Results 1  10
of
37
A First Step towards Automated Detection of Buffer Overrun Vulnerabilities
 IN NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM
, 2000
"... We describe a new technique for finding potential buffer overrun vulnerabilities in securitycritical C code. The key to success is to use static analysis: we formulate detection of buffer overruns as an integer range analysis problem. One major advantage of static analysis is that security bugs can ..."
Abstract

Cited by 396 (9 self)
 Add to MetaCart
(Show Context)
We describe a new technique for finding potential buffer overrun vulnerabilities in securitycritical C code. The key to success is to use static analysis: we formulate detection of buffer overruns as an integer range analysis problem. One major advantage of static analysis is that security bugs can be eliminated before code is deployed. We have implemented our design and used our prototype to find new remotelyexploitable vulnerabilities in a large, widely deployed software package. An earlier hand audit missed these bugs.
Eliminating Array Bound Checking Through Dependent Types
 In Proceedings of ACM SIGPLAN Conference on Programming Language Design and Implementation
, 1998
"... We present a typebased approach to eliminating array bound checking and list tag checking by conservatively extending Standard ML with a restricted form of dependent types. This enables the programmer to capture more invariants through types while typechecking remains decidable in theory and can s ..."
Abstract

Cited by 189 (24 self)
 Add to MetaCart
We present a typebased approach to eliminating array bound checking and list tag checking by conservatively extending Standard ML with a restricted form of dependent types. This enables the programmer to capture more invariants through types while typechecking remains decidable in theory and can still be performed efficiently in practice. We illustrate our approach through concrete examples and present the result of our preliminary experiments which support support the feasibility and effectiveness of our approach. 1 Introduction The absence of runtime array bound checks is an infamous source of fatal errors for programs in languages such as C. Nonetheless, compilers offer the option to omit array bound checks, since they can turn out to be expensive in practice (Chow 1983; Gupta 1994). In statically typed languages such as ML, one would like to provide strong guarantees about the safety of all operations, so array bound checks cannot be omitted in general. The same is true for Ja...
Reasoning about Termination of Pure Prolog Programs
 Information and Computation
, 1993
"... We provide a theoretical basis for studying termination of (general) logic programs with the Prolog selection rule. To this end we study the class of left terminating programs. These are logic programs that terminate with the Prolog selection rule for all ground goals. We offer a characterization of ..."
Abstract

Cited by 129 (14 self)
 Add to MetaCart
(Show Context)
We provide a theoretical basis for studying termination of (general) logic programs with the Prolog selection rule. To this end we study the class of left terminating programs. These are logic programs that terminate with the Prolog selection rule for all ground goals. We offer a characterization of left terminating positive programs by means of the notion of an acceptable program that provides us with a practical method of proving termination. The method is illustrated by giving a simple proof of termination of the quicksort program for the desired class of goals. Then we extend this approach to the class of general logic programs by modifying the concept of acceptability. We prove that acceptable general programs are left terminating. The converse implication does not hold but we show that under the assumption of nonfloundering from ground goals every left terminating general program is acceptable. Finally, we prove that various ways of defining semantics coincide for acceptable gen...
Modelbased threedimensional interpretations of twodimensional images
 IEEE Transactions on Pattern Analysis and Machine Intelligence
, 1983
"... ACRONYM IS a comprehensive domain independent modelbased system for vision and manipulation related tasks. Many of its submodules and representations have been described elsewhere. Here the derivation and use of invariants for image feature prediction is described. We describe how predictions of im ..."
Abstract

Cited by 107 (0 self)
 Add to MetaCart
ACRONYM IS a comprehensive domain independent modelbased system for vision and manipulation related tasks. Many of its submodules and representations have been described elsewhere. Here the derivation and use of invariants for image feature prediction is described. We describe how predictions of image features and their relations are made and how instructions are generated which tell the interpretation algorithms how to make use of image feature measurments to derive three dimensional sizes and structural and spatial constraints on the original threedimensional models. Some preliminary examples of ACRONYM'S interpretations of aerial images are shown. 1
Beyond Finite Domains
, 1994
"... Introduction A finite domain constraint system can be viewed as an linear integer constraint system in which each variable has an upper and lower bound. Finite domains have been used successfully in Constraint Logic Programming (CLP) languages, for example CHIP [4], to attack combinatorial problems ..."
Abstract

Cited by 41 (3 self)
 Add to MetaCart
Introduction A finite domain constraint system can be viewed as an linear integer constraint system in which each variable has an upper and lower bound. Finite domains have been used successfully in Constraint Logic Programming (CLP) languages, for example CHIP [4], to attack combinatorial problems such as resource allocation, digital circuit verification, etc. In these problems, finite domains allow a natural expression of the problem constraints because bounds on the problem variables are explicit in the problem. In other problems however, for example in temporal reasoning and some scheduling problems, there may not be natural bounds. For these problems, a standard approach has been to use ad hoc bounds, giving rise to a twofold problem. If a bound is too tight, then important solutions could be lost. If a bound is too loose, then significant inefficiency may result. This is because the algorithms used in finite domains work by propagating bounds on variables 1<F12.
Analytica  A Theorem Prover for Mathematica
 The Mathematica Journal
, 1993
"... Analytica is an automatic theorem prover for theorems in elementary analysis. The prover is written in Mathematica language and runs in the Mathematica environment. The goal of the project is to use a powerful symbolic computation system to prove theorems that are beyond the scope of previous automa ..."
Abstract

Cited by 40 (2 self)
 Add to MetaCart
Analytica is an automatic theorem prover for theorems in elementary analysis. The prover is written in Mathematica language and runs in the Mathematica environment. The goal of the project is to use a powerful symbolic computation system to prove theorems that are beyond the scope of previous automatic theorem provers. The theorem prover is also able to guarantee the correctness of certain steps that are made by the symbolic computation system and therefore prevent common errors like division by a symbolic expression that could be zero. In this paper we describe the structure of Analytica and explain the main techniques that it uses to construct proofs. We have tried to make the paper as selfcontained as possible so that it will be accessible to a wide audience of potential users. We illustrate the power of our theorem prover by several nontrivial examples including the basic properties of the stereographic projection and a series of three lemmas that lead to a proof of Weierstrass's...
From Surfaces to Objects: Computer Vision and ThreeDimensional Scene Analysis
, 1989
"... This book was originally published by John Wiley and Sons, ..."
Abstract

Cited by 38 (11 self)
 Add to MetaCart
This book was originally published by John Wiley and Sons,
Going beyond Integer Programming with the Omega Test to Eliminate False Data Dependences
 IEEE Transactions on Parallel and Distributed Systems
, 1992
"... Array data dependence analysis methods currently in use generate false dependences that can prevent useful program transformations. These false dependences arise because the questions asked are conservative approximations to the questions we really should be asking. Unfortunately, the questions we r ..."
Abstract

Cited by 30 (11 self)
 Add to MetaCart
Array data dependence analysis methods currently in use generate false dependences that can prevent useful program transformations. These false dependences arise because the questions asked are conservative approximations to the questions we really should be asking. Unfortunately, the questions we really should be asking go beyond integer programming and require decision procedures for a subclass of Presburger formulas. In this paper, we describe how to extend the Omega test so that it can answer these queries and allow us to eliminate these false data dependences. We have implemented the techniques described here and believe they are suitable for use in production compilers.