We describe a new technique for finding potential buffer overrun vulnerabilities in security-critical C code. The key to success is to use static analysis: we formulate detection of buffer overruns as an integer range analysis problem. One major advantage of static analysis is that security bugs can be eliminated before code is deployed. We have implemented our design and used our prototype to find new remotely-exploitable vulnerabilities in a large, widely deployed software package. An earlier hand audit missed these bugs. 1.

Abstract not found

. We describe a formal specification and mechanized verification in PVS of the general theory of SRT division along with a specific hardware realization of the algorithm. The specification demonstrates how attributes of the PVS language (in particular, predicate subtypes) allow the general theory to be developed in a readable manner that is similar to textbook presentations, while the PVS table construct allows direct specification of the implementation's quotient lookup table. Verification of the derivations in the SRT theory and for the data path and lookup table of the implementation are highly automated and performed for arbitrary, but finite precision; in addition, the theory is verified for general radix, while the implementation is specialized to radix 4. The effectiveness of the automation stems from the tight integration in PVS of rewriting with decision procedures for equality, linear arithmetic over integers and rationals, and propositional logic. This example demonstrates t...

In this paper, we study the problem of solving integer range constraints that arise in many static program analysis problems. In particular, we present the first polynomial time algorithm for a general class of integer range constraints. In contrast with abstract interpretation techniques based on widenings and narrowings, our algorithm computes, in polynomial time, the optimal solution of the arising fixpoint equations. Our result implies that "precise" range analysis can be performed in polynomial time without widening and narrowing operations.

Abstract-This paper deals with enhancing the level of autonomy in a robotic work cell. With that mission in mind, we present here an integrated framework for the sensing, the planning, and the execution aspects of assembly. In experimental demonstrations of this system on a PUMA762, we can now throw objects randomly into the workspace of the robot and the robot then automatically synthesizes a manipulation plan that includes the operations of sensing, grasping, and regrasping. Each operation is invoked only when it is deemed necessary for the successful execution of assembly. I.

This paper describes SPAR, a task planner that has been implemented on a PUMA 762. SPAR is capable of formulating manipulation plans to meet specified assembly goals; these manipulation plans include grasping and regrasping operations if they are deemed necessary for successful completion of assembly. SPAR goes beyond the classical AI planners, in the sense that SPAR is capable of solving geometric goals associated with high-level symbolic goals. So if a high-level symbolic goal is on(A,B), SPAR can also entertain the geometric conditions associated with such a goal. Therefore, a simple goal such as on(A,B) may or may not be found to be feasible depending on the kinematic constraints implied by the associated geometric conditions. SPAR has available to it a user-defined repertoire of actions for solving goals and associated with each action is an uncertainty precondition that defines the mazimum uncertainty in the world description that would guarantee the successful ezecution of that action. SPAR has been implemented as a nonlinear constraint posting planner. 1.

We develop techniques for recognizing instances of 3D object classes (which may consist of multiple and/or repeated sub-parts with internal degrees of freedom, linked by parameterized transformations), from sets of 3D feature observations. Recognition of a class instance is structured as a search of an interpretation tree in which geometric constraints on pairs of sensed features not only prune the tree, but are used to determine upper and lower bounds on the model parameter values of the instance. A real-valued constraint propagation network unifies the representations of the model parameters, model constraints and feature constraints, and provides a simple and effective mechanism for accessing and updating parameter values. Recognition of objects with multiple internal degrees of freedom, including nonuniform scaling and stretching, articulations, and sub-part repetitions, is demonstrated and analysed for two different types of real range data: 3D edge fragments from a stereo vision ...

Model At this point, while the model is defined formally, the notion of event is not. The notion of event is an intuitive idea, and is meant to be identified with some occurrence of the system being modeled that is of interest to the user. While this is a useful idea, it is not a formal definition. The semantics of the previous section charac- 21 terize an event by its properties, namely, what kind of event is it, and when does it happen. That information is sufficient for the RTM, and what follows. This section, however, will recast the model by attempting to give a more explicit definition of event, and show how the semantics can be built up from this definition. The definition in this section will not be referred to again in what follows though, and is intended primarily as an illustration that if necessary, the intuitive notion of event can be defined, although the intuitive notion may be more satisfying, and is more useful from the perspective of a specification writer. The abst...

Abstract In this paper, we introduce a new validity checking problem over linear arithmetic constraints and present a decision procedure for the problem. Instead of considering the validity of any particular linear arithmetic constraint, we consider the following problem: Given a finite automaton accepting linear arithmetic constraints, does the automaton produce any constraint that is a tautology? This problem arises in the context of static verification of meta-programs, i.e., programs dynamically generating other programs. This paper gives the first decision procedure to perform validity checking of finite automata over linear arithmetic constraints. Our algorithm will enable advanced verification of meta-programs. 1