Computer-aided verification of coordinating processes: the automata-theoretic approach
Computer-aided verification of coordinating processes: the automata-theoretic approach
Ownership types for flexible alias protection
Proceedings of the 13th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Symbolic bounds analysis of pointers, array indices, and accessed memory regions
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
Automatic predicate abstraction of C programs
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
ESP: path-sensitive program verification in polynomial time
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Automatic discovery of linear restraints among variables of a program
POPL '78 Proceedings of the 5th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Ownership types for safe programming: preventing data races and deadlocks
OOPSLA '02 Proceedings of the 17th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
A New Numerical Abstract Domain Based on Difference-Bound Matrices
PADO '01 Proceedings of the Second Symposium on Programs as Data Objects
AMAST '02 Proceedings of the 9th International Conference on Algebraic Methodology and Software Technology
Symbolic Model Checking without BDDs
TACAS '99 Proceedings of the 5th International Conference on Tools and Algorithms for Construction and Analysis of Systems
CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs
CC '02 Proceedings of the 11th International Conference on Compiler Construction
Counterexample-Guided Abstraction Refinement
CAV '00 Proceedings of the 12th International Conference on Computer Aided Verification
CSSV: towards a realistic tool for statically detecting all buffer overflows in C
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
A practical flow-sensitive and context-sensitive C and C++ memory leak detector
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
A static analyzer for large safety-critical software
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
WCRE '01 Proceedings of the Eighth Working Conference on Reverse Engineering (WCRE'01)
Model Checking C Programs Using F-SOFT
ICCD '05 Proceedings of the 2005 International Conference on Computer Design
An Incremental Approach to Scope-Bounded Checking Using a Lightweight Formal Method
FM '09 Proceedings of the 2nd World Congress on Formal Methods
Precise analysis of string expressions
SAS'03 Proceedings of the 10th international conference on Static analysis
A reachability predicate for analyzing low-level software
TACAS'07 Proceedings of the 13th international conference on Tools and algorithms for the construction and analysis of systems
Structural abstraction of software verification conditions
CAV'07 Proceedings of the 19th international conference on Computer aided verification
Precise reasoning for programs using containers
Proceedings of the 38th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Interprocedural exception analysis for C++
Proceedings of the 25th European conference on Object-oriented programming
Unleashing the power of static analysis
SAS'06 Proceedings of the 13th international conference on Static Analysis
Static analysis of string manipulations in critical embedded c programs
SAS'06 Proceedings of the 13th international conference on Static Analysis
STRANGER: an automata-based string analysis tool for PHP
TACAS'10 Proceedings of the 16th international conference on Tools and Algorithms for the Construction and Analysis of Systems
DC2: A framework for scalable, scope-bounded software verification
ASE '11 Proceedings of the 2011 26th IEEE/ACM International Conference on Automated Software Engineering
Object model construction for inheritance in c++ and its applications to program analysis
CC'12 Proceedings of the 21st international conference on Compiler Construction
Object model construction for inheritance in c++ and its applications to program analysis
CC'12 Proceedings of the 21st international conference on Compiler Construction
Feedback-directed unit test generation for C/C++ using concolic execution
Proceedings of the 2013 International Conference on Software Engineering
Hi-index | 0.00 |
Strings are commonly used in a large variety of software. And yet, they are a common source of bugs involving invalid memory accesses arising due to the misuse of the string manipulation API. Such bugs are often remotely exploitable, leading to severe consequences. Therefore, static detection of invalid memory accesses due to string operations has received much attention, especially for C programs that use the standard C library functions. More recently, software is increasingly being developed in object-oriented languages such as C++ and Java. However, the need to interact with legacy C code and C-based system-level APIs often necessitates the use of a mixed programming paradigm that combines features of high-level object-oriented constructs with calls to standard C library functions. While such programs are commonplace, there has been little research on static analysis of such programs. In this paper, we present memory models for C++ programs that are heap-aware, with an emphasis on modeling dynamically allocated memory, use of null-terminated string buffers, C++ Standard Template Library (STL) classes, and the interactions among these features. We use standard verification techinques such as abstract interpretation and model checking to verify properties over these models to find potential bugs. Our tool can find several previously unknown bugs in open-source projects. These bugs are primarily due to the subtle interactions of the intricate C++ programming model with legacy C string API.