See this document in CiteSeerX!

ARCHER: Using Symbolic, Path-sensitive Analysis to Detect Memory Access Errors (2003)  (Make Corrections)  
Yichen Xie, Andy Chou, Dawson Engler



  Home/Search   Context   Related

 
View or download:
stanford.edu/~engler/p150xie.ps
Cached:  PS.gz  PS  PDF   Image  Update  Help

From:  stanford.edu/~engler/ (more)
(Enter author homepages)

Rate this article: (best)
  Comment on this article  
(Enter summary)

Abstract: Memory corruption errors lead to non-deterministic, elusive crashes. This paper describes ARCHER (ARray CHeckER) a static, e#ective memory access checker. ARCHER uses path-sensitive, interprocedural symbolic analysis to bound the values of both variables and memory sizes. It evaluates known values using a constraint solver at every array access, pointer dereference, or call to a function that expects a size parameter. Accesses that violate constraints are flagged as errors. Those that are... (Update)

Active bibliography (related documents):   More   All
0.3:   Improving Software Security with a C Pointer Analysis - Avots, Dalton, Livshits, Lam (2005)   (Correct)
0.2:   Correlation Exploitation in Error Ranking - Kremenek, Ashcraft, Yang, Engler (2004)   (Correct)
0.2:   Code Inection in C and CPP: A Survey of Vulnerabilities.. - Younan, Joosen, Piessens (2004)   (Correct)

Similar documents based on text:   More   All
0.4:   Using Redundancies to Find Errors - Xie, Engler (2002)   (Correct)
0.2:   Z-Ranking: Using Statistical Analysis to Counter the Impact.. - Kremenek, Engler   (Correct)
0.1:   Lessons Learnt from the JPEG Case Study: Extended View on.. - Zivkovic (2002)   (Correct)

BibTeX entry:   (Update)

@misc{ xie-archer,
  author = "Yichen Xie and Andy Chou and Dawson Engler",
  title = "ARCHER: Using Symbolic, Path-sensitive Analysis to Detect Memory Access
    Errors",
  url = "citeseer.ist.psu.edu/xie03archer.html" }
Citations (may not include all citations):
245   The omega test: a fast and practical integer programming alg.. - Pugh - 1991
140   Extended static checking for Java - Flanagan, Leino et al. - 2002
100   Checking system rules using system-specific (context) - Engler, Chelf et al. - 2000
98   Purify: Fast detection of memory leaks and access errors (context) - Hastings, Joyce - 1992
67   CCured: type-safe retrofitting of legacy code - Necula, McPeak et al. - 2002
67   Bugs as deviant behavior: A general approach to inferring er.. - Engler, Chen et al. - 2001
59   A static analyzer for finding dynamic programming errors - Bush, Pincus et al. - 2000
51   annotation assistant ESCJava (context) - Leino, annotation et al. - 2001
47   A system and language for building system-specific (context) - Hallem, Chelf et al. - 2002
46   Using programmer-written compiler extensions to catch securi.. - Ashcraft, Engler - 2002
43   ABCD: Eliminating array bounds checks on demand - Bodik, Gupta et al. - 2000
34   Backwards-compatible bounds checking for arrays and pointers.. - Jones, Kelly - 1997
31   A first step towards automated detection of bu#er overrun vu.. (context) - Wagner, Foster et al. - 2000
18   CIL: Intermediate language and tools for analysis and transf.. - Necula, McPeak et al. - 2002
16   Predicate abstraction for software verification (context) - Flanagan, Qadeer - 2002
13   ective use of boolean satisfiability procedures in the forma.. (context) - Velev, Bryant - 2002
13   CSSV: towards a realistic tool for statically detecting all .. - Dor, Rodeh et al. - 2003
13   Statically detecting likely bu#er overflow vulnerabilities (context) - Larochelle, Evans - 2001
12   Improving computer security using extended static checking - Chess - 2002
5   technical introduction to PREfixEnterprise (context) - introduction, Enterprise et al. - 1998
4   Interprocedural modification side e#ect analysis with pointe.. (context) - Landi, Ryder et al. - 1993
1   third edition (context) - Freedman, Pisani et al. - 1997
1   Congressional Testimony by Federal Document Clearing House (context) - Schneier, cybersecurity - 2003
http://research.microsoft.com/sbt/

Documents on the same site (http://www.stanford.edu/~engler/):   More
A Simple Method for Extracting Models from Protocol Code - Lie, Chou, Engler, Dill (2001)   (Correct)
tcc: A Template-Based Compiler for `C - Poletto, Engler, Kaashoek (1995)   (Correct)
Interface Compilation: Steps toward Compiling Program Interfaces.. - Engler (1999)   (Correct)

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC