This paper addresses the issue of identifying buffer overrun vulnerabilities by statically analyzing C source code. We demonstrate a light-weight analysis based on modeling C stri...
Vinod Ganapathy, Somesh Jha, David Chandler, David...
We check statically whether it is safe for untrusted foreign machine code to be loaded into a trusted host system. (Here “safety” means that the program abides by a memory-acc...
Thread escape analysis, which determines whether and when a variable becomes shared by multiple threads, is a foundation for many other program analyses. Most existing escape anal...
Analyzing historical information can show how a software system evolved into its current state, which parts of the system are stable and which have changed more. However, historic...
Bad error handling is the cause of many service outages. We address this problem by a novel approach to detect and patch bad error handling automatically. Our approach uses error ...