We describe a new technique for finding potential buffer overrun vulnerabilities in security-critical C code. The key to success is to use static analysis: we formulate detection of buffer overruns as an integer range analysis problem. One major advantage of static analysis is that security bugs can be eliminated before code is deployed. We have implemented our design and used our prototype to find new remotely-exploitable vulnerabilities in a large, widely deployed software package. An earlier hand audit missed these bugs. 1.

Many problems can be expressed in terms of a numeric constraint satisfaction problem over finite or continuous domains (numeric CSP). The purpose of this paper is to show that the consistency techniques that have been developed for CSPs can be adapted to numeric CSPs. Since the numeric domains are ordered the underlying idea is to handle domains only by their bounds. The semantics that have been elaborated, plus the complexity analysis and good experimental results, confirm that these techniques can be used in real applications. 1

The design and implementation of constraint logic programming (CLP) languages over intervals is revisited. Instead of decomposing complex constraints in terms of simple primitive constraints as in CLP(BNR), complex constraints are manipulated as a whole, enabling more sophisticated narrowing procedures to be applied in the solver. This idea is embodied in a new CLP language Newton whose operational semantics is based on the notion of box-consistency, an approximation of arc-consistency, and whose implementation uses Newton interval method. Experimental results indicate that Newton outperforms existing languages by an order of magnitude and is competitive with some state-of-the-art tools on some standard benchmarks. Limitations of our current implementation and directions for further work are also identified.

Constraint interval arithmetic is a sublanguage of BNR Prolog which offers a new approach to the old problem of deriving numerical consequences from algebraic models. Since it is simultaneously a numerical computation technique and a proof technique, it bypasses the traditional dichotomy between (numeric) calculation and (symbolic) proofs. This interplay between proof and calculation can be used effectively to handle practical problems which neither can handle alone. The underlying semantic model is based on the properties of monotone contraction operators on a lattice, an algebraic setting in which fixed point semantics take an especially elegant form.

Prolog can be extended by a system of constraints on closed intervals to perform declarative relational arithmetic. Imposing constraints on an interval can narrow its range and propagate the narrowing to other intervals related to it by constraint equations or inequalities. Relational interval arithmetic can be used to contain #oating point errors and, when combined with Prolog backtracking, to obtain numeric solutions to linear and non-linear rational constraint satisfaction problems over the reals #e.g. n-degree polynomial equations#. This technique di#ers from other constraint logic programming #CLP# systems like CLP### or Prolog-III in that it does not do any symbolic processing. 1

Abstract. In this paper, we present anoverview on the use of interval arithmetic to process numerical constraints in Constraint Logic Program-ming. The main principle is to approximate n-ary relations over IR with Cartesian products of intervals whose bounds are taken in a nite subset of I R.Variables represent real values whose domains are intervals de ned in the same manner. Narrowing operators are de ned from approximations. These operators compute, from an interval and a relation, aset included in the initial interval. Sets of constraints are then processed thanks to a local consistency algorithm pruning at each stepvalues from initial intervals. This algorithm is shown to be correct and to terminate, on the basis of a certain number of properties of narrowing operators. We focus here on the description of the general framework based on approximations, on its application to interval constraint solving over continuous and discrete quantities, we establish a strong link between approximations and local consistency notions and show that arc-consistency is an instance of the approximation framework. We nally describe recentwork on di erent variants of the initial algorithm proposed by John Cleary and developed by W. Older and A. Vellino which havebeen proposed in this context. These variants address four particular points: generalization of the constraint language, improvement of domain reductions, e ciency of the computation and nally, cooperation with other solvers. Some open questions are also identi ed. 1

Shortcomings of qualitative simulation and of quantitative simulation motivate combining them to do simulations exhibiting strengths of both. The resulting class of techniques is called semi-quantitative simulation. One approach to semi-quantitative simulation is to use numeric intervals to represent incomplete quantitative information. In this research we demonstrate semiquantitative simulation using intervals in an implemented semi-quantitative simulator called Q3. Q3 progressively refines a qualitative simulation, providing increasingly specific quantitative predictions which can converge to a numerical simulation in the limit while retaining important correctness guarantees from qualitative and interval simulation techniques. Q3's simulations are based on a technique we call step size refinement. While a pure qualitative simulation has a very coarse step size, representing the state of a system trajectory at relatively few qualitatively distinct states, Q3 interpolates newly expl...

Davis [1] has investigated the properties of the Waltz propagation algorithm with interval labels in continuous domains. He shows that in most cases, the algorithm does not achieve arc consistency, and furthermore is subject to infinite iterations.

Abstract not found

. Ultraviolet is a constraint satisfaction algorithm intended for use in interactive graphical applications. It is capable of solving constraints over arbitrary domains using local propagation, and inequality constraints and simultaneous linear equations over the reals. To support this, Ultraviolet is a hybrid algorithm that allows different subsolvers to be used for different parts of the constraint graph, depending on graph topology and kind of constraints. In addition, Ultraviolet and its subsolvers support plan compilation, producing efficient compiled code that can be evaluated repeatedly to resatisfy a given collection of constraints for different input values. Keywords: constraints, user interfaces, hybrid constraint satisfaction algorithms 1. Introduction Many key aspects of interactive graphical systems can be conveniently described using constraints, including layout and other kinds of geometric relations, consistency between application data and views, consistency of multi...