Beacon: Directed grey-box fuzzing with provable path pruning
Unlike coverage-based fuzzing that gives equal attention to every part of a code, directed
fuzzing aims to direct a fuzzer to a specific target in the code, eg, the code with potential …
fuzzing aims to direct a fuzzer to a specific target in the code, eg, the code with potential …
Inference of robust reachability constraints
Y Sellami, G Girol, F Recoules, D Couroussé… - Proceedings of the …, 2024 - dl.acm.org
Characterization of bugs and attack vectors is in many practical scenarios as important as
their finding. Recently, Girol et. al. have introduced the concept of robust reachability, which …
their finding. Recently, Girol et. al. have introduced the concept of robust reachability, which …
Calculational design of [in] correctness transformational program logics by abstract interpretation
P Cousot - Proceedings of the ACM on Programming Languages, 2024 - dl.acm.org
We study transformational program logics for correctness and incorrectness that we extend
to explicitly handle both termination and nontermination. We show that the logics are …
to explicitly handle both termination and nontermination. We show that the logics are …
Synthesizing ranking functions from bits and pieces
In this work, we present a novel approach based on recent advances in software model
checking to synthesize ranking functions and prove termination (and non-termination) of …
checking to synthesize ranking functions and prove termination (and non-termination) of …
[HTML][HTML] The virtues of idleness: A decidable fragment of resource agent logic
Abstract Alternating Time Temporal Logic (ATL) is widely used for the verification of multi-
agent systems. We consider Resource Agent Logic (RAL), which extends ATL to allow the …
agent systems. We consider Resource Agent Logic (RAL), which extends ATL to allow the …
Static analysis by abstract interpretation of functional temporal properties of programs
C Urban - 2015 - theses.hal.science
The overall aim of this thesis is the development of mathematically sound and practically
efficient methods for automatically proving the correctness of computer software. More …
efficient methods for automatically proving the correctness of computer software. More …
Finding recurrent sets with backward analysis and trace partitioning
A Bakhirkin, N Piterman - Tools and Algorithms for the Construction and …, 2016 - Springer
We propose an abstract-interpretation-based analysis for recurrent sets. A recurrent set is a
set of states from which the execution of a program cannot or might not (as in our case) …
set of states from which the execution of a program cannot or might not (as in our case) …
Calculational Design of [In] Correctness Transformational Program Logics by Abstract Interpretation
P Cousot - arXiv preprint arXiv:2310.15340, 2023 - arxiv.org
We study transformational program logics for correctness and incorrectness that we extend
to explicitly handle both termination and nontermination. We show that the logics are …
to explicitly handle both termination and nontermination. We show that the logics are …
Responsibility analysis by abstract interpretation
Given a behavior of interest in the program, statically determining the corresponding
responsible entity is a task of critical importance, especially in program security. Classical …
responsible entity is a task of critical importance, especially in program security. Classical …
Inference of ranking functions for proving temporal properties by abstract interpretation
We present new static analysis methods for proving liveness properties of programs. In
particular, with reference to the hierarchy of temporal properties proposed by Manna and …
particular, with reference to the hierarchy of temporal properties proposed by Manna and …