A buffer overflow benchmark for software model checkers

Ku, Kelvin; Hart, Tae L.; Chećhik, Marsha; Lie, David

doi:10.1145/1321631.1321691

Cited by 68 publications

(59 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The next four benchmarks are programs from the test suite of InvGen. The program spam also occurs as SpamAssassin-loop in [23]. The next benchmark, ex1, is an interesting variation of cav06, and ex2 is an example illustrating that splitting can be carried out in any order to obtain equivalent results in the presence of multiple splitter predicates.…”

Section: Methodsmentioning

confidence: 99%

Simplifying Loop Invariant Generation Using Splitter Predicates

Sharma

Dillig

et al. 2011

Computer Aided Verification

View full text Add to dashboard Cite

Abstract. We present a novel static analysis technique that substantially improves the quality of invariants inferred by standard loop invariant generation techniques. Our technique decomposes multi-phase loops, which require disjunctive invariants, into a semantically equivalent sequence of single-phase loops, each of which requires simple, conjunctive invariants. We define splitter predicates which are used to identify phase transitions in loops, and we present an algorithm to find useful splitter predicates that enable the phase-reducing transformation. We show experimentally on a set of representative benchmarks from the literature and real code examples that our technique substantially increases the quality of invariants inferred by standard invariant generation techniques. Our technique is conceptually simple, easy to implement, and can be integrated into any automatic loop invariant generator.

show abstract

Section: Methodsmentioning

confidence: 99%

Simplifying Loop Invariant Generation Using Splitter Predicates

Sharma

Dillig

et al. 2011

Computer Aided Verification

View full text Add to dashboard Cite

show abstract

“…Considerable research effort has attempted to develop static analysis tools and check security vulnerabilities in real world software applications [31], [32], [42], [80], [135]. Empirical studies have been also carried out to evaluate proposed static analysis techniques and tools [42], [80].…”

Section: Literature Reviewmentioning

confidence: 99%

Goal-oriented dynamic test generation

Khoo

Fong

et al. 2015

Information and Software Technology

View full text Add to dashboard Cite

“…There have been several studies in which an SMC was applied to various target systems such as automotive software [47], microcontroller programs [48], Linux device drivers [45], [46], file systems [52], network filters [13], a protocol stack [40], and server applications [41]. For a flash storage platform, which is our main target domain, one recent study [32] analyzes flash file systems as an effort of the mini-challenge [35].…”

Section: Related Workmentioning

confidence: 99%

“…They reported that several bugs were detected in a few seconds to a few minutes, but tool failures and false alarms were observed as well. Ku et al [41] applied SATABS [21] to detect buffer overflows on the 300 sample codes of server applications such as apache and sendmail. Although 90 percent of the sample codes are less than 100 lines long, they could analyze the sample codes with only minimal buffer sizes (1 and 2) to avoid explosion of analysis time.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

A Comparative Study of Software Model Checkers as Unit Testing Tools: An Industrial Case Study

Kim

2011

IIEEE Trans. Software Eng.

View full text Add to dashboard Cite

Abstract-Conventional testing methods often fail to detect hidden flaws in complex embedded software such as device drivers or file systems. This deficiency incurs significant development and support/maintenance cost for the manufacturers. Model checking techniques have been proposed to compensate for the weaknesses of conventional testing methods through exhaustive analyses. Whereas conventional model checkers require manual effort to create an abstract target model, modern software model checkers remove this overhead by directly analyzing a target C program, and can be utilized as unit testing tools. However, since software model checkers are not fully mature yet, they have limitations according to the underlying technologies and tool implementations, potentially critical issues when applied in industrial projects. This paper reports our experience in applying Blast and CBMC to testing the components of a storage platform software for flash memory. Through this project, we analyzed the strong and weak points of two different software model checking technologies in the viewpoint of real-world industrial application-counterexample-guided abstraction refinement with predicate abstraction and SAT-based bounded analysis.Index Terms-Embedded software verification, software model checking, bounded model checking, CEGAR-based model checking, flash file systems.

show abstract

A buffer overflow benchmark for software model checkers

Cited by 68 publications

References 8 publications

Simplifying Loop Invariant Generation Using Splitter Predicates

Simplifying Loop Invariant Generation Using Splitter Predicates

Goal-oriented dynamic test generation

A Comparative Study of Software Model Checkers as Unit Testing Tools: An Industrial Case Study

Contact Info

Product

Resources

About