(ugs.)0 4691 y
SDict begin H.S end
 0 4691 a 0 4691 a
SDict begin 13.6 H.A end
 0
4691 a 0 4691 a
SDict begin [ /View [/XYZ H.V] /Dest (section.2) cvn H.B /DEST pdfmark
end
 0 4691 a 130 x Fx(2)119 b(Integer)30
b(Security)h(V)-11 b(ulnerabilities)0 5028 y Fv(In)22
b(this)h(section)h(we)e(be)o(gin)h(by)g(pro)o(viding)h(a)e(description)
k(of)c(inte)o(ger)i(operations,)h(focusing)g(on)d(the)h(ANSI)d(C99)i
(speci\002-)0 5141 y(cation.)29 b(As)21 b(we)g(will)g(see,)h(the)g
(comple)o(xity)i(of)e(the)f(C99)h(speci\002cation)i(contrasts)g(with)e
(the)g(simplicity)h(of)f(our)g(approach)p Black 1927
5400 a(2)p Black eop end
%%Page: 3 5
TeXDict begin 3 4 bop 0 0 a
SDict begin /product where{pop product(Distiller)search{pop pop pop
version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto
closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show
grestore}if}{pop}ifelse}{pop}ifelse}if end
 0 0 a Black 0 TeXcolorgray
0 0 a
SDict begin H.S end
 0 0 a 0 TeXcolorgray 0 TeXcolorgray 0 0 a
SDict begin H.R end
 0 0 a
0 0 a
SDict begin [ /View [/XYZ H.V] /Dest (page.3) cvn H.B /DEST pdfmark
end
 0 0 a Black Black 91 x Fv(using)20 b(sub-typing.)31
b(W)-7 b(e)18 b(then)h(outline)i(inte)o(ger)f(vulnerabilities.)32
b(Our)19 b(w)o(ork)g(applies)h(to)f(both)h(e)o(xplicit)h(casts)f(and)f
(implicit)0 204 y(casts)24 b(\(coercions\))j(inserted)f(by)d(the)h
(compiler)-5 b(.)141 317 y Ft(Notation:)41 b Fv(Instead)31
b(of)e(using)h(basic)g(C)e(type)i(names)f(such)h(as)f(\223unsigned\224)
j(and)e(\223signed)h(long)e(long\224,)j(we)c(adopt)0
430 y(the)c(more)f(descripti)n(v)o(e)j(C99)e(syntax)h(for)e(clarity)-6
b(,)25 b(sho)n(wn)f(in)g(T)-7 b(able)p 0 0 1 TeXcolorrgb
2170 431 a
SDict begin H.S end
 2170 431 a 0 0 1 TeXcolorrgb -1 x Fv(6)p 0 0 1
TeXcolorrgb 2215 368 a
SDict begin H.R end
 2215 368 a 2215 430 a
SDict begin [ /Color [1 0 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(table.6) cvn H.B /ANN pdfmark end
 2215 430
a Black 23 w Fv(in)24 b(Appendix)p 0 0 1 TeXcolorrgb
2713 430 a
SDict begin H.S end
 2713 430 a 0 0 1 TeXcolorrgb Fv(A)p 0 0 1
TeXcolorrgb 2779 369 a
SDict begin H.R end
 2779 369 a 2779 430 a
SDict begin [ /Color [1 0 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(section.A) cvn H.B /ANN pdfmark end
 2779 430
a Black Fv(,)e(throughout)27 b(this)d(paper)-5 b(.)0
583 y
SDict begin H.S end
 0 583 a 0 583 a
SDict begin 13.6 H.A end
 0 583 a 0 583 a
SDict begin [ /View [/XYZ H.V] /Dest (subsection.2.1) cvn H.B /DEST
pdfmark end
 0 583 a 96 x Fw(2.1)99
b(Integer)26 b(Repr)n(esentations)g(and)g(Con)l(v)o(ersion)0
854 y Fv(The)18 b(representation)k(for)d(all)f(inte)o(gers)i(e)o(xcept)
f(for)g(uint8)p 1794 854 28 4 v 34 w(t)f(is)g(implementation)j
(speci\002c.)28 b(Note)18 b(char)h(is)f(a)g(type)h(of)f(inte)o(ger)l(,)
0 966 y(and)25 b(can)h(be)f(signed)h(or)f(unsigned.)36
b(V)-10 b(alues)25 b(of)g(type)h(uint8)p 1898 966 V 35
w(t)e(are)h(represented)j(with)d(a)g(single)h(byte)g(in)f(binary)h
(notation.)0 1079 y(Most)32 b(PC)f(architectures)36 b(use)d(2')-5
b(s)32 b(complement)i(to)e(represent)j(all)d(other)i(inte)o(ger)f
(types.)56 b(Dif)n(ferent)34 b(representations)0 1192
y(may)22 b(cause)h(portability)j(b)n(ugs,)d(e.g.,)f(in)g(1')-5
b(s)22 b(complement)i(representation)j(there)c(is)f(both)h(+0)f(and)h
(-0)f(which)h(may)f(not)g(be)0 1305 y(correctly)k(handled)f(by)f(the)g
(code.)141 1418 y(An)h(unsigned)i(type)f(uint)p Fn(n)p
1010 1418 V 34 w Fv(t)e(can)i(represent)h(an)o(y)e(v)n(alue)h(between)h
(0)d(and)i Fo(2)2567 1385 y Fl(n)2636 1418 y Fm(\000)21
b Fo(1)p Fv(.)33 b(The)25 b Fr(pr)m(ecision)i Fv(of)e(an)g(inte)o(ger)h
(is)0 1531 y(the)d(number)g(of)f(bits)h(for)f(representing)k(a)c(v)n
(alue)h(e)o(xcluding)h(the)f(sign)g(bit)f(\(and)h(an)o(y)g(padding)h
(bits\),)f(and)g(is)f(simply)h Fn(n)e Fv(for)0 1644 y(an)j(unsigned)i
(inte)o(ger)f(\(page)g(39)f([)p 0 0 1 TeXcolorrgb 1103
1644 a
SDict begin H.S end
 1103 1644 a 0 0 1 TeXcolorrgb Fv(1)p 0 0 1 TeXcolorrgb
1148 1582 a
SDict begin H.R end
 1148 1582 a 1148 1644 a
SDict begin [ /Color [0 1 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(cite.c99) cvn H.B /ANN pdfmark end
 1148 1644 a Black
Fv(]\).)29 b(The)24 b(width)g(of)f(an)h(inte)o(ger)h(is)f(the)g
(precision)i(plus)e(an)o(y)g(sign)h(bits.)30 b(A)22 b(signed)j(type)0
1757 y(int)p Fn(n)p 155 1757 28 4 v 33 w Fv(t)k(can)h(represent)h(an)o
(y)e(v)n(alue)h(between)h Fm(\000)p Fo(2)1582 1724 y
Fl(n)p Fk(\000)p Fj(1)1747 1757 y Fv(and)f Fo(2)1952
1724 y Fl(n)p Fk(\000)p Fj(1)2114 1757 y Fm(\000)24 b
Fo(1)p Fv(.)45 b(The)29 b(precision)j(for)d(signed)i(inte)o(gers)g(is)e
Fn(n)24 b Fm(\000)g Fo(1)p Fv(,)0 1870 y(while)i(the)f(width)h(is)f
Fn(n)p Fv(,)g(e.g.,)g(the)h(precision)i(of)d(a)g(int8)p
1765 1870 V 34 w(t)g(is)h(7)f(bits,)h(although)i(8)d(bits)h(are)g(used)
g(to)f(represent)j(an)o(y)e(v)n(alue.)0 1983 y(Maximum)e(and)g(minimum)
f(v)n(alues)i(for)e(all)h(signed)h(inte)o(gers)g(are)f(de\002ned)g(in)g
Fi(limits.h)p Fv(.)141 2096 y(Often)g(programmers)i(will)e(con)l(v)o
(ert)i(from)d(one)i(inte)o(ger)g(type)g(to)f(another)h(via)g(a)e
Fr(cast)p Fv(.)31 b(A)22 b(compiler)k(will)d(also)i(insert)0
2208 y(implicit)e(casts)g(\(coercions\))i(whene)n(v)o(er)d(the)g(types)
h(in)f(an)g(e)o(xpression)i(or)e(statement)i(do)d(not)i(agree.)29
b(Our)21 b(techniques)k(are)0 2321 y(applied)f(after)e(all)h(casts)f
(ha)n(v)o(e)h(been)g(inserted,)h(including)g(those)f(automatically)i
(inserted)f(by)e(the)h(compiler)-5 b(.)29 b(According)0
2434 y(to)23 b(C99,)g(the)g(semantics)i(of)d(a)h(cast)h(between)g(tw)o
(o)e(dif)n(ferent)j(inte)o(gers)g(relies)f(on)f(the)h
Fr(r)o(ank)h Fv(of)d(the)i(inte)o(ger)-5 b(.)30 b(In)23
b(particular)l(,)0 2547 y(C99)e(de\002nes)h(about)h(a)e(dozen)i(rules)f
(for)g(determining)i(the)e(rank)g(of)f(an)h(inte)o(ger)l(,)h(a)e
(summary)h(of)f(which)h(is)f(\(page)i(42)e([)p 0 0 1
TeXcolorrgb 3768 2547 a
SDict begin H.S end
 3768 2547 a 0 0 1 TeXcolorrgb
Fv(1)p 0 0 1 TeXcolorrgb 3814 2485 a
SDict begin H.R end
 3814 2485 a 3814
2547 a
SDict begin [ /Color [0 1 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(cite.c99) cvn H.B /ANN pdfmark end
 3814 2547 a Black Fv(]\):)p Black 136 2694 a Fm(\017)p
Black 46 w Fv(No)i(tw)o(o)g(signed)i(inte)o(ger)g(types)g(shall)f(ha)n
(v)o(e)g(the)g(same)g(rank,)g(e)n(v)o(en)g(if)f(the)o(y)h(ha)n(v)o(e)g
(the)g(same)f(representation.)p Black 136 2807 a Fm(\017)p
Black 46 w Fv(The)j(rank)h(of)f(a)g(signed)i(inte)o(ger)g(type)f(with)f
(greater)i(precision)h(is)d(higher)i(than)f(signed)g(inte)o(ger)h
(types)f(with)g(less)227 2920 y(precision.)p Black 136
3033 a Fm(\017)p Black 46 w Fv(The)c(rank)i(of)e(an)h(unsigned)i(inte)o
(ger)e(type)h(is)e(the)h(same)f(as)h(the)g(corresponding)k(signed)d
(inte)o(ger)f(type.)p Black 136 3146 a Fm(\017)p Black
46 w Fv(Ranking)e(is)f(transiti)n(v)o(e:)30 b(if)20 b(T1)g(has)h(rank)h
(greater)g(than)g(T2)e(has)h(rank)g(greater)i(than)e(T3,)f(then)i(T1)e
(has)h(rank)h(greater)227 3258 y(than)j(T3.)141 3446
y(A)d Fr(pr)m(ecision)j(con)l(ver)o(sion)h Fv(cast)e(may)e(increase)j
(or)e(decrease)i(the)e(precision)i(of)e(an)g(inte)o(ger)-5
b(.)30 b(C99)22 b(de\002nes)i(an)f(inte)o(ger)0 3559
y(promotion,)34 b(commonly)e(called)g Fr(up-casting)p
Fv(,)k(as)30 b(a)h(cast)g(from)g(a)f(lo)n(wer)h(precision)i(type)f(to)f
(a)f(higher)i(precision)h(type)0 3672 y(\(without)22
b(changing)i(the)d(sign)h(type\).)29 b(Similarly)-6 b(,)22
b(we)e(de\002ne)h(an)g(inte)o(ger)h Fr(down-cast)j Fv(as)c(a)f(cast)i
(from)f(a)f(higher)j(precision)0 3785 y(to)g(a)f(lo)n(wer)h(precision)i
(type.)k(Demotion)24 b(is)e(de\002ned)i(in)e(C99)h(as)g
(implementation-speci\002c,)k(and)c(is)g(usually)i(carried)f(out)0
3898 y(via)g(truncation.)141 4011 y(An)f(inte)o(ger)j
Fr(sign)e(con)l(ver)o(sion)k Fv(occurs)d(when)g(a)e(signed)j(inte)o
(ger)f(type)g(is)f(cast)g(to)g(an)g(unsigned)j(type,)d(or)g(vice-v)o
(ersa.)0 4124 y(In)31 b(each)g(case)g(the)g(inte)o(ger)h(v)n(alue)g
(bit)f(pattern)h(is)f(preserv)o(ed)h(across)g(casting.)52
b(As)30 b(a)g(result,)k(a)c(ne)o(gati)n(v)o(e)h(inte)o(ger)h(type)0
4236 y(results)d(in)f(a)f(v)o(ery)h(lar)n(ge)h(unsigned)h(inte)o(ger)l
(,)h(since)d(the)g(sign)h(bit)f(is)f(set.)42 b(Similarly)-6
b(,)29 b(a)e(lar)n(ge)i(positi)n(v)o(e)g(unsigned)h(v)n(alue)0
4349 y(may)e(become)h(ne)o(gati)n(v)o(e.)43 b(Although)29
b(the)f(bit)h(pattern)g(is)f(preserv)o(ed)i(and)f(no)f(data)h(is)e
(lost,)j(sign)f(con)l(v)o(ersions)i(result)e(in)0 4462
y(vulnerabilities)i(when)c(programmers)i(do)e(not)h(anticipate)h(these)
f(corner)n(-case)i(ef)n(fects.)41 b(F)o(or)26 b(e)o(xample,)i(a)f
(programmer)0 4575 y(may)d(cast)g(a)g(signed)h(inte)o(ger)g
Fn(x)f Fv(to)f(an)h(unsigned)j(inte)o(ger)e Fn(y)s Fv(,)e(and)h(then)h
(later)g(test)f(if)g Fn(y)i Fv(is)e(greater)h(than)g(some)f(v)n(alue.)
31 b(The)0 4688 y(programmer)25 b(may)e(not)h(anticipate)i(the)e(case)g
(where)g Fn(x)h(<)g Fo(0)f Fv(leads)g(to)g(a)f(lar)n(ge)i
Fn(y)g Fv(v)n(alue.)141 4801 y(Precision)37 b(and)e(sign)g(con)l(v)o
(ersions)k(may)34 b(be)h(either)h(e)o(xplicit)h(\(via)e(an)g(e)o
(xplicit)i(cast)e(operation)i(in)e(the)g(code\))h(or)0
4914 y(implicit.)30 b(The)23 b(rules)h(for)g(con)l(v)o(ersion)j(in)c
(C99)g(\(page)i(45)f([)p 0 0 1 TeXcolorrgb 1879 4914
a
SDict begin H.S end
 1879 4914 a 0 0 1 TeXcolorrgb Fv(1)p 0 0 1 TeXcolorrgb
1924 4852 a
SDict begin H.R end
 1924 4852 a 1924 4914 a
SDict begin [ /Color [0 1 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(cite.c99) cvn H.B /ANN pdfmark end
 1924 4914 a Black
Fv(]\))g(are)f(as)h(follo)n(ws:)0 4967 y
SDict begin H.S end
 0 4967 a 0 4967
a
SDict begin 13.6 H.A end
 0 4967 a 0 4967 a
SDict begin [ /View [/XYZ H.V] /Dest (Item.1) cvn H.B /DEST pdfmark
end
 0 4967 a Black 114 5061 a Fv(1.)p
Black 45 w(If)g(both)g(operands)i(ha)n(v)o(e)e(e)o(xactly)h(the)f(same)
f(type,)h(no)g(con)l(v)o(ersion)j(is)c(necessary)-6 b(.)p
Black 1927 5400 a(3)p Black eop end
%%Page: 4 6
TeXDict begin 4 5 bop 0 0 a
SDict begin /product where{pop product(Distiller)search{pop pop pop
version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto
closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show
grestore}if}{pop}ifelse}{pop}ifelse}if end
 0 0 a Black 0 TeXcolorgray
0 0 a
SDict begin H.S end
 0 0 a 0 TeXcolorgray 0 TeXcolorgray 0 0 a
SDict begin H.R end
 0 0 a
0 0 a
SDict begin [ /View [/XYZ H.V] /Dest (page.4) cvn H.B /DEST pdfmark
end
 0 0 a Black Black 0 0 a
SDict begin H.S end
 0 0 a 0 0 a
SDict begin 13.6 H.A end
 0 0 a 0 0 a
SDict begin [ /View [/XYZ H.V] /Dest (Item.2) cvn H.B /DEST pdfmark
end

0 0 a Black 114 91 a Fv(2.)p Black 45 w(If)31 b(both)h(operands)i(are)e
(of)f(the)g(same)h(inte)o(ger)g(kind)g(\(both)h(signed)g(or)e(both)h
(unsigned\),)k(then)c(the)f(type)i(with)e(a)227 204 y(smaller)25
b(rank)f(is)f(promoted,)i(i.e.,)e(up-casted.)0 224 y
SDict begin H.S end

0 224 a 0 224 a
SDict begin 13.6 H.A end
 0 224 a 0 224 a
SDict begin [ /View [/XYZ H.V] /Dest (Item.3) cvn H.B /DEST pdfmark
end
 0 224 a Black 114 317
a Fv(3.)p Black 45 w(If)f(an)h(operand)h(with)e(the)h(unsigned)h(type)f
(has)g(rank)g(greater)h(\(i.e.,)e(greater)h(precision\))i(than)f(the)e
(signed)i(type,)f(the)227 430 y(result)h(is)e(the)h(type)g(of)g(the)f
(unsigned)j(inte)o(ger)-5 b(.)30 b(Con)l(v)o(ersely)-6
b(,)25 b(if)d(the)h(signed)h(type)f(has)g(greater)h(rank,)f(the)g
(unsigned)227 543 y(operand)j(is)d(con)l(v)o(erted)j(to)e(the)g(type)g
(of)f(the)h(signed)h(operand.)0 563 y
SDict begin H.S end
 0 563 a 0 563 a
SDict begin 13.6 H.A end

0 563 a 0 563 a
SDict begin [ /View [/XYZ H.V] /Dest (Item.4) cvn H.B /DEST pdfmark
end
 0 563 a Black 114 656 a Fv(4.)p Black
45 w(Otherwise,)f(both)h(operands)h(are)d(con)l(v)o(erted)k(to)c(the)h
(unsigned)i(inte)o(ger)f(type.)141 829 y(C99)h(lea)n(v)o(es)h(man)o(y)e
(beha)n(viors)k(implementation-speci\002c,)i(such)c(as)e(do)n
(wn-casting.)39 b(In)25 b(general,)j(C99)e(has)g(this)g(to)0
941 y(say)e(about)h(con)l(v)o(ersions:)p Black Black
227 1114 a Fr(\223When)30 b(a)g(value)h(with)f(inte)l(g)o(er)i(type)e
(is)g(con)l(verted)j(to)d(another)i(inte)l(g)o(er)g(type)f(other)g
(than)p 3229 1114 28 4 v 64 w(Bool,)g(if)f(the)227 1227
y(value)25 b(can)f(be)f(r)m(epr)m(esented)k(by)c(the)h(ne)o(w)f(type)o
(,)h(it)f(is)g(unc)o(hang)o(ed.)227 1374 y(Otherwise)o(,)h(if)e(the)i
(ne)o(w)e(type)h(is)g(unsigned,)i(the)e(value)h(is)e(con)l(verted)k(by)
d(r)m(epeatedly)i(adding)g(or)e(subtr)o(act-)227 1487
y(ing)g(one)h(mor)m(e)e(than)i(the)f(maximum)g(value)h(that)f(can)g(be)
g(r)m(epr)m(esented)j(in)c(the)i(ne)o(w)e(type)h(until)h(the)f(value)h
(is)227 1600 y(in)g(the)g(r)o(ang)o(e)g(of)g(the)f(ne)o(w)g(type)o(.)
227 1747 y(Otherwise)o(,)j(the)f(ne)o(w)f(type)h(is)f(signed)i(and)g
(the)e(value)i(cannot)g(be)f(r)m(epr)m(esented)i(in)e(it;)g(either)h
(the)f(r)m(esult)g(is)227 1860 y(implementation)i(de\002ned)e(or)e(an)h
(implementation-de\002ned)29 b(signal)c(is)f(r)o(aised.)-13
b(\224)24 b Fv([)p 0 0 1 TeXcolorrgb 2867 1860 a
SDict begin H.S end
 2867
1860 a 0 0 1 TeXcolorrgb Fv(1)p 0 0 1 TeXcolorrgb 2913
1798 a
SDict begin H.R end
 2913 1798 a 2913 1860 a
SDict begin [ /Color [0 1 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(cite.c99) cvn H.B /ANN pdfmark end
 2913 1860 a Black Fv(])141
2033 y(F)o(or)35 b(e)o(xample,)40 b(the)d(e)o(xpression)i
Fi(5U-15)33 b Fv(is)j(not)h Fm(\000)p Fo(10)p Fv(,)i(b)n(ut)d
Fo(4294967286)k Fv(because)e Fo(15)f Fv(is)f(\(implicitly\))i(cast)f
(to)0 2146 y(an)c(unsigned)j(inte)o(ger)e(\(rank)g(rule)f(3)g(abo)o(v)o
(e\),)j(the)d(result)i(type)e(will)g(be)g(unsigned,)38
b Fm(\000)p Fo(10)25 b(mo)s(d)g(2)3214 2113 y Fj(32)3332
2146 y Fo(=)42 b(4294967286)0 2259 y Fv(\(paragraph)26
b(2)e(from)f(C99)g(abo)o(v)o(e\).)0 2409 y
SDict begin H.S end
 0 2409 a 0
2409 a
SDict begin 13.6 H.A end
 0 2409 a 0 2409 a
SDict begin [ /View [/XYZ H.V] /Dest (subsection.2.2) cvn H.B /DEST
pdfmark end
 0 2409 a 96 x Fw(2.2)99 b(Security)26
b(V)-9 b(ulnerabilities)25 b(with)g(Integer)h(T)-7 b(ypes)0
2679 y Fv(C)31 b(inte)o(ger)i(vulnerabilities)j(can)d(be)f(di)n(vided)h
(into)g(tw)o(o)f(cate)o(gories:)48 b(inte)o(ger)34 b(wrapping)f
(vulnerabilities)j(and)d(inte)o(ger)0 2792 y(casting)e
(vulnerabilities.)50 b(Wrapping)31 b(occurs)g(when)f(the)f(result)i(of)
e(an)g(arithmetic)i(operation)h(produces)g(a)d(v)n(alue)h(that)0
2905 y(is)e(greater)j(\(resp.)45 b(less)29 b(than\))h(than)f(can)g(be)g
(stored)h(in)e(the)h(\002x)o(ed-width)h(re)o(gister)-5
b(.)45 b(Wrapping)31 b(vulnerabilities)i(caused)0 3018
y(by)25 b(arithmetic)i(operations)g(are)e(already)i(handled)g(by)e
(popular)h(compilers)h(such)f(as)e(gcc)i(\(compiled)g(with)f(the)g
(optional)0 3131 y(-ftrapv)g(\003ag\))e(and)h(V)-5 b(isual)24
b(C++)f(\(via)h(the)g(/RtCc)f(\003ag\).)p 0 0 1 TeXcolorrgb
1799 3131 a
SDict begin H.S end
 1799 3131 a -33 x Fq(2)1836 3131 y
SDict begin 13.6 H.L end
 1836 3131
a 1836 3131 a
SDict begin [ /Subtype /Link /Dest (Hfootnote.2) cvn /H /I /Border
[0 0 0] /Color [1 0 0] H.B /ANN pdfmark end
 1836 3131 a Black 141 3244 a Fv(Therefore,)i(we)e(focus)i
(on)f(the)g(remaining)h(pre)n(viously)i(unaddressed)g(case)e(of)e
(casting)j(vulnerabilities,)i(which)c(f)o(all)0 3357
y(into)34 b(tw)o(o)f(cate)o(gories:)51 b(inte)o(ger)35
b(sign)f(casts)g(and)g(inte)o(ger)g(precision)i(casts)p
0 0 1 TeXcolorrgb 2481 3357 a
SDict begin H.S end
 2481 3357 a -33 x Fq(3)2519
3357 y
SDict begin 13.6 H.L end
 2519 3357 a 2519 3357 a
SDict begin [ /Subtype /Link /Dest (Hfootnote.3) cvn /H /I /Border
[0 0 0] /Color [1 0 0] H.B /ANN pdfmark end
 2519 3357 a Black Fv(.)57
b(Most)34 b(kno)n(wn)f(inte)o(ger)i(vulnerabilities)0
3470 y(are)25 b(casting)i(vulnerabilities,)i(including)f(the)d(OpenSSH)
f(inte)o(ger)i(vulnerability)j([)p 0 0 1 TeXcolorrgb
2669 3471 a
SDict begin H.S end
 2669 3471 a 0 0 1 TeXcolorrgb -1 x Fv(31)p
0 0 1 TeXcolorrgb 2760 3408 a
SDict begin H.R end
 2760 3408 a 2760 3470 a
SDict begin [ /Color [0 1 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(cite.opensshvuln:web) cvn H.B /ANN pdfmark end

2760 3470 a Black Fv(])c(which)g(has)g(led)h(to)e(thousands)k(of)0
3583 y(compromised)h(machines.)42 b(Indeed,)29 b(man)o(y)e(wrapping)i
(vulnerabilities)j(are)27 b(only)h(symptomatic)i(of)d(an)g(earlier)i
(unsafe)0 3696 y(do)n(wn-cast)c(which)f(our)g(approach)i(w)o(ould)e
(protect)h(against.)141 3809 y Ft(Integer)i(Sign)f(Con)l(v)o(ersion)h
(V)-8 b(ulnerabilities.)38 b Fv(Inte)o(ger)27 b(sign)g(con)l(v)o
(ersions)j(may)c(result)h(in)f(vulnerabilities)31 b(when)0
3921 y(\(1\))f(a)g(ne)o(gati)n(v)o(e)g(signed)i(inte)o(ger)f(is)f(cast)
g(to)g(unsigned,)k(becoming)e(a)d(lar)n(ge)i(v)n(alue,)i(or)c(\(2\))i
(a)e(lar)n(ge)i(positi)n(v)o(e)h(unsigned)0 4034 y(inte)o(ger)37
b(is)e(cast)g(to)h(a)e(signed)j(inte)o(ger)l(,)j(becoming)d(ne)o(gati)n
(v)o(e.)65 b(Consider)36 b(the)g(follo)n(wing)h(code)f(\(disco)o(v)o
(ered)h(by)f(our)0 4147 y(analysis)g(in)e(bash-1.14.6\),)39
b(which)34 b(ironically)i(attempts)f(to)f(be)g(a)f(safe)i(v)o(ersion)g
(of)f Fi(malloc)c Fv(by)k(al)o(w)o(ays)h(checking)0 4260
y(whether)25 b(memory)e(allocation)k(w)o(as)c(successful:)0
4324 y
SDict begin H.S end
 0 4324 a 0 4324 a
SDict begin 13.6 H.A end
 0 4324 a 0 4324 a
SDict begin [ /View [/XYZ H.V] /Dest (lstlisting.-1) cvn H.B /DEST
pdfmark end
 0 4324 a 166
4304 a
SDict begin H.S end
 166 4304 a 166 4304 a
SDict begin 12 H.A end
 166 4304 a 166 4304 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-1.1) cvn H.B /DEST
pdfmark end
 166
4304 a 177 4404 a Fh(c)11 b(h)g(a)g(r)65 b Fg(\003)f
Fh(x)10 b(m)g(a)g(l)g(l)g(o)g(c)70 b(\()27 b(i)15 b(n)h(t)f(3)g(2)p
1233 4404 25 4 v 61 w(t)78 b(b)12 b(y)g(t)g(e)g(s)24
b(\))15 b Fg(f)166 4404 y
SDict begin H.S end
 166 4404 a 166 4404 a
SDict begin 12 H.A end
 166 4404
a 166 4404 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-1.2) cvn H.B /DEST
pdfmark end
 166 4404 a 277 4503 a Fh(c)c(h)g(a)g(r)65
b Fg(\003)10 b Fh(t)d(e)g(m)g(p)56 b(=)62 b(\()22 b(c)11
b(h)g(a)g(r)71 b Fg(\003)10 b Fh(\))20 b(m)10 b(a)g(l)g(l)g(o)g(c)73
b(\()23 b(b)12 b(y)g(t)g(e)g(s)23 b(\))i(;)166 4503 y
SDict begin H.S end

166 4503 a 166 4503 a
SDict begin 12 H.A end
 166 4503 a 166 4503 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-1.3) cvn H.B /DEST
pdfmark end
 166 4503
a 282 4603 a Fh(i)16 b(f)81 b(\()14 b(!)21 b(t)7 b(e)g(m)g(p)16
b(\))123 b(m)12 b(e)g(m)g(o)g(r)g(y)p 1230 4603 25 4
v 52 w(e)g(r)g(r)g(o)g(r)p 1493 4603 V 52 w(a)g(n)g(d)p
1691 4603 V 53 w(a)g(b)g(o)g(r)g(t)76 b(\()14 b(\))28
b(;)166 4603 y
SDict begin H.S end
 166 4603 a 166 4603 a
SDict begin 12 H.A end
 166 4603 a 166 4603
a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-1.4) cvn H.B /DEST
pdfmark end
 166 4603 a 280 4703 a Fh(r)14 b(e)g(t)h(u)f(r)g(n)74
b(\()18 b(t)7 b(e)g(m)g(p)16 b(\))24 b(;)117 b Fg(g)p
Black Black 0 4788 1560 4 v 105 4843 a Fp(2)p 0 TeXcolorgray
134 4784 a
SDict begin H.S end
 134 4784 a 0 TeXcolorgray 0 TeXcolorgray 134
4784 a
SDict begin H.R end
 134 4784 a 134 4784 a
SDict begin [ /View [/XYZ H.V] /Dest (Hfootnote.2) cvn H.B /DEST pdfmark
end
 134 4784 a Black 159 4875
a Fs(W)-6 b(e)25 b(are)g(una)o(w)o(are)h(of)f(a)g(compile)h(\003ag)f
(that)g(will)f(issue)h(a)g(w)o(arning)h(for)f(all)f(types)i(of)f(inte)o
(ger)g(casting)h(b)o(ugs.)42 b(Neither)25 b(the)g(def)o(ault)g(gcc')l
(s)0 4966 y(compile)19 b(\003ags,)g(nor)g(-W)-6 b(all)18
b(or)h(-pedantic,)g(detect)g(man)o(y)h(simple)f(casting)g(b)o(ugs.)105
5028 y Fp(3)p 0 TeXcolorgray 134 4968 a
SDict begin H.S end
 134 4968 a 0
TeXcolorgray 0 TeXcolorgray 134 4968 a
SDict begin H.R end
 134 4968 a 134
4968 a
SDict begin [ /View [/XYZ H.V] /Dest (Hfootnote.3) cvn H.B /DEST pdfmark
end
 134 4968 a Black 92 x Fs(Adding)27 b(re)n(writing)e(rules)g
(that)g(check)h(for)g(o)o(v)o(er\003o)n(w)f(and)h(under\003o)n(w)g(in)f
(a)h(single)f(coherent)h(system)g(is)f(tri)n(vial)g(using)h(our)f
(approach)i(and)0 5151 y(infrastructure.)c(W)-6 b(e)19
b(do)g(not)g(duplicate)h(pre)n(vious)g(w)o(ork,)f(thus)g(do)h(not)f
(discuss)h(these)f(checks.)p Black Black 1927 5400 a
Fv(4)p Black eop end
%%Page: 5 7
TeXDict begin 5 6 bop 0 0 a
SDict begin /product where{pop product(Distiller)search{pop pop pop
version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto
closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show
grestore}if}{pop}ifelse}{pop}ifelse}if end
 0 0 a Black 0 TeXcolorgray
0 0 a
SDict begin H.S end
 0 0 a 0 TeXcolorgray 0 TeXcolorgray 0 0 a
SDict begin H.R end
 0 0 a
0 0 a
SDict begin [ /View [/XYZ H.V] /Dest (page.5) cvn H.B /DEST pdfmark
end
 0 0 a Black Black Black 91 x Fv(The)27 b(rele)n(v)n(ant)h(detail)
h(is)e Fi(malloc)c Fv(tak)o(es)29 b(a)d Fi(uint32)p 1765
91 28 4 v 30 w(t)g Fv(ar)n(gument,)k(b)n(ut)e(is)f(here)g(pro)o(vided)j
(with)d(a)f(signed)j Fi(int32)p 3820 91 V 30 w(t)0 204
y Fv(ar)n(gument.)47 b(This)28 b(particular)k(case)d(may)g(lead)h(to)e
(a)h(denial)h(of)f(service)i(because)f(when)f(called)i(with)d(a)h(ne)o
(gati)n(v)o(e)g(v)n(alue)0 317 y(a)f(huge)i(amount)g(of)f(memory)g(is)g
(allocated.)47 b(Another)30 b(common)f(e)o(xample)g(which)h(often)g
(leads)f(to)g(a)g(vulnerability)j(is)0 430 y Fi(memcpy)p
Fv(,)20 b(whose)k(prototype)i(is:)0 500 y
SDict begin H.S end
 0 500 a 0 500
a
SDict begin 13.6 H.A end
 0 500 a 0 500 a
SDict begin [ /View [/XYZ H.V] /Dest (lstlisting.-2) cvn H.B /DEST
pdfmark end
 0 500 a 166 480 a
SDict begin H.S end
 166 480 a 166 480
a
SDict begin 12 H.A end
 166 480 a 166 480 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-2.1) cvn H.B /DEST
pdfmark end
 166 480 a 176 579 a Fh(v)10 b(o)g(i)g(d)64
b Fg(\003)6 b Fh(m)r(e)r(m)r(c)r(p)r(y)k(\()21 b(v)10
b(o)g(i)g(d)64 b Fg(\003)14 b Fh(d)d(e)g(s)g(t)36 b(,)77
b(c)12 b(o)g(n)g(s)g(t)73 b(v)10 b(o)g(i)g(d)63 b Fg(\003)15
b Fh(s)c(r)g(c)34 b(,)75 b(u)11 b(n)g(s)g(i)g(g)g(n)g(e)g(d)74
b(i)16 b(n)e(t)78 b(l)12 b(e)g(n)22 b(\))i(;)p Black
Black 0 742 a Fv(If)19 b(a)g(signed)i(inte)o(ger)f(with)g(a)e(ne)o
(gati)n(v)o(e)i(v)n(alue)h(is)e(passed)i(in)e(as)g Fi(len)p
Fv(,)f(it)h(will)g(become)h(a)f(lar)n(ge)h(positi)n(v)o(e)h(number)-5
b(.)28 b(This)20 b(will)0 855 y(lead)25 b(to)g(a)f(b)n(uf)n(fer)i(o)o
(v)o(er\003o)n(w)e(when)g Fi(dest)e Fv(is)j(not)g(lar)n(ge)g(enough)i
(to)d(hold)i(the)f(con)l(v)o(erted)i Fi(len)22 b Fv(bytes)k(of)e
Fi(src)p Fv(.)30 b(Notable)0 968 y(e)o(xamples)25 b(of)e(inte)o(ger)i
(o)o(v)o(er\003o)n(ws)e(in)l(v)n(olving)k Fi(memcpy)20
b Fv(include)25 b(PuTTY)d([)p 0 0 1 TeXcolorrgb 2445
969 a
SDict begin H.S end
 2445 969 a 0 0 1 TeXcolorrgb -1 x Fv(27)p 0 0 1
TeXcolorrgb 2536 906 a
SDict begin H.R end
 2536 906 a 2536 968 a
SDict begin [ /Color [0 1 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(cite.puttybug:2005) cvn H.B /ANN pdfmark end
 2536 968
a Black Fv(])h(and)h(Apache)g(mod)p 3209 968 28 4 v 34
w(auth)p 3398 968 V 34 w(radius)h([)p 0 0 1 TeXcolorrgb
3702 969 a
SDict begin H.S end
 3702 969 a 0 0 1 TeXcolorrgb -1 x Fv(26)p
0 0 1 TeXcolorrgb 3793 906 a
SDict begin H.R end
 3793 906 a 3793 968 a
SDict begin [ /Color [0 1 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(cite.radiusbug:2005) cvn H.B /ANN pdfmark end
 3793
968 a Black Fv(].)141 1081 y Ft(Integer)34 b(Do)o(wn-cast)f(V)-8
b(ulnerabilities.)57 b Fv(An)32 b(inte)o(ger)i(cast)g(may)e(increase)j
(\(up-cast\))g(or)e(decrease)i(\(do)n(wn-cast\))0 1194
y(the)c(precision)j(of)c(the)h(representation.)55 b(Increasing)34
b(the)d(precision)j(is)c(al)o(w)o(ays)i(safe,)h(and)e(usually)i
(accomplished)h(by)0 1307 y(zero-e)o(xtending)28 b(the)d(casted)h(v)n
(alue.)31 b(Ho)n(we)n(v)o(er)l(,)24 b(decreasing)j(the)e(number)g(of)f
(bits)h(is)f(potentially)j(unsafe.)33 b(An)23 b(e)o(xample)0
1420 y(of)g(a)h(typical)h(do)n(wn-casting)h(vulnerability)h(is:)0
1489 y
SDict begin H.S end
 0 1489 a 0 1489 a
SDict begin 13.6 H.A end
 0 1489 a 0 1489 a
SDict begin [ /View [/XYZ H.V] /Dest (lstlisting.-3) cvn H.B /DEST
pdfmark end
 0 1489 a 166
1469 a
SDict begin H.S end
 166 1469 a 166 1469 a
SDict begin 12 H.A end
 166 1469 a 166 1469 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-3.1) cvn H.B /DEST
pdfmark end
 166
1469 a 42 1569 a Fh(1)196 b(u)15 b(i)g(n)f(t)h(1)f(6)p
587 1569 25 4 v 59 w(t)77 b(l)12 b(e)g(n)63 b(=)k(s)17
b(t)f(r)g(l)h(e)f(n)27 b(\()f(s)16 b(t)g(r)f(i)h(n)f(g)27
b(\))d(:)166 1569 y
SDict begin H.S end
 166 1569 a 166 1569 a
SDict begin 12 H.A end
 166 1569 a
166 1569 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-3.2) cvn H.B /DEST
pdfmark end
 166 1569 a 42 1669 a Fh(2)193 b(c)11 b(h)g(a)g(r)65
b Fg(\003)13 b Fh(b)d(u)g(f)59 b(=)j(m)10 b(a)g(l)g(l)g(o)g(c)22
b(\()h(l)12 b(e)g(n)23 b(\))h(;)166 1669 y
SDict begin H.S end
 166 1669 a
166 1669 a
SDict begin 12 H.A end
 166 1669 a 166 1669 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-3.3) cvn H.B /DEST
pdfmark end
 166 1669 a 42 1768 a
Fh(3)195 b(s)14 b(t)g(r)g(c)g(p)g(y)23 b(\()18 b(b)8
b(u)g(f)28 b(,)80 b(s)16 b(t)g(r)f(i)h(n)f(g)26 b(\))e(;)p
Black Black 0 1931 a Fv(On)31 b(line)h(1,)h Fi(strlen)28
b Fv(returns)33 b(a)e(32-bit)i(inte)o(ger)l(,)i(which)d(is)g(do)n
(wn-cast)h(to)e(a)g(16-bit)i(inte)o(ger)-5 b(.)54 b(As)31
b(a)g(result,)k(a)c(string)0 2044 y(of)e(length)h Fo(2)404
2011 y Fj(16)507 2044 y Fv(will)f(result)h(in)f Fi(len)d
Fv(=)j(0.)44 b(The)29 b Fi(strcpy)c Fv(on)k(line)g(3)g(can)g(then)h(be)
f(e)o(xploited)i(with)d(a)h(standard)i(stack-)0 2157
y(smashing)i(attack.)53 b(Again,)33 b(such)f(vulnerabilities)j(often)d
(appear)h(when)e(trying)i(to)e(secure)i(softw)o(are,)h(such)e(as)f(in)g
(the)0 2270 y(OpenSSH)20 b(CRC32)f(vulnerability)25 b(where)c(a)f(do)n
(wn-casting)k(error)d(leads)h(to)f(a)f(vulnerability)-6
b(,)25 b(ironically)f(in)c(code)i(meant)0 2383 y(to)h(detect)i(certain)
g(types)g(of)e(cryptographic)28 b(attacks)d([)p 0 0 1
TeXcolorrgb 1749 2384 a
SDict begin H.S end
 1749 2384 a 0 0 1 TeXcolorrgb
-1 x Fv(31)p 0 0 1 TeXcolorrgb 1840 2321 a
SDict begin H.R end
 1840 2321
a 1840 2383 a
SDict begin [ /Color [0 1 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(cite.opensshvuln:web) cvn H.B /ANN pdfmark end
 1840 2383 a Black Fv(].)0 2546 y
SDict begin H.S end
 0 2546
a 0 2546 a
SDict begin 13.6 H.A end
 0 2546 a 0 2546 a
SDict begin [ /View [/XYZ H.V] /Dest (section.3) cvn H.B /DEST pdfmark
end
 0 2546 a 129 x Fx(3)119
b(Our)31 b(A)m(ppr)n(oach:)38 b(Str)n(ong)30 b(Integer)g(T)-9
b(yping)0 2882 y Fv(W)i(e)24 b(de\002ne)i(inte)o(ger)g(casting)h(in)e
(terms)g(of)g(sub-typing)j(rules,)e(where)f(safe)h(casts)g(are)f
(well-typed)i(and)f(unsafe)g(casts)g(are)0 2995 y(not)h(well-typed.)40
b(Intuiti)n(v)o(ely)-6 b(,)30 b(sub-typing)f(allo)n(ws)e(us)g(to)g
(succinctly)i(e)o(xpress)f(when)f(one)g(inte)o(ger)h(type)f(can)g
(safety)h(be)0 3108 y(cast)c(as)g(another)h(inte)o(ger)g(type.)k(W)-7
b(e)23 b(use)h(2)f(sub-typing)j(rules)f(to)e(e)o(xpress)i(the)f(dozen)h
(or)e(so)h(C99)f(rules.)30 b(Unsafe)24 b(inte)o(ger)0
3221 y(e)o(xpressions)29 b(are)e(statically)i(re)n(written)e(\(via)g
(formal)g(re)n(writing)h(rules\))f(as)g(well-typed)h(dynamic)g(safety)f
(checks.)39 b(Each)0 3334 y(dynamic)28 b(check)h(mak)o(es)e(sure)h(the)
f(cast)h(is)f(v)n(alue-preserving,)32 b(i.e.,)27 b(the)h(v)n(alue)f(of)
g(the)h(v)n(ariable)h(before)f(the)f(cast)h(is)f(the)0
3447 y(same)k(as)g(the)h(v)n(alue)g(after)g(the)g(cast.)52
b(W)-7 b(e)30 b(check)j(all)e(casts:)46 b(both)32 b(those)g(implicitly)
h(inserted)g(by)f(the)f(compiler)i(\(i.e.,)0 3560 y(coercions\))26
b(and)e(e)o(xplicitly)i(pro)o(vided.)141 3673 y(This)19
b(section)i(introduces)h(the)d(formalism)h(needed)h(in)e(order)h(to)f
(rigorously)j(de\002ne)e(when)f(and)h(which)f(safety)i(checks)0
3786 y(to)k(insert,)i(as)f(well)f(as)h(the)g(safety)g(the)o(y)g(af)n
(ford.)36 b(W)-7 b(e)25 b(be)o(gin)h(by)g(introducing)j(our)d(typing)h
(rules,)g(and)f(discuss)h(our)f(types)0 3899 y(for)h(basic)g(inte)o
(ger)h(operations.)40 b(W)-7 b(e)25 b(then)j(introduce)h(our)d(dynamic)
i(checks)g(for)f(potentially)i(unsafe)f(casts.)38 b(Then,)27
b(we)0 4011 y(discuss)e(more)f(comple)o(x)g(types)h(such)f(as)g
(structures)i(and)e(pointers.)0 4164 y
SDict begin H.S end
 0 4164 a 0 4164
a
SDict begin 13.6 H.A end
 0 4164 a 0 4164 a
SDict begin [ /View [/XYZ H.V] /Dest (subsection.3.1) cvn H.B /DEST
pdfmark end
 0 4164 a 97 x Fw(3.1)99 b(C)25 b(Integer)h
(Sub-typing)g(Rules)f(f)n(or)g(Safe)g(Integer)h(Casts)0
4435 y Fv(T)-7 b(able)p 0 0 1 TeXcolorrgb 228 4436 a
SDict begin H.S end

228 4436 a 0 0 1 TeXcolorrgb -1 x Fv(3.1)p 0 0 1 TeXcolorrgb
342 4373 a
SDict begin H.R end
 342 4373 a 342 4435 a
SDict begin [ /Color [1 0 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(subsection.3.1) cvn H.B /ANN pdfmark end
 342 4435 a Black 28
w Fv(contains)32 b(our)d(typing)i(rules)f(for)f(safe)h(inte)o(ger)h
(operations.)48 b(Each)29 b(rule)h(is)f(read)h(as)f(an)g(implication:)
43 b(when)0 4548 y(the)31 b(preconditions)j(on)d(the)f(top)h(of)g(the)f
(bar)h(are)g(satis\002ed,)i(the)d(formula)i(on)e(the)h(bottom)g(of)g
(the)f(bar)h(is)f(true.)50 b(A)30 b(safe)0 4661 y(e)o(xpression)g(has)d
(a)g(v)n(alid)h(type,)g(i.e.,)f(a)g(type)h(that)g(can)f(be)g(deri)n(v)o
(ed)h(via)g(the)f(rules.)41 b(An)26 b(unsafe)j(inte)o(ger)f(e)o
(xpression)i(has)0 4774 y(an)24 b(in)l(v)n(alid)h(type.)p
Black 1927 5400 a(5)p Black eop end
%%Page: 6 8
TeXDict begin 6 7 bop 0 0 a
SDict begin /product where{pop product(Distiller)search{pop pop pop
version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto
closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show
grestore}if}{pop}ifelse}{pop}ifelse}if end
 0 0 a Black 0 TeXcolorgray
0 0 a
SDict begin H.S end
 0 0 a 0 TeXcolorgray 0 TeXcolorgray 0 0 a
SDict begin H.R end
 0 0 a
0 0 a
SDict begin [ /View [/XYZ H.V] /Dest (page.6) cvn H.B /DEST pdfmark
end
 0 0 a Black Black Black 515 71 a Fo(\000)25 b Fm(`)g
Fn(t)g Fo(:)g Fn(\033)94 b(\033)29 b(<)p Fo(:)c Fn(\034)p
515 95 670 4 v 689 175 a Fo(\000)g Fm(`)g Fn(t)g Fo(:)g
Fn(\034)1228 123 y Fh(T)l(-)t(S)t Fq(U)t(B)p 1724 109
257 4 v 1724 175 a Fn(\033)k(<)p Fo(:)c Fn(\033)2024
137 y Fh(T)l(-)t(R)t Fq(E)t(FL)2489 86 y Fn(\033)k(<)p
Fo(:)c Fn(\035)94 b(\035)29 b(<)p Fo(:)c Fn(\034)p 2489
109 594 4 v 2660 175 a(\033)k(<)p Fo(:)c Fn(\034)3126
136 y Fh(T)l(-)t(T)t Fq(R)t(A)t(N)t(S)448 272 y Fo(\000)g
Fm(`)g Fn(s:i)g Fo(:)h Fn(\033)94 b(\033)29 b(<)p Fo(:)c
Fn(\034)p 448 295 736 4 v 622 375 a Fo(\000)g Fm(`)g
Fn(s:i)g Fo(:)h Fn(\034)1227 323 y Fh(T)l(-)t(F)t Fq(I)t(E)t(L)t(D)1718
275 y Fo(\000)f Fm(`)f Fn(t)i Fo(:)f Fn(\034)p 1605 295
547 4 v 1605 375 a Fo(\000)g Fm(`)g Fo(&)p Fn(t)g Fo(:)g
Fv(Ref)e Fn(\034)2195 323 y Fh(T)l(-)t Fq(R)t(E)t(F)2551
274 y Fo(\000)i Fm(`)g Fn(t)g Fo(:)h Fv(Ref)d Fn(\034)p
2551 295 476 4 v 2605 375 a Fo(\000)i Fm(`)g(\003)p Fn(t)h
Fo(:)f Fn(\034)3070 323 y Fh(T)l(-)t(D)t Fq(E)t(R)t(E)t(F)p
693 499 2010 4 v 693 578 a Fv(unsigned)h Fn(<)p Fo(:)c
Fv(uint8)p 1352 578 28 4 v 35 w(t)h Fn(<)p Fo(:)g Fv(uint16)p
1784 578 V 35 w(t)g Fn(<)p Fo(:)f Fv(uint32)p 2215 578
V 36 w(t)h Fn(<)p Fo(:)f Fv(uint64)p 2647 578 V 35 w(t)2746
526 y Fh(T)l(-)t(U)t Fq(N)t(S)t(I)t(G)t(N)t(E)t(D)p 882
640 1738 4 v 882 719 a Fv(signed)k Fn(<)p Fo(:)c Fv(int8)p
1406 719 28 4 v 34 w(t)h Fn(<)p Fo(:)g Fv(int16)p 1792
719 V 35 w(t)g Fn(<)p Fo(:)f Fv(int32)p 2178 719 V 35
w(t)h Fn(<)p Fo(:)g Fv(int64)p 2565 719 V 34 w(t)2663
668 y Fh(T)l(-)t(S)t Fq(I)t(G)t(N)t(E)t(D)1373 816 y
Fo(\000)i Fm(`)g Fn(e)g Fo(:)h Fn(\033)94 b(\033)28 b(<)p
Fo(:)e Fn(\034)p 1373 839 679 4 v 1486 924 a Fo(\000)g
Fm(`)e Fo(\()p Fn(\034)10 b Fo(\))p Fn(e)27 b Fo(:)e
Fn(\034)2095 860 y Fh(\()t(T)l(-)t(U)t Fq(P)t(C)t(A)t(S)t(T)t
Fh(\))p Black 952 1216 a Fv(T)-7 b(able)23 b(1:)p 0 TeXcolorgray
1273 1103 a
SDict begin H.S end
 1273 1103 a 0 TeXcolorgray 0 TeXcolorgray
1273 1103 a
SDict begin H.R end
 1273 1103 a 1273 1103 a
SDict begin [ /View [/XYZ H.V] /Dest (table.1) cvn H.B /DEST pdfmark
end
 1273 1103 a Black
113 x Fv(Our)g(typing)i(rules)g(for)f(safe)g(C)e(inte)o(ger)j
(operations.)p Black Black 0 1392 a
SDict begin H.S end
 0 1392 a 0 1392 a
SDict begin 13.6 H.A end

0 1392 a 0 1392 a
SDict begin [ /View [/XYZ H.V] /Dest (subsubsection.3.1.1) cvn H.B
/DEST pdfmark end
 0 1392 a 91 x Ft(3.1.1)92 b(Basic)24
b(Sub-typing)e(Relationships:)32 b Fv(T)l(-)t(S)t Fu(U)t(B)t
Fv(,)27 b Fu(T)m Fv(-)t Fu(R)t(E)t(FL)t Fv(,)k Fu(T)m
Fv(-)t Fu(T)t(R)t(A)t(N)t(S)0 1657 y Fv(The)i(intuition)j(in)d(our)h
(setting)h(behind)g(a)e(sub-typing)k(relationship,)i(written)34
b Fn(\033)47 b(<)p Fo(:)c Fn(\034)10 b Fv(,)35 b(is)e(an)o(y)h(v)n
(alue)g(described)i(by)0 1770 y(type)25 b Fn(\033)i Fv(is)d(also)g
(described)j(by)d(type)h Fn(\034)10 b Fv(.)30 b(In)24
b(our)h(formulation,)i(we)c(ha)n(v)o(e)i(sub-types)i(such)e(as)f
Fi(uint8)p 3263 1770 28 4 v 30 w(t)f Fn(<)p Fo(:)g Fi(uint16)p
3820 1770 V 30 w(t)0 1883 y Fv(because)g Fm(f)p Fo(0)p
Fn(:::)p Fo(2)518 1850 y Fj(8)571 1883 y Fm(\000)11 b
Fo(1)p Fm(g)25 b(\032)g(f)p Fo(0)p Fn(:::)p Fo(2)1074
1850 y Fj(16)1162 1883 y Fm(\000)11 b Fo(1)p Fm(g)p Fv(.)28
b(In)21 b(general,)i(smaller)f(precision)h(inte)o(gers)g(are)e
(sub-types)j(of)d(lar)n(ger)i(precision)0 1996 y(inte)o(gers)i(since)g
(a)e(lar)n(ger)i(precision)h(can)e(e)o(xpress)h(an)o(y)e(v)n(alue)i(of)
e(a)g(smaller)i(precision.)143 2109 y Fu(T)m Fv(-)t Fu(S)t(U)t(B)31
b Fv(in)c(T)-7 b(able)p 0 0 1 TeXcolorrgb 722 2110 a
SDict begin H.S end

722 2110 a 0 0 1 TeXcolorrgb -1 x Fv(3.1)p 0 0 1 TeXcolorrgb
836 2047 a
SDict begin H.R end
 836 2047 a 836 2109 a
SDict begin [ /Color [1 0 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(subsection.3.1) cvn H.B /ANN pdfmark end
 836 2109 a Black 26
w Fv(introduces)30 b(the)e(sub-typing)i(relationship)g(to)e(C.)d(Here,)
j Fo(\000)e Fv(is)h(the)h(typing)g(store)h(that)e(maps)h(a)0
2222 y(v)n(ariable)f(name)e(or)f(e)o(xpression)k(to)d(a)f(type.)p
0 0 1 TeXcolorrgb 1409 2222 a
SDict begin H.S end
 1409 2222 a -33 x Fq(4)1447
2222 y
SDict begin 13.6 H.L end
 1447 2222 a 1447 2222 a
SDict begin [ /Subtype /Link /Dest (Hfootnote.4) cvn /H /I /Border
[0 0 0] /Color [1 0 0] H.B /ANN pdfmark end
 1447 2222 a Black 32 w
Fv(The)g(rule)k Fu(T)m Fv(-)t(S)t Fu(U)t(B)f Fv(is)e(the)g(basic)h
(sub-typing)h(rule,)f(and)f(says)h(if)e(our)i(typing)0
2335 y(store)d Fo(\000)e Fv(says)i(v)n(ariable)g Fn(t)f
Fv(is)f(of)h(type)h Fn(\033)s Fv(,)e(and)i Fn(\033)h
Fv(is)e(a)g(subtype)i(of)e Fn(\034)10 b Fv(,)21 b(then)i
Fn(t)e Fv(is)h(also)g(of)g(type)h Fn(\034)10 b Fv(.)27
b(W)-7 b(e)22 b(also)g(add)h(the)f(standard)0 2448 y(re\003e)o(xi)n(v)o
(e)i(\()r(T)l(-)t(R)t Fu(E)t(FL)r Fv(\))i(and)e(transiti)n(v)o(e)h(\()r
(T)l(-)t(T)t Fu(R)t(A)t(N)t(S)r Fv(\))g(rules.)0 2594
y
SDict begin H.S end
 0 2594 a 0 2594 a
SDict begin 13.6 H.A end
 0 2594 a 0 2594 a
SDict begin [ /View [/XYZ H.V] /Dest (subsubsection.3.1.2) cvn H.B
/DEST pdfmark end
 0 2594 a 97 x Ft(3.1.2)92
b(Sub-typing)22 b(Rules)h(f)n(or)g(Safe)h(Casts:)31 b
Fv(T)l(-)t Fu(U)t(N)t(S)t(I)t(G)t(N)t(E)t(D)t Fv(,)f
Fu(T)m Fv(-)t Fu(S)t(I)t(G)t(N)t(E)t(D)t Fv(,)h Fu(T)m
Fv(-)t Fu(U)t(P)t(C)t(A)t(S)t(T)0 2865 y Fv(Our)22 b(approach)j
(de\002nes)e(tw)o(o)g(basic)g(types:)30 b Fr(unsigned)d
Fv(and)c Fr(signed)p Fv(.)30 b(Dif)n(ferent)24 b(precisions)h(within)f
(a)e(type)h(become)g(sub-)0 2978 y(types.)37 b(W)-7 b(e)25
b(e)o(xpress)i(casts)g(in)f(terms)g(of)f(sub-typing)k(where)e(smaller)f
(precisions)j(are)d(sub-types)i(of)e(lar)n(ger)i(precisions.)2
3091 y(T)l(-)t Fu(U)t(N)t(S)t(I)t(G)t(N)t(E)t(D)38 b
Fv(and)e Fu(T)m Fv(-)t Fu(S)t(I)t(G)t(N)t(E)t(D)j Fv(in)34
b(T)-7 b(able)p 0 0 1 TeXcolorrgb 1431 3092 a
SDict begin H.S end
 1431 3092
a 0 0 1 TeXcolorrgb -1 x Fv(3.1)p 0 0 1 TeXcolorrgb 1544
3029 a
SDict begin H.R end
 1544 3029 a 1544 3091 a
SDict begin [ /Color [1 0 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(subsection.3.1) cvn H.B /ANN pdfmark end
 1544 3091 a Black 34 w
Fv(e)o(xpress)35 b(the)f(base)h(sub-typing)i(relationship)g(for)d(inte)
o(gers,)k(while)e Fu(T)m Fv(-)2 3204 y Fu(U)t(P)t(C)t(A)t(S)t(T)27
b Fv(states)e(that)f(we)f(can)h(up-cast)h(\(ascribe\))h(to)d(an)h(e)o
(xpression)i Fn(e)d Fv(of)h(type)g Fn(\033)i Fv(a)d(super)n(-type)k
Fn(\034)10 b Fv(.)27 b(F)o(or)c(e)o(xample:)0 3268 y
SDict begin H.S end

0 3268 a 0 3268 a
SDict begin 13.6 H.A end
 0 3268 a 0 3268 a
SDict begin [ /View [/XYZ H.V] /Dest (lstlisting.-4) cvn H.B /DEST
pdfmark end
 0 3268 a 166 3248
a
SDict begin H.S end
 166 3248 a 166 3248 a
SDict begin 12 H.A end
 166 3248 a 166 3248 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-4.1) cvn H.B /DEST
pdfmark end
 166 3248
a 184 3348 a Fh(/)18 b(/)78 b(C)10 b(a)g(s)g(t)78 b(e)17
b(x)f(p)g(l)h(i)f(c)h(i)f(t)77 b(o)10 b(r)75 b(i)16 b(m)g(p)f(l)h(i)g
(c)g(i)g(t)g(l)g(y)80 b(i)15 b(n)g(s)g(e)g(r)g(t)g(e)g(d)70
b(b)6 b(y)66 b(t)12 b(h)g(e)73 b(c)11 b(o)g(m)g(p)g(i)g(l)g(e)g(r)166
3348 y
SDict begin H.S end
 166 3348 a 166 3348 a
SDict begin 12 H.A end
 166 3348 a 166 3348 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-4.2) cvn H.B /DEST
pdfmark end
 166
3348 a 182 3448 a Fh(u)k(i)h(n)f(t)g(8)p 435 3448 25
4 v 61 w(t)70 b(b)17 b(;)78 b(u)14 b(i)h(n)f(t)h(1)g(6)p
1035 3448 V 59 w(t)71 b(a)57 b(=)63 b(\()25 b(u)15 b(i)f(n)h(t)g(1)f(6)
p 1732 3448 V 59 w(t)26 b(\))65 b(b)17 b(;)p Black Black
0 3605 a Fv(is)23 b(safe)h(because)i(it)d(is)h(well-typed:)1020
3818 y Fo(\000)h Fm(`)g Fi(b)g Fo(:)g Fv(uint8)p 1503
3818 28 4 v 35 w(t)p 1649 3740 682 4 v 91 w(uint8)p 1839
3818 28 4 v 35 w(t)g Fn(<)p Fo(:)h Fv(uint16)p 2276 3818
V 35 w(t)2374 3769 y(T)l(-)t(U)t Fu(N)t(S)t(I)t(G)t(N)t(E)t(D)p
1020 3842 1311 4 v 1203 3927 a Fo(\000)f Fm(`)g Fo(\()p
Fv(uint16)p 1636 3927 28 4 v 36 w(t)p Fo(\))p Fi(b)g
Fo(:)h Fv(uint16)p 2093 3927 V 35 w(t)2374 3871 y(T)l(-)t(U)t
Fu(P)t(C)t(A)t(S)t(T)141 4115 y Fv(Note)i(T)l(-)t(S)t
Fu(I)t(G)t(N)t(E)t(D)h Fv(and)f(T)l(-)t(U)t Fu(N)t(S)t(I)t(G)t(N)t(E)t
(D)r Fv(,)g(along)f(with)g(T)l(-)t(U)t Fu(P)t(C)t(A)t(S)t(T)k
Fv(eloquently)d(replace)g(the)d(dozen)i(or)f(so)f(rules)i(for)0
4228 y(determining)e(the)e(rank)g(and)g(result)h(of)e(rank)h(con)l(v)o
(ersion)j(that)d(appear)h(in)e(C99.)28 b(W)-7 b(e)22
b(belie)n(v)o(e)h(this)g(simplicity)i(mak)o(es)e(our)0
4341 y(approach)h(appealing.)31 b(Also)22 b(note)h(that)i(T)l(-)t(T)t
Fu(R)t(A)t(N)t(S)g Fv(can)d(be)g(applied)i(for)e(tw)o(o)g(or)g(more)g
(up-casts,)i(e.g.,)e Fi(uint8)p 3597 4341 V 30 w(t)f
Fv(being)0 4454 y(up)j(cast)g(to)f Fi(uint32)p 706 4454
V 30 w(t)p Fv(.)0 4604 y
SDict begin H.S end
 0 4604 a 0 4604 a
SDict begin 13.6 H.A end
 0 4604 a 0
4604 a
SDict begin [ /View [/XYZ H.V] /Dest (subsection.3.2) cvn H.B /DEST
pdfmark end
 0 4604 a 97 x Fw(3.2)99 b(C)25 b(Integer)h(Rewriting)f(Rule)g(f)
n(or)g(Unsafe)g(Casts)0 4875 y Fv(Do)n(wn-casts)20 b(and)f(sign)g(con)l
(v)o(ersions)j(are)d(not)g(within)g(the)g(type)g(system,)h(and)f
(therefore)i(potentially)h(unsafe.)28 b(W)-7 b(e)18 b(re)n(write)0
4988 y(potentially)29 b(unsafe)e(casts)g(as)e(runtime)i(safety)g
(checks)h(on)e(the)g(operands.)37 b(The)26 b(resulting)i(e)o(xpression)
g(with)e(the)g(safety)p Black 0 5064 1560 4 v 105 5119
a Fp(4)p 0 TeXcolorgray 134 5060 a
SDict begin H.S end
 134 5060 a 0 TeXcolorgray
0 TeXcolorgray 134 5060 a
SDict begin H.R end
 134 5060 a 134 5060 a
SDict begin [ /View [/XYZ H.V] /Dest (Hfootnote.4) cvn H.B /DEST pdfmark
end
 134 5060
a Black 91 x Fs(The)19 b(types)h(in)f Ff(\000)f Fs(are)h(b)o(uilt)f
(via)h(the)g(declared)h(C)f(types.)p Black Black 1927
5400 a Fv(6)p Black eop end
%%Page: 7 9
TeXDict begin 7 8 bop 0 0 a
SDict begin /product where{pop product(Distiller)search{pop pop pop
version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto
closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show
grestore}if}{pop}ifelse}{pop}ifelse}if end
 0 0 a Black 0 TeXcolorgray
0 0 a
SDict begin H.S end
 0 0 a 0 TeXcolorgray 0 TeXcolorgray 0 0 a
SDict begin H.R end
 0 0 a
0 0 a
SDict begin [ /View [/XYZ H.V] /Dest (page.7) cvn H.B /DEST pdfmark
end
 0 0 a Black Black Black 1100 78 a Fo(\000)25 b
Fm(`)f Fn(e)i Fo(:)g Fn(\033)94 b Fo(\()p Fn(\034)10
b Fo(\))p Fn(e)92 b(\033)28 b Fm(6)p Fn(<)p Fo(:)d Fn(\034)101
b(e)26 b Fe( )f Fn(e)2349 45 y Fk(0)p 958 121 1558 4
v 958 207 a Fo(\()p Fn(\034)10 b Fo(\))p Fn(e)26 b Fe( )f
Fo(\()p Fn(\034)10 b Fo(\))p Fv(let)24 b Fn(x)i Fo(:)f
Fn(\033)k Fo(=)c Fn(e)1843 174 y Fk(0)1889 207 y Fv(in)g
Fu(C)t(H)t(E)t(C)t(K)2251 226 y Fj(\()p Fl(\034)8 b Fj(\))p
Fl(\033)2392 207 y Fo(\()p Fn(x)p Fo(\))2558 148 y Fh(R)t(-)t(U)t
Fq(N)t(S)t(A)t(F)t(E)1153 394 y Fo(\000)25 b Fm(`)g Fn(e)h
Fo(:)f Fn(\033)94 b Fo(\()p Fn(\034)10 b Fo(\))p Fn(e)92
b(\033)29 b(<)p Fo(:)c Fn(\034)101 b(e)25 b Fe( )g Fn(e)2402
361 y Fk(0)p 1153 437 1274 4 v 1544 523 a Fo(\()p Fn(\034)10
b Fo(\))p Fn(e)26 b Fe( )g Fo(\()p Fn(\034)10 b Fo(\))p
Fn(e)2011 490 y Fk(0)2470 464 y Fh(R)t(-)t(S)t Fq(A)t(F)t(E)1456
703 y Fn(\033)28 b Fm(6)p Fn(<)p Fo(:)d Fn(\034)101 b(\034)36
b(<)p Fo(:)25 b Fn(\033)p 798 741 1910 4 v 800 826 a
Fu(C)t(H)t(E)t(C)t(K)1067 840 y Fl(\034)t(;\033)1168
826 y Fo(\()p Fn(x)p Fo(\))h Fm(\021)f Fv(if)f Fn(\034)1531
840 y Fq(min)1663 826 y Fm(\024)h Fn(x)g Fm(\024)g Fn(\034)1972
840 y Fq(max)2113 826 y Fv(then)f Fn(x)f Fv(else)h(error)2751
769 y Fh(D)t(-)t(C)t Fq(H)t(E)t(C)t(K)1013 1006 y Fn(\033)29
b Fm(6)p Fn(<)p Fo(:)c Fn(\034)101 b Fv(signed)27 b Fn(<)p
Fo(:)f Fn(\033)94 b Fv(unsigned)28 b Fn(<)p Fo(:)e Fn(\034)p
792 1045 1841 4 v 794 1130 a Fu(C)t(H)t(E)t(C)t(K)1060
1149 y Fj(\()p Fl(\034)8 b Fj(\))p Fl(\033)1201 1130
y Fo(\()p Fn(x)p Fo(\))26 b Fm(\021)f Fv(if)e Fo(0)j
Fm(\024)f Fn(x)g Fm(\024)g Fn(\034)1903 1144 y Fq(max)2044
1130 y Fv(then)f(x)g(else)g(error)2676 1073 y Fh(S)t(-)t(U)t(-)t(C)t
Fq(H)t(E)t(C)t(K)1013 1310 y Fn(\033)29 b Fm(6)p Fn(<)p
Fo(:)c Fn(\034)101 b Fv(unsigned)28 b Fn(<)p Fo(:)e Fn(\033)94
b Fv(signed)27 b Fn(<)p Fo(:)f Fn(\034)p 875 1350 1675
4 v 877 1435 a Fu(C)t(H)t(E)t(C)t(K)1144 1453 y Fj(\()p
Fl(\034)8 b Fj(\))p Fl(\033)1284 1435 y Fo(\()p Fn(x)p
Fo(\))26 b Fm(\021)f Fv(if)f Fn(x)h Fm(\024)g Fn(\034)1820
1449 y Fq(max)1961 1435 y Fv(then)f(x)f(else)h(error)2592
1377 y Fh(U)t(-)t(S)t(-)t(C)t Fq(H)t(E)t(C)t(K)0 1759
y Fv(T)-7 b(able)25 b(2:)p 0 TeXcolorgray 325 1646 a
SDict begin H.S end

325 1646 a 0 TeXcolorgray 0 TeXcolorgray 325 1646 a
SDict begin H.R end
 325
1646 a 325 1646 a
SDict begin [ /View [/XYZ H.V] /Dest (table.2) cvn H.B /DEST pdfmark
end
 325 1646 a Black 327 1759 a Fu(R)t
Fv(-)t Fu(U)t(N)t(S)t(A)t(F)t(E)30 b Fv(re)n(writes)25
b(unsafe)i(casts)e(by)g(inserting)j(dynamic)e(checks:)35
b Fu(U)t Fv(-)t Fu(S)t Fv(-)t Fu(C)t(H)t(E)t(C)t(K)30
b Fv(for)25 b(unsigned)i(to)e(signed)0 1872 y(casts,)33
b Fu(S)t Fv(-)t Fu(U)t Fv(-)t Fu(C)t(H)t(E)t(C)t(K)g
Fv(for)c(signed)h(to)f(unsigned)i(casts,)g(and)g Fu(D)t
Fv(-)t Fu(C)t(H)t(E)t(C)t(K)g Fv(for)e(do)n(wn-casts.)48
b Fu(R)t Fv(-)t Fu(S)t(A)t(F)t(E)34 b Fv(is)28 b(added)i(for)f(com-)0
1985 y(pleteness:)j(it)23 b(lea)n(v)o(es)i(safe)f(e)o(xpressions)i
(as-is.)p Black 0 2262 a(check)h(is)e(well-typed.)p 0 0 1
TeXcolorrgb 758 2262 a
SDict begin H.S end
 758 2262 a -33 x Fq(5)795 2262
y
SDict begin 13.6 H.L end
 795 2262 a 795 2262 a
SDict begin [ /Subtype /Link /Dest (Hfootnote.5) cvn /H /I /Border
[0 0 0] /Color [1 0 0] H.B /ANN pdfmark end
 795 2262 a Black 34 w Fv(The)g(particular)j
(check)e(depends)i(upon)e(whether)h(the)e(unsafe)i(cast)f(is)f(a)g
(sign)h(con)l(v)o(ersion)j(cast)0 2374 y(or)23 b(a)h(do)n(wn-cast.)30
b(T)-7 b(able)p 0 0 1 TeXcolorrgb 806 2374 a
SDict begin H.S end
 806 2374
a 0 0 1 TeXcolorrgb Fv(2)p 0 0 1 TeXcolorrgb 852 2312
a
SDict begin H.R end
 852 2312 a 852 2374 a
SDict begin [ /Color [1 0 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(table.2) cvn H.B /ANN pdfmark end
 852 2374 a Black 22 w Fv(gi)n(v)o(es)24
b(our)g(re)n(writing)h(and)f(safety)h(check)g(rules.)0
2527 y
SDict begin H.S end
 0 2527 a 0 2527 a
SDict begin 13.6 H.A end
 0 2527 a 0 2527 a
SDict begin [ /View [/XYZ H.V] /Dest (subsubsection.3.2.1) cvn H.B
/DEST pdfmark end
 0 2527 a 93
x Ft(3.2.1)92 b(General)24 b(Rewriting)f(Rule)g(f)n(or)g(All)g(Unsafe)g
(Casts:)32 b Fv(R)t(-)t(U)t Fu(N)t(S)t(A)t(F)t(E)0 2795
y Fv(W)-7 b(e)27 b(introduce)k(re)n(write)e(rules)g(for)f(potentially)k
(unsafe)d(casts)g(of)g(e)o(xpressions.)45 b(Suppose)30
b(in)e Fo(\()p Fn(\034)10 b Fo(\))p Fn(e)p Fv(,)29 b
Fn(e)f Fv(is)g(of)g(the)h(type)g Fn(\033)0 2908 y Fv(which)d(is)g(not)g
(a)f(subtype)j(of)e(the)g(cast)g(type)h Fn(\034)10 b
Fv(,)25 b(i.e.,)h Fn(\033)32 b Fm(6)p Fn(<)p Fo(:)e Fn(\034)10
b Fv(.)35 b(F)o(or)24 b(e)o(xample,)j(when)f(assigning)j(an)d(unsigned)
i(to)e(signed)0 3020 y(inte)o(ger)l(,)k(the)e(signed)h(inte)o(ger)g(is)
f Fn(\033)i Fv(and)e(is)f(cast)i(to)e(type)i(unsigned)h(inte)o(ger)f
Fn(\034)10 b Fv(.)40 b(W)-7 b(e)27 b(translate)j Fn(e)d
Fv(to)h(an)f(e)o(xpression)k(that)0 3133 y(performs)25
b(the)f(proper)h(safety)g(check)f(during)h(e)n(v)n(aluation.)143
3246 y(R)t(-)t Fu(U)t(N)t(S)t(A)t(F)t(E)36 b Fv(in)30
b(T)-7 b(able)p 0 0 1 TeXcolorrgb 910 3246 a
SDict begin H.S end
 910 3246
a 0 0 1 TeXcolorrgb Fv(2)p 0 0 1 TeXcolorrgb 956 3184
a
SDict begin H.R end
 956 3184 a 956 3246 a
SDict begin [ /Color [1 0 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(table.2) cvn H.B /ANN pdfmark end
 956 3246 a Black 30 w Fv(states)31
b(that)g(an)g(unsafe)h(cast)f Fo(\()p Fn(\034)10 b Fo(\))p
Fn(e)39 b Fo(:)g Fn(\033)33 b Fv(where)d Fn(e)h Fv(e)n(v)n(aluates)h
(to)e(some)h(other)h(e)o(xpression)0 3359 y Fn(e)42 3326
y Fk(0)92 3359 y Fv(is)27 b(re)n(written)h(statically)i(to)d(another)i
(cast)f(where)f Fn(e)g Fv(is)g(e)n(v)n(aluated)i(to)e(a)g(v)n(alue)h
Fn(x)p Fv(,)f(which)g(is)g(check)o(ed)i(via)h Fu(C)t(H)t(E)t(C)t(K)3775
3373 y Fl(\034)t(;\033)3877 3359 y Fv(.)2 3472 y Fu(C)t(H)t(E)t(C)t(K)
268 3486 y Fl(\034)t(;\033)404 3472 y Fv(is)k(a)g(function)j(which)e
(returns)h(the)f(v)n(alue)g Fn(x)f Fv(or)g(calls)h(an)g
Fi(error\(\))30 b Fv(function.)64 b(The)34 b(check)i(functions)0
3585 y(\()r Fu(S)t Fv(-)t Fu(U)t Fv(-)t Fu(C)t(H)t(E)t(C)t(K)r
Fv(,)j Fu(U)t Fv(-)t Fu(S)t Fv(-)t Fu(C)t(H)t(E)t(C)t(K)r
Fv(,)d(and)f Fu(D)t Fv(-)t Fu(C)t(H)t(E)t(C)t(K)r Fv(\))e(are)f(dif)n
(ferent)i(for)e(each)h(type)f(of)g(unsafe)i(cast:)46
b(unsigned)35 b(to)d(signed)0 3698 y(con)l(v)o(ersions,)k(signed)d(to)e
(unsigned)j(con)l(v)o(ersions,)i(and)c(do)n(wn-casts.)55
b(R)t(-)t Fu(S)t(A)t(F)t(E)37 b Fv(is)31 b(included)i(for)e
(completeness:)48 b(for)0 3811 y(safe)24 b(casts,)g(no)g(re)n(write)g
(is)f(necessary)-6 b(.)0 3963 y
SDict begin H.S end
 0 3963 a 0 3963 a
SDict begin 13.6 H.A end
 0 3963
a 0 3963 a
SDict begin [ /View [/XYZ H.V] /Dest (subsubsection.3.2.2) cvn H.B
/DEST pdfmark end
 0 3963 a 94 x Ft(3.2.2)92 b(Speci\002c)24
b Fu(C)t(H)t(E)t(C)t(K)861 4071 y Fl(\034)t(;\033)964
4057 y Ft(:)30 b Fu(D)t Fv(-)t Fu(C)t(H)t(E)t(C)t(K)r
Ft(,)d Fu(U)t Fv(-)t Fu(S)t Fv(-)t Fu(C)t(H)t(E)t(C)t(K)r
Ft(,)e(and)g Fu(S)t Fv(-)t Fu(U)t Fv(-)t Fu(C)t(H)t(E)t(C)t(K)0
4145 y
SDict begin H.S end
 0 4145 a 0 4145 a
SDict begin 13.6 H.A end
 0 4145 a 0 4145 a
SDict begin [ /View [/XYZ H.V] /Dest (section*.1) cvn H.B /DEST pdfmark
end
 0 4145 a 86
x Ft(Do)o(wn-casts.)92 b Fv(A)21 b(do)n(wn-cast)j(from)e(an)h(e)o
(xpression)i Fn(e)d Fv(of)g(type)h Fn(\033)i Fv(of)d(higher)i
(precision)h(to)d Fn(\034)31 b Fv(of)23 b(lo)n(wer)f(precision)j
(\(e.g.,)0 4344 y(uint32)p 235 4344 28 4 v 35 w(t)c(to)g(uint16)p
637 4344 V 35 w(t\))g(requires)i(a)e(check)h(if)f(the)h(v)n(alue)g(of)f
Fn(e)f Fv(when)i(e)n(v)n(aluated)h(is)e(preserv)o(ed)i(with)e(the)h
(smaller)g(precision)0 4457 y(type)34 b Fn(\034)10 b
Fv(,)36 b(i.e.,)f(the)f(v)n(alue)h(of)e Fn(e)g Fv(\223\002ts\224)h
(inside)h(the)f(type)h Fn(\034)10 b Fv(.)58 b(A)33 b(do)n(wn-cast)i(is)
f(essentially)j(a)c(sub-typing)k(relationship)0 4570
y(backw)o(ard:)31 b Fn(\033)d Fm(6)p Fn(<)p Fo(:)e Fn(\034)32
b Fv(b)n(ut)24 b Fn(\034)36 b(<)p Fo(:)25 b Fn(\033)s
Fv(.)143 4683 y Fu(C)t(H)t(E)t(C)t(K)409 4701 y Fj(\()p
Fl(\034)8 b Fj(\))p Fl(\033)571 4683 y Fv(for)21 b(do)n(wn-casting)j
(is)d(gi)n(v)o(en)h(as)h Fu(D)t Fv(-)t Fu(C)t(H)t(E)t(C)t(K)h
Fv(in)d(T)-7 b(able)p 0 0 1 TeXcolorrgb 2293 4683 a
SDict begin H.S end
 2293
4683 a 0 0 1 TeXcolorrgb Fv(2)p 0 0 1 TeXcolorrgb 2339
4621 a
SDict begin H.R end
 2339 4621 a 2339 4683 a
SDict begin [ /Color [1 0 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(table.2) cvn H.B /ANN pdfmark end
 2339 4683 a Black Fv(.)27
b(The)21 b(rule)g(states)i(that)e(an)h(error)g(is)f(raised)h(if)f(the)0
4795 y(v)n(alue)26 b Fn(x)e Fv(of)h Fn(e)g Fv(is)g(lar)n(ger)h(than)g
(the)f(maximum)g(v)n(alue)h Fn(\034)1749 4809 y Fq(max)1892
4795 y Fv(or)f(smaller)h(than)f(the)h(minimum)f(v)n(alue)h
Fn(\034)3237 4809 y Fq(min)3368 4795 y Fv(of)f(inte)o(ger)h(type)p
Black 0 4877 1560 4 v 105 4932 a Fp(5)p 0 TeXcolorgray
134 4873 a
SDict begin H.S end
 134 4873 a 0 TeXcolorgray 0 TeXcolorgray 134
4873 a
SDict begin H.R end
 134 4873 a 134 4873 a
SDict begin [ /View [/XYZ H.V] /Dest (Hfootnote.5) cvn H.B /DEST pdfmark
end
 134 4873 a Black 91 x Fs(F)o(or)19
b(bre)n(vity)-5 b(,)19 b(we)g(omit)g(se)n(v)o(eral)g(uninteresting)h
(rules)f(that)g(are)f(technically)i(needed)g(to)f(sho)n(w)h(this.)p
Black Black 1927 5400 a Fv(7)p Black eop end
%%Page: 8 10
TeXDict begin 8 9 bop 0 0 a
SDict begin /product where{pop product(Distiller)search{pop pop pop
version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto
closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show
grestore}if}{pop}ifelse}{pop}ifelse}if end
 0 0 a Black 0 TeXcolorgray
0 0 a
SDict begin H.S end
 0 0 a 0 TeXcolorgray 0 TeXcolorgray 0 0 a
SDict begin H.R end
 0 0 a
0 0 a
SDict begin [ /View [/XYZ H.V] /Dest (page.8) cvn H.B /DEST pdfmark
end
 0 0 a Black Black 91 x Fn(\034)10 b Fv(.)31 b(The)24
b(pre-condition)k Fn(\033)j Fm(6)p Fn(<)p Fo(:)c Fn(\034)33
b Fv(and)25 b Fn(\034)37 b(<)p Fo(:)27 b Fn(\033)g Fv(are)e(needed)h
(to)e(ensure)i(we)e(only)h(apply)h(this)f(rule)g(when)g(the)f
(precision)j(is)0 204 y(changed,)e(b)n(ut)f(not)g(the)g(sign)g(\(sign)h
(changes)h(are)d(handled)j(by)f(S)t(-)t(U)t(-)t(C)t Fu(H)t(E)t(C)t(K)j
Fv(and)e(U)t(-)t(S)t(-)t(C)t Fu(H)t(E)t(C)t(K)r Fv(\).)141
317 y(F)o(or)d(e)o(xample,)h(consider)i(the)d(code:)0
387 y
SDict begin H.S end
 0 387 a 0 387 a
SDict begin 13.6 H.A end
 0 387 a 0 387 a
SDict begin [ /View [/XYZ H.V] /Dest (lstlisting.-5) cvn H.B /DEST
pdfmark end
 0 387 a 166 367
a
SDict begin H.S end
 166 367 a 166 367 a
SDict begin 12 H.A end
 166 367 a 166 367 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-5.1) cvn H.B /DEST
pdfmark end
 166 367 a 181
467 a Fh(u)14 b(i)h(n)f(t)h(3)g(2)p 487 467 25 4 v 59
w(t)69 b(b)17 b(;)166 467 y
SDict begin H.S end
 166 467 a 166 467 a
SDict begin 12 H.A end
 166 467
a 166 467 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-5.2) cvn H.B /DEST
pdfmark end
 166 467 a 181 566 a Fh(u)d(i)h(n)f(t)h(1)g(6)p
487 566 25 4 v 59 w(t)71 b(a)57 b(=)63 b(\()25 b(u)15
b(i)f(n)h(t)g(1)f(6)p 1184 566 V 59 w(t)26 b(\))65 b(b)17
b(;)p Black Black 141 729 a Fv(Here)33 b Fn(\033)46 b
Fo(=)32 b Fi(uint32)p 886 729 28 4 v 30 w(t)g Fv(and)h
Fn(\034)53 b Fo(=)32 b Fi(uint16)p 1692 729 V 30 w(t)p
Fv(.)56 b(Since)33 b Fi(uint32)p 2420 729 V 30 w(t)f
Fm(6)p Fn(<)p Fo(:)g Fi(uint16)p 2995 729 V 30 w(t)p
Fv(,)i(the)f(re)n(writing)i(rule)g Fu(R)t Fv(-)2 842
y Fu(U)t(N)t(S)t(A)t(F)t(E)27 b Fv(applies:)858 1033
y Fo(\000)e Fm(`)g Fn(b)g Fo(:)h Fv(uint32)p 1371 1033
V 35 w(t)91 b(uint32)p 1752 1033 V 35 w(t)25 b Fm(6)p
Fn(<)p Fo(:)h Fv(uint16)p 2189 1033 V 35 w(t)91 b Fn(b)25
b Fe( )g Fn(b)2554 1000 y Fk(0)p 598 1071 2239 4 v 598
1155 a Fo(\()p Fv(uint16)p 868 1155 28 4 v 36 w(t)p Fo(\))p
Fn(b)h Fe( )f Fv(\(uint16)p 1405 1155 V 35 w(t\))e(let)h
Fn(x)h Fo(:)h Fv(uint32)p 1990 1155 V 35 w(t)f Fo(=)g
Fn(b)e Fv(in)j Fu(C)t(H)t(E)t(C)t(K)2590 1174 y Fj(\()p
Fl(\034)8 b Fj(\))p Fl(\033)2731 1155 y Fv(\(x\))2881
1100 y(R)t(-)t(U)t Fu(N)t(S)t(A)t(F)t(E)0 1322 y Fv(Further)l(,)24
b(since)h(the)f(sub-typing)i(is)e(backw)o(ard,)h(we)d(use)i(the)i
Fu(D)t Fv(-)t Fu(C)t(H)t(E)t(C)t(K)h Fv(rule:)964 1551
y(uint32)p 1199 1551 V 35 w(t)e Fm(6)p Fn(<)p Fo(:)g
Fv(uint16)p 1635 1551 V 35 w(t)p 1782 1472 728 4 v 92
w(uint16)p 2017 1551 28 4 v 35 w(t)g Fn(<)p Fo(:)g Fv(uint32)p
2453 1551 V 36 w(t)2552 1502 y(T)l(-)t(U)t Fu(N)t(S)t(I)t(G)t(N)t(E)t
(D)p 757 1589 1960 4 v 759 1681 a(C)t(H)t(E)t(C)t(K)1025
1699 y Fj(\()p Fl(\034)8 b Fj(\))p Fl(\033)1166 1681
y Fo(\()p Fn(x)p Fo(\))26 b Fm(\021)f Fv(if)e Fo(0)j
Fm(\024)f Fn(x)g(<)g Fo(2)1873 1648 y Fj(16)1969 1681
y Fm(\000)19 b Fo(1)24 b Fv(then)g(x)f(else)h(error)2759
1619 y(D)t(-)t(C)t Fu(H)t(E)t(C)t(K)141 1885 y Fv(The)f(re)n(writing)i
(of)e(the)h(e)o(xample)h(gi)n(v)o(en)f(the)f(formal)i(rules)f(is)f
(then:)0 1955 y
SDict begin H.S end
 0 1955 a 0 1955 a
SDict begin 13.6 H.A end
 0 1955 a 0 1955 a
SDict begin [ /View [/XYZ H.V] /Dest (lstlisting.-6) cvn H.B /DEST
pdfmark end
 0
1955 a 166 1935 a
SDict begin H.S end
 166 1935 a 166 1935 a
SDict begin 12 H.A end
 166 1935 a 166
1935 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-6.1) cvn H.B /DEST
pdfmark end
 166 1935 a 181 2035 a Fh(u)14 b(i)h(n)f(t)h(3)g(2)p
487 2035 25 4 v 59 w(t)67 b(b)20 b(,)70 b(c)20 b(;)166
2035 y
SDict begin H.S end
 166 2035 a 166 2035 a
SDict begin 12 H.A end
 166 2035 a 166 2035 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-6.2) cvn H.B /DEST
pdfmark end
 166
2035 a 181 2134 a Fh(u)14 b(i)h(n)f(t)h(3)g(2)p 487 2134
25 4 v 59 w(t)69 b(x)54 b(=)i(b)17 b(;)166 2134 y
SDict begin H.S end
 166
2134 a 166 2134 a
SDict begin 12 H.A end
 166 2134 a 166 2134 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-6.3) cvn H.B /DEST
pdfmark end
 166 2134 a 182
2234 a Fh(i)g(f)76 b(\()10 b(0)53 b Fd(<)m Fh(=)e(x)43
b(&)-10 b(&)44 b(x)j Fd(<)m Fh(=)g Fc(2)1155 2204 y Fb(16)1243
2234 y Fg(\000)18 b Fc(1)10 b Fh(\))65 b(x)17 b(;)77
b(e)14 b(l)g(s)h(e)78 b(e)15 b(r)f(r)g(o)g(r)29 b(\()15
b(\))28 b(;)166 2234 y
SDict begin H.S end
 166 2234 a 166 2234 a
SDict begin 12 H.A end
 166 2234
a 166 2234 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-6.4) cvn H.B /DEST
pdfmark end
 166 2234 a 181 2333 a Fh(u)14 b(i)h(n)f(t)h(1)g(6)p
487 2333 25 4 v 59 w(t)71 b(a)57 b(=)63 b(\()25 b(u)15
b(i)f(n)h(t)g(1)f(6)p 1184 2333 V 59 w(t)26 b(\))65 b(b)17
b(;)p Black Black 141 2496 a Fv(In)24 b(our)f(implementation,)k(we)22
b(output)j(the)f(equi)n(v)n(alent:)0 2566 y
SDict begin H.S end
 0 2566 a
0 2566 a
SDict begin 13.6 H.A end
 0 2566 a 0 2566 a
SDict begin [ /View [/XYZ H.V] /Dest (lstlisting.-7) cvn H.B /DEST
pdfmark end
 0 2566 a 166 2546 a
SDict begin H.S end
 166 2546
a 166 2546 a
SDict begin 12 H.A end
 166 2546 a 166 2546 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-7.1) cvn H.B /DEST
pdfmark end
 166 2546 a 181 2646
a Fh(u)14 b(i)h(n)f(t)h(3)g(2)p 487 2646 25 4 v 59 w(t)69
b(b)17 b(;)166 2646 y
SDict begin H.S end
 166 2646 a 166 2646 a
SDict begin 12 H.A end
 166 2646
a 166 2646 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-7.2) cvn H.B /DEST
pdfmark end
 166 2646 a 182 2745 a Fh(i)g(f)77 b(\()14
b(b)44 b Fd(>)h Fc(2)607 2715 y Fb(16)695 2745 y Fg(\000)18
b Fc(1)10 b Fh(\))76 b(e)14 b(r)g(r)h(o)f(r)29 b(\()14
b(\))28 b(;)166 2745 y
SDict begin H.S end
 166 2745 a 166 2745 a
SDict begin 12 H.A end
 166 2745
a 166 2745 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-7.3) cvn H.B /DEST
pdfmark end
 166 2745 a 181 2845 a Fh(u)14 b(i)h(n)f(t)h(1)g(6)p
487 2845 25 4 v 59 w(t)71 b(a)57 b(=)63 b(\()25 b(u)15
b(i)f(n)h(t)g(1)f(6)p 1184 2845 V 59 w(t)26 b(\))65 b(b)17
b(;)p Black Black 0 3058 a
SDict begin H.S end
 0 3058 a 0 3058 a
SDict begin 13.6 H.A end
 0 3058 a
0 3058 a
SDict begin [ /View [/XYZ H.V] /Dest (section*.2) cvn H.B /DEST pdfmark
end
 0 3058 a 83 x Ft(Sign)26 b(con)l(v)o(ersion)i(casts.)93
b Fv(The)26 b(sign)i(bit)e(must)h(be)g(check)o(ed)i(for)e(con)l(v)o
(ersions)j(between)e(signed)g(and)f(unsigned)i(inte-)0
3253 y(gers.)43 b(W)-7 b(e)28 b(di)n(vide)h Fr(c)o(hec)n(k)817
3272 y Fj(\()p Fl(\034)8 b Fj(\))p Fl(\033)987 3253 y
Fv(for)29 b(sign)g(con)l(v)o(ersions)i(into)e(tw)o(o)f(cases)h(as)f
(sho)n(wn)h(in)f(T)-7 b(able)p 0 0 1 TeXcolorrgb 2998
3253 a
SDict begin H.S end
 2998 3253 a 0 0 1 TeXcolorrgb Fv(2)p 0 0 1 TeXcolorrgb
3044 3191 a
SDict begin H.R end
 3044 3191 a 3044 3253 a
SDict begin [ /Color [1 0 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(table.2) cvn H.B /ANN pdfmark end
 3044 3253 a Black
Fv(:)40 b(S)t(-)t(U)t(-)t(C)t Fu(H)t(E)t(C)t(K)32 b Fv(where)d(a)0
3366 y(signed)c(inte)o(ger)g(is)e(cast)h(to)g(an)g(unsigned)i(inte)o
(ger)l(,)e(and)j(U)t(-)t(S)t(-)t(C)t Fu(H)t(E)t(C)t(K)g
Fv(where)d(an)g(unsigned)i(inte)o(ger)f(is)e(cast)h(to)g(a)f(signed)0
3479 y(inte)o(ger)-5 b(.)143 3592 y(U)t(-)t(S)t(-)t(C)t
Fu(H)t(E)t(C)t(K)38 b Fv(is)33 b(similar)h(to)i Fu(D)t
Fv(-)t Fu(C)t(H)t(E)t(C)t(K)g Fv(with)e(the)f(e)o(xception)j(that)e
Fn(\034)43 b Fv(is)33 b(signed)i(and)f Fn(\033)i Fv(is)d(unsigned,)39
b(while)33 b(in)2 3705 y Fu(D)t Fv(-)t Fu(C)t(H)t(E)t(C)t(K)28
b Fv(both)d(are)g(either)h(signed)g(or)f(unsigned.)35
b(Although)26 b(the)f(resulting)i(check)f(is)f(the)g(same,)f(we)g
(\002nd)h(it)f(useful)i(to)0 3818 y(logically)h(separate)h(out)d
(unsigned)j(to)d(signed)h(con)l(v)o(ersions)j(from)c(do)n(wn-casts.)35
b(The)25 b(signed)i(to)e(unsigned)i(con)l(v)o(ersion)0
3931 y(check)g(S)t(-)t Fu(U)t Fv(-)t Fu(C)t(H)t(E)t(C)t(K)g
Fv(need)d(only)h(check)g(that)f(the)f(sign)i(bit)e(is)h(not)g(set,)f
(i.e.,)g Fn(x)i Fm(\025)g Fo(0)p Fv(.)141 4044 y(F)o(or)e(e)o(xample,)h
(the)i Fu(S)t Fv(-)t Fu(U)t Fv(-)t Fu(C)t(H)t(E)t(C)t(K)i
Fv(and)e Fu(U)t Fv(-)t Fu(S)t Fv(-)t Fu(C)t(H)t(E)t(C)t(K)i
Fv(will)23 b(re)n(write)h(the)g(follo)n(wing:)0 4113
y
SDict begin H.S end
 0 4113 a 0 4113 a
SDict begin 13.6 H.A end
 0 4113 a 0 4113 a
SDict begin [ /View [/XYZ H.V] /Dest (lstlisting.-8) cvn H.B /DEST
pdfmark end
 0 4113 a 166 4094
a
SDict begin H.S end
 166 4094 a 166 4094 a
SDict begin 12 H.A end
 166 4094 a 166 4094 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-8.1) cvn H.B /DEST
pdfmark end
 166 4094
a 182 4193 a Fh(i)15 b(n)h(t)f(3)g(2)p 435 4193 25 4
v 61 w(t)76 b(i)11 b(3)g(2)23 b(;)78 b(u)15 b(i)g(n)f(t)h(3)f(2)p
1135 4193 V 59 w(t)71 b(u)6 b(3)g(2)19 b(;)166 4193 y
SDict begin H.S end

166 4193 a 166 4193 a
SDict begin 12 H.A end
 166 4193 a 166 4193 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-8.2) cvn H.B /DEST
pdfmark end
 166 4193
a 177 4293 a Fh(i)11 b(3)g(2)61 b(=)107 b(u)6 b(3)g(2)19
b(;)166 4293 y
SDict begin H.S end
 166 4293 a 166 4293 a
SDict begin 12 H.A end
 166 4293 a 166 4293
a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-8.3) cvn H.B /DEST
pdfmark end
 166 4293 a 172 4393 a Fh(u)6 b(3)g(2)57 b(=)112 b(i)11
b(3)g(2)23 b(;)p Black Black 0 4555 a Fv(as:)0 4606 y
SDict begin H.S end

0 4606 a 0 4606 a
SDict begin 13.6 H.A end
 0 4606 a 0 4606 a
SDict begin [ /View [/XYZ H.V] /Dest (lstlisting.-9) cvn H.B /DEST
pdfmark end
 0 4606 a 166 4605
a
SDict begin H.S end
 166 4605 a 166 4605 a
SDict begin 12 H.A end
 166 4605 a 166 4605 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-9.1) cvn H.B /DEST
pdfmark end
 166 4605
a 182 4705 a Fh(i)15 b(n)h(t)f(3)g(2)p 435 4705 25 4
v 61 w(t)76 b(i)11 b(3)g(2)23 b(;)78 b(u)15 b(i)g(n)f(t)h(3)f(2)p
1135 4705 V 59 w(t)71 b(u)6 b(3)g(2)19 b(;)166 4705 y
SDict begin H.S end

166 4705 a 166 4705 a
SDict begin 12 H.A end
 166 4705 a 166 4705 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-9.2) cvn H.B /DEST
pdfmark end
 166 4705
a 182 4804 a Fh(i)e(f)27 b(\()17 b(u)6 b(3)g(2)45 b Fd(>)f
Fc(2)656 4774 y Fb(31)745 4804 y Fg(\000)18 b Fc(1)10
b Fh(\))75 b(e)15 b(r)f(r)g(o)h(r)29 b(\()14 b(\))28
b(;)81 b(/)18 b(/)64 b(U)-14 b Fg(\000)-7 b Fh(S)l Fg(\000)-14
b Fh(C)-5 b(H)g(E)g(C)g(K)166 4804 y
SDict begin H.S end
 166 4804 a 166 4804
a
SDict begin 12 H.A end
 166 4804 a 166 4804 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-9.3) cvn H.B /DEST
pdfmark end
 166 4804 a 177 4904 a Fh(i)11
b(3)g(2)61 b(=)h(\()26 b(i)16 b(n)f(t)h(3)f(2)p 784 4904
25 4 v 61 w(t)27 b(\))66 b(u)6 b(3)g(2)19 b(;)166 4904
y
SDict begin H.S end
 166 4904 a 166 4904 a
SDict begin 12 H.A end
 166 4904 a 166 4904 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-9.4) cvn H.B /DEST
pdfmark end
 166 4904
a 182 5004 a Fh(i)e(f)27 b(\()21 b(i)11 b(3)g(2)50 b
Fd(<)55 b Fh(0)10 b(\))73 b(e)15 b(r)f(r)g(o)h(r)29 b(\()14
b(\))28 b(;)131 b(/)18 b(/)69 b(S)-5 b Fg(\000)-11 b
Fh(U)c Fg(\000)i Fh(C)-5 b(H)g(E)g(C)g(K)166 5004 y
SDict begin H.S end
 166
5004 a 166 5004 a
SDict begin 12 H.A end
 166 5004 a 166 5004 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-9.5) cvn H.B /DEST
pdfmark end
 166 5004 a 172
5103 a Fh(u)6 b(3)g(2)57 b(=)62 b(\()26 b(u)14 b(i)h(n)f(t)h(3)f(2)p
836 5103 25 4 v 59 w(t)26 b(\))72 b(i)11 b(3)g(2)23 b(;)p
Black Black 1927 5400 a Fv(8)p Black eop end
%%Page: 9 11
TeXDict begin 9 10 bop 0 0 a
SDict begin /product where{pop product(Distiller)search{pop pop pop
version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto
closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show
grestore}if}{pop}ifelse}{pop}ifelse}if end
 0 0 a Black 0 TeXcolorgray
0 0 a
SDict begin H.S end
 0 0 a 0 TeXcolorgray 0 TeXcolorgray 0 0 a
SDict begin H.R end
 0 0 a
0 0 a
SDict begin [ /View [/XYZ H.V] /Dest (page.9) cvn H.B /DEST pdfmark
end
 0 0 a Black Black Black 141 91 a Fv(A)27 b(formal)i(deri)n(v)n
(ation)h(sho)n(wing)f(this)g(re)n(writing)g(for)f(each)h(cast)g(is)f
(similar)g(to)g(that)h(gi)n(v)o(en)g(for)f(do)n(wn-casts)i(abo)o(v)o
(e,)0 204 y(where)36 b(the)g(main)g(dif)n(ference)j(is)c(the)i
(preconditions)j(for)e Fu(S)t Fv(-)t Fu(U)t Fv(-)t Fu(C)t(H)t(E)t(C)t
(K)i Fv(and)f Fu(U)t Fv(-)t Fu(S)t Fv(-)t Fu(C)t(H)t(E)t(C)t(K)h
Fv(are)c(satis\002ed)i(instead)f(of)2 317 y Fu(D)t Fv(-)t
Fu(C)t(H)t(E)t(C)t(K)r Fv(.)0 451 y
SDict begin H.S end
 0 451 a 0 451 a
SDict begin 13.6 H.A end
 0
451 a 0 451 a
SDict begin [ /View [/XYZ H.V] /Dest (subsection.3.3) cvn H.B /DEST
pdfmark end
 0 451 a 115 x Fw(3.3)99 b(Dynamic)25 b(Safety)g(Err)n(or)
i(Detection:)k Fa(error\(\))0 741 y Fv(Our)d(translation)j(results)f
(in)e(an)h Fi(error\(\))24 b Fv(when)29 b(a)f(cast)g(for)h(a)f
(particular)j(v)n(alue)e(will)f(be)g(unsafe.)45 b(Runtime)29
b(checks)0 854 y(ha)n(v)o(e)j(a)f(long)i(history;)k(for)32
b(e)o(xample,)i(in)d(Ja)n(v)n(a)i(the)e(sub-typing)k(rule)d(for)g
(arrays)h(of)e(subclasses)j(is)e(unsafe,)i(which)e(is)0
966 y(handled)27 b(by)e(introducing)j(dynamic)e(safety)g(checks)g([)p
0 0 1 TeXcolorrgb 1749 966 a
SDict begin H.S end
 1749 966 a 0 0 1 TeXcolorrgb
Fv(21)p 0 0 1 TeXcolorrgb 1840 904 a
SDict begin H.R end
 1840 904 a 1840
966 a
SDict begin [ /Color [0 1 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(cite.pierceBOOK:2002) cvn H.B /ANN pdfmark end
 1840 966 a Black Fv(].)32 b(In)25 b(Ja)n(v)n(a,)g(run-time)h
(safety)g(violations)i(cause)d(an)g(e)o(xception,)0 1079
y(which)i(results)g(in)g(termination)h(unless)g(caught.)38
b(Another)27 b(e)o(xample)h(is)e(di)n(vide-by-zero)k(errors)d(in)f
(C++,)g(which)h(cause)0 1192 y(uncaught)f(runtime)f(e)o(xceptions)h(in)
d(most)h(programs.)141 1305 y(At)c(a)g(high)h(le)n(v)o(el,)g(when)f(an)
h(unkno)n(wn)g(error)h(is)e(encountered)k(there)d(are)g(tw)o(o)f
(choices:)29 b(attempt)21 b(to)g(correct)h(the)e(error)0
1418 y(or)h(abort)i(e)o(x)o(ecution.)30 b(The)21 b(user)h(can)g
(de\002ne)g Fi(error\(\))17 b Fv(to)22 b(implement)h(either)f(of)g
(these)g(choices.)30 b(Of)21 b(course)i(manually)0 1531
y(\002xing)30 b(the)f(b)n(ug)h(is)f(the)h(best)g(choice,)i(b)n(ut)e
(not)f(an)h(option)g(in)g(man)o(y)f(situations.)48 b(Others)30
b(ha)n(v)o(e)g(e)o(xplored)h(aborting)h(the)0 1644 y(current)37
b(function)g([)p 0 0 1 TeXcolorrgb 659 1646 a
SDict begin H.S end
 659 1646
a 0 0 1 TeXcolorrgb -2 x Fv(29)p 0 0 1 TeXcolorrgb 750
1582 a
SDict begin H.R end
 750 1582 a 750 1644 a
SDict begin [ /Color [0 1 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(cite.sidiroglouUSENIX:2005) cvn H.B /ANN pdfmark end
 750 1644 a Black Fv(])e(or)g(returning)j
(a)c(random)i(result)h([)p 0 0 1 TeXcolorrgb 1946 1644
a
SDict begin H.S end
 1946 1644 a 0 0 1 TeXcolorrgb Fv(22)p 0 0 1 TeXcolorrgb
2037 1582 a
SDict begin H.R end
 2037 1582 a 2037 1644 a
SDict begin [ /Color [0 1 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(cite.rinardFailure:2004) cvn H.B /ANN pdfmark end
 2037 1644 a Black
Fv(])d(when)i(an)f(error)h(is)f(encountered,)41 b(which)35
b(allo)n(ws)h(the)0 1757 y(program)25 b(to)e(continue)j(e)o(x)o
(ecuting.)k(Ho)n(we)n(v)o(er)l(,)23 b(both)h(these)h(approach)h(are)d
(not)h(f)o(ail-safe,)h(and)f(thus)g(not)g(useful)h(in)e(man)o(y)0
1870 y(security-conscious)29 b(scenarios.)141 1983 y(Since)19
b(inte)o(ger)h(vulnerabilities)k(often)c(lead)f(to)g(pri)n(vile)o(ge)i
(escalation,)h(e.g.,)d(an)g(inte)o(ger)h(vulnerability)j(due)d(to)e
(casting)0 2096 y(in)33 b(OpenSSH)f(leads)i(to)e(remote)i(root)g
(access)g([)p 0 0 1 TeXcolorrgb 1578 2097 a
SDict begin H.S end
 1578 2097
a 0 0 1 TeXcolorrgb -1 x Fv(31)p 0 0 1 TeXcolorrgb 1669
2034 a
SDict begin H.R end
 1669 2034 a 1669 2096 a
SDict begin [ /Color [0 1 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(cite.opensshvuln:web) cvn H.B /ANN pdfmark end
 1669 2096 a Black Fv(],)h(we)d(belie)n
(v)o(e)i(the)f(safest)h(action)g(is)f(for)g Fi(error\(\))c
Fv(to)k(abort)h(the)0 2208 y(program.)47 b(Although)31
b(aborting)g(may)e(lead)h(to)f(denial)i(of)e(service)i(attacks,)h(it)d
(does)h(pre)n(v)o(ent)g(more)g(serious)h(problems)0 2321
y(such)23 b(as)g(pri)n(vile)o(ge)h(escalation,)i(arbitrary)f(code)e(e)o
(x)o(ecution,)i(etc.,)d(and)h(is)g(the)g(approach)i(tak)o(en)e(by)g
(similar)h(safety)f(tools,)0 2434 y(e.g.,)32 b(stack-guard)h([)p
0 0 1 TeXcolorrgb 669 2434 a
SDict begin H.S end
 669 2434 a 0 0 1 TeXcolorrgb
Fv(4)p 0 0 1 TeXcolorrgb 715 2372 a
SDict begin H.R end
 715 2372 a 715 2434
a
SDict begin [ /Color [0 1 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(cite.cowan:1998) cvn H.B /ANN pdfmark end
 715 2434 a Black Fv(].)49 b(Therefore,)34 b(we)c(currently)j(abort)e
(the)g(program)h(when)f(a)f(safety)i(violation)h(is)d(detected.)52
b(W)-7 b(e)0 2547 y(could)34 b(easily)h(change)f(this)g(to)f(print)h
(out)g(a)e(w)o(arning,)37 b(or)c(thro)n(w)g(an)g(e)o(xception)i(\(via)f
(a)f(signal)h(and)g(signal-handler\).)0 2660 y(W)-7 b(arnings)24
b(are)e(unsafe)i(because)g(the)o(y)f(do)f(not)h(pre)n(v)o(ent)g(the)g
(error)-5 b(.)29 b(Exceptions)c(may)d(be)g(interesting)j(in)d(some)h
(scenarios)0 2773 y(since)i(it)e(could)i(be)e(used)h(to)g(trigger)h
(additional)h(analysis)g(or)d(to)h(\223hack\224)h(around)g(kno)n(wn)f
(con)l(v)o(ersion)j(problems.)0 2926 y
SDict begin H.S end
 0 2926 a 0 2926
a
SDict begin 13.6 H.A end
 0 2926 a 0 2926 a
SDict begin [ /View [/XYZ H.V] /Dest (subsection.3.4) cvn H.B /DEST
pdfmark end
 0 2926 a 96 x Fw(3.4)99 b(Complex)25
b(T)-7 b(ypes)0 3196 y Ft(Structur)n(es.)33 b Fu(T)m
Fv(-)t Fu(FI)t(E)t(L)t(D)c Fv(in)24 b(T)-7 b(able)p 0 0 1
TeXcolorrgb 1100 3197 a
SDict begin H.S end
 1100 3197 a 0 0 1 TeXcolorrgb
-1 x Fv(3.1)p 0 0 1 TeXcolorrgb 1213 3134 a
SDict begin H.R end
 1213 3134
a 1213 3196 a
SDict begin [ /Color [1 0 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(subsection.3.1) cvn H.B /ANN pdfmark end
 1213 3196 a Black 23 w Fv(handles)26 b(inte)o(gral)g
(\002elds)e(within)g(structures)j(in)d(the)g(ob)o(vious)i(w)o(ay:)k(if)
23 b(the)i(type)f(of)0 3309 y(\002eld)f Fn(i)g Fv(is)h
Fn(\033)s Fv(,)e(and)i Fn(\033)29 b(<)p Fo(:)c Fn(\034)10
b Fv(,)23 b(then)h(via)g(sub-typing,)i Fn(i)d Fv(is)g(also)i(of)e(type)
h Fn(\034)10 b Fv(.)141 3422 y(F)o(or)23 b(e)o(xample,)h(in)0
3492 y
SDict begin H.S end
 0 3492 a 0 3492 a
SDict begin 13.6 H.A end
 0 3492 a 0 3492 a
SDict begin [ /View [/XYZ H.V] /Dest (lstlisting.-10) cvn H.B /DEST
pdfmark end
 0 3492 a 166
3472 a
SDict begin H.S end
 166 3472 a 166 3472 a
SDict begin 12 H.A end
 166 3472 a 166 3472 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-10.1) cvn H.B /DEST
pdfmark end
 166
3472 a 282 3572 a Fh(s)17 b(t)f(r)g(u)g(c)g(t)71 b Fg(f)d
Fh(u)14 b(i)h(n)f(t)h(3)g(2)p 1035 3572 25 4 v 59 w(t)71
b(u)6 b(3)g(2)18 b(;)78 b(u)15 b(i)f(n)h(t)g(1)f(6)p
1732 3572 V 59 w(t)71 b(u)6 b(1)g(6)19 b(;)67 b Fg(g)c
Fh(f)10 b(o)g(o)21 b(;)166 3572 y
SDict begin H.S end
 166 3572 a 166 3572
a
SDict begin 12 H.A end
 166 3572 a 166 3572 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-10.2) cvn H.B /DEST
pdfmark end
 166 3572 a 277 3671 a Fh(f)12
b(o)g(o)g(.)g(u)g(3)g(2)58 b(=)k(\()25 b(u)15 b(i)g(n)f(t)h(3)f(2)p
1135 3671 25 4 v 59 w(t)26 b(\))72 b(f)12 b(o)g(o)g(.)g(u)g(1)g(6)20
b(;)166 3671 y
SDict begin H.S end
 166 3671 a 166 3671 a
SDict begin 12 H.A end
 166 3671 a 166 3671
a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-10.3) cvn H.B /DEST
pdfmark end
 166 3671 a 277 3771 a Fh(f)12 b(o)g(o)g(.)g(u)g(1)g(6)58
b(=)k(\()25 b(u)15 b(i)g(n)f(t)h(1)f(6)p 1135 3771 25
4 v 59 w(t)26 b(\))72 b(f)12 b(o)g(o)g(.)g(u)g(3)g(2)20
b(;)p Black Black 0 3934 a Fv(In)k(the)h(\002rst)f(assignment,)i
Fi(foo.u16)20 b Fv(is)25 b(of)f(type)h Fi(uint16)p 1958
3934 28 4 v 30 w(t)p Fv(,)e(thus)i(the)f(assignment)j(is)d(a)g(safe)h
(up-cast.)32 b(Ho)n(we)n(v)o(er)l(,)24 b(in)0 4047 y(the)g(second)h
(assignment)h Fi(uint32)p 1176 4047 V 30 w(t)c Fm(6)p
Fn(<)p Fo(:)h Fi(uint16)p 1732 4047 V 30 w(t)p Fv(,)f(and)i(a)f(do)n
(wn-cast)i(check)g(must)e(be)h(inserted.)141 4159 y(Note)f(unions)i
(can)e(be)g(handled)i(in)e(a)f(manner)i(similar)f(to)i
Fu(T)m Fv(-)t Fu(FI)t(E)t(L)t(D)r Fv(:)33 b(each)23 b(union)h(\002eld)f
(member)g(is)g(declared)i(with)e(a)0 4272 y(type.)29
b(The)24 b(sub-typing)i(relationships)i(then)c(range)g(o)o(v)o(er)g
(that)g(declared)i(type.)141 4385 y Ft(Refer)n(ences)i(and)d(Der)n
(efer)n(ences.)39 b Fv(F)o(or)25 b(each)i(inte)o(gral)h(type)f
Fn(\034)10 b Fv(,)26 b(Ref)f Fn(\034)36 b Fv(denotes)28
b(the)e(type)h(of)g(a)e(pointer)j(to)e(type)h Fn(\034)10
b Fv(.)0 4498 y(Inte)o(gral)25 b(reference)h(and)e(dereferences)j(are)d
(handled)h(via)f(generic)h(typing)g(rules)i Fu(T)m Fv(-)t
Fu(R)t(E)t(F)h Fv(and)e Fu(T)m Fv(-)t Fu(D)t(E)t(R)t(E)t(F)r
Fv(,)g(respecti)n(v)o(ely)-6 b(.)143 4611 y(T)l(-)t(D)t
Fu(E)t(R)t(E)t(F)34 b Fv(in)c(T)-7 b(able)p 0 0 1 TeXcolorrgb
850 4612 a
SDict begin H.S end
 850 4612 a 0 0 1 TeXcolorrgb -1 x Fv(3.1)p
0 0 1 TeXcolorrgb 964 4549 a
SDict begin H.R end
 964 4549 a 964 4611 a
SDict begin [ /Color [1 0 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(subsection.3.1) cvn H.B /ANN pdfmark end
 964
4611 a Black 28 w Fv(states)31 b(that)f(if)f(we)g(ha)n(v)o(e)h(a)f
(pointer)i(to)e(an)h(inte)o(ger)g(type,)i(then)e(a)f(dereference)j
(yields)f(an)0 4724 y(object)25 b(of)e(the)h(pointed-to)j(type,)d
(e.g.,)e(if)i Fi(p)e Fv(is)h(of)h(type)g Fi(uint16)p
2104 4724 28 4 v 30 w(t)2238 4740 y(*)2293 4724 y Fv(,)e(then)2517
4740 y Fi(*)2572 4724 y(p)g Fv(is)i(of)f(type)h Fi(uint16)p
3345 4724 V 30 w(t)p Fv(.)k(Therefore:)0 4794 y
SDict begin H.S end
 0 4794
a 0 4794 a
SDict begin 13.6 H.A end
 0 4794 a 0 4794 a
SDict begin [ /View [/XYZ H.V] /Dest (lstlisting.-11) cvn H.B /DEST
pdfmark end
 0 4794 a 166 4774 a
SDict begin H.S end
 166
4774 a 166 4774 a
SDict begin 12 H.A end
 166 4774 a 166 4774 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-11.1) cvn H.B /DEST
pdfmark end
 166 4774 a 182
4873 a Fh(u)15 b(i)h(n)f(t)g(8)p 435 4873 25 4 v 61 w(t)70
b(v)17 b(;)78 b(u)14 b(i)h(n)f(t)h(1)g(6)p 1035 4873
V 59 w(t)68 b Fg(\003)8 b Fh(p)17 b(;)166 4873 y
SDict begin H.S end
 166
4873 a 166 4873 a
SDict begin 12 H.A end
 166 4873 a 166 4873 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-11.2) cvn H.B /DEST
pdfmark end
 166 4873 a 170
4973 a Fh(v)55 b(=)g Fg(\003)8 b Fh(p)17 b(;)p Black
Black 0 5136 a Fv(is)23 b(not)h(safe,)g(and)g(re)n(written)h(as:)p
Black 1927 5400 a(9)p Black eop end
%%Page: 10 12
TeXDict begin 10 11 bop 0 0 a
SDict begin /product where{pop product(Distiller)search{pop pop pop
version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto
closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show
grestore}if}{pop}ifelse}{pop}ifelse}if end
 0 0 a Black 0 TeXcolorgray
0 0 a
SDict begin H.S end
 0 0 a 0 TeXcolorgray 0 TeXcolorgray 0 0 a
SDict begin H.R end
 0 0 a
0 0 a
SDict begin [ /View [/XYZ H.V] /Dest (page.10) cvn H.B /DEST pdfmark
end
 0 0 a Black Black 0 0 a
SDict begin H.S end
 0 0 a 0 0 a
SDict begin 13.6 H.A end
 0 0 a 0 0 a
SDict begin [ /View [/XYZ H.V] /Dest (lstlisting.-12) cvn H.B /DEST
pdfmark end

0 0 a 166 -8 a
SDict begin H.S end
 166 -8 a 166 -8 a
SDict begin 12 H.A end
 166 -8 a 166 -8 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-12.1) cvn H.B /DEST
pdfmark end
 166
-8 a 182 91 a Fh(i)17 b(f)26 b(\()10 b Fg(\003)j Fh(p)44
b Fd(>)h Fc(2)607 61 y Fb(8)662 91 y Fg(\000)18 b Fc(1)10
b Fh(\))76 b(e)14 b(r)g(r)h(o)f(r)29 b(\()14 b(\))28
b(;)166 91 y
SDict begin H.S end
 166 91 a 166 91 a
SDict begin 12 H.A end
 166 91 a 166 91 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-12.2) cvn H.B /DEST
pdfmark end
 166
91 a 170 191 a Fh(v)55 b(=)g Fg(\003)8 b Fh(p)17 b(;)p
Black Black 141 354 a Ft(P)n(ointers.)44 b Fv(The)28
b(abo)o(v)o(e)i(rules)f(check)h(that)f(pointer)h(reads)g(and)f(writes)g
(are)f(correct)i(with)f(respect)h(to)e(the)h(declared)0
467 y(type,)f(i.e.,)f(if)g(the)g(programmer)i(writes)e(with)g(one)g
(type)h(and)g(reads)g(with)e(another)j(compatible)g(type,)g(we)d
(assume)i(it)e(is)0 579 y(intentional.)32 b(F)o(or)22
b(e)o(xample,)j(we)d(assume:)0 649 y
SDict begin H.S end
 0 649 a 0 649 a
SDict begin 13.6 H.A end

0 649 a 0 649 a
SDict begin [ /View [/XYZ H.V] /Dest (lstlisting.-13) cvn H.B /DEST
pdfmark end
 0 649 a 166 629 a
SDict begin H.S end
 166 629 a 166 629 a
SDict begin 12 H.A end

166 629 a 166 629 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-13.1) cvn H.B /DEST
pdfmark end
 166 629 a 181 729 a Fh(u)14 b(i)h(n)f(t)h(3)g(2)p
487 729 25 4 v 59 w(t)69 b Fg(\003)9 b Fh(u)d(3)g(2)19
b(;)78 b(u)14 b(i)h(n)g(t)g(1)f(6)p 1234 729 V 59 w(t)69
b Fg(\003)10 b Fh(u)c(1)g(6)18 b(;)166 729 y
SDict begin H.S end
 166 729
a 166 729 a
SDict begin 12 H.A end
 166 729 a 166 729 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-13.2) cvn H.B /DEST
pdfmark end
 166 729 a 189 829 a Fh(.)23
b(.)g(.)g(.)166 829 y
SDict begin H.S end
 166 829 a 166 829 a
SDict begin 12 H.A end
 166 829 a 166
829 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-13.3) cvn H.B /DEST
pdfmark end
 166 829 a 170 928 a Fg(\003)10 b Fh(u)c(3)g(2)57
b(=)e Fg(\003)10 b Fh(u)c(1)g(6)18 b(;)p Black Black
0 1091 a Fv(is)23 b(correct)i(since)g Fi(uint16)p 903
1091 28 4 v 30 w(t)d Fv(is)i(a)f(sub-type)j(of)d Fi(uint32)p
1921 1091 V 30 w(t)p Fv(.)141 1204 y(The)f(abo)o(v)o(e)h(assumption)h
(does)f(not)g(necessarily)i(hold,)e(i.e.,)f(the)h(programmer)g(could)h
(simply)f(ha)n(v)o(e)g(mix)o(ed)f(up)g(their)0 1317 y(types.)30
b(Safe)23 b(pointer)i(assignment)h Fr(could)h Fv(be)d(handled)h(by)f
(adding)h(the)f(standard)i(type)e(safety)h(rule:)1407
1485 y Fn(\033)k(<)p Fo(:)c Fn(\034)101 b(\034)35 b(<)p
Fo(:)25 b Fn(\033)p 1407 1509 595 4 v 1424 1587 a Fv(Ref)e
Fn(\033)29 b(<)p Fo(:)c Fv(Ref)e Fn(\034)2045 1540 y
Fv(T)l(-)t(R)t Fu(E)t(F)t Fv(S)t Fu(U)t(B)2451 1507 y
Fk(\003)0 1791 y Fv(This)28 b(rule)g(states)h(that)g(a)e(reference)j
(of)e(type)h Fn(\033)h Fv(is)e(a)f(subtype)j(of)e(a)f(reference)k(to)c
(type)i Fn(\034)37 b Fv(if)28 b Fn(\034)37 b Fv(and)28
b Fn(\033)j Fv(are)d(sub-types)i(of)0 1904 y(one)24 b(another)l(,)h
(i.e.,)e(in)g(our)h(semantics)i Fn(\034)35 b Fo(=)25
b Fn(\033)s Fv(.)141 2017 y(Ho)n(we)n(v)o(er)l(,)31 b(we)d(\002nd)h
(the)h(standard)h(type)f(safety)h(rule)f(too)g(restricti)n(v)o(e)h
(compared)g(to)f(the)f(bene\002t)h(of)g(strict)g(inte)o(ger)0
2130 y(type)24 b(safety)h(for)f(typical)h(C)d(programs.)31
b(F)o(or)22 b(e)o(xample,)k(T)l(-)t(R)t Fu(E)t(F)t Fv(S)t
Fu(U)t(B)2203 2097 y Fk(\003)2268 2130 y Fv(w)o(ould)e(disallo)n(w)h
(the)f(follo)n(wing)h(typical)g(code:)0 2200 y
SDict begin H.S end
 0 2200
a 0 2200 a
SDict begin 13.6 H.A end
 0 2200 a 0 2200 a
SDict begin [ /View [/XYZ H.V] /Dest (lstlisting.-14) cvn H.B /DEST
pdfmark end
 0 2200 a 166 2180 a
SDict begin H.S end
 166
2180 a 166 2180 a
SDict begin 12 H.A end
 166 2180 a 166 2180 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-14.1) cvn H.B /DEST
pdfmark end
 166 2180 a 42
2280 a Fh(1)97 b(u)14 b(i)h(n)f(t)h(1)g(6)p 487 2280
25 4 v 59 w(t)69 b Fg(\003)9 b Fh(u)d(1)g(6)57 b(=)k(m)10
b(a)g(l)g(l)g(o)g(c)24 b(\()12 b(1)g(0)g(\))25 b(;)166
2280 y
SDict begin H.S end
 166 2280 a 166 2280 a
SDict begin 12 H.A end
 166 2280 a 166 2280 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-14.2) cvn H.B /DEST
pdfmark end
 166
2280 a 42 2379 a Fh(2)104 b(.)21 b(.)h(.)166 2379 y
SDict begin H.S end
 166
2379 a 166 2379 a
SDict begin 12 H.A end
 166 2379 a 166 2379 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-14.3) cvn H.B /DEST
pdfmark end
 166 2379 a 42
2479 a Fh(3)97 b(u)14 b(i)h(n)f(t)h(3)g(2)p 487 2479
25 4 v 59 w(t)69 b Fg(\003)9 b Fh(u)d(3)g(2)57 b(=)g(u)6
b(1)g(6)57 b(+)e(9)17 b(;)166 2479 y
SDict begin H.S end
 166 2479 a 166 2479
a
SDict begin 12 H.A end
 166 2479 a 166 2479 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-14.4) cvn H.B /DEST
pdfmark end
 166 2479 a 42 2578 a Fh(4)98
b(u)15 b(i)h(n)f(t)g(8)p 435 2578 25 4 v 61 w(t)78 b(v)12
b(a)g(l)62 b(=)56 b Fg(\003)9 b Fh(u)d(1)g(6)19 b(;)p
Black Black 0 2741 a Fv(Clearly)j(line)g(4)g(is)f(potentially)j(unsafe)
f(since)g(the)f(8-bit)g Fi(val)d Fv(may)j(be)f(too)h(small)g(for)f(the)
h(16-bit)3111 2757 y Fi(*)3166 2741 y(u16)p Fv(.)j(Our)c(semantics)0
2854 y(without)29 b(T)l(-)t(R)t Fu(E)t(F)t Fv(S)t Fu(U)t(B)711
2821 y Fk(\003)778 2854 y Fv(will)c(insert)i(a)e(proper)i(check)g(on)f
(this)g(line.)36 b(Ho)n(we)n(v)o(er)l(,)25 b(line)h(3)g(is)f(also)i
(unsafe.)36 b(F)o(or)25 b(e)o(xample,)i(a)0 2967 y(subsequent)k(write)d
(through)h Fi(u32)d Fv(is)i(4-bytes)h(long)g(due)f(to)g(its)g(type,)h
(while)f Fi(u16+9)c Fv(only)29 b(has)f(2-bytes)i(a)n(v)n(ailable.)43
b(If)0 3080 y(we)23 b(w)o(ant)g(complete)i(safety)g(and)f(accept)j(T)l
(-)t(R)t Fu(E)t(F)t Fv(S)t Fu(U)t(B)1740 3047 y Fk(\003)1782
3080 y Fv(,)c(then)h(line)g(3)f(is)g(also)i(unsafe.)141
3193 y(W)-7 b(e)26 b(ha)n(v)o(e)i(found)g(that)g(e)n(v)o(en)f(without)h
(implementing)k(T)l(-)t(R)t Fu(E)t(F)t Fv(S)t Fu(U)t(B)2320
3160 y Fk(\003)2388 3193 y Fv(all)27 b(inte)o(ger)h(vulnerabilities)k
(we)26 b(kno)n(w)h(of)g(are)0 3306 y(protected.)j(An)19
b(informal)j(analysis)g(of)e(kno)n(wn)g(inte)o(ger)i(vulnerabilities)i
(indicates)e(the)o(y)f(arise)g(primarily)g(when)g(inte)o(gers)0
3419 y(are)k(used)h(as)f(inde)o(x)o(es)h(or)f(to)f(determine)j(the)e
(size)h(of)f(allocated)i(memory)-6 b(,)25 b(both)h(of)f(which)g(are)g
(check)o(ed)i(with)e(our)g(rules)0 3532 y(during)e(dereference.)31
b(The)21 b(o)o(v)o(erall)h(intuition)i(is)d(inte)o(ger)i
(vulnerabilities)i(arise)e(because)g(the)f(inte)o(ger)g(v)n(alue)g(is)g
(not)f(what)0 3644 y(w)o(as)i(e)o(xpected)j(in)d(a)g(localized)j
(computation.)141 3757 y(Since)d(T)l(-)t(R)t Fu(E)t(F)t
Fv(S)t Fu(U)t(B)771 3724 y Fk(\003)833 3757 y Fv(is)e(o)o(v)o(erly)g
(restricti)n(v)o(e)i(and)f(breaks)g(man)o(y)e(le)o(gitimate)j
(programs,)f(we)e(do)h(not)g(currently)j(imple-)0 3870
y(ment)g(it.)k(F)o(or)23 b(e)o(xample,)h(the)g(abo)o(v)o(e)g(rule)g(w)o
(ould)g(break)g(typical)i(netw)o(orking)g(code)e(found)h(in)e(man)o(y)h
(of)f(our)h(e)o(xamples:)0 3940 y
SDict begin H.S end
 0 3940 a 0 3940 a
SDict begin 13.6 H.A end
 0
3940 a 0 3940 a
SDict begin [ /View [/XYZ H.V] /Dest (lstlisting.-15) cvn H.B /DEST
pdfmark end
 0 3940 a 166 3920 a
SDict begin H.S end
 166 3920 a 166 3920
a
SDict begin 12 H.A end
 166 3920 a 166 3920 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-15.1) cvn H.B /DEST
pdfmark end
 166 3920 a 42 4020 a Fh(1)97
b(u)14 b(i)h(n)f(t)h(1)g(6)p 487 4020 25 4 v 59 w(t)69
b Fg(\003)13 b Fh(b)d(u)g(f)21 b(;)78 b(u)14 b(i)h(n)g(t)g(1)f(6)p
1234 4020 V 59 w(t)71 b(u)6 b(1)g(6)18 b(;)80 b(i)17
b(n)f(t)h(8)p 1828 4020 V 63 w(t)78 b(i)12 b(8)24 b(;)166
4020 y
SDict begin H.S end
 166 4020 a 166 4020 a
SDict begin 12 H.A end
 166 4020 a 166 4020 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-15.2) cvn H.B /DEST
pdfmark end
 166
4020 a 42 4119 a Fh(2)105 b(.)23 b(.)g(.)g(.)166 4119
y
SDict begin H.S end
 166 4119 a 166 4119 a
SDict begin 12 H.A end
 166 4119 a 166 4119 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-15.3) cvn H.B /DEST
pdfmark end
 166 4119
a 42 4219 a Fh(3)86 b Fg(\003)14 b Fh(b)c(u)g(f)59 b(=)j(i)12
b(8)25 b(;)81 b(/)18 b(/)74 b(a)f(i)16 b(n)h(t)f(8)p
1181 4219 25 4 v 63 w(t)68 b(=)56 b(1)64 b(b)11 b(y)g(t)g(e)76
b(i)15 b(s)79 b(w)14 b(r)g(i)g(t)g(t)g(e)h(n)166 4219
y
SDict begin H.S end
 166 4219 a 166 4219 a
SDict begin 12 H.A end
 166 4219 a 166 4219 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-15.4) cvn H.B /DEST
pdfmark end
 166 4219
a 42 4319 a Fh(4)104 b(.)21 b(.)h(.)166 4319 y
SDict begin H.S end
 166 4319
a 166 4319 a
SDict begin 12 H.A end
 166 4319 a 166 4319 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-15.5) cvn H.B /DEST
pdfmark end
 166 4319 a 42 4418
a Fh(5)88 b(u)6 b(1)g(6)57 b(=)e Fg(\003)13 b Fh(b)d(u)g(f)22
b(;)81 b(/)18 b(/)78 b(b)11 b(u)g(t)74 b(u)15 b(i)g(n)f(t)h(1)f(6)p
1433 4418 25 4 v 59 w(t)66 b(=)56 b(2)65 b(b)12 b(y)g(t)g(e)g(s)75
b(a)12 b(r)g(e)72 b(r)11 b(e)g(a)g(d)p Black Black 0
4581 a Fv(Here,)24 b Fi(buf)d Fv(is)j(intended)i(to)e(be)g(an)g
(uninterpreted)k(2-byte)e(b)n(uf)n(fer)l(,)f(where)f(reads)h(are)f
(writes)h(are)f(of)g(the)g(correct)h(though)0 4694 y(mis-matched)g
(pack)o(et)g(\002eld)f(type.)141 4807 y(It)j(appears)i(v)o(ery)e(dif)n
(\002cult)h(to)f(ensure)h(type)g(safety)g(in)f(this)h(code)f(without)h
(tagging)h(each)f(memory)f(write)g(with)g(the)0 4920
y(corresponding)32 b(type,)d(and)f(checking)i(each)e(subsequent)j
(read.)42 b(This)27 b(tagging)j(w)o(ould)e(lik)o(ely)h(incur)g(a)e
(huge)i(o)o(v)o(erhead)0 5033 y(with)20 b(what)h(appears)h(little)g
(additional)h(v)n(alue.)29 b(Ev)o(en)20 b(if)g(this)h(o)o(v)o(erhead)h
(w)o(as)e(acceptable,)k(it)c(w)o(ould)i(lik)o(ely)f(be)g(impossible)0
5145 y(to)36 b(deri)n(v)o(e)h(a)e(generic)j(rule)f(that)f(w)o(orks)h
(for)f(all)g(programs.)68 b(F)o(or)35 b(instance,)42
b(in)36 b(the)g(abo)o(v)o(e)g(e)o(xample)h(on)g(line)f(5)g(the)p
Black 1905 5400 a(10)p Black eop end
%%Page: 11 13
TeXDict begin 11 12 bop 0 0 a
SDict begin /product where{pop product(Distiller)search{pop pop pop
version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto
closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show
grestore}if}{pop}ifelse}{pop}ifelse}if end
 0 0 a Black 0 TeXcolorgray
0 0 a
SDict begin H.S end
 0 0 a 0 TeXcolorgray 0 TeXcolorgray 0 0 a
SDict begin H.R end
 0 0 a
0 0 a
SDict begin [ /View [/XYZ H.V] /Dest (page.11) cvn H.B /DEST pdfmark
end
 0 0 a Black Black 91 x Fv(programmer)24 b(may)e(ha)n(v)o(e)i(w)o
(anted)f(to)f(read)i(2)e Fi(uint8)p 1741 91 28 4 v 30
w(t)p Fv(')-5 b(s)22 b(concatenated)k(together)f(on)e(line)g(5,)f(or)g
(may)h(ha)n(v)o(e)g(w)o(anted)g(to)0 204 y(read)h(1)f
Fi(uint8)p 527 204 V 31 w(t)f Fv(and)i(cast)g(it)f(to)h(a)f
Fi(uint16)p 1513 204 V 30 w(t)p Fv(.)141 317 y(W)-7 b(e)19
b(therefore)j(do)d(not)h(use)i(T)l(-)t(R)t Fu(E)t(F)t
Fv(S)t Fu(U)t(B)1418 284 y Fk(\003)1479 317 y Fv(by)e(def)o(ault,)h(b)n
(ut)f(lea)n(v)o(e)h(it)e(as)h(an)f(optional)j(e)o(xtension.)30
b(W)-7 b(e)18 b(lea)n(v)o(e)j(as)e(an)h(area)0 430 y(for)28
b(further)i(research)g(a)d(light-weight)k(check)e(that)g(will)e(pre)n
(v)o(ent)i(inte)o(ger)h(vulnerabilities)i(that)d(arise)f(through)i
(pointer)0 543 y(casts.)f(W)-7 b(e)20 b(remark)i(that)g(an)o(y)g(such)g
(research)h(w)o(ould)f(also)g(ha)n(v)o(e)g(to)f(handle)i(casts)g(from)e
Fi(void)3087 559 y(*)3162 543 y Fv(to)g(be)g(complete)i(since)0
656 y Fi(malloc)p Fv(,)d Fi(read)p Fv(,)g Fi(write)p
Fv(,)h(etc.)28 b(all)c(return)h Fi(void)1738 672 y(*)1815
656 y Fv(which)f(are)g(then)g(cast)g(to)f(the)h(\223right\224)h(type.)0
809 y
SDict begin H.S end
 0 809 a 0 809 a
SDict begin 13.6 H.A end
 0 809 a 0 809 a
SDict begin [ /View [/XYZ H.V] /Dest (subsection.3.5) cvn H.B /DEST
pdfmark end
 0 809 a 96 x Fw(3.5)99
b(Wher)n(e)26 b(Checks)g(Ar)n(e)f(Inserted)0 1079 y Fv(A)d
(pre-processing)27 b(step)d(identi\002es)h(all)e(e)o(xpressions)j(in)d
(which)g(a)g(cast)h(is)f(needed.)30 b(This)23 b(step)g(is)g(already)i
(performed)g(by)0 1192 y(the)g(compiler:)33 b(the)26
b(type)f(of)g(each)h(e)o(xpression)h(is)e(needed)h(to)f(generate)i(the)
e(proper)h(code.)34 b(If)24 b(the)i(cast)f(is)g(not)g(e)o(xplicitly)0
1305 y(pro)o(vided)i(by)e(the)g(programmer)l(,)i(an)e(implicit)i(cast)e
(is)g(inserted)i(\(i.e.,)e(coerced\))i(by)e(the)g(compiler)-5
b(.)35 b(W)-7 b(e)24 b(then)i(perform)g(a)0 1418 y(typing)e(deri)n(v)n
(ation)h(to)d(determine)i(which)f(casts)g(are)f(safe,)h(and)g(which)g
(are)f(unsafe.)30 b(Unsafe)23 b(casts)g(are)g(re)n(written)g(via)g(the)
2 1531 y(R)t(-)t Fu(U)t(N)t(S)t(A)t(F)t(E)28 b Fv(rule.)141
1644 y(Note)f(that)h(function)h(call)e(sites)h(act)f(as)g(an)g
(assignment)i(from)e(actuals)i(to)e(formals,)h(thus)g(may)e(also)i
(need)g(a)e(check.)0 1757 y(F)o(or)d(e)o(xample,)h(in:)0
1826 y
SDict begin H.S end
 0 1826 a 0 1826 a
SDict begin 13.6 H.A end
 0 1826 a 0 1826 a
SDict begin [ /View [/XYZ H.V] /Dest (lstlisting.-16) cvn H.B /DEST
pdfmark end
 0 1826 a 166
1807 a
SDict begin H.S end
 166 1807 a 166 1807 a
SDict begin 12 H.A end
 166 1807 a 166 1807 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-16.1) cvn H.B /DEST
pdfmark end
 166
1807 a 42 1906 a Fh(1)92 b(v)10 b(o)g(i)g(d)71 b(f)22
b(\()k(u)16 b(i)f(n)g(t)h(8)p 784 1906 25 4 v 61 w(t)69
b(v)15 b(\))65 b Fg(f)57 b Fh(v)6 b(+)r(+)15 b(;)68 b
Fg(g)166 1906 y
SDict begin H.S end
 166 1906 a 166 1906 a
SDict begin 12 H.A end
 166 1906 a 166
1906 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-16.2) cvn H.B /DEST
pdfmark end
 166 1906 a 42 2006 a Fh(2)92 b(v)10 b(o)g(i)g(d)70
b(f)10 b(o)g(o)22 b(\()15 b(\))j Fg(f)166 2006 y
SDict begin H.S end
 166
2006 a 166 2006 a
SDict begin 12 H.A end
 166 2006 a 166 2006 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-16.3) cvn H.B /DEST
pdfmark end
 166 2006 a 42
2105 a Fh(3)196 b(u)15 b(i)g(n)f(t)h(1)f(6)p 587 2105
25 4 v 59 w(t)71 b(u)6 b(1)g(6)19 b(;)130 b(i)16 b(n)g(t)h(8)p
1230 2105 V 63 w(t)78 b(i)12 b(8)25 b(;)78 b(i)16 b(n)f(t)h(1)f(6)p
1830 2105 V 61 w(t)76 b(i)11 b(1)g(6)23 b(;)78 b(u)15
b(i)f(n)h(t)g(3)f(2)p 2529 2105 V 59 w(t)71 b(u)6 b(3)g(2)19
b(;)166 2105 y
SDict begin H.S end
 166 2105 a 166 2105 a
SDict begin 12 H.A end
 166 2105 a 166 2105
a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-16.4) cvn H.B /DEST
pdfmark end
 166 2105 a 42 2205 a Fh(4)193 b(f)22 b(\()17 b(u)6
b(1)g(6)16 b(\))24 b(;)166 2205 y
SDict begin H.S end
 166 2205 a 166 2205
a
SDict begin 12 H.A end
 166 2205 a 166 2205 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-16.5) cvn H.B /DEST
pdfmark end
 166 2205 a 42 2305 a Fh(5)193
b(i)12 b(8)63 b(=)f(\()71 b(\()17 b(u)6 b(1)g(6)60 b
Fg(\003)f Fh(u)6 b(3)g(2)17 b(\))62 b(+)g(i)11 b(1)g(6)70
b(\))24 b(;)167 b Fg(g)p Black Black 0 2467 a Fv(W)-7
b(e)25 b(insert)i(checks)g(on)f(line)g(5)f(to)h(mak)o(e)f(sure)i(the)f
(cast)g(of)f Fi(u16)f Fv(from)h(a)h Fi(uint16)p 2676
2467 28 4 v 30 w(t)e Fv(to)i(a)f Fi(uint8)p 3221 2467
V 30 w(t)g Fv(is)g(safe.)36 b(W)-7 b(e)25 b(will)0 2580
y(also)i(check)h(the)f(sub-e)o(xpression)k(on)c(line)g(5.)38
b(Note)27 b(that)g(on)g(line)h(5)e(the)h(right-hand)j(side)d(has)g(a)f
(mix)h(of)g(unsigned)i(and)0 2693 y(signed)c(inte)o(gers.)30
b Fi(foo)22 b Fv(is)h(re)n(written)i(as:)0 2763 y
SDict begin H.S end
 0 2763
a 0 2763 a
SDict begin 13.6 H.A end
 0 2763 a 0 2763 a
SDict begin [ /View [/XYZ H.V] /Dest (lstlisting.-17) cvn H.B /DEST
pdfmark end
 0 2763 a 166 2743 a
SDict begin H.S end
 166
2743 a 166 2743 a
SDict begin 12 H.A end
 166 2743 a 166 2743 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-17.1) cvn H.B /DEST
pdfmark end
 166 2743 a 188
2843 a Fh(.)c(.)h(.)166 2843 y
SDict begin H.S end
 166 2843 a 166 2843 a
SDict begin 12 H.A end

166 2843 a 166 2843 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-17.2) cvn H.B /DEST
pdfmark end
 166 2843 a 232 2942 a Fh(i)17 b(f)27
b(\()17 b(u)6 b(1)g(6)45 b Fd(>)f Fc(2)706 2912 y Fb(8)761
2942 y Fg(\000)18 b Fc(1)11 b Fh(\))75 b(e)15 b(r)f(r)g(o)g(r)29
b(\()15 b(\))28 b(;)166 2942 y
SDict begin H.S end
 166 2942 a 166 2942 a
SDict begin 12 H.A end

166 2942 a 166 2942 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-17.3) cvn H.B /DEST
pdfmark end
 166 2942 a 227 3042 a Fh(f)22 b(\()17
b(u)6 b(1)g(6)16 b(\))24 b(;)166 3042 y
SDict begin H.S end
 166 3042 a 166
3042 a
SDict begin 12 H.A end
 166 3042 a 166 3042 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-17.4) cvn H.B /DEST
pdfmark end
 166 3042 a 232 3142 a Fh(i)17
b(f)27 b(\()75 b(\()14 b(\()21 b(u)6 b(1)g(6)59 b Fg(\003)h
Fh(u)6 b(3)g(2)16 b(\))62 b(+)g(i)11 b(1)g(6)21 b(\))51
b Fd(>)44 b Fc(2)1553 3111 y Fb(7)1608 3142 y Fg(\000)18
b Fc(1)11 b Fh(\))75 b(e)14 b(r)h(r)f(o)g(r)29 b(\()15
b(\))27 b(;)166 3142 y
SDict begin H.S end
 166 3142 a 166 3142 a
SDict begin 12 H.A end
 166 3142
a 166 3142 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-17.5) cvn H.B /DEST
pdfmark end
 166 3142 a 228 3241 a Fh(i)12 b(8)62 b(=)g(\()27
b(i)17 b(n)f(t)h(8)p 732 3241 25 4 v 63 w(t)28 b(\))75
b(\()14 b(\()76 b(\()25 b(u)15 b(i)g(n)f(t)h(3)f(2)p
1433 3241 V 59 w(t)26 b(\))67 b(u)6 b(1)g(6)59 b Fg(\003)h
Fh(u)6 b(3)g(2)16 b(\))62 b(+)g(\()26 b(u)14 b(i)h(n)f(t)h(3)g(2)p
2629 3241 V 59 w(t)26 b(\))21 b(i)11 b(1)g(6)21 b(\))j(;)p
Black Black 0 3464 a
SDict begin H.S end
 0 3464 a 0 3464 a
SDict begin 13.6 H.A end
 0 3464 a 0 3464
a
SDict begin [ /View [/XYZ H.V] /Dest (section.4) cvn H.B /DEST pdfmark
end
 0 3464 a 120 x Fx(4)119 b(Implementation)30 b(and)h(Ev)o(aluation)0
3702 y
SDict begin H.S end
 0 3702 a 0 3702 a
SDict begin 13.6 H.A end
 0 3702 a 0 3702 a
SDict begin [ /View [/XYZ H.V] /Dest (subsection.4.1) cvn H.B /DEST
pdfmark end
 0 3702 a 92
x Fw(4.1)99 b(Implementation)0 3968 y Fv(W)-7 b(e)36
b(ha)n(v)o(e)h(implemented)h(a)e(tool)i(called)g(PICK)70
b(\(Pre)n(v)o(enti)n(v)o(e)38 b(Inte)o(ger)g(Checks\))f(which)g
(automatically)j(inserts)e(the)0 4081 y(necessary)30
b(checks)e(to)f(pre)n(v)o(ent)h(inte)o(ger)h(casting)g
(vulnerabilities.)43 b(PICK)52 b(is)27 b(implemented)i(using)f(CIL)e([)
p 0 0 1 TeXcolorrgb 3462 4082 a
SDict begin H.S end
 3462 4082 a 0 0 1 TeXcolorrgb
-1 x Fv(16)p 0 0 1 TeXcolorrgb 3553 4019 a
SDict begin H.R end
 3553 4019
a 3553 4081 a
SDict begin [ /Color [0 1 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(cite.neculaCIL:2002) cvn H.B /ANN pdfmark end
 3553 4081 a Black Fv(,)p 0 0 1 TeXcolorrgb
3602 4082 a
SDict begin H.S end
 3602 4082 a 0 0 1 TeXcolorrgb -1 x Fv(17)p
0 0 1 TeXcolorrgb 3693 4019 a
SDict begin H.R end
 3693 4019 a 3693 4081 a
SDict begin [ /Color [0 1 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(cite.CIL:2005) cvn H.B /ANN pdfmark end

3693 4081 a Black Fv(],)h(a)f(C)0 4194 y(analysis)i(and)e
(source-to-source)31 b(translation)e(frame)n(w)o(ork)e(written)g(in)f
(OCaml.)34 b(CIL)25 b(tak)o(es)i(as)f(input)h(the)f(source)h(code)0
4307 y(to)c(a)g(program,)h(performs)g(se)n(v)o(eral)h
(semantic-preserving)j(simpli\002cations,)e(and)d(then)h(produces)i(a)c
(typed)j(intermediate)0 4420 y(representation)k(\(IR\).)c(Our)f
(analysis)j(is)e(performed)i(on)e(the)h(IR,)d(which)j(is)f(then)g
(\223unparsed\224)k(by)c(CIL)e(and)j(written)g(to)f(a)0
4533 y(\002le.)37 b(The)25 b(resulting)k(\002le)d(is)g(C)f(source)j
(code)f(containing)j(the)c(necessary)j(checks,)g(which)d(can)h(then)g
(be)f(compiled)i(with)0 4646 y(an)o(y)c(standard)h(C)e(compiler)-5
b(.)141 4759 y(W)e(e)24 b(use)g(the)h(type)g(symbol)g(table)g(pro)o
(vided)i(by)d(CIL)f(to)h(decide)i(when)f(to)f(insert)h(the)g
(appropriate)j(checks)d(as)g(gi)n(v)o(en)0 4872 y(by)j(the)g(rules)h
(in)f(Section)p 0 0 1 TeXcolorrgb 858 4873 a
SDict begin H.S end
 858 4873
a 0 0 1 TeXcolorrgb -1 x Fv(3)p 0 0 1 TeXcolorrgb 904
4810 a
SDict begin H.R end
 904 4810 a 904 4872 a
SDict begin [ /Color [1 0 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(section.3) cvn H.B /ANN pdfmark end
 904 4872 a Black Fv(.)41
b(Note)28 b(our)g(analysis)i(is)e(at)g(the)g(e)o(xpression)j(le)n(v)o
(el,)e(and)f(therefore)j(does)d(not)h(require)g(intra)0
4984 y(or)g(inter)n(-procedural)35 b(analysis,)e(i.e.,)d(we)e(do)i(not)
g(need)g(to)g(mer)n(ge)g(all)f(\002les)h(together)-5
b(.)48 b(As)29 b(a)g(result,)j(the)e(o)o(v)o(erhead)h(for)0
5097 y(analyzing)26 b(the)e(code)g(and)g(introducing)j(the)d(proper)h
(checks)g(is)f(ne)o(gligible.)31 b(The)23 b(steps)h(tak)o(en)h(by)f
(PICK)44 b(are:)p Black 1905 5400 a(11)p Black eop end
%%Page: 12 14
TeXDict begin 12 13 bop 0 0 a
SDict begin /product where{pop product(Distiller)search{pop pop pop
version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto
closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show
grestore}if}{pop}ifelse}{pop}ifelse}if end
 0 0 a Black 0 TeXcolorgray
0 0 a
SDict begin H.S end
 0 0 a 0 TeXcolorgray 0 TeXcolorgray 0 0 a
SDict begin H.R end
 0 0 a
0 0 a
SDict begin [ /View [/XYZ H.V] /Dest (page.12) cvn H.B /DEST pdfmark
end
 0 0 a Black Black Black 236 79 a Fv(Name)p 943
113 4 113 v 541 w(V)-7 b(uln)p 1217 113 V 101 w(#)25
b(S)t(-)t(U)t(-)t(C)t Fu(H)t(E)t(C)t(K)p 1861 113 V 105
w Fv(#)g(U)t(-)t(S)t(-)t(C)t Fu(H)t(E)t(C)t(K)p 2505
113 V 105 w Fv(#)g Fu(D)t Fv(-)t(C)t Fu(H)t(E)t(C)t(K)p
3046 113 V 103 w Fv(#)e(Full)p 3360 113 V 101 w(#)g(T)-7
b(otal)p 3713 113 V 186 116 3529 4 v 236 195 a(Apache)24
b(2.0.35)p 943 229 4 113 v 232 w(Y)p 1217 229 V 209 w(2058)p
1861 229 V 464 w(1120)p 2505 229 V 464 w(368)p 3046 229
V 405 w(368)p 3360 229 V 180 w(3914)p 3713 229 V 186
232 3529 4 v 236 311 a(Bash)f(1.14.6)p 943 345 4 113
v 328 w(Y)p 1217 345 V 209 w(160)p 1861 345 V 509 w(370)p
2505 345 V 509 w(92)p 3046 345 V 450 w(5)p 3360 345 V
270 w(627)p 3713 345 V 186 349 3529 4 v 236 428 a(Coreutils)i(5.0)p
943 462 4 113 v 289 w(Y)p 1217 462 V 209 w(461)p 1861
462 V 509 w(252)p 2505 462 V 509 w(113)p 3046 462 V 405
w(34)p 3360 462 V 225 w(860)p 3713 462 V 186 465 3529
4 v 236 544 a(ML)-8 b(T)i(erm)21 b(2.9.1)p 943 578 4
113 v 236 w(Y)p 1217 578 V 209 w(853)p 1861 578 V 509
w(1143)p 2505 578 V 464 w(417)p 3046 578 V 405 w(442)p
3360 578 V 180 w(2855)p 3713 578 V 186 581 3529 4 v 236
660 a(OpenSSH)h(2.2.0p2)p 943 694 4 113 v 101 w(Y)p 1217
694 V 209 w(320)p 1861 694 V 509 w(281)p 2505 694 V 509
w(33)p 3046 694 V 450 w(43)p 3360 694 V 225 w(677)p 3713
694 V 186 697 3529 4 v 236 776 a(Gzip)h(1.2.4)p 943 810
4 113 v 378 w(N)p 1217 810 V 209 w(203)p 1861 810 V 509
w(270)p 2505 810 V 509 w(36)p 3046 810 V 450 w(97)p 3360
810 V 225 w(606)p 3713 810 V 186 814 3529 4 v 236 893
a(OpenSSL)f(0.9.7)p 943 927 4 113 v 201 w(N)p 1217 927
V 209 w(2647)p 1861 927 V 464 w(1124)p 2505 927 V 464
w(826)p 3046 927 V 405 w(373)p 3360 927 V 180 w(4997)p
3713 927 V 186 930 3529 4 v 0 1083 a(T)-7 b(able)36 b(3:)p
0 TeXcolorgray 359 970 a
SDict begin H.S end
 359 970 a 0 TeXcolorgray 0 TeXcolorgray
359 970 a
SDict begin H.R end
 359 970 a 359 970 a
SDict begin [ /View [/XYZ H.V] /Dest (table.3) cvn H.B /DEST pdfmark
end
 359 970 a Black 361 1083
a Fv(S)t(-)t(U)t(-)t(C)t Fu(H)t(E)t(C)t(K)k Fv(\()r(U)t(-)t(S)t(-)t(C)t
Fu(H)t(E)t(C)t(K)r Fv(\))f(is)d(the)g(number)h(of)f(signed)i(to)e
(unsigned)i(\(unsigned)h(to)d(signed\))i(checks)0 1196
y(inserted.)49 b Fu(D)t Fv(-)t(C)t Fu(H)t(E)t(C)t(K)32
b Fv(is)c(the)i(number)f(of)g(do)n(wn-cast)i(checks)f(inserted.)47
b(F)o(ull)30 b(is)e(the)h(number)h(of)f(places)h(both)g(a)e(sign)0
1309 y(check)21 b(and)g(do)n(wn-cast)h(check)f(are)f(inserted.)30
b(This)20 b(e)o(xperiment)i(sho)n(ws)e(potential)j(inte)o(ger)e
(vulnerabilities)k(are)20 b(rampant)0 1422 y(in)j(code.)p
Black 0 1585 a
SDict begin H.S end
 0 1585 a 0 1585 a
SDict begin 13.6 H.A end
 0 1585 a 0 1585 a
SDict begin [ /View [/XYZ H.V] /Dest (Item.5) cvn H.B /DEST pdfmark
end
 0
1585 a Black 114 1677 a Fv(1.)p Black 45 w(Pre-process)j(the)d(input,)h
(e.g.,)f(inline)h Fi(#include)19 b Fv(statements,)25
b(e)o(xpand)f(macros,)g(etc.)29 b(CIL)21 b(performs)k(this)f(step)227
1790 y(automatically)j(by)d(in)l(v)n(oking)i(the)e(C)e(pre-processor)-5
b(.)0 1809 y
SDict begin H.S end
 0 1809 a 0 1809 a
SDict begin 13.6 H.A end
 0 1809 a 0 1809 a
SDict begin [ /View [/XYZ H.V] /Dest (Item.6) cvn H.B /DEST pdfmark
end
 0 1809
a Black 114 1903 a Fv(2.)p Black 45 w(Create)25 b(a)g(typing)h(store)f
(which)g(maps)g(all)g(e)o(xpressions)j(and)d(statements)h(to)f(a)f
(type.)33 b(Insert)26 b(implicit)g(casts)f(when)227 2015
y(necessary)-6 b(,)24 b(e.g.,)d(in)g(an)h(e)o(xpression)h(of)f(mix)o
(ed)f(types,)h(a)f(statement)i(where)f(the)f(type)h(of)f(the)h(lhs)f
(is)g(dif)n(ferent)i(from)227 2128 y(that)h(of)g(the)g(rhs,)f(etc.)29
b(CIL)22 b(performs)j(this)f(step)g(automatically)-6
b(.)0 2148 y
SDict begin H.S end
 0 2148 a 0 2148 a
SDict begin 13.6 H.A end
 0 2148 a 0 2148 a
SDict begin [ /View [/XYZ H.V] /Dest (Item.7) cvn H.B /DEST pdfmark
end
 0 2148
a Black 114 2241 a Fv(3.)p Black 45 w(F)o(or)23 b(each)h(cast,)g(both)g
(e)o(xplicit)h(or)f(implicit,)g(perform)h(the)f(follo)n(wing)h(steps:)0
2306 y
SDict begin H.S end
 0 2306 a 0 2306 a
SDict begin 13.6 H.A end
 0 2306 a 0 2306 a
SDict begin [ /View [/XYZ H.V] /Dest (Item.8) cvn H.B /DEST pdfmark
end
 0 2306 a Black
281 2415 a Fv(\(a\))p Black 46 w(In)f(cast)g Fo(\()p
Fn(\034)10 b Fo(\))p Fn(e)p Fv(,)23 b Fn(\034)33 b Fv(is)23
b(the)h(cast)g(type)h(and)f(let)f Fn(\033)j Fv(be)e(the)g(type)g(of)f
(the)h(e)o(xpression)i Fn(e)p Fv(.)p Black 506 2566 a
Fm(\017)p Black 46 w Fv(If)c Fn(\033)28 b Fm(6)p Fn(<)p
Fo(:)d Fn(\034)10 b Fv(,)21 b(create)i(a)e(check)i Fn(c)p
Fv(.)k(Insert)c(the)f(check)h(just)f(prior)g(to)g(the)f(e)n(v)n
(aluation)j(of)e Fn(e)f Fv(\(e.g.,)g(on)h(the)g(line)597
2679 y(before)j Fn(e)p Fv(\).)p Black 506 2808 a Fm(\017)p
Black 46 w Fv(If)f Fn(\033)k(<)p Fo(:)d Fn(\034)10 b
Fv(,)23 b(do)g(nothing.)p Black 506 2936 a Fm(\017)p
Black 46 w Fv(If)h Fn(e)h Fe( )g Fn(e)906 2903 y Fk(0)953
2936 y Fv(where)e Fn(e)1239 2903 y Fk(0)1286 2936 y Fv(is)g(some)h
(sub-e)o(xpression,)j(then)e(recurse)g(and)f(apply)g(typing)i(rules)e
(on)g Fn(e)3627 2903 y Fk(0)3650 2936 y Fv(.)0 3017 y
SDict begin H.S end

0 3017 a 0 3017 a
SDict begin 13.6 H.A end
 0 3017 a 0 3017 a
SDict begin [ /View [/XYZ H.V] /Dest (Item.9) cvn H.B /DEST pdfmark
end
 0 3017 a Black 114
3110 a Fv(4.)p Black 45 w(Insert)h(the)f Fi(error\(\))19
b Fv(function,)26 b(which)e(in)f(our)h(implementation)j(calls)d
Fi(exit\(-42\))p Fv(.)141 3293 y(W)-7 b(e)18 b(perform)i(all)e(our)h
(tests)h(under)g(Linux,)f(using)h(gcc)f(3.4,)h(though)g(CIL)d(and)i
(our)g(transformations)k(w)o(ork)c(also)g(under)0 3406
y(other)28 b(operating)h(systems)f(and)f(compilers)h(such)g(as)e(MSVC)f
(under)i(W)l(indo)n(ws.)39 b(Our)26 b(CIL)g(module)h(is)g
(approximately)0 3519 y(500)d(lines)h(of)e(OCaml.)0 3652
y
SDict begin H.S end
 0 3652 a 0 3652 a
SDict begin 13.6 H.A end
 0 3652 a 0 3652 a
SDict begin [ /View [/XYZ H.V] /Dest (subsection.4.2) cvn H.B /DEST
pdfmark end
 0 3652 a 115 x
Fw(4.2)99 b(Ev)o(aluation)0 3941 y Fv(W)-7 b(e)35 b(perform)i(tw)o(o)f
(quantitati)n(v)o(e)i(e)o(xperiments:)57 b(measuring)38
b(the)e(number)h(of)f(checks)h(that)g(need)f(to)g(be)g(inserted)i(in)0
4054 y(v)n(arious)25 b(programs,)h(and)e(measuring)i(the)e(o)o(v)o
(erhead)i(of)d(the)i(inserted)h(checks.)31 b(W)-7 b(e)23
b(also)h(pro)o(vide)i(qualitati)n(v)o(e)g(e)n(vidence)0
4167 y(of)d(the)h(type)h(of)e(common)h(unsafe)h(and)f(unportable)i
(inte)o(ger)f(e)o(xpressions)i(within)d(code.)0 4319
y
SDict begin H.S end
 0 4319 a 0 4319 a
SDict begin 13.6 H.A end
 0 4319 a 0 4319 a
SDict begin [ /View [/XYZ H.V] /Dest (subsubsection.4.2.1) cvn H.B
/DEST pdfmark end
 0 4319 a 93 x Ft(4.2.1)92
b(Number)22 b(of)h(checks)g(inserted)0 4586 y Fv(W)-7
b(e)26 b(ran)h(PICK)52 b(on)27 b(a)g(number)g(of)g(programs)i(to)e
(measure)h(ho)n(w)e(frequently)k(potential)g(inte)o(ger)e
(vulnerabilities)j(occur)-5 b(.)0 4699 y(T)e(able)p 0 0 1
TeXcolorrgb 229 4700 a
SDict begin H.S end
 229 4700 a 0 0 1 TeXcolorrgb -1
x Fv(3)p 0 0 1 TeXcolorrgb 274 4637 a
SDict begin H.R end
 274 4637 a 274
4699 a
SDict begin [ /Color [1 0 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(table.3) cvn H.B /ANN pdfmark end
 274 4699 a Black 30 w Fv(lists)31 b(our)f(results.)50
b(The)30 b(table)h(includes)h(the)f(program)g(name,)g(whether)h(there)f
(is)f(a)f(pre)n(viously)k(kno)n(wn)e(vul-)0 4812 y(nerability)d(or)d
(not,)h(and)g(the)f(number)h(of)f(do)n(wn-casts)j(and)d(sign)h(con)l(v)
o(ersion)j(checks)d(that)g(were)f(inserted.)36 b(W)-7
b(e)24 b(include)0 4925 y(non-vulnerable)35 b(programs)e(into)e(the)h
(analysis)h(to)e(get)g(a)f(sense)i(of)f(ho)n(w)f(man)o(y)h(checks)i
(need)e(be)g(inserted)i(for)e(man)o(y)0 5038 y(dif)n(ferent)i(kinds)g
(of)e(softw)o(are.)54 b(The)33 b(S)t(-)t(U)t(-)t(C)t(H)t(E)t(C)t(K)i
(column)d(indicates)i(the)e(number)g(of)f(signed-unsigned)37
b(checks,)2 5151 y(U)t(-)t(S)t(-)t(C)t(H)t(E)t(C)t(K)26
b(the)c(number)h(of)f(unsigned-signed)27 b(checks,)d(and)g(D)t(-)t(C)t
(H)t(E)t(C)t(K)h(the)d(number)h(of)f(do)n(wn-casting)j(checks.)p
Black 1905 5400 a(12)p Black eop end
%%Page: 13 15
TeXDict begin 13 14 bop 0 0 a
SDict begin /product where{pop product(Distiller)search{pop pop pop
version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto
closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show
grestore}if}{pop}ifelse}{pop}ifelse}if end
 0 0 a Black 0 TeXcolorgray
0 0 a
SDict begin H.S end
 0 0 a 0 TeXcolorgray 0 TeXcolorgray 0 0 a
SDict begin H.R end
 0 0 a
0 0 a
SDict begin [ /View [/XYZ H.V] /Dest (page.13) cvn H.B /DEST pdfmark
end
 0 0 a Black Black 91 x Fv(The)22 b(last)h(column)h(is)e(the)h
(total)g(number)h(of)e(checks.)30 b(The)23 b(\223Full\224)g(column)g
(indicates)i(the)e(number)g(of)g(full)g(range)h(checks)0
204 y(where)g(both)g(a)f(do)n(wn-cast)i(and)f(a)f(sign)i(con)l(v)o
(ersion)h(tak)o(e)f(place)f(in)g(the)f(same)h(instruction.)141
317 y(A)e(\223Full\224)h(check)h(occurs)g(when)f(the)g(typing)h(rules)g
(are)f(recursi)n(v)o(ely)i(applied)f(resulting)i(in)c(both)i(a)e(sign)i
(check)f(and)h(a)0 430 y(do)n(wn-cast)g(check.)30 b(As)21
b(a)h(result,)i(a)e(full)h(check)g(may)g(require)h(tw)o(o)e(comparison)
j(with)d(both)h(an)g(upper)g(and)g(lo)n(wer)g(bound)0
543 y(of)g(the)h(resulting)i(inte)o(ger)f(type.)k(F)o(or)23
b(e)o(xample:)0 610 y
SDict begin H.S end
 0 610 a 0 610 a
SDict begin 13.6 H.A end
 0 610 a 0 610 a
SDict begin [ /View [/XYZ H.V] /Dest (lstlisting.-18) cvn H.B /DEST
pdfmark end

0 610 a 166 591 a
SDict begin H.S end
 166 591 a 166 591 a
SDict begin 12 H.A end
 166 591 a 166 591
a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-18.1) cvn H.B /DEST
pdfmark end
 166 591 a 231 690 a Fh(u)16 b(i)f(n)g(t)h(8)p 485 690
25 4 v 61 w(t)71 b(u)6 b(8)17 b(;)79 b(i)16 b(n)f(t)h(1)f(6)p
1083 690 V 61 w(t)76 b(i)11 b(1)g(6)23 b(;)166 690 y
SDict begin H.S end

166 690 a 166 690 a
SDict begin 12 H.A end
 166 690 a 166 690 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-18.2) cvn H.B /DEST
pdfmark end
 166 690 a 221
790 a Fh(u)6 b(8)56 b(=)62 b(i)11 b(1)g(6)23 b(;)p Black
Black 0 950 a Fv(A)i(full)i(check)h(is)e(needed)j(here)e(because)h
Fi(i16)d Fv(may)h(be)g(signed)i Fr(or)h Fv(too)e(lar)n(ge)h(for)e(type)
i Fi(uint8)p 3143 950 28 4 v 30 w(t)p Fv(.)37 b(The)26
b(full)h(check)g(is)0 1063 y Fi(i16)53 b Fn(>)25 b Fo(0)55
b Fi(&&)f(i16)f Fn(<)25 b Fo(2)937 1030 y Fj(8)997 1063
y Fm(\000)20 b Fo(1)p Fv(.)141 1176 y(Our)35 b(e)o(xperiments)i
(indicate)h(that)e(potential)h(inte)o(ger)g(vulnerabilities)j(and)35
b(b)n(ugs)i(are)e(rampant)i(in)e(source)i(code.)0 1289
y(These)31 b(numbers)h(also)g(support)h(the)e(idea)h(that)f(issuing)i
(compile-time)g(w)o(arnings)f(is)f(not)h(practical)h(due)e(to)g(the)g
(sheer)0 1402 y(number)24 b(of)g(casts,)g(supporting)j(our)d(run-time)g
(check)h(approach.)0 1554 y
SDict begin H.S end
 0 1554 a 0 1554 a
SDict begin 13.6 H.A end
 0 1554
a 0 1554 a
SDict begin [ /View [/XYZ H.V] /Dest (subsubsection.4.2.2) cvn H.B
/DEST pdfmark end
 0 1554 a 93 x Ft(4.2.2)92 b(Err)n(or)24 b(Analysis)0
1821 y Fv(F)o(or)k(vulnerable)j(programs,)g(we)d(con\002rmed)h(that)g
(the)g(checks)h(pre)n(v)o(ented)h(all)e(vulnerable)i(programs)f(from)f
(being)g(e)o(x-)0 1934 y(ploitable,)i(i.e.,)e(zero)g(f)o(alse)g(ne)o
(gati)n(v)o(es.)44 b(This)28 b(is)g(e)o(xpected)i(since)f(our)f
(approach)j(results)f(in)e(type-safe)i(inte)o(ger)g(opera-)0
2047 y(tions.)e(Most)20 b(vulnerabilities)k(seem)19 b(to)h(be)f(due)h
(to)g(do)n(wn-casts,)i(while)d(most)h(portability)j(b)n(ugs)d(seem)g
(due)g(to)f(signedness)0 2160 y(con)l(v)o(ersions.)42
b(Our)26 b(analysis)j(unco)o(v)o(ered)g(11)e(additional)i(portability)h
(b)n(ugs)e(in)e(OpenSSH,)g(and)h(1)f(in)h(gzip.)39 b(One)26
b(com-)0 2273 y(mon)e(problem)h(we)e(found)i(is)e(programmers)j(e)o
(xpect)f(type)f(char)h(to)e(be)h(analogous)j(to)c(a)h(byte.)30
b(Ho)n(we)n(v)o(er)l(,)23 b(C99)h(speci\002es)0 2386
y(only)e Fr(unsigned)j Fv(char')-5 b(s)23 b(are)e(analogous)i(to)e(a)f
(byte)i(\(Section)p 0 0 1 TeXcolorrgb 1940 2387 a
SDict begin H.S end
 1940
2387 a 0 0 1 TeXcolorrgb -1 x Fv(2.1)p 0 0 1 TeXcolorrgb
2054 2324 a
SDict begin H.R end
 2054 2324 a 2054 2386 a
SDict begin [ /Color [1 0 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(subsection.2.1) cvn H.B /ANN pdfmark end
 2054 2386 a Black
Fv(\).)27 b(This)21 b(particular)i(problem)f(is)f(cited)g(by)g(others)i
(such)e(as)0 2499 y([)p 0 0 1 TeXcolorrgb 30 2500 a
SDict begin H.S end
 30
2500 a 0 0 1 TeXcolorrgb -1 x Fv(7)p 0 0 1 TeXcolorrgb
76 2438 a
SDict begin H.R end
 76 2438 a 76 2499 a
SDict begin [ /Color [0 1 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(cite.Ctopten:web) cvn H.B /ANN pdfmark end
 76 2499 a Black Fv(,)p
0 0 1 TeXcolorrgb 122 2500 a
SDict begin H.S end
 122 2500 a 0 0 1 TeXcolorrgb
-1 x Fv(6)p 0 0 1 TeXcolorrgb 168 2437 a
SDict begin H.R end
 168 2437 a 168
2499 a
SDict begin [ /Color [0 1 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(cite.darnell:book) cvn H.B /ANN pdfmark end
 168 2499 a Black Fv(,)p 0 0 1 TeXcolorrgb 214
2500 a
SDict begin H.S end
 214 2500 a 0 0 1 TeXcolorrgb -1 x Fv(25)p 0 0 1
TeXcolorrgb 305 2437 a
SDict begin H.R end
 305 2437 a 305 2499 a
SDict begin [ /Color [0 1 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(cite.seacord:book) cvn H.B /ANN pdfmark end
 305 2499
a Black Fv(])k(,)f(often)h(as)g(a)f(member)h(of)g(the)g(top)g(20)g(in)f
(C)g(b)n(ugs.)33 b(In)25 b(each)g(case)h(we)e(modi\002ed)h(the)g
(source)h(code)f(to)g(remo)o(v)o(e)0 2612 y(otherwise)g(implicit)g(and)
f(compiler)n(-speci\002c)j(casts)p 0 0 1 TeXcolorrgb
1687 2612 a
SDict begin H.S end
 1687 2612 a -33 x Fq(6)1725 2612 y
SDict begin 13.6 H.L end
 1725 2612
a 1725 2612 a
SDict begin [ /Subtype /Link /Dest (Hfootnote.6) cvn /H /I /Border
[0 0 0] /Color [1 0 0] H.B /ANN pdfmark end
 1725 2612 a Black Fv(.)141 2724 y(In)20
b(all)f(our)h(e)o(xperiments,)j(we)18 b(only)j(found)g(1)e(e)o(xample)h
(of)g(a)f(f)o(alse)h(positi)n(v)o(e)h(\226)f(a)f(check)i(inserted)g
(that)f(f)o(ails)h(at)e(runtime)0 2837 y(b)n(ut)24 b(w)o(as)f(not)h
(needed)h(\226)f(in)f(bash)h(1.14.6.)30 b(The)23 b(rele)n(v)n(ant)i
(code)f(is:)0 2886 y
SDict begin H.S end
 0 2886 a 0 2886 a
SDict begin 13.6 H.A end
 0 2886 a 0 2886
a
SDict begin [ /View [/XYZ H.V] /Dest (lstlisting.-19) cvn H.B /DEST
pdfmark end
 0 2886 a 166 2885 a
SDict begin H.S end
 166 2885 a 166 2885 a
SDict begin 12 H.A end
 166 2885
a 166 2885 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-19.1) cvn H.B /DEST
pdfmark end
 166 2885 a 42 2985 a Fh(1)92 b(v)10 b(o)g(i)g(d)74
b(r)14 b(e)g(m)f(o)h(v)f(e)p 767 2985 25 4 v 58 w(t)h(r)g(a)f(i)i(l)f
(i)g(n)f(g)p 1163 2985 V 58 w(w)g(h)h(i)g(t)g(e)g(s)g(p)g(a)g(c)f(e)25
b(\()72 b(c)11 b(h)g(a)g(r)65 b Fg(\003)20 b Fh(u)15
b(s)h(e)g(r)g(s)g(t)g(r)27 b(\))64 b Fg(f)166 2985 y
SDict begin H.S end

166 2985 a 166 2985 a
SDict begin 12 H.A end
 166 2985 a 166 2985 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-19.2) cvn H.B /DEST
pdfmark end
 166 2985
a 42 3084 a Fh(2)197 b(i)16 b(n)f(t)78 b(i)65 b(=)j(s)16
b(t)h(r)f(l)g(e)g(n)27 b(\()g(u)15 b(s)h(e)g(r)g(s)g(t)g(r)27
b(\))50 b Fg(\000)f Fh(1)17 b(;)181 b(/)18 b(/)84 b(s)16
b(t)h(r)f(l)g(e)g(n)81 b(r)14 b(e)h(t)g(u)f(r)g(n)h(s)72
b(a)7 b(n)67 b(u)11 b(n)g(s)g(i)g(g)g(n)g(e)g(d)73 b(i)15
b(n)f(t)h(e)g(g)f(e)h(r)166 3084 y
SDict begin H.S end
 166 3084 a 166 3084
a
SDict begin 12 H.A end
 166 3084 a 166 3084 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-19.3) cvn H.B /DEST
pdfmark end
 166 3084 a 42 3184 a Fh(3)192
b(w)11 b(h)g(i)g(l)g(e)21 b(\()j(i)53 b Fd(>)c Fh(0)44
b(&)-10 b(&)51 b(w)12 b(h)g(i)g(t)g(e)g(s)g(p)g(a)g(c)g(e)19
b(\()27 b(s)15 b(t)h(r)g(i)f(n)h(g)26 b([)e(i)k(])15
b(\))166 3184 y
SDict begin H.S end
 166 3184 a 166 3184 a
SDict begin 12 H.A end
 166 3184 a 166
3184 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-19.4) cvn H.B /DEST
pdfmark end
 166 3184 a 42 3284 a Fh(4)290 b(i)11 b Fg(\000)-15
b(\000)5 b Fh(;)85 b(.)22 b(.)f(.)p Black Black 141 3444
a Fv(The)f(salient)j(detail)f(is)e Fi(strlen)d Fv(returns)23
b(an)d(unsigned)j(inte)o(ger)l(,)g(causing)g(the)e(arithmetic)h
(operation)h(of)e(line)g(3)g(to)f(be)0 3557 y Fi(signed)52
b(=)i(unsigned)d(-)j(signed)p Fv(.)31 b(C99)25 b(dictates)i(the)f
(result)g(is)f(therefore)j(an)e(unsigned)h(inte)o(ger)-5
b(.)36 b(Therefore,)0 3670 y(when)31 b Fi(userstr)c Fv(is)j(empty)-6
b(,)33 b Fi(strcpy)27 b Fv(returns)33 b(0)d(and)h(the)h(e)o(xpression)h
(results)f(in)f Fo(0)26 b Fm(\000)f Fo(1)39 b(=)g(4294967295)p
Fv(,)d(which)0 3783 y(when)30 b(cast)g(to)f(a)g(signed)i(inte)o(ger)g
(results)g(in)f Fm(\000)p Fo(1)p Fv(.)46 b(This)29 b(is)g(e)o(xactly)i
(the)f(sort)g(of)g(casting)h(that)f(causes)h(vulnerabilities.)0
3896 y(Therefore,)25 b(at)e(runtime)i(we)d(raise)j(an)e(error)i(e)o
(xception.)141 4009 y(The)35 b(code,)k(in)d(a)f(con)l(v)n(oluted)k
(manner)l(,)g(performs)e(a)e(similar)h(check.)66 b(As)34
b(mentioned,)41 b(the)35 b(rhs)h(e)o(xpression)i(on)0
4122 y(line)e(3)g(will)g(be)g Fo(4294967295)j Fv(unsigned,)i(which)c
(equals)g Fm(\000)p Fo(1)e Fv(signed.)68 b(On)35 b(line)h(4,)j(the)d
(condition)j Fn(i)48 b(>)g Fo(0)36 b Fv(guards)0 4235
y(against)28 b(e)o(x)o(ecuting)h(the)f(loop)g(on)f(such)h(a)e(casting)j
(error)-5 b(.)40 b(Therefore,)30 b(the)d(net)g(ef)n(fect)h(is)f(the)g
(check)i(is)e(not)g(needed)i(and)0 4347 y(subsequently)39
b(the)c(run-time)g(e)o(xception)i(is)e(an)g(error)-5
b(.)62 b(W)-7 b(e)34 b(belie)n(v)o(e)i(ugly)f(code)h(such)f(as)g(this)g
(should)h(be)f(re)n(written)0 4460 y(an)o(yw)o(ay)24
b(because)i(the)d(reliance)j(on)e(corner)g(cases)h(results)g(in)f(dif)n
(\002cult)g(to)f(maintain)i(code.)141 4573 y(It)i(is)h(easy)g(to)f
(imagine)i(man)o(y)e(cases)i(where)e(our)h(approach)i(may)d(insert)i
(checks)g(that)f(are)g(already)h(handled)g(more)0 4686
y(gracefully)i(by)e(the)f(e)o(xisting)i(code.)44 b(Our)28
b(e)o(xperiments)j(suggest)f(these)g(are)e(rare)h(in)f(real)h(code,)h
(ho)n(we)n(v)o(er)-5 b(.)44 b(Therefore,)0 4799 y(annotating)37
b(such)f(casts)f(with)f(an)h(attrib)n(ute)i(that)e(indicates)i(the)d
(check)i(should)g(not)f(be)g(performed)h(seems)f(the)g(best)0
4912 y(solution.)p Black 0 4972 1560 4 v 105 5028 a Fp(6)p
0 TeXcolorgray 134 4968 a
SDict begin H.S end
 134 4968 a 0 TeXcolorgray 0
TeXcolorgray 134 4968 a
SDict begin H.R end
 134 4968 a 134 4968 a
SDict begin [ /View [/XYZ H.V] /Dest (Hfootnote.6) cvn H.B /DEST pdfmark
end
 134 4968
a Black 92 x Fs(This)21 b(problem)g(is)g(so)f(wide-spread)i(that)f(gcc)
g(supported)h(a)e(-funsigned-char)j(\003ag)d(that)h(will)f(mak)o(e)h
(all)f(char')l(s)h(unsigned)i(by)e(def)o(ault.)29 b(Inter)o(-)0
5151 y(estingly)-5 b(,)19 b(gcc)h(does)f(not)g(seem)h(to)e(support)i(a)
f(\003ag)g(that)g(reports)g(these)g(portability)g(errors.)p
Black Black 1905 5400 a Fv(13)p Black eop end
%%Page: 14 16
TeXDict begin 14 15 bop 0 0 a
SDict begin /product where{pop product(Distiller)search{pop pop pop
version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto
closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show
grestore}if}{pop}ifelse}{pop}ifelse}if end
 0 0 a Black 0 TeXcolorgray
0 0 a
SDict begin H.S end
 0 0 a 0 TeXcolorgray 0 TeXcolorgray 0 0 a
SDict begin H.R end
 0 0 a
0 0 a
SDict begin [ /View [/XYZ H.V] /Dest (page.14) cvn H.B /DEST pdfmark
end
 0 0 a Black Black Black 1167 113 4 113 v 1219 79
a Fv(GCC)p 1552 113 V 197 w(PICK)p 2352 113 V 746 116
2408 4 v 746 133 V 796 212 a(No)23 b(Opt.)p 1167 246
4 113 v 130 w(15.473s)p 1552 246 V 102 w(15.556s)i(\(+0.536\045\))p
2352 246 V 102 w(15.474s)g(\(+0.006\045\))p 746 249 2408
4 v 796 328 a(-O4)e(Opt.)p 1167 362 4 113 v 100 w(2.967s)p
1552 362 V 147 w(5.586s)i(\(+88.27\045\))p 2352 362 V
147 w(2.971s)f(\(+0.134\045\))p 746 365 2408 4 v 0 519
a(T)-7 b(able)29 b(4:)p 0 TeXcolorgray 337 406 a
SDict begin H.S end
 337
406 a 0 TeXcolorgray 0 TeXcolorgray 337 406 a
SDict begin H.R end
 337 406
a 337 406 a
SDict begin [ /View [/XYZ H.V] /Dest (table.4) cvn H.B /DEST pdfmark
end
 337 406 a Black 113 x Fv(Micro-benchmark)k(measuring)d(the)
g(running)g(time)f(\(a)n(v)o(eraged)i(o)o(v)o(er)e(5)g(runs\))h(in)e
(seconds)j(for)e(a)g(tight)g(loop)0 632 y(e)o(x)o(ecuting)c(a)f(cast)g
(from)f Fi(uint32)p 1135 632 28 4 v 30 w(t)f Fv(to)i
Fi(int16)p 1611 632 V 30 w(t)p Fv(.)p Black 0 817 a
SDict begin H.S end
 0
817 a 0 817 a
SDict begin 13.6 H.A end
 0 817 a 0 817 a
SDict begin [ /View [/XYZ H.V] /Dest (section*.3) cvn H.B /DEST pdfmark
end
 0 817 a 92 x Ft(Additional)j
(modi\002cations.)91 b Fv(Recall)28 b(that)g(C99)e(states)j(that)e
(during)i(a)e(cast)g Fo(\()p Fn(\034)10 b Fo(\))p Fn(e)28
b Fv(where)f Fn(\034)36 b Fv(is)27 b(an)g(unsigned)j(inte)o(ger)l(,)0
1021 y(the)f(v)n(alue)h(of)f Fn(e)f Fv(will)h(be)g(repeatedly)i(added)g
(or)d(subtracted)k(until)e(it)f(is)f(within)i(the)f(precision)i(of)e
Fn(\034)38 b Fv(\(Section)p 0 0 1 TeXcolorrgb 3613 1022
a
SDict begin H.S end
 3613 1022 a 0 0 1 TeXcolorrgb -1 x Fv(2.1)p 0 0 1 TeXcolorrgb
3727 959 a
SDict begin H.R end
 3727 959 a 3727 1021 a
SDict begin [ /Color [1 0 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(subsection.2.1) cvn H.B /ANN pdfmark end
 3727 1021 a Black Fv(\).)44
b(In)0 1134 y(other)25 b(w)o(ords,)e Fo(\()p Fn(\034)10
b Fo(\))p Fn(e)27 b Fo(=)d Fn(e)i Fo(mo)s(d)f(2)1073
1101 y Fl(t)1125 1134 y Fv(where)f Fn(t)f Fv(is)g(the)h(precision)i(of)
d Fn(\034)10 b Fv(,)23 b(i.e.,)f(a)h(truncation.)32 b(Ho)n(we)n(v)o(er)
l(,)23 b(a)g(similar)h(cast)g(when)0 1247 y Fn(\034)33
b Fv(is)23 b(of)h(a)f(signed)i(type)f(is)f(implementation)k(de\002ned.)
141 1360 y(The)f(current)i(v)o(ersion)g(of)e(PICK)51
b(follo)n(ws)27 b(the)f(type-checking)31 b(rules)c(and)g(ignores)h
(this)f(nuance)h(of)e(the)h(C99)f(stan-)0 1473 y(dard:)j(unsigned)23
b(and)f(signed)h(truncation)h(are)d(both)h(treated)h(in)e(e)o(xactly)h
(the)g(same.)27 b(The)21 b(reason)i(we)d(made)h(this)h(decision)0
1586 y(is)f(truncation)j(errors)f(are)e(an)h(artif)o(act)h(of)e(the)h
(programmer)g(not)g(protecting)i(against)f(corner)g(cases,)f(and)g
(this)g(also)g(seems)0 1699 y(lik)o(e)j(a)g(corner)h(case)f(lik)o(ely)h
(to)e(be)h(ab)n(used.)34 b(Although)26 b(changing)h(this)f(beha)n(vior)
h(is)d(tri)n(vial,)i(we)e(belie)n(v)o(e)i(relying)g(on)f(im-)0
1812 y(plicit)f(truncation)i(is)d(a)g(dangerous)j(practice)f(at)e
(best.)30 b(W)-7 b(e)22 b(found)j(2)d(and)i(6)f(places)i(in)e(gzip)h
(and)f(OpenSSH)f(respecti)n(v)o(ely)0 1925 y(that)29
b(relied)g(on)g(this)g(nuance)h(of)e(the)h(standard)h(and)f(had)g(to)f
(be)g(manually)i(changed.)45 b(F)o(or)28 b(e)o(xample,)i(when)e
(OpenSSH)0 2038 y(reads)d(in)e(a)g(pack)o(et)i(it)e(processes)k(it)c
(byte)h(by)g(byte)g(can)g(be)f(modi\002ed:)0 2107 y
SDict begin H.S end
 0
2107 a 0 2107 a
SDict begin 13.6 H.A end
 0 2107 a 0 2107 a
SDict begin [ /View [/XYZ H.V] /Dest (lstlisting.-20) cvn H.B /DEST
pdfmark end
 0 2107 a 166 2087 a
SDict begin H.S end

166 2087 a 166 2087 a
SDict begin 12 H.A end
 166 2087 a 166 2087 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-20.1) cvn H.B /DEST
pdfmark end
 166 2087
a 182 2187 a Fh(u)15 b(i)h(n)f(t)g(8)p 435 2187 25 4
v 61 w(t)77 b(b)11 b(y)g(t)g(e)24 b(;)78 b(u)15 b(i)f(n)h(t)g(1)f(6)p
1184 2187 V 59 w(t)77 b(v)12 b(a)g(l)25 b(;)166 2187
y
SDict begin H.S end
 166 2187 a 166 2187 a
SDict begin 12 H.A end
 166 2187 a 166 2187 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-20.2) cvn H.B /DEST
pdfmark end
 166 2187
a 177 2287 a Fh(b)11 b(y)g(t)g(e)63 b(=)g(v)12 b(a)g(l)25
b(;)81 b(/)18 b(/)83 b(o)15 b(r)g(i)h(g)f(i)h(n)f(a)g(l)74
b(c)9 b(o)g(d)g(e)70 b(r)14 b(e)g(l)g(y)g(i)g(n)g(g)69
b(o)6 b(n)68 b(t)15 b(r)f(u)h(n)f(c)g(a)h(t)g(i)f(o)h(n)74
b(o)10 b(f)70 b(u)11 b(n)g(s)g(i)g(g)g(n)g(e)g(d)71 b(b)12
b(y)g(t)g(e)g(s)166 2287 y
SDict begin H.S end
 166 2287 a 166 2287 a
SDict begin 12 H.A end
 166
2287 a 166 2287 a
SDict begin [ /View [/XYZ H.V] /Dest (lstnumber.-20.3) cvn H.B /DEST
pdfmark end
 166 2287 a 177 2386 a Fh(b)f(y)g(t)g(e)63
b(=)g(v)12 b(a)g(l)54 b(&)46 b(0)17 b(x)c(f)g(f)25 b(;)131
b(/)18 b(/)79 b(m)11 b(o)g(d)g(i)g(f)g(i)g(e)g(d)67 b(c)9
b(o)g(d)g(e)72 b(e)17 b(x)f(p)g(l)h(i)g(c)f(i)h(t)g(l)g(y)82
b(s)16 b(p)f(e)h(c)g(i)f(f)h(i)g(e)f(s)78 b(t)12 b(h)g(e)76
b(t)15 b(r)f(u)g(n)h(c)f(a)h(t)f(i)h(o)f(n)p Black Black
141 2549 a Fv(W)-7 b(e)24 b(stress)i(the)f(changes)h(are)f(required)i
(because)g(of)d(an)h(implementation)j(decision)e(that)g(could)f(easily)
h(be)f(changed)0 2662 y(if)e(w)o(arranted.)0 2796 y
SDict begin H.S end
 0
2796 a 0 2796 a
SDict begin 13.6 H.A end
 0 2796 a 0 2796 a
SDict begin [ /View [/XYZ H.V] /Dest (subsubsection.4.2.3) cvn H.B
/DEST pdfmark end
 0 2796 a 112 x Ft(4.2.3)92
b(P)n(erf)n(ormance)0 3082 y(Micr)n(o-benchmarks.)37
b Fv(In)26 b(order)i(to)e(gain)g(a)g(better)h(understanding)k(of)26
b(the)g(cost)h(of)f(PICK)e('ing)j(code,)g(we)f(ran)g(se)n(v)o(eral)0
3195 y(micro-benchmarks)39 b(and)d(tests.)66 b(First,)38
b(we)d(manually)i(inspected)h(the)e(assembly)h(code)g(generated)h(by)e
(PICK)d(.)i(An)0 3308 y(e)o(xample)24 b(of)g(a)f(check)h(and)g(the)g
(corresponding)k(x86)c(disassembly)i(is)d(gi)n(v)o(en)h(in)g(Appendix)p
0 0 1 TeXcolorrgb 2961 3308 a
SDict begin H.S end
 2961 3308 a 0 0 1 TeXcolorrgb
Fv(B)p 0 0 1 TeXcolorrgb 3021 3247 a
SDict begin H.R end
 3021 3247 a 3021
3308 a
SDict begin [ /Color [1 0 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(section.B) cvn H.B /ANN pdfmark end
 3021 3308 a Black 23 w Fv(Figure)p 0 0 1 TeXcolorrgb
3304 3308 a
SDict begin H.S end
 3304 3308 a 0 0 1 TeXcolorrgb Fv(1)p 0 0 1
TeXcolorrgb 3349 3246 a
SDict begin H.R end
 3349 3246 a 3349 3308 a
SDict begin [ /Color [1 0 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(figure.1) cvn H.B /ANN pdfmark end
 3349
3308 a Black Fv(.)k(Each)c(check)g(is)0 3421 y(only)e(a)f(fe)n(w)g(e)o
(xtra)g(instructions,)k(which)d(are)g(unlik)o(ely)h(to)e(mak)o(e)h(a)f
(measurable)i(dif)n(ference)h(gi)n(v)o(en)e(the)g(speed)g(of)f(modern)0
3534 y(processors.)141 3647 y(Second,)32 b(we)e(created)h(a)f(small)g
(program)i(which)e(e)o(x)o(ecutes)i(a)d(tight)i(loop)g(casting)h(a)e
Fi(uint32)p 3262 3647 28 4 v 30 w(t)e Fv(to)i(a)g Fi(int16)p
3820 3647 V 30 w(t)0 3760 y Fv(\(therefore)h(performing)g(both)f(a)h(U)
t(-)t(S)t(-)t(C)t Fu(H)t(E)t(C)t(K)i Fv(and)c(a)h(D)t(-)t(C)t
Fu(H)t(E)t(C)t(K)r Fv(\))h(about)f(2)f(billion)h(times.)45
b(The)28 b(results)j(are)e(sho)n(wn)0 3873 y(in)k(T)-7
b(able)p 0 0 1 TeXcolorrgb 335 3873 a
SDict begin H.S end
 335 3873 a 0 0 1
TeXcolorrgb Fv(4)p 0 0 1 TeXcolorrgb 381 3811 a
SDict begin H.R end
 381 3811
a 381 3873 a
SDict begin [ /Color [1 0 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(table.4) cvn H.B /ANN pdfmark end
 381 3873 a Black Fv(.)57 b(The)32 b(table)i(sho)n(ws)g
(three)g(scenarios:)51 b(a)33 b(base)g(case)h(where)g(the)f(code)h(is)f
(compiled)i(directly)g(with)e(gcc,)0 3985 y(the)e(case)g(where)g(the)g
(code)g(is)g(compiled)h(with)e(PICK)f(,)g(and)i(\002nally)h(the)e(case)
i(where)e(the)h(code)h(is)e(ran)h(through)i(CIL)0 4098
y(without)28 b(inserting)i(checks)f(and)e(compiled)i(with)e(gcc.)41
b(F)o(or)26 b(each)i(scenario,)i(we)d(tested)h(compiling)h(the)f(code)g
(with)f(no)0 4211 y(optimizations)37 b(and)d(full)f(optimizations)k
(\(gcc)d(-O4\),)i(and)e(report)g(the)g(a)n(v)o(erage)h(o)o(v)o(er)f(5)f
(runs.)59 b(W)-7 b(e)33 b(found)h(that)g(sim-)0 4324
y(ply)d(running)i(the)e(code)h(through)h(CIL)c(changed)k(the)f
(performance)h(slightly)-6 b(,)35 b(indicating)e(CIL)-8
b(')j(s)30 b(def)o(ault)j(simplifying)0 4437 y(\(though)g
(semantic-preserving\))k(transformations)e(can)c(alter)h(the)f
(run-time)h(characteristics)k(of)30 b(code.)53 b(Running)32
b(the)0 4550 y(code)24 b(through)i(PICK)44 b(without)25
b(optimization)h(incurred)g(a)d(ne)o(gligible)j(o)o(v)o(erhead:)31
b(only)24 b(.5\045.)141 4663 y(When)18 b(compiled)i(with)e(full)h
(optimizations,)j(PICK)16 b('ed)i(code)h(incurred)h(about)g(an)e
(88\045)g(o)o(v)o(erhead.)28 b(The)18 b(PICK)34 b(checks)0
4776 y(constitute)25 b(about)e(1/3)f(of)g(the)h(code)g(statements.)30
b(It)22 b(appears)h(that)g(most)f(of)g(the)g(de)o(gradation)j(is)d(not)
h(due)f(to)g(the)g(e)o(xtra)h(in-)0 4889 y(structions:)31
b(the)o(y)23 b(can)g(be)g(pipelined)i(with)d(the)h(rest)g(of)f(the)h
(loop)h(body)-6 b(,)23 b(b)n(ut)g(that)g(the)g(introduced)j(checks)e
(interfere)g(with)0 5002 y(loop)29 b(optimizations.)45
b(Our)27 b(micro-benchmark)k(stresses)f(this)f(corner)g(case.)42
b(Re)o(gular)29 b(programs)g(rarely)g(e)o(xhibit)g(such)0
5115 y(tight)24 b(loops)h(consisting)i(entire)d(of)g(cast)g
(operations,)i(thus)e(are)g(unlik)o(ely)i(to)d(ha)n(v)o(e)h(a)f
(similar)h(performance)i(de)o(gradation.)p Black 1905
5400 a(14)p Black eop end
%%Page: 15 17
TeXDict begin 15 16 bop 0 0 a
SDict begin /product where{pop product(Distiller)search{pop pop pop
version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto
closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show
grestore}if}{pop}ifelse}{pop}ifelse}if end
 0 0 a Black 0 TeXcolorgray
0 0 a
SDict begin H.S end
 0 0 a 0 TeXcolorgray 0 TeXcolorgray 0 0 a
SDict begin H.R end
 0 0 a
0 0 a
SDict begin [ /View [/XYZ H.V] /Dest (page.15) cvn H.B /DEST pdfmark
end
 0 0 a Black Black Black 1019 79 a Fv(Name)p 1663
113 4 113 v 478 w(V)-7 b(uln)p 1937 113 V 101 w(Size)23
b(Dif)n(f)p 2365 113 V 100 w(Performance)p 969 116 1963
4 v 1019 195 a(gzip-1.2.4)p 1663 229 4 113 v 329 w(N)p
1937 229 V 209 w(+4.6\045)p 2365 229 V 188 w(0.44\045)g(f)o(aster)p
969 232 1963 4 v 1019 311 a(openssh-2.2.0p1)p 1663 345
4 113 v 104 w(Y)p 1937 345 V 209 w(+0.9\045)p 2365 345
V 188 w(7.08\045)g(f)o(aster)p 969 349 1963 4 v Black
369 502 a(T)-7 b(able)24 b(5:)p 0 TeXcolorgray 691 389
a
SDict begin H.S end
 691 389 a 0 TeXcolorgray 0 TeXcolorgray 691 389 a
SDict begin H.R end
 691
389 a 691 389 a
SDict begin [ /View [/XYZ H.V] /Dest (table.5) cvn H.B /DEST pdfmark
end
 691 389 a Black 113 x Fv(There)f(is)h(no)f(measurable)j
(o)o(v)o(erhead)f(performance)h(for)e(the)g(dynamic)h(safety)f(checks.)
p Black Black 141 779 a Ft(Macr)n(o-benchmarks.)50 b
Fv(W)-7 b(e)30 b(measured)i(the)e(performance)j(of)d(PICK)f('ed)h(code)
i(to)e(determine)i(\(a\))e(the)h(run-time)0 892 y(o)o(v)o(erhead)23
b(of)f(the)g(inserted)i(checks)f(and)f(\(b\))g(the)g(increase)i(in)e
(the)g(size)g(of)g(the)g(binary)h(on)f(real)g(code.)29
b(T)-7 b(able)p 0 0 1 TeXcolorrgb 3467 893 a
SDict begin H.S end
 3467 893
a 0 0 1 TeXcolorrgb -1 x Fv(5)p 0 0 1 TeXcolorrgb 3512
830 a
SDict begin H.R end
 3512 830 a 3512 892 a
SDict begin [ /Color [1 0 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(table.5) cvn H.B /ANN pdfmark end
 3512 892 a Black 21 w Fv(sho)n(ws)22
b(our)0 1005 y(results.)30 b(The)23 b(reported)j(numbers)f(are)f(a)n(v)
o(erages)h(o)o(v)o(er)f(5)f(independent)k(runs.)141 1118
y(The)33 b(performance)k(checks)e(do)f(not)g(appreciably)i(increase)g
(the)e(size)g(of)g(the)g(compiled)h(code.)60 b(In)34
b(f)o(act,)i(table)p 0 0 1 TeXcolorrgb 3855 1119 a
SDict begin H.S end
 3855
1119 a 0 0 1 TeXcolorrgb -1 x Fv(5)p 0 0 1 TeXcolorrgb
3900 1056 a
SDict begin H.R end
 3900 1056 a 3900 1118 a
SDict begin [ /Color [1 0 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(table.5) cvn H.B /ANN pdfmark end
 3900 1118 a Black
0 1231 a Fv(sho)n(ws)c(that)h(PICK)d('ed)i(code)h(actually)h(ran)e(f)o
(aster)h(than)g(the)f(original)i(source)f(code.)55 b(W)-7
b(e)31 b(initially)j(found)f(this)g(v)o(ery)0 1344 y(peculiar:)e(why)21
b(should)j(code)f(with)f(the)g(e)o(xtra)h(check)g(instructions)j(run)c
(f)o(aster?)30 b(W)-7 b(e)21 b(double)j(check)o(ed)h(our)d(e)o
(xperiments)0 1457 y(se)n(v)o(eral)k(times,)g(each)f(with)g(about)i
(the)e(same)g(result.)35 b(In)25 b(the)g(end,)h(we)f(\002nd)f(there)i
(are)g(tw)o(o)e(contrib)n(uting)29 b(f)o(actors.)36 b(First,)0
1569 y(modern)d(processors)i(do)e(not)f(simply)h(run)g(code)g
(sequentially)j(instruction)f(by)e(instruction.)58 b(Instead,)36
b(the)o(y)c(ha)n(v)o(e)h(an)0 1682 y(entire)26 b(optimization)h(engine)
f(that)e(dynamically)j(optimizes)f(running)h(code)e(through)h
(pipelining,)h(thread)f(speculation,)0 1795 y(cache)i(layout)g
(optimizations,)j(etc.)39 b(F)o(or)26 b(e)o(xample,)i(adding)h(a)d(fe)n
(w)g(additional)k Fi(no-ops)23 b Fv(can)28 b(drastically)h(change)g
(the)0 1908 y(timing)j(characteristics)j(of)d(code)g([)p
0 0 1 TeXcolorrgb 1157 1909 a
SDict begin H.S end
 1157 1909 a 0 0 1 TeXcolorrgb
-1 x Fv(3)p 0 0 1 TeXcolorrgb 1202 1846 a
SDict begin H.R end
 1202 1846 a
1202 1908 a
SDict begin [ /Color [0 1 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(cite.bib:brumley03) cvn H.B /ANN pdfmark end
 1202 1908 a Black Fv(])f(\226)g(both)h(for)f(the)h(better)g
(and)g(for)g(the)f(w)o(orse.)52 b(Second,)34 b(CIL)c(performs)j(v)n
(arious)0 2021 y(simplifying)c(transformations)i(that)d(may)e(af)n
(fect)i(performance,)i(i.e.,)d(code)h(that)f(has)h(been)f(run)h
(through)h(CIL)c(without)0 2134 y(an)o(y)f(transformations)j(then)d
(compiled)h(with)f(gcc)g(may)f(run)h(f)o(aster)h(or)e(slo)n(wer)h(than)
g(code)g(compiled)i(directly)f(with)e(gcc.)141 2247 y(Ov)o(erall,)j
(PICK)e('ing)j(code)f(should)h(not)f(af)n(fect)h(performance)h
(signi\002cantly)-6 b(.)38 b(Each)25 b(check)i(is)f(only)g(a)f(fe)n(w)g
(instruc-)0 2360 y(tions,)30 b(can)e(easily)i(be)e(pipelined,)j(and)e
(uses)f(operands)j(already)e(locally)h(referenced.)45
b(Therefore,)30 b(e)o(xcept)g(in)e(e)o(xtreme)0 2473
y(cases,)c(PICK)45 b(should)25 b(only)f(ha)n(v)o(e)h(ne)o(gligible)h
(impact)e(on)f(performance.)0 2636 y
SDict begin H.S end
 0 2636 a 0 2636
a
SDict begin 13.6 H.A end
 0 2636 a 0 2636 a
SDict begin [ /View [/XYZ H.V] /Dest (section.5) cvn H.B /DEST pdfmark
end
 0 2636 a 129 x Fx(5)119 b(Related)31
b(W)-9 b(ork)0 2972 y Fv(Our)23 b(techniques)k(are)d(dra)o(wn)f
(directly)j(from)e(type)g(theory)-6 b(.)31 b(A)22 b(good)j
(introduction)i(to)d(type)g(theory)h(is)f(pro)o(vided)h(in)f([)p
0 0 1 TeXcolorrgb 3756 2972 a
SDict begin H.S end
 3756 2972 a 0 0 1 TeXcolorrgb
Fv(21)p 0 0 1 TeXcolorrgb 3847 2910 a
SDict begin H.R end
 3847 2910 a 3847
2972 a
SDict begin [ /Color [0 1 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(cite.pierceBOOK:2002) cvn H.B /ANN pdfmark end
 3847 2972 a Black Fv(],)0 3085 y(which)d(discusses)h(se)n(v)o
(eral)f(of)f(the)h(issues)g(in)g(type)f(con)l(v)o(ersions)k(such)d(as)f
(do)n(wn-casting.)30 b(Using)21 b(dynamic)g(checks)h(when)0
3198 y(static)i(type)g(safety)g(cannot)h(be)d(discerned)k(also)e
(appears)g(in)f(other)h(languages)i(such)e(as)f(in)f(Ja)n(v)n(a)i([)p
0 0 1 TeXcolorrgb 3120 3198 a
SDict begin H.S end
 3120 3198 a 0 0 1 TeXcolorrgb
Fv(21)p 0 0 1 TeXcolorrgb 3211 3136 a
SDict begin H.R end
 3211 3136 a 3211
3198 a
SDict begin [ /Color [0 1 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(cite.pierceBOOK:2002) cvn H.B /ANN pdfmark end
 3211 3198 a Black Fv(].)k(Ho)n(we)n(v)o(er)l(,)23
b(we)f(are)0 3311 y(the)i(\002rst)f(to)g(sho)n(w)h(these)g(techniques)j
(are)d(practical)h(for)f(securing)i(e)o(xisting)f(C)d(programs.)141
3424 y(Cyclone)29 b([)p 0 0 1 TeXcolorrgb 501 3424 a
SDict begin H.S end

501 3424 a 0 0 1 TeXcolorrgb Fv(11)p 0 0 1 TeXcolorrgb
592 3362 a
SDict begin H.R end
 592 3362 a 592 3424 a
SDict begin [ /Color [0 1 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(cite.jimCYCLONE:2002) cvn H.B /ANN pdfmark end
 592 3424 a Black Fv(])e(and)h(CCured)g
([)p 0 0 1 TeXcolorrgb 1147 3425 a
SDict begin H.S end
 1147 3425 a 0 0 1
TeXcolorrgb -1 x Fv(18)p 0 0 1 TeXcolorrgb 1238 3362
a
SDict begin H.R end
 1238 3362 a 1238 3424 a
SDict begin [ /Color [0 1 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(cite.necula:2002) cvn H.B /ANN pdfmark end
 1238 3424 a Black Fv(])f(are)h(type-safe)i(v)
o(ersions)f(of)f(C.)e(Our)h(w)o(ork)h(dif)n(fers)g(from)g(such)g
(approaches)j(by)0 3537 y(only)21 b(considering)j(a)c(subset)i(of)f(C)e
(\226)h(namely)h(inte)o(ger)h(operations)h(\226)e(and)g(re)n(writing)g
(the)g(program)h(in)e(terms)h(of)f(C)f(instead)0 3650
y(of)28 b(a)g(safe)h(alternati)n(v)o(e.)45 b(Since)29
b(Cyclone)g(and)g(CCured)f(are)h(much)f(more)g(ambitious,)j(man)o(y)d
(dif)n(ferent)j(problematic)f(C)0 3763 y(constructs)35
b(may)c(ha)n(v)o(e)i(to)f(be)f(manually)j(translated.)56
b(Our)32 b(limited)g(application)j(is)d(more)g(appropriate)j(for)d
(securing)0 3876 y(e)o(xisting)d(programs)g(against)f(only)g(inte)o
(ger)g(vulnerabilities,)k(e.g.,)c(possibly)h(in)e(combination)j(with)d
(other)h(approaches)0 3989 y(for)c(combating)h(b)n(uf)n(fer)g(o)o(v)o
(er\003o)n(ws,)e(format)h(string)h(errors,)f(etc.)141
4101 y(Our)h(analysis)j(creates)f(checks)g(for)f(all)g(potentially)i
(unsafe)f(inte)o(ger)g(operations.)38 b(Ho)n(we)n(v)o(er)l(,)25
b(in)h(security)h(one)f(may)0 4214 y(only)i(be)f(concerned)j(with)e
(unsafe)g(operations)j(under)d(the)g(attack)o(ers)h(control.)42
b(T)-7 b(aint)27 b(analysis)j([)p 0 0 1 TeXcolorrgb 3158
4215 a
SDict begin H.S end
 3158 4215 a 0 0 1 TeXcolorrgb -1 x Fv(10)p 0 0 1
TeXcolorrgb 3249 4152 a
SDict begin H.R end
 3249 4152 a 3249 4214 a
SDict begin [ /Color [0 1 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(cite.foster:1999) cvn H.B /ANN pdfmark end
 3249
4214 a Black Fv(,)p 0 0 1 TeXcolorrgb 3298 4215 a
SDict begin H.S end
 3298
4215 a 0 0 1 TeXcolorrgb -1 x Fv(28)p 0 0 1 TeXcolorrgb
3389 4152 a
SDict begin H.R end
 3389 4152 a 3389 4214 a
SDict begin [ /Color [0 1 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(cite.shankar:01) cvn H.B /ANN pdfmark end
 3389 4214 a Black
Fv(,)p 0 0 1 TeXcolorrgb 3438 4214 a
SDict begin H.S end
 3438 4214 a 0 0 1
TeXcolorrgb Fv(12)p 0 0 1 TeXcolorrgb 3529 4152 a
SDict begin H.R end
 3529
4152 a 3529 4214 a
SDict begin [ /Color [0 1 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(cite.johnsonCIL:2004) cvn H.B /ANN pdfmark end
 3529 4214 a Black Fv(])d(could)h(be)0
4327 y(used)c(to)g(isolate)h(only)g(those)f(potentially)j(unsafe)e
(operations)i(along)e(\223tainted\224)h(program)e(paths)h(that)f(may)g
(be)f(under)i(an)0 4440 y(attack)o(ers)h(control.)141
4553 y(There)g(are)f(se)n(v)o(eral)h(static)h(check)o(ers)g(such)f(as)g
(Splint)f([)p 0 0 1 TeXcolorrgb 1912 4555 a
SDict begin H.S end
 1912 4555
a 0 0 1 TeXcolorrgb -2 x Fv(9)p 0 0 1 TeXcolorrgb 1958
4491 a
SDict begin H.R end
 1958 4491 a 1958 4553 a
SDict begin [ /Color [0 1 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(cite.splint) cvn H.B /ANN pdfmark end
 1958 4553 a Black Fv(])g(and)g
(meta-compilation)k([)p 0 0 1 TeXcolorrgb 2864 4554 a
SDict begin H.S end

2864 4554 a 0 0 1 TeXcolorrgb -1 x Fv(8)p 0 0 1 TeXcolorrgb
2910 4491 a
SDict begin H.R end
 2910 4491 a 2910 4553 a
SDict begin [ /Color [0 1 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(cite.engler:2001) cvn H.B /ANN pdfmark end
 2910 4553 a Black
Fv(])c(which)g(can)h(be)f(used)h(to)g(\002nd)0 4666 y(inte)o(ger)c
(casting)h(b)n(ugs)f(by)f(writing)h(appropriate)j(rules.)j(W)-7
b(e)20 b(could)j(use)e(these)h(tools)g(to)f(locate)i(potential)g(inte)o
(ger)f(vulner)n(-)0 4779 y(abilities.)31 b(Ho)n(we)n(v)o(er)l(,)22
b(these)i(tools)g(do)f(not)g(introduce)i(checks)g(that)e(will)g
Fr(pr)l(otect)j Fv(against)e(e)o(xploits)h(of)d(the)i(vulnerability)-6
b(.)141 4892 y(Man)o(y)23 b(C)g(inte)o(ger)h(vulnerabilities)k(are)23
b(subsequently)28 b(e)o(xploited)d(via)f(b)n(uf)n(fer)g(o)o(v)o
(er\003o)n(w)f(attacks,)i(on)e(which)h(there)g(is)0 5005
y(a)c(wide-body)j(of)e(research.)30 b(Static)21 b(checks)h(for)f
(detecting)j(such)d(attacks)i(include)g([)p 0 0 1 TeXcolorrgb
2669 5005 a
SDict begin H.S end
 2669 5005 a 0 0 1 TeXcolorrgb Fv(4)p 0 0 1
TeXcolorrgb 2714 4943 a
SDict begin H.R end
 2714 4943 a 2714 5005 a
SDict begin [ /Color [0 1 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(cite.cowan:1998) cvn H.B /ANN pdfmark end
 2714
5005 a Black Fv(,)p 0 0 1 TeXcolorrgb 2757 5006 a
SDict begin H.S end
 2757
5006 a 0 0 1 TeXcolorrgb -1 x Fv(13)p 0 0 1 TeXcolorrgb
2848 4943 a
SDict begin H.R end
 2848 4943 a 2848 5005 a
SDict begin [ /Color [0 1 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(cite.joneskelly:1997) cvn H.B /ANN pdfmark end
 2848 5005 a Black
Fv(,)p 0 0 1 TeXcolorrgb 2891 5005 a
SDict begin H.S end
 2891 5005 a 0 0 1
TeXcolorrgb Fv(24)p 0 0 1 TeXcolorrgb 2982 4943 a
SDict begin H.R end
 2982
4943 a 2982 5005 a
SDict begin [ /Color [0 1 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(cite.tunji:2004) cvn H.B /ANN pdfmark end
 2982 5005 a Black Fv(].)k(Stack)21
b(smashing)i(attacks)0 5118 y(can)34 b(also)f(be)g(detected)j
(dynamically)-6 b(,)38 b(such)c(as)f(with)g([)p 0 0 1
TeXcolorrgb 1823 5118 a
SDict begin H.S end
 1823 5118 a 0 0 1 TeXcolorrgb
Fv(2)p 0 0 1 TeXcolorrgb 1868 5056 a
SDict begin H.R end
 1868 5056 a 1868
5118 a
SDict begin [ /Color [0 1 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(cite.baratloo:2000) cvn H.B /ANN pdfmark end
 1868 5118 a Black Fv(,)p 0 0 1 TeXcolorrgb 1923
5119 a
SDict begin H.S end
 1923 5119 a 0 0 1 TeXcolorrgb -1 x Fv(5)p 0 0 1
TeXcolorrgb 1969 5056 a
SDict begin H.R end
 1969 5056 a 1969 5118 a
SDict begin [ /Color [0 1 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(cite.minos:2004) cvn H.B /ANN pdfmark end
 1969
5118 a Black Fv(,)p 0 0 1 TeXcolorrgb 2024 5120 a
SDict begin H.S end
 2024
5120 a 0 0 1 TeXcolorrgb -2 x Fv(19)p 0 0 1 TeXcolorrgb
2115 5056 a
SDict begin H.R end
 2115 5056 a 2115 5118 a
SDict begin [ /Color [0 1 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(cite.net:bounds-checking2004) cvn H.B /ANN pdfmark end
 2115 5118 a Black
Fv(,)p 0 0 1 TeXcolorrgb 2170 5119 a
SDict begin H.S end
 2170 5119 a 0 0 1
TeXcolorrgb -1 x Fv(20)p 0 0 1 TeXcolorrgb 2261 5056
a
SDict begin H.R end
 2261 5056 a 2261 5118 a
SDict begin [ /Color [0 1 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(cite.newsome_taintcheck:2005) cvn H.B /ANN pdfmark end
 2261 5118 a Black Fv(,)p 0 0 1
TeXcolorrgb 2316 5119 a
SDict begin H.S end
 2316 5119 a 0 0 1 TeXcolorrgb
-1 x Fv(23)p 0 0 1 TeXcolorrgb 2407 5056 a
SDict begin H.R end
 2407 5056
a 2407 5118 a
SDict begin [ /Color [0 1 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(cite.libformat:2001) cvn H.B /ANN pdfmark end
 2407 5118 a Black Fv(,)p 0 0 1 TeXcolorrgb
2462 5119 a
SDict begin H.S end
 2462 5119 a 0 0 1 TeXcolorrgb -1 x Fv(30)p
0 0 1 TeXcolorrgb 2553 5056 a
SDict begin H.R end
 2553 5056 a 2553 5118 a
SDict begin [ /Color [0 1 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(cite.suh_flowtracking:2004) cvn H.B /ANN pdfmark end

2553 5118 a Black Fv(].)57 b(Interestingly)-6 b(,)39
b(it)33 b(appears)i(detecting)p Black 1905 5400 a(15)p
Black eop end
%%Page: 16 18
TeXDict begin 16 17 bop 0 0 a
SDict begin /product where{pop product(Distiller)search{pop pop pop
version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto
closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show
grestore}if}{pop}ifelse}{pop}ifelse}if end
 0 0 a Black 0 TeXcolorgray
0 0 a
SDict begin H.S end
 0 0 a 0 TeXcolorgray 0 TeXcolorgray 0 0 a
SDict begin H.R end
 0 0 a
0 0 a
SDict begin [ /View [/XYZ H.V] /Dest (page.16) cvn H.B /DEST pdfmark
end
 0 0 a Black Black 91 x Fv(inte)o(ger)25 b(e)o(xploits)g(themselv)
o(es)h(dynamically)g(is)d(troublesome)k(due)d(to)f(the)h(lack)h(of)e
(type)i(information)h(at)d(the)h(x86)g(le)n(v)o(el,)0
204 y(i.e.,)30 b(it)g(may)f(be)h(impossible)i(to)d(tell)h(whether)h(a)e
(cast)h(is)g(occurring.)50 b(Ov)o(er\003o)n(w)28 b(attacks,)33
b(on)d(the)g(other)g(hand,)i(can)e(be)0 317 y(detected)g(dynamically)-6
b(.)44 b(Ho)n(we)n(v)o(er)l(,)28 b(not)g(all)g(inte)o(ger)h(o)o(v)o
(er\003o)n(ws)f(are)g(necessarily)i(malicious.)43 b(F)o(or)27
b(e)o(xample,)j(the)e(x86)0 430 y(instruction)g(set)c(actually)j(has)e
(a)f Fi(jo)e Fv(instruction)28 b(for)d(jumping)g(on)g(o)o(v)o(er\003o)n
(w)f(which)h(some)f(compilers)j(tak)o(e)e(adv)n(antage)0
543 y(of)e(in)h(le)o(gitimate)h(code)f(transformations)k(and)c
(layouts.)0 706 y
SDict begin H.S end
 0 706 a 0 706 a
SDict begin 13.6 H.A end
 0 706 a 0 706 a
SDict begin [ /View [/XYZ H.V] /Dest (section.6) cvn H.B /DEST pdfmark
end
 0 706
a 130 x Fx(6)119 b(Conclusion)0 1043 y Fv(W)-7 b(e)29
b(ha)n(v)o(e)h(presented)i(an)e(approach)i(using)f(well-kno)n(wn)f
(type)h(theory)g(for)f(eliminating)i(inte)o(ger)e(casting)i
(vulnerabili-)0 1155 y(ties.)41 b(Our)27 b(e)o(xperiments)i
(re-con\002rm)g(that)f(potentially)i(unsafe)f(inte)o(ger)g(operations)h
(are)d(a)g(real)h(problem.)42 b(Our)27 b(imple-)0 1268
y(mentation)i(and)f(e)n(v)n(aluation)i(sho)n(ws)d(that)h(inte)o(ger)g
(casting)h(vulnerabilities)j(can)c(be)f(\002x)o(ed)g(by)g
(automatically)k(inserting)0 1381 y(light-weight)c(checks)f(in)f(the)g
(code,)g(and)h(that)f(the)g(resulting)i(\002x)o(es)d(do)h(not)g(ef)n
(fect)g(performance.)35 b(Our)24 b(techniques)k(pro-)0
1494 y(tect)j(against)g(pre)n(viously)i(unaddressed)h(inte)o(ger)d
(vulnerabilities.)53 b(The)30 b(widespread)i(application)i(of)c(our)g
(techniques)0 1607 y(are)h(realistic)j(in)d(production)j(compilers)f
(such)f(as)f(gcc,)i(and)f(w)o(ould)g(result)g(in)f(eliminating)j(a)c
(lar)n(ge)j(class)f(of)f(inte)o(ger)0 1720 y(vulnerabilities.)0
2013 y Fx(Refer)n(ences)0 2108 y
SDict begin H.S end
 0 2108 a 0 2108 a
SDict begin 13.6 H.A end
 0
2108 a 0 2108 a
SDict begin [ /View [/XYZ H.V] /Dest (section*.4) cvn H.B /DEST pdfmark
end
 0 2108 a 0 2071 a
SDict begin H.S end
 0 2071 a 0 2071 a
SDict begin 13.6 H.A end
 0
2071 a 0 2071 a
SDict begin [ /View [/XYZ H.V] /Dest (cite.c99) cvn H.B /DEST pdfmark
end
 0 2071 a Black 45 2220 a Fv([1])p Black
47 w Fr(ISO/IEC)23 b(9899:)30 b(Pr)l(o)o(gr)o(amming)24
b(Langaug)o(es)i(-)d(C)p Fv(,)f(1999.)0 2276 y
SDict begin H.S end
 0 2276
a 0 2276 a
SDict begin 13.6 H.A end
 0 2276 a 0 2276 a
SDict begin [ /View [/XYZ H.V] /Dest (cite.baratloo:2000) cvn H.B /DEST
pdfmark end
 0 2276 a Black 45 2407 a
Fv([2])p Black 47 w(Arash)e(Baratloo,)i(Na)n(vjot)f(Singh,)g(and)g(T)m
(imothy)f(Tsai.)26 b(T)m(ransparent)c(run-time)g(defense)g(against)f
(stack)h(smashing)197 2520 y(attacks.)35 b(In)23 b Fr(USENIX)f(Annual)i
(T)-8 b(ec)o(hnical)25 b(Confer)m(ence)g(2000)p Fv(,)g(2000.)0
2576 y
SDict begin H.S end
 0 2576 a 0 2576 a
SDict begin 13.6 H.A end
 0 2576 a 0 2576 a
SDict begin [ /View [/XYZ H.V] /Dest (cite.bib:brumley03) cvn H.B /DEST
pdfmark end
 0 2576 a Black
45 2708 a Fv([3])p Black 47 w(Da)n(vid)35 b(Brumle)o(y)f(and)g(Dan)g
(Boneh.)68 b(Remote)34 b(timing)h(attacks)h(are)e(practical.)70
b(In)34 b Fr(Pr)l(oceedings)j(of)d(the)g(12th)197 2821
y(USENIX)22 b(Security)j(Symposium)p Fv(,)g(August)f(2003.)0
2878 y
SDict begin H.S end
 0 2878 a 0 2878 a
SDict begin 13.6 H.A end
 0 2878 a 0 2878 a
SDict begin [ /View [/XYZ H.V] /Dest (cite.cowan:1998) cvn H.B /DEST
pdfmark end
 0 2878 a Black
45 3008 a Fv([4])p Black 47 w(Crispin)31 b(Co)n(w)o(an,)g(Calton)g(Pu,)
g(Da)n(v)o(e)f(Maier)l(,)j(Jonathon)f(W)-7 b(alpole,)33
b(Peat)d(Bakk)o(e,)i(Ste)n(v)o(e)e(Beattie,)i(Aaron)f(Grier)l(,)197
3121 y(Perry)g(W)-7 b(agle,)32 b(Qian)e(Zhang,)j(and)e(Heather)h
(Hinton.)56 b(StackGuard:)45 b(automatic)32 b(adapti)n(v)o(e)g
(detection)i(and)d(pre-)197 3234 y(v)o(ention)f(of)f(b)n(uf)n(fer)n(-o)
o(v)o(er\003o)n(w)i(attacks.)53 b(In)28 b Fr(Pr)l(oceedings)k(of)d(the)
g(7th)h(USENIX)d(Security)k(Symposium)p Fv(,)g(January)197
3347 y(1998.)0 3386 y
SDict begin H.S end
 0 3386 a 0 3386 a
SDict begin 13.6 H.A end
 0 3386 a 0 3386
a
SDict begin [ /View [/XYZ H.V] /Dest (cite.minos:2004) cvn H.B /DEST
pdfmark end
 0 3386 a Black 45 3535 a Fv([5])p Black 47 w(Jedidiah)36
b(R.)c(Crandall)j(and)f(Fred)f(Chong.)67 b(Minos:)50
b(Architectural)36 b(support)g(for)e(softw)o(are)h(security)g(through)
197 3648 y(control)22 b(data)f(inte)o(grity)-6 b(.)28
b(In)20 b Fr(T)-8 b(o)19 b(appear)j(in)e(International)k(Symposium)d
(on)f(Micr)l(oar)m(c)o(hitectur)m(e)p Fv(,)25 b(December)20
b(2004.)0 3705 y
SDict begin H.S end
 0 3705 a 0 3705 a
SDict begin 13.6 H.A end
 0 3705 a 0 3705 a
SDict begin [ /View [/XYZ H.V] /Dest (cite.darnell:book) cvn H.B /DEST
pdfmark end

0 3705 a Black 45 3835 a Fv([6])p Black 47 w(Peter)j(Darnell)i(and)f
(Philip)g(Mar)n(golis.)35 b Fr(C:)23 b(A)f(Softwar)m(e)i(Engineering)j
(Appr)l(oac)o(h)p Fv(.)34 b(Springer)l(,)25 b(2005.)0
3892 y
SDict begin H.S end
 0 3892 a 0 3892 a
SDict begin 13.6 H.A end
 0 3892 a 0 3892 a
SDict begin [ /View [/XYZ H.V] /Dest (cite.Ctopten:web) cvn H.B /DEST
pdfmark end
 0 3892 a Black
45 4023 a Fv([7])p Black 47 w(Da)n(v)o(e)78 b(Dyer)-5
b(.)208 b(The)77 b(top)i(10)f(w)o(ays)g(to)g(get)g(scre)n(wed)h(by)f
(the)h(\224c\224)f(programming)i(language.)p 0 0 1 TeXcolorrgb
197 4150 a
SDict begin H.S end
 197 4150 a 0 0 1 TeXcolorrgb -14 x Fi(http://www.andr)o(om)o
(ed)o(a.)o(co)o(m/p)o(eo)o(pl)o(e/)o(dd)o(yer)o(/t)o(op)o(te)o(n.)o
(htm)o(l)p 0 0 1 TeXcolorrgb 2870 4078 a
SDict begin H.R end
 2870 4078 a
2870 4136 a
SDict begin [ /H /I /Border [0 0 0] /Color [0 1 1] /Action << /Subtype
/URI /URI (http://www.andromeda.com/people/ddyer/topten.html) >> /Subtype
/Link H.B /ANN pdfmark end
 2870 4136 a Black Fv(,)22 b(2003.)0 4187
y
SDict begin H.S end
 0 4187 a 0 4187 a
SDict begin 13.6 H.A end
 0 4187 a 0 4187 a
SDict begin [ /View [/XYZ H.V] /Dest (cite.engler:2001) cvn H.B /DEST
pdfmark end
 0 4187 a Black
45 4323 a Fv([8])p Black 47 w(Da)o(wson)c(Engler)l(,)i(Da)n(vid)g
(Chen,)f(Seth)f(Hallem,)i(Andy)e(Chou,)i(and)f(Benjamin)g(Chelf.)k
(Bugs)c(as)f(de)n(viant)i(beha)n(vior:)197 4436 y(A)f(general)j
(approach)h(to)d(inferring)j(errors)f(in)e(systems)i(code.)27
b(In)20 b Fr(Symposium)i(on)f(Oper)o(ating)g(System)h(Principles)p
Fv(,)197 4549 y(2001.)0 4588 y
SDict begin H.S end
 0 4588 a 0 4588 a
SDict begin 13.6 H.A end
 0 4588
a 0 4588 a
SDict begin [ /View [/XYZ H.V] /Dest (cite.splint) cvn H.B /DEST pdfmark
end
 0 4588 a Black 45 4737 a Fv([9])p Black 47
w(Da)n(vid)i(Ev)n(ans)g(and)g(Da)n(vid)g(Larochelle.)35
b Fr(Splint)25 b(Manual)p Fv(,)f(2003.)0 4793 y
SDict begin H.S end
 0 4793
a 0 4793 a
SDict begin 13.6 H.A end
 0 4793 a 0 4793 a
SDict begin [ /View [/XYZ H.V] /Dest (cite.foster:1999) cvn H.B /DEST
pdfmark end
 0 4793 a Black 132 x Fv([10])p
Black 47 w(Jef)n(fre)o(y)e(F)o(oster)l(,)g(Manuel)g(F)o(ahndrich,)h
(and)f(Ale)o(xander)g(Aik)o(en.)29 b(A)20 b(theory)j(of)e(type)h
(quali\002ers.)29 b(In)22 b Fr(Pr)l(oceedings)h(of)197
5037 y(the)d(A)m(CM)f(SIGPLAN)f(Confer)m(ence)k(on)e(Pr)l(o)o(gr)o
(amming)h(Langua)o(g)o(e)h(Design)f(and)g(Implementation)i(\(PLDI\))p
Fv(,)18 b(1999.)p Black 1905 5400 a(16)p Black eop end
%%Page: 17 19
TeXDict begin 17 18 bop 0 0 a
SDict begin /product where{pop product(Distiller)search{pop pop pop
version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto
closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show
grestore}if}{pop}ifelse}{pop}ifelse}if end
 0 0 a Black 0 TeXcolorgray
0 0 a
SDict begin H.S end
 0 0 a 0 TeXcolorgray 0 TeXcolorgray 0 0 a
SDict begin H.R end
 0 0 a
0 0 a
SDict begin [ /View [/XYZ H.V] /Dest (page.17) cvn H.B /DEST pdfmark
end
 0 0 a Black Black 0 0 a
SDict begin H.S end
 0 0 a 0 0 a
SDict begin 13.6 H.A end
 0 0 a 0 0 a
SDict begin [ /View [/XYZ H.V] /Dest (cite.jimCYCLONE:2002) cvn H.B
/DEST pdfmark end

0 0 a Black 91 x Fv([11])p Black 47 w(T)m(re)n(v)n(or)29
b(Jim,)g(Gre)o(g)g(Morrisett,)i(Dan)e(Grossman,)h(Michael)g(Hicks,)h
(James)e(Chene)o(y)-6 b(,)30 b(and)g(Y)-9 b(anling)29
b(W)-7 b(ang.)51 b(Cy-)197 204 y(clone:)30 b(A)23 b(safe)h(dialect)h
(of)e(c.)33 b(In)24 b Fr(USENIX)d(Annual)k(T)-8 b(ec)o(hnical)24
b(Confer)m(ence)p Fv(,)h(2002.)0 259 y
SDict begin H.S end
 0 259 a 0 259
a
SDict begin 13.6 H.A end
 0 259 a 0 259 a
SDict begin [ /View [/XYZ H.V] /Dest (cite.johnsonCIL:2004) cvn H.B
/DEST pdfmark end
 0 259 a Black 130 x Fv([12])p Black
47 w(Robert)f(Johnson)h(and)f(Da)n(vid)g(W)-7 b(agner)i(.)33
b(Finding)24 b(user/k)o(ernel)j(pointer)e(b)n(ugs)f(with)f(type)h
(inference.)35 b(In)23 b Fr(Pr)l(oceed-)197 502 y(ings)h(of)g(the)f
Fo(13)688 469 y Fl(th)782 502 y Fr(USENIX)f(Security)k(Symposium)p
Fv(,)e(2004.)0 557 y
SDict begin H.S end
 0 557 a 0 557 a
SDict begin 13.6 H.A end
 0 557 a 0 557 a
SDict begin [ /View [/XYZ H.V] /Dest (cite.joneskelly:1997) cvn H.B
/DEST pdfmark end

0 557 a Black 130 x Fv([13])p Black 47 w(Richard)30 b(Jones)h(and)f(P)o
(aul)e(K)n(elly)-6 b(.)52 b(Backw)o(ards-compatible)34
b(bounds)d(checking)h(for)d(arrays)i(and)f(pointers)h(in)e(C)197
799 y(programs.)35 b(In)23 b Fr(Pr)l(oceedings)j(of)e(the)g(Thir)m(d)f
(International)28 b(W)-8 b(orkshop)25 b(on)e(A)n(utomated)i(Deb)n(ug)o
(ging)p Fv(,)h(1995.)0 855 y
SDict begin H.S end
 0 855 a 0 855 a
SDict begin 13.6 H.A end
 0 855 a
0 855 a
SDict begin [ /View [/XYZ H.V] /Dest (cite.ariane5:web) cvn H.B /DEST
pdfmark end
 0 855 a Black 129 x Fv([14])p Black 47 w(J.)d(L.)f(LIONS.)31
b(Ariane)24 b(5:)29 b(Flight)24 b(501)g(f)o(ailure.)35
b(T)-6 b(echnical)25 b(report,)f(Report)g(by)g(the)g(Inquiry)h(Board,)f
(1996.)0 1040 y
SDict begin H.S end
 0 1040 a 0 1040 a
SDict begin 13.6 H.A end
 0 1040 a 0 1040 a
SDict begin [ /View [/XYZ H.V] /Dest (cite.cve:web) cvn H.B /DEST pdfmark
end
 0
1040 a Black 129 x Fv([15])p Black 47 w(MITRE.)31 b(Common)23
b(vulnerability)28 b(and)c(e)o(xposures)i(\(CVE\))c(database.)p
0 0 1 TeXcolorrgb 2556 1183 a
SDict begin H.S end
 2556 1183 a 0 0 1 TeXcolorrgb
-14 x Fi(http://www.cve.)o(mi)o(tre)o(.o)o(rg)p 0 0 1
TeXcolorrgb 3865 1109 a
SDict begin H.R end
 3865 1109 a 3865 1169 a
SDict begin [ /H /I /Border [0 0 0] /Color [0 1 1] /Action << /Subtype
/URI /URI (http://www.cve.mitre.org) >> /Subtype /Link H.B /ANN pdfmark
end
 3865
1169 a Black Fv(.)0 1224 y
SDict begin H.S end
 0 1224 a 0 1224 a
SDict begin 13.6 H.A end
 0 1224 a
0 1224 a
SDict begin [ /View [/XYZ H.V] /Dest (cite.neculaCIL:2002) cvn H.B
/DEST pdfmark end
 0 1224 a Black 130 x Fv([16])p Black 47 w(Geor)n(ge)h(Necula,)
f(Scott)g(McPeak,)g(S.P)-10 b(.)20 b(Rahul,)i(and)g(W)-7
b(estle)o(y)22 b(W)-7 b(eimer)i(.)30 b(CIL:)20 b(Intermediate)25
b(language)f(and)e(tools)197 1467 y(for)i(analysis)h(and)f
(transformation)j(of)d(C.)32 b(In)23 b Fr(Pr)l(oc.)g(Confer)m(ence)j
(on)d(Compiler)i(Construction)p Fv(,)h(2002.)0 1522 y
SDict begin H.S end

0 1522 a 0 1522 a
SDict begin 13.6 H.A end
 0 1522 a 0 1522 a
SDict begin [ /View [/XYZ H.V] /Dest (cite.CIL:2005) cvn H.B /DEST
pdfmark end
 0 1522 a Black 129
x Fv([17])p Black 47 w(Geor)n(ge)73 b(Necula,)84 b(Scott)72
b(McPeak,)83 b(S.P)-10 b(.)70 b(Rahul,)83 b(and)73 b(W)-7
b(estle)o(y)72 b(W)-7 b(eimer)i(.)187 b(CIL)70 b(v)o(ersion)j(1.3.3.)p
0 0 1 TeXcolorrgb 197 1778 a
SDict begin H.S end
 197 1778 a 0 0 1 TeXcolorrgb
-14 x Fi(http://manju.cs)o(.b)o(er)o(ke)o(le)o(y.e)o(du)o(/c)o(il)o(/)p
0 0 1 TeXcolorrgb 1997 1704 a
SDict begin H.R end
 1997 1704 a 1997 1764 a
SDict begin [ /H /I /Border [0 0 0] /Color [0 1 1] /Action << /Subtype
/URI /URI (http://manju.cs.berkeley.edu/cil/) >> /Subtype /Link H.B
/ANN pdfmark end

1997 1764 a Black Fv(,)22 b(2005.)0 1814 y
SDict begin H.S end
 0 1814 a 0
1814 a
SDict begin 13.6 H.A end
 0 1814 a 0 1814 a
SDict begin [ /View [/XYZ H.V] /Dest (cite.necula:2002) cvn H.B /DEST
pdfmark end
 0 1814 a Black 135 x Fv([18])p
Black 47 w(Geor)n(ge)i(C.)e(Necula,)i(Scott)f(McPeak,)h(and)f(W)-7
b(estle)o(y)24 b(W)-7 b(eimer)i(.)33 b(CCured:)c(type-safe)c
(retro\002tting)h(of)d(le)o(gac)o(y)h(code.)197 2062
y(In)f Fr(Pr)l(oceedings)j(of)e(the)g(Symposium)h(on)e(Principles)j(of)
d(Pr)l(o)o(gr)o(amming)i(Langua)o(g)o(es)p Fv(,)g(2002.)0
2116 y
SDict begin H.S end
 0 2116 a 0 2116 a
SDict begin 13.6 H.A end
 0 2116 a 0 2116 a
SDict begin [ /View [/XYZ H.V] /Dest (cite.net:bounds-checking2004)
cvn H.B /DEST pdfmark end
 0 2116 a Black
130 x Fv([19])p Black 47 w(Nicholas)31 b(Nethercote)h(and)f(Jeremy)g
(Fitzhardinge.)56 b(Bounds-checking)35 b(entire)c(programs)h(without)f
(recompil-)197 2359 y(ing.)58 b(In)31 b Fr(Pr)l(oceedings)j(of)d(the)h
(Second)h(W)-8 b(orkshop)33 b(on)e(Semantics,)k(Pr)l(o)o(gr)o(am)c
(Analysis,)j(and)e(Computing)h(En-)197 2472 y(vir)l(onments)g(for)e
(Memory)g(Mana)o(g)o(ement)i(\(SP)-8 b(A)m(CE)29 b(2004\))p
Fv(,)34 b(V)-10 b(enice,)33 b(Italy)-6 b(,)33 b(January)g(2004.)58
b(\(Proceedings)34 b(not)197 2585 y(formally)25 b(published.\).)0
2641 y
SDict begin H.S end
 0 2641 a 0 2641 a
SDict begin 13.6 H.A end
 0 2641 a 0 2641 a
SDict begin [ /View [/XYZ H.V] /Dest (cite.newsome_taintcheck:2005)
cvn H.B /DEST pdfmark end
 0 2641 a Black
129 x Fv([20])p Black 47 w(James)j(Ne)n(wsome)f(and)h(Da)o(wn)f(Song.)
47 b(Dynamic)28 b(taint)h(analysis)g(for)f(automatic)i(detection,)h
(analysis,)f(and)f(sig-)197 2883 y(nature)24 b(generation)h(of)e(e)o
(xploits)h(on)f(commodity)h(softw)o(are.)32 b(In)23 b
Fr(Pr)l(oceedings)i(of)d(the)h(12th)g(Annual)h(Network)f(and)197
2996 y(Distrib)n(uted)j(System)e(Security)i(Symposium)f(\(NDSS\))p
Fv(,)e(February)i(2005.)0 3051 y
SDict begin H.S end
 0 3051 a 0 3051 a
SDict begin 13.6 H.A end
 0
3051 a 0 3051 a
SDict begin [ /View [/XYZ H.V] /Dest (cite.pierceBOOK:2002) cvn H.B
/DEST pdfmark end
 0 3051 a Black 129 x Fv([21])p Black
47 w(Benjamin)f(C)f(Pierce.)33 b Fr(T)-7 b(ypes)24 b(and)g(Pr)l(o)o(gr)
o(amming)h(Langua)o(g)o(es)p Fv(.)35 b(The)24 b(MIT)e(Press,)h(2002.)0
3236 y
SDict begin H.S end
 0 3236 a 0 3236 a
SDict begin 13.6 H.A end
 0 3236 a 0 3236 a
SDict begin [ /View [/XYZ H.V] /Dest (cite.rinardFailure:2004) cvn
H.B /DEST pdfmark end
 0 3236 a Black
129 x Fv([22])p Black 47 w(Martin)37 b(Rinard,)j(Cristian)e(Cadar)l(,)i
(Daniel)d(Dumitran,)j(Daniel)d(Ro)o(y)-6 b(,)39 b(T)l(udor)e(Leu,)i
(and)d(W)l(illiam)h(Beebee)h(Jr)-5 b(.)197 3478 y(Enhancing)28
b(serv)o(er)g(a)n(v)n(ailability)h(and)e(security)h(through)h(f)o
(ailure-obli)n(vious)i(computing.)44 b(In)27 b Fr(Oper)o(ating)h
(System)197 3591 y(Design)c(&)f(Implementation)j(\(OSDI\))p
Fv(,)d(2004.)0 3646 y
SDict begin H.S end
 0 3646 a 0 3646 a
SDict begin 13.6 H.A end
 0 3646 a 0 3646
a
SDict begin [ /View [/XYZ H.V] /Dest (cite.libformat:2001) cvn H.B
/DEST pdfmark end
 0 3646 a Black 130 x Fv([23])p Black 47 w(T)m(im)f(J)h(Robbins.)35
b(libformat.)p 0 0 1 TeXcolorrgb 1178 3790 a
SDict begin H.S end
 1178 3790
a 0 0 1 TeXcolorrgb -14 x Fi(http://www.secur)o(it)o(yf)o(oc)o(us.)o
(co)o(m/)o(to)o(ol)o(s/1)o(81)o(8)p 0 0 1 TeXcolorrgb
3306 3715 a
SDict begin H.R end
 3306 3715 a 3306 3776 a
SDict begin [ /H /I /Border [0 0 0] /Color [0 1 1] /Action << /Subtype
/URI /URI (http://www.securityfocus.com/tools/1818) >> /Subtype /Link
H.B /ANN pdfmark end
 3306 3776 a Black
Fv(,)22 b(2001.)0 3826 y
SDict begin H.S end
 0 3826 a 0 3826 a
SDict begin 13.6 H.A end
 0 3826 a 0
3826 a
SDict begin [ /View [/XYZ H.V] /Dest (cite.tunji:2004) cvn H.B /DEST
pdfmark end
 0 3826 a Black 134 x Fv([24])p Black 47 w(Olatunji)29
b(Ruw)o(ase)e(and)h(Monica)h(Lam.)44 b(A)27 b(practical)i(dynamic)g(b)n
(uf)n(fer)g(o)o(v)o(er\003o)n(w)e(detector)-5 b(.)48
b(In)27 b Fr(Pr)l(oceedings)j(of)197 4073 y(the)24 b(11th)g(Annual)g
(Network)g(and)g(Distrib)n(uted)i(System)f(Security)g(Symposium)p
Fv(,)g(February)g(2004.)0 4129 y
SDict begin H.S end
 0 4129 a 0 4129 a
SDict begin 13.6 H.A end
 0
4129 a 0 4129 a
SDict begin [ /View [/XYZ H.V] /Dest (cite.seacord:book) cvn H.B /DEST
pdfmark end
 0 4129 a Black 129 x Fv([25])p Black
47 w(Robert)f(Seacord.)34 b Fr(Secur)m(e)25 b(Coding)g(in)e(C)f(and)i
(C++)p Fv(.)33 b(Addison-W)-7 b(esle)o(y)h(,)26 b(2005.)0
4314 y
SDict begin H.S end
 0 4314 a 0 4314 a
SDict begin 13.6 H.A end
 0 4314 a 0 4314 a
SDict begin [ /View [/XYZ H.V] /Dest (cite.radiusbug:2005) cvn H.B
/DEST pdfmark end
 0 4314 a Black
129 x Fv([26])p Black 47 w(Securiteam.)668 b(Apache)222
b(mod)p 1959 4443 28 4 v 34 w(auth)p 2148 4443 V 34 w(radius)h(remote)f
(inte)o(ger)h(o)o(v)o(er\003o)n(w)-6 b(.)p 0 0 1 TeXcolorrgb
197 4570 a
SDict begin H.S end
 197 4570 a 0 0 1 TeXcolorrgb -14 x Fi(http://www.secu)o(ri)o
(te)o(am)o(.c)o(om/)o(un)o(ix)o(fo)o(cu)o(s/5)o(BP)o(0B)o(1P)o(EL)o
(W.h)o(tm)o(l)p 0 0 1 TeXcolorrgb 2979 4495 a
SDict begin H.R end
 2979 4495
a 2979 4556 a
SDict begin [ /H /I /Border [0 0 0] /Color [0 1 1] /Action << /Subtype
/URI /URI (http://www.securiteam.com/unixfocus/5BP0B1PELW.html) >>
/Subtype /Link H.B /ANN pdfmark end
 2979 4556 a Black Fv(,)22 b(2005.)0 4606
y
SDict begin H.S end
 0 4606 a 0 4606 a
SDict begin 13.6 H.A end
 0 4606 a 0 4606 a
SDict begin [ /View [/XYZ H.V] /Dest (cite.puttybug:2005) cvn H.B /DEST
pdfmark end
 0 4606 a Black
134 x Fv([27])p Black 47 w(Securiteam.)481 b(Multiple)164
b(inte)o(ger)g(o)o(v)o(er\003o)n(w)f(vulnerabilities)k(in)c(putty)h
(sftp.)p 0 0 1 TeXcolorrgb 197 4867 a
SDict begin H.S end
 197 4867 a 0 0 1
TeXcolorrgb -14 x Fi(http://www.secu)o(ri)o(te)o(am)o(.c)o(om/)o(wi)o
(nd)o(ow)o(sn)o(tfo)o(cu)o(s/)o(5T)o(P0)o(Q0K)o(EU)o(I.)o(ht)o(ml)p
0 0 1 TeXcolorrgb 3251 4793 a
SDict begin H.R end
 3251 4793 a 3251 4853 a
SDict begin [ /H /I /Border [0 0 0] /Color [0 1 1] /Action << /Subtype
/URI /URI (http://www.securiteam.com/windowsntfocus/5TP0Q0KEUI.html)
>> /Subtype /Link H.B /ANN pdfmark end

3251 4853 a Black Fv(,)23 b(2005.)0 4903 y
SDict begin H.S end
 0 4903 a 0
4903 a
SDict begin 13.6 H.A end
 0 4903 a 0 4903 a
SDict begin [ /View [/XYZ H.V] /Dest (cite.shankar:01) cvn H.B /DEST
pdfmark end
 0 4903 a Black 135 x Fv([28])p
Black 47 w(Umesh)h(Shankar)l(,)h(K)o(unal)f(T)-7 b(al)o(w)o(ar)l(,)23
b(Jef)n(fre)o(y)i(F)o(oster)l(,)f(and)g(Da)n(vid)h(W)-7
b(agner)i(.)35 b(Detecting)25 b(format-string)i(vulnerabil-)197
5151 y(ities)d(with)g(type)g(quali\002ers.)35 b(In)23
b Fr(Pr)l(oceedings)j(of)e(the)f(10th)i(USENIX)d(Security)j(Symposium)p
Fv(,)g(2001.)p Black 1905 5400 a(17)p Black eop end
%%Page: 18 20
TeXDict begin 18 19 bop 0 0 a
SDict begin /product where{pop product(Distiller)search{pop pop pop
version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto
closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show
grestore}if}{pop}ifelse}{pop}ifelse}if end
 0 0 a Black 0 TeXcolorgray
0 0 a
SDict begin H.S end
 0 0 a 0 TeXcolorgray 0 TeXcolorgray 0 0 a
SDict begin H.R end
 0 0 a
0 0 a
SDict begin [ /View [/XYZ H.V] /Dest (page.18) cvn H.B /DEST pdfmark
end
 0 0 a Black Black Black 50 79 a Fv(Our)23 b(Syntax)h
(\(Unsigned\))p 946 113 4 113 v 103 w(Equi)n(v)-6 b(.)29
b(Base)23 b(T)-7 b(ype)p 2006 113 V 2023 113 V 438 w(Our)23
b(Syntax)h(\(Signed\))p 2875 113 V 102 w(Equi)n(v)-6
b(.)29 b(Base)23 b(T)-7 b(ype)p 0 116 3816 4 v 0 133
V 50 212 a(uint8)p 240 212 28 4 v 34 w(t)p 946 246 4
113 v 704 w(unsigned)26 b(char)p 2006 246 V 2023 246
V 570 w(int8)p 2219 212 28 4 v 34 w(t)p 2875 246 4 113
v 653 w(signed)f(char)l(,)f(char)p 0 249 3816 4 v 50
328 a(uint16)p 285 328 28 4 v 35 w(t)p 946 362 4 113
v 658 w(unsigned)i(short)p 2006 362 V 2023 362 V 545
w(int16)p 2264 328 28 4 v 35 w(t)p 2875 362 4 113 v 607
w(signed)f(short,)f(short)p 0 365 3816 4 v 50 444 a(uint32)p
285 444 28 4 v 35 w(t)p 946 591 4 226 v 658 w(unsigned,)90
b(unsigned)78 b(int,)998 557 y(unsigned)26 b(long)p 2006
591 V 2023 591 V 2074 444 a(int32)p 2264 444 28 4 v 35
w(t)p 2875 591 4 226 v 607 w(int,)45 b(signed)d(int,)j(singed)2926
557 y(long,)24 b(long)p 0 594 3816 4 v 50 673 a(uint64)p
285 673 28 4 v 35 w(t)p 946 820 4 226 v 658 w(unsigned)i(long)e(long)p
2006 820 V 2023 820 V 381 w(int64)p 2264 673 28 4 v 35
w(t)p 2875 820 4 226 v 607 w(signed)33 b(long)g(long,)h(long)2926
786 y(long)p 0 824 3816 4 v Black 173 977 a(T)-7 b(able)23
b(6:)p 0 TeXcolorgray 494 864 a
SDict begin H.S end
 494 864 a 0 TeXcolorgray
0 TeXcolorgray 494 864 a
SDict begin H.R end
 494 864 a 494 864 a
SDict begin [ /View [/XYZ H.V] /Dest (table.6) cvn H.B /DEST pdfmark
end
 494 864
a Black 113 x Fv(The)g(C99)h(notation,)h(which)f(we)f(use)h(for)f
(clarity)-6 b(.)31 b(The)23 b(corresponding)28 b(base)c(C)e(type)i(is)g
(also)g(gi)n(v)o(en.)p Black Black 0 1163 a
SDict begin H.S end
 0 1163 a
0 1163 a
SDict begin 13.6 H.A end
 0 1163 a 0 1163 a
SDict begin [ /View [/XYZ H.V] /Dest (cite.sidiroglouUSENIX:2005) cvn
H.B /DEST pdfmark end
 0 1163 a Black 91 x Fv([29])p
Black 47 w(Stelios)34 b(Sidiroglou,)k(Michael)d(E.)d(Locasto,)k
(Stephen)f(W)-8 b(.)32 b(Bo)o(yd,)k(and)e(Angelos)h(D.)d(K)n(eromytis.)
66 b(Building)35 b(a)197 1367 y(reacti)n(v)o(e)25 b(immune)e(system)i
(for)e(softw)o(are)i(services.)36 b(In)23 b Fr(USENIX)f(Annual)i(T)-8
b(ec)o(hnical)25 b(Confer)m(ence)p Fv(,)g(2005.)0 1424
y
SDict begin H.S end
 0 1424 a 0 1424 a
SDict begin 13.6 H.A end
 0 1424 a 0 1424 a
SDict begin [ /View [/XYZ H.V] /Dest (cite.suh_flowtracking:2004) cvn
H.B /DEST pdfmark end
 0 1424 a Black
130 x Fv([30])p Black 47 w(G.)c(Edw)o(ard)h(Suh,)g(Jae)n(w)o(ook)i
(Lee,)e(and)h(Srini)n(v)n(as)g(De)n(v)n(adas.)31 b(Secure)23
b(program)h(e)o(x)o(ecution)g(via)f(dynamic)h(informa-)197
1667 y(tion)g(\003o)n(w)e(tracking.)36 b(In)23 b Fr(Pr)l(oceedings)j
(of)e(ASPLOS)p Fv(,)d(2004.)0 1724 y
SDict begin H.S end
 0 1724 a 0 1724
a
SDict begin 13.6 H.A end
 0 1724 a 0 1724 a
SDict begin [ /View [/XYZ H.V] /Dest (cite.opensshvuln:web) cvn H.B
/DEST pdfmark end
 0 1724 a Black 131 x Fv([31])p Black
47 w(Michael)131 b(Zale)n(wski.)373 b(Ssh1)130 b(crc-32)h(compensation)
i(attack)e(detector)h(vulnerability)-6 b(.)p 0 0 1 TeXcolorrgb
197 1982 a
SDict begin H.S end
 197 1982 a 0 0 1 TeXcolorrgb -14 x Fi(http://www.core)o(se)o
(cu)o(ri)o(ty)o(.co)o(m/)o(co)o(mm)o(on)o(/sh)o(ow)o(do)o(c.)o(ph)o
(p?i)o(dx)o(=8)o(1&)o(id)o(xse)o(cc)o(io)o(n=)o(10)p
0 0 1 TeXcolorrgb 3851 1908 a
SDict begin H.R end
 3851 1908 a 3851 1968 a
SDict begin [ /H /I /Border [0 0 0] /Color [0 1 1] /Action << /Subtype
/URI /URI (http://www.coresecurity.com/common/showdoc.php?idx=81&idxseccion=10)
>> /Subtype /Link H.B /ANN pdfmark end

3851 1968 a Black Fv(,)197 2081 y(2001.)0 2225 y
SDict begin H.S end
 0 2225
a 0 2225 a
SDict begin 13.6 H.A end
 0 2225 a 0 2225 a
SDict begin [ /View [/XYZ H.V] /Dest (section.A) cvn H.B /DEST pdfmark
end
 0 2225 a 148 x Fx(A)120
b(T)-9 b(ypes)0 2580 y Fv(T)i(able)p 0 0 1 TeXcolorrgb
237 2581 a
SDict begin H.S end
 237 2581 a 0 0 1 TeXcolorrgb -1 x Fv(6)p 0 0 1
TeXcolorrgb 282 2518 a
SDict begin H.R end
 282 2518 a 282 2580 a
SDict begin [ /Color [1 0 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(table.6) cvn H.B /ANN pdfmark end
 282 2580
a Black 37 w Fv(sho)n(ws)38 b(a)f(correspondence)42 b(from)c(inte)o
(ger)h(types)g(commonly)f(found)h(in)f(C)e(and)i(the)g(inte)o(gral)i
(types)e(used)0 2693 y(throughout)27 b(this)d(paper)g(and)g(in)g(C99)f
([)p 0 0 1 TeXcolorrgb 1252 2693 a
SDict begin H.S end
 1252 2693 a 0 0 1
TeXcolorrgb Fv(1)p 0 0 1 TeXcolorrgb 1298 2631 a
SDict begin H.R end
 1298
2631 a 1298 2693 a
SDict begin [ /Color [0 1 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(cite.c99) cvn H.B /ANN pdfmark end
 1298 2693 a Black Fv(].)0 2856 y
SDict begin H.S end
 0
2856 a 0 2856 a
SDict begin 13.6 H.A end
 0 2856 a 0 2856 a
SDict begin [ /View [/XYZ H.V] /Dest (section.B) cvn H.B /DEST pdfmark
end
 0 2856 a 130 x Fx(B)119
b(Disassembly)29 b(of)h(Inserted)g(Check)0 3193 y Fv(Figure)p
0 0 1 TeXcolorrgb 264 3193 a
SDict begin H.S end
 264 3193 a 0 0 1 TeXcolorrgb
Fv(1)p 0 0 1 TeXcolorrgb 309 3131 a
SDict begin H.R end
 309 3131 a 309 3193
a
SDict begin [ /Color [1 0 0] /H /I /Border [0 0 0] /Subtype /Link /Dest
(figure.1) cvn H.B /ANN pdfmark end
 309 3193 a Black 27 w Fv(sho)n(ws)d(the)h(disassembly)i(of)d(one)h
(of)f(the)g(inserted)j(checks.)41 b(Note)27 b(that)h(it)f(is)g(only)i
(a)d(fe)n(w)h(instructions)k(long,)0 3306 y(references)26
b(only)f(v)n(ariables)g(in)f(the)f(e)o(xpression)k(an)o(yw)o(ay)-6
b(,)24 b(thus)g(can)g(be)f(easily)i(pipelined.)p Black
1905 5400 a(18)p Black eop end
%%Page: 19 21
TeXDict begin 19 20 bop 0 0 a
SDict begin /product where{pop product(Distiller)search{pop pop pop
version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto
closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show
grestore}if}{pop}ifelse}{pop}ifelse}if end
 0 0 a Black 0 TeXcolorgray
0 0 a
SDict begin H.S end
 0 0 a 0 TeXcolorgray 0 TeXcolorgray 0 0 a
SDict begin H.R end
 0 0 a
0 0 a
SDict begin [ /View [/XYZ H.V] /Dest (page.19) cvn H.B /DEST pdfmark
end
 0 0 a Black Black Black Black Black 55 1603 a Fi(/)110
1619 y(*)218 1603 y(int32_t)52 b(a;)818 1619 y(*)873
1603 y(/)55 1716 y(/)110 1732 y(*)218 1716 y(uint8_t)g(b;)818
1732 y(*)873 1716 y(/)55 1829 y(/)110 1845 y(*)218 1829
y(if\(a)h(<)h(0)g(||)g(a)g(>)g(USHRT_MAX\))1691 1845
y(*)1746 1829 y(/)55 1942 y(8048384:)c(cmpl)162 b($0x0,0xfffffffc)o
(\(\045e)o(bp)o(\))55 2055 y(8048388:)105 b(js)272 b(8048395)51
b(<main+0x2d>)55 2167 y(804838a:)f(cmpl)162 b($0xffff,0xfffff)o(ffc)o
(\(\045)o(eb)o(p\))55 2280 y(8048391:)50 b(jg)272 b(8048395)52
b(<main+0x2d>)55 2393 y(8048393:)e(jmp)217 b(804839f)52
b(<main+0x37>)55 2506 y(/)110 2522 y(*)273 2506 y(exit\(1\);)764
2522 y(*)819 2506 y(/)55 2619 y(8048395:)105 b(sub)217
b($0xc,\045esp)55 2732 y(8048398:)105 b(push)162 b($0x1)55
2845 y(804839a:)105 b(call)162 b(80482b0)51 b(<exit@plt>)55
2958 y(/)110 2974 y(*)218 2958 y(b)j(=)g(a;)600 2974
y(*)655 2958 y(/)55 3071 y(804839f:)105 b(mov)217 b(0xfffffffc\(\045eb)
o(p\),)o(\045e)o(ax)55 3184 y(80483a2:)105 b(mov)217
b(\045al,0xfffffffb)o(\(\045e)o(bp)o(\))0 3479 y Fv(Figure)29
b(1:)p 0 TeXcolorgray 375 3366 a
SDict begin H.S end
 375 3366 a 0 TeXcolorgray
0 TeXcolorgray 375 3366 a
SDict begin H.R end
 375 3366 a 375 3366 a
SDict begin [ /View [/XYZ H.V] /Dest (figure.1) cvn H.B /DEST pdfmark
end
 375 3366
a Black 113 x Fv(Disassembly)i(of)e(a)f(sign)i(and)f(width)g(check.)46
b(Instructions)33 b(804839f)e(and)e(80483a2)i(perform)f(the)f(assign-)0
3592 y(ment.)g(The)23 b(check)i(is)e(5)g(instructions)k
(\(8048384-804839)q(3\).)p Black Black 1905 5400 a(19)p
Black eop end
%%Trailer

userdict /end-hook known{end-hook}if
%%EOF