Graph-Based Algorithms for Boolean Function Manipulation
IEEE Transactions on Computers
Compilers: principles, techniques, and tools
Compilers: principles, techniques, and tools
A static analyzer for finding dynamic programming errors
Software—Practice & Experience
Automating first-order relational logic
SIGSOFT '00/FSE-8 Proceedings of the 8th ACM SIGSOFT international symposium on Foundations of software engineering: twenty-first century applications
Chaff: engineering an efficient SAT solver
Proceedings of the 38th annual Design Automation Conference
Automatically validating temporal safety properties of interfaces
SPIN '01 Proceedings of the 8th international SPIN workshop on Model checking of software
Finding bugs with a constraint solver
Proceedings of the 2000 ACM SIGSOFT international symposium on Software testing and analysis
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Flow-sensitive type qualifiers
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
ESP: path-sensitive program verification in polynomial time
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
A system and language for building system-specific, static analyses
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Efficient conflict driven learning in a boolean satisfiability solver
Proceedings of the 2001 IEEE/ACM international conference on Computer-aided design
CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs
CC '02 Proceedings of the 11th International Conference on Compiler Construction
Behavioral consistency of C and verilog programs using bounded model checking
Proceedings of the 40th annual Design Automation Conference
Modular verification of software components in C
Proceedings of the 25th International Conference on Software Engineering
Checking and inferring local non-aliasing
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
Checking system rules using system-specific, programmer-written compiler extensions
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
Generalized symbolic execution for model checking and testing
TACAS'03 Proceedings of the 9th international conference on Tools and algorithms for the construction and analysis of systems
Software verification with BLAST
SPIN'03 Proceedings of the 10th international conference on Model checking software
Automatic discovery of API-level exploits
Proceedings of the 27th international conference on Software engineering
Context- and path-sensitive memory leak detection
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Joining dataflow with predicates
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Finding application errors and security flaws using PQL: a program query language
OOPSLA '05 Proceedings of the 20th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Exploring the acceptability envelope
OOPSLA '05 Companion to the 20th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Combinatorial sketching for finite programs
Proceedings of the 12th international conference on Architectural support for programming languages and operating systems
EXE: automatically generating inputs of death
Proceedings of the 13th ACM conference on Computer and communications security
Automatic data environment construction for static device drivers analysis
Proceedings of the 2006 conference on Specification and verification of component-based systems
How is aliasing used in systems software?
Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of software engineering
Bit level types for high level reasoning
Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of software engineering
Using SCL to Specify and Check Design Intent in Source Code
IEEE Transactions on Software Engineering
Path-Sensitive Inference of Function Precedence Protocols
ICSE '07 Proceedings of the 29th international conference on Software Engineering
Static specification inference using predicate mining
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
An overview of the saturn project
PASTE '07 Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Mutatis Mutandis: Safe and predictable dynamic software updating
ACM Transactions on Programming Languages and Systems (TOPLAS)
Inferring specifications to detect errors in code
Automated Software Engineering
Visualizing SAT Instances and Runs of the DPLL Algorithm
Journal of Automated Reasoning
Context-based detection of clone-related bugs
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
From uncertainty to belief: inferring the specification within
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
A practical and precise inference and specializer for array bound checks elimination
PEPM '08 Proceedings of the 2008 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation
Generating precise and concise procedure summaries
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Hang analysis: fighting responsiveness bugs
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Symbolic mining of temporal specifications
Proceedings of the 30th international conference on Software engineering
Calysto: scalable and precise extended static checking
Proceedings of the 30th international conference on Software engineering
Conditional correlation analysis for safe region-based memory management
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Sound, complete and scalable path-sensitive analysis
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Practical memory leak detector based on parameterized procedural summaries
Proceedings of the 7th international symposium on Memory management
Implications of a Data Structure Consistency Checking System
Verified Software: Theories, Tools, Experiments
Regression Verification - A Practical Way to Verify Programs
Verified Software: Theories, Tools, Experiments
Programming with Proofs: Language-Based Approaches to Totally Correct Software
Verified Software: Theories, Tools, Experiments
Protocol Inference Using Static Path Profiles
SAS '08 Proceedings of the 15th international symposium on Static Analysis
Javert: fully automatic mining of general temporal properties from dynamic traces
Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering
Vigilante: End-to-end containment of Internet worm epidemics
ACM Transactions on Computer Systems (TOCS)
EXE: Automatically Generating Inputs of Death
ACM Transactions on Information and System Security (TISSEC)
Verification of arithmetic datapaths using polynomial function models and congruence solving
Proceedings of the 2008 IEEE/ACM International Conference on Computer-Aided Design
Staged information flow for javascript
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Precise pointer reasoning for dynamic test generation
Proceedings of the eighteenth international symposium on Software testing and analysis
ACM Computing Surveys (CSUR)
Automatic Inference of Frame Axioms Using Static Analysis
ASE '08 Proceedings of the 2008 23rd IEEE/ACM International Conference on Automated Software Engineering
Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A reachability predicate for analyzing low-level software
TACAS'07 Proceedings of the 13th international conference on Tools and algorithms for the construction and analysis of systems
Deciding bit-vector arithmetic with abstraction
TACAS'07 Proceedings of the 13th international conference on Tools and algorithms for the construction and analysis of systems
Low-level library analysis and summarization
CAV'07 Proceedings of the 19th international conference on Computer aided verification
Structural abstraction of software verification conditions
CAV'07 Proceedings of the 19th international conference on Computer aided verification
Integrated static analysis for Linux device driver verification
IFM'07 Proceedings of the 6th international conference on Integrated formal methods
Compressing propositional proofs by common subproof extraction
EUROCAST'07 Proceedings of the 11th international conference on Computer aided systems theory
Exploiting shared structure in software verification conditions
HVC'07 Proceedings of the 3rd international Haifa verification conference on Hardware and software: verification and testing
Demand-driven compositional symbolic execution
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
Programming and Computing Software
Input generation via decomposition and re-stitching: finding bugs in Malware
Proceedings of the 17th ACM conference on Computer and communications security
Small formulas for large programs: on-line constraint simplification in scalable static analysis
SAS'10 Proceedings of the 17th international conference on Static analysis
Zero-sized heap allocations vulnerability analysis
WOOT'10 Proceedings of the 4th USENIX conference on Offensive technologies
Life, death, and the critical transition: finding liveness bugs in systems code
NSDI'07 Proceedings of the 4th USENIX conference on Networked systems design & implementation
Cause clue clauses: error localization using maximum satisfiability
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Inferring data polymorphism in systems code
Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering
SAS'06 Proceedings of the 13th international conference on Static Analysis
Path-Sensitive dataflow analysis with iterative refinement
SAS'06 Proceedings of the 13th international conference on Static Analysis
Extended resolution proofs for conjoining BDDs
CSR'06 Proceedings of the First international computer science conference on Theory and Applications
A path sensitive type system for resource usage verification of c like languages
APLAS'05 Proceedings of the Third Asian conference on Programming Languages and Systems
Linux kernel vulnerabilities: state-of-the-art defenses and open problems
Proceedings of the Second Asia-Pacific Workshop on Systems
Saturn: a SAT-based tool for bug detection
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
ESOP'10 Proceedings of the 19th European conference on Programming Languages and Systems
An extensible open-source compiler infrastructure for testing
HVC'05 Proceedings of the First Haifa international conference on Hardware and Software Verification and Testing
Bounded model checking of software using SMT solvers instead of SAT solvers
SPIN'06 Proceedings of the 13th international conference on Model Checking Software
SPAS: scalable path-sensitive pointer analysis on full-sparse SSA
APLAS'11 Proceedings of the 9th Asian conference on Programming Languages and Systems
Efficient state merging in symbolic execution
Proceedings of the 33rd ACM SIGPLAN conference on Programming Language Design and Implementation
Parallelizing top-down interprocedural analyses
Proceedings of the 33rd ACM SIGPLAN conference on Programming Language Design and Implementation
Static detection of resource contention problems in server-side scripts
Proceedings of the 34th International Conference on Software Engineering
HAMPI: A solver for word equations over strings, regular expressions, and context-free grammars
ACM Transactions on Software Engineering and Methodology (TOSEM)
Improving integer security for systems with KINT
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
Dual analysis for proving safety and finding bugs
Science of Computer Programming
Optimizing database-backed applications with query synthesis
Proceedings of the 34th ACM SIGPLAN conference on Programming language design and implementation
Data-driven equivalence checking
Proceedings of the 2013 ACM SIGPLAN international conference on Object oriented programming systems languages & applications
Hi-index | 0.00 |
We describe a software error-detection tool that exploits recent advances in boolean satisfiability (SAT) solvers. Our analysis is path sensitive, precise down to the bit level, and models pointers and heap data. Our approach is also highly scalable, which we achieve using two techniques. First, for each program function, several optimizations compress the size of the boolean formulas that model the control- and data-flow and the heap locations accessed by a function. Second, summaries in the spirit of type signatures are computed for each function, allowing inter-procedural analysis without a dramatic increase in the size of the boolean constraints to be solved.We demonstrate the effectiveness of our approach by constructing a lock interface inference and checking tool. In an interprocedural analysis of more than 23,000 lock related functions in the latest Linux kernel, the checker generated 300 warnings, of which 179 were unique locking errors, a false positive rate of only 40%.