Current software model checkers quickly reach their limits when being applied to verifying pointer safety properties in source code that includes function pointers and inlined assembly. This paper introduces an alternative technique for checking pointer safety violations, called Symbolic Object Code Analysis (SOCA), which is based on bounded symbolic execution, incorporates path-sensitive slicing, and employs the SMT solver Yices as its execution and verification engine. Experimental results of a prototypic SOCA Verifier, using the Verisec suite and almost 10,000 Linux device driver functions as benchmarks, show that SOCA performs competitively to source-code model checkers and scales well when applied to real operat...
In this thesis, we describe and evaluate approaches for the efficient reasoning of realworld C progr...
AbstractWe study the automated verification of pointer safety for heap-manipulating imperative progr...
Systems code must obey many rules, such as "opened files must be closed." One approach to verifying ...
Abstract Current software model checkers quickly reach their limits when being applied to verifying ...
This thesis introduces a novel technique for the automated analysis of compiled programs, which is f...
We check statically whether it is safe for untrusted foreign machine code to be loaded into a truste...
Pointer analysis, a classic problem in software program analysis, has emerged as an important proble...
Dynamic test generation consists of executing a program while gathering symbolic constraints on inpu...
\emph{Symbolic execution} is an effective technique for identifying faults in real-world software a...
Pointer safety faults in device drivers are one of the leading causes of crashes in operating system...
Pointer safety faults in device drivers are one of the leading causes of crashes in operating system...
We propose a novel fine-grained integration of pointer analysis with dynamic analysis, including dyn...
Abstract. This article presents a case study on retrospective verification of the Linux Virtual File...
Abstract. Symbiotic is a tool for detection of bugs described by fi-nite state machines in C program...
In recent years, the use of symbolic analysis in systems for testing and verifying programs has exp...
In this thesis, we describe and evaluate approaches for the efficient reasoning of realworld C progr...
AbstractWe study the automated verification of pointer safety for heap-manipulating imperative progr...
Systems code must obey many rules, such as "opened files must be closed." One approach to verifying ...
Abstract Current software model checkers quickly reach their limits when being applied to verifying ...
This thesis introduces a novel technique for the automated analysis of compiled programs, which is f...
We check statically whether it is safe for untrusted foreign machine code to be loaded into a truste...
Pointer analysis, a classic problem in software program analysis, has emerged as an important proble...
Dynamic test generation consists of executing a program while gathering symbolic constraints on inpu...
\emph{Symbolic execution} is an effective technique for identifying faults in real-world software a...
Pointer safety faults in device drivers are one of the leading causes of crashes in operating system...
Pointer safety faults in device drivers are one of the leading causes of crashes in operating system...
We propose a novel fine-grained integration of pointer analysis with dynamic analysis, including dyn...
Abstract. This article presents a case study on retrospective verification of the Linux Virtual File...
Abstract. Symbiotic is a tool for detection of bugs described by fi-nite state machines in C program...
In recent years, the use of symbolic analysis in systems for testing and verifying programs has exp...
In this thesis, we describe and evaluate approaches for the efficient reasoning of realworld C progr...
AbstractWe study the automated verification of pointer safety for heap-manipulating imperative progr...
Systems code must obey many rules, such as "opened files must be closed." One approach to verifying ...