swMATH ID: 13701
Software Authors: Dor, N., Rodeh, M., Sagiv, M
Description: CSSV: Towards a realistic tool for statically detecting all buffer overflows in C. Erroneous string manipulations are a major source of software defects in C programs yielding vulnerabilities which are exploited by software viruses. We present C String Static Verifyer (CSSV), a tool that statically uncovers all string manipulation errors. Being a conservative tool, it reports all such errors at the expense of sometimes generating false alarms. Fortunately, only a small number of false alarms are reported, thereby proving that statically reducing software vulnerability is achievable. CSSV handles large programs by analyzing each procedure separately. To this end procedure contracts are allowed which are verified by the tool.We implemented a CSSV prototype and used it to verify the absence of errors in real code from EADS Airbus. When applied to another commonly used string intensive application, CSSV uncovered real bugs with very few false alarms.
Homepage: http://dl.acm.org/citation.cfm?id=781149
Related Software: ASTREE; TVLA; CBMC; SPEED; PPL; Octagon; Consit; Privtrans; Privman; MOPS; CCured; RacerX; aiT; Houdini; SatAbs; ESC/Java; ARMC; SLAM; Dafny; Cibai
Cited in: 16 Documents

Citations by Year