Results 1  10
of
79
A First Step towards Automated Detection of Buffer Overrun Vulnerabilities
 In Network and Distributed System Security Symposium
, 2000
"... We describe a new technique for finding potential buffer overrun vulnerabilities in securitycritical C code. The key to success is to use static analysis: we formulate detection of buffer overruns as an integer range analysis problem. One major advantage of static analysis is that security bugs can ..."
Abstract

Cited by 336 (10 self)
 Add to MetaCart
We describe a new technique for finding potential buffer overrun vulnerabilities in securitycritical C code. The key to success is to use static analysis: we formulate detection of buffer overruns as an integer range analysis problem. One major advantage of static analysis is that security bugs can be eliminated before code is deployed. We have implemented our design and used our prototype to find new remotelyexploitable vulnerabilities in a large, widely deployed software package. An earlier hand audit missed these bugs. 1.
Consistency techniques for numeric csps
, 1993
"... Many problems can be expressed in terms of a numeric constraint satisfaction problem over finite or continuous domains (numeric CSP). The purpose of this paper is to show that the consistency techniques that have been developed for CSPs can be adapted to numeric CSPs. Since the numeric domains are o ..."
Abstract

Cited by 200 (7 self)
 Add to MetaCart
Many problems can be expressed in terms of a numeric constraint satisfaction problem over finite or continuous domains (numeric CSP). The purpose of this paper is to show that the consistency techniques that have been developed for CSPs can be adapted to numeric CSPs. Since the numeric domains are ordered the underlying idea is to handle domains only by their bounds. The semantics that have been elaborated, plus the complexity analysis and good experimental results, confirm that these techniques can be used in real applications. 1
CLP(Intervals) Revisited
, 1994
"... The design and implementation of constraint logic programming (CLP) languages over intervals is revisited. Instead of decomposing complex constraints in terms of simple primitive constraints as in CLP(BNR), complex constraints are manipulated as a whole, enabling more sophisticated narrowing procedu ..."
Abstract

Cited by 121 (18 self)
 Add to MetaCart
The design and implementation of constraint logic programming (CLP) languages over intervals is revisited. Instead of decomposing complex constraints in terms of simple primitive constraints as in CLP(BNR), complex constraints are manipulated as a whole, enabling more sophisticated narrowing procedures to be applied in the solver. This idea is embodied in a new CLP language Newton whose operational semantics is based on the notion of boxconsistency, an approximation of arcconsistency, and whose implementation uses Newton interval method. Experimental results indicate that Newton outperforms existing languages by an order of magnitude and is competitive with some stateoftheart tools on some standard benchmarks. Limitations of our current implementation and directions for further work are also identified.
Constraint Arithmetic on Real Intervals
, 1993
"... Constraint interval arithmetic is a sublanguage of BNR Prolog which offers a new approach to the old problem of deriving numerical consequences from algebraic models. Since it is simultaneously a numerical computation technique and a proof technique, it bypasses the traditional dichotomy between (nu ..."
Abstract

Cited by 67 (3 self)
 Add to MetaCart
Constraint interval arithmetic is a sublanguage of BNR Prolog which offers a new approach to the old problem of deriving numerical consequences from algebraic models. Since it is simultaneously a numerical computation technique and a proof technique, it bypasses the traditional dichotomy between (numeric) calculation and (symbolic) proofs. This interplay between proof and calculation can be used effectively to handle practical problems which neither can handle alone. The underlying semantic model is based on the properties of monotone contraction operators on a lattice, an algebraic setting in which fixed point semantics take an especially elegant form.
Extending Prolog with Constraint Arithmetic on Real Intervals
, 1990
"... Prolog can be extended by a system of constraints on closed intervals to perform declarative relational arithmetic. Imposing constraints on an interval can narrow its range and propagate the narrowing to other intervals related to it by constraint equations or inequalities. Relational interval ar ..."
Abstract

Cited by 51 (7 self)
 Add to MetaCart
Prolog can be extended by a system of constraints on closed intervals to perform declarative relational arithmetic. Imposing constraints on an interval can narrow its range and propagate the narrowing to other intervals related to it by constraint equations or inequalities. Relational interval arithmetic can be used to contain #oating point errors and, when combined with Prolog backtracking, to obtain numeric solutions to linear and nonlinear rational constraint satisfaction problems over the reals #e.g. ndegree polynomial equations#. This technique di#ers from other constraint logic programming #CLP# systems like CLP### or PrologIII in that it does not do any symbolic processing. 1
Interval constraint logic programming
 CONSTRAINT PROGRAMMING: BASICS AND TRENDS, VOLUME 910 OF LNCS
, 1995
"... Abstract. In this paper, we present anoverview on the use of interval arithmetic to process numerical constraints in Constraint Logic Programming. The main principle is to approximate nary relations over IR with Cartesian products of intervals whose bounds are taken in a nite subset of I R.Variabl ..."
Abstract

Cited by 47 (5 self)
 Add to MetaCart
Abstract. In this paper, we present anoverview on the use of interval arithmetic to process numerical constraints in Constraint Logic Programming. The main principle is to approximate nary relations over IR with Cartesian products of intervals whose bounds are taken in a nite subset of I R.Variables represent real values whose domains are intervals de ned in the same manner. Narrowing operators are de ned from approximations. These operators compute, from an interval and a relation, aset included in the initial interval. Sets of constraints are then processed thanks to a local consistency algorithm pruning at each stepvalues from initial intervals. This algorithm is shown to be correct and to terminate, on the basis of a certain number of properties of narrowing operators. We focus here on the description of the general framework based on approximations, on its application to interval constraint solving over continuous and discrete quantities, we establish a strong link between approximations and local consistency notions and show that arcconsistency is an instance of the approximation framework. We nally describe recentwork on di erent variants of the initial algorithm proposed by John Cleary and developed by W. Older and A. Vellino which havebeen proposed in this context. These variants address four particular points: generalization of the constraint language, improvement of domain reductions, e ciency of the computation and nally, cooperation with other solvers. Some open questions are also identi ed. 1
Qualitative and Quantitative Simulation: Bridging the Gap
 Artificial Intelligence
, 1997
"... Shortcomings of qualitative simulation and of quantitative simulation motivate combining them to do simulations exhibiting strengths of both. The resulting class of techniques is called semiquantitative simulation. One approach to semiquantitative simulation is to use numeric intervals to represe ..."
Abstract

Cited by 43 (1 self)
 Add to MetaCart
Shortcomings of qualitative simulation and of quantitative simulation motivate combining them to do simulations exhibiting strengths of both. The resulting class of techniques is called semiquantitative simulation. One approach to semiquantitative simulation is to use numeric intervals to represent incomplete quantitative information. In this research we demonstrate semiquantitative simulation using intervals in an implemented semiquantitative simulator called Q3. Q3 progressively refines a qualitative simulation, providing increasingly specific quantitative predictions which can converge to a numerical simulation in the limit while retaining important correctness guarantees from qualitative and interval simulation techniques. Q3's simulations are based on a technique we call step size refinement. While a pure qualitative simulation has a very coarse step size, representing the state of a system trajectory at relatively few qualitatively distinct states, Q3 interpolates newly expl...
Arc Consistency for Continuous Variables
 Artificial Intelligence
, 1998
"... Davis [1] has investigated the properties of the Waltz propagation algorithm with interval labels in continuous domains. He shows that in most cases, the algorithm does not achieve arc consistency, and furthermore is subject to infinite iterations. ..."
Abstract

Cited by 33 (5 self)
 Add to MetaCart
Davis [1] has investigated the properties of the Waltz propagation algorithm with interval labels in continuous domains. He shows that in most cases, the algorithm does not achieve arc consistency, and furthermore is subject to infinite iterations.
Propositional Satisfiability and Constraint Programming: a Comparative Survey
 ACM Computing Surveys
, 2006
"... Propositional Satisfiability (SAT) and Constraint Programming (CP) have developed as two relatively independent threads of research, crossfertilising occasionally. These two approaches to problem solving have a lot in common, as evidenced by similar ideas underlying the branch and prune algorithms ..."
Abstract

Cited by 32 (4 self)
 Add to MetaCart
Propositional Satisfiability (SAT) and Constraint Programming (CP) have developed as two relatively independent threads of research, crossfertilising occasionally. These two approaches to problem solving have a lot in common, as evidenced by similar ideas underlying the branch and prune algorithms that are most successful at solving both kinds of problems. They also exhibit differences in the way they are used to state and solve problems, since SAT’s approach is in general a blackbox approach, while CP aims at being tunable and programmable. This survey overviews the two areas in a comparative way, emphasising the similarities and differences between the two and the points where we feel that one technology can benefit from ideas or experience acquired