We present the first compositional, incremental static analysis for detectingmemory-safety and information leakage vulnerabilities in C-like programs . We develop the first under-approximate relational program logics, including InsecSL . We show how InSecSL can be automated viaback-propagating symbolic execution (BPSE) to build a bottom-up,inter-procedural and incremental analysis . Weprove our approach in Isabelle/HOL and implement it in a proof-of-concept tool, Underflow, for analysing C programs .

Author(s) : Toby Murray, Pengbo Yan, Gidon Ernst

Links : PDF - Abstract

Code :

Keywords : incremental - propagating - programs - symbolic - insecsl -

Leave a Reply

Your email address will not be published. Required fields are marked *