English
Related papers

Related papers: NSan: A Floating-Point Numerical Sanitizer

200 papers

Address Sanitizer (ASan) is a sharp weapon for detecting memory safety violations, including temporal and spatial errors hidden in C/C++ programs during execution. However, ASan incurs significant runtime overhead, which limits its…

Software Engineering · Computer Science 2025-09-03 Yixuan Cao , Yuhong Feng , Huafeng Li , Chongyi Huang , Fangcao Jian , Haoran Li , Xu Wang

Sanitizers provide robust test oracles for various software vulnerabilities. Fuzzing on sanitizer-enabled programs has been the best practice to find software bugs. Since sanitizers need to heavily instrument a target program to insert…

Cryptography and Security · Computer Science 2025-02-13 Ziqiao Kong , Shaohua Li , Heqing Huang , Zhendong Su

Sanitizers can detect security vulnerabilities in C/C++ code that elude static analysis. Current practice is to continuously fuzz and sanitize internal pre-release builds. Sanitization-enabled builds are rarely released publicly. This is in…

Cryptography and Security · Computer Science 2018-05-16 Julian Lettner , Dokyung Song , Taemin Park , Stijn Volckaert , Per Larsen , Michael Franz

Rust is a memory-safe language, and its strong safety guarantees combined with high performance have been attracting widespread adoption in systems programming and security-critical applications. However, Rust permits the use of unsafe…

Cryptography and Security · Computer Science 2025-09-23 Tianrou Xia , Kaiming Huang , Dongyeon Yu , Yuseok Jeon , Jie Zhou , Dinghao Wu , Taegyu Kim

The C and C++ programming languages are notoriously insecure yet remain indispensable. Developers therefore resort to a multi-pronged approach to find security issues before adversaries. These include manual, static, and dynamic program…

Cryptography and Security · Computer Science 2018-06-13 Dokyung Song , Julian Lettner , Prabhu Rajasekaran , Yeoul Na , Stijn Volckaert , Per Larsen , Michael Franz

Greybox fuzzing is a proven and effective testing method for the detection of security vulnerabilities and other bugs in modern software systems. Greybox fuzzing can also be used in combination with a sanitizer, such as AddressSanitizer…

Cryptography and Security · Computer Science 2022-09-07 Jinsheng Ba , Gregory J. Duck , Abhik Roychoudhury

Memory safety is a key security property that stops memory corruption vulnerabilities. Existing sanitizers enforce checks and catch such bugs during development and testing. However, they either provide partial memory safety or have…

Cryptography and Security · Computer Science 2022-02-09 Yuan Li , Wende Tan , Zhizheng Lv , Songtao Yang , Mathias Payer , Ying Liu , Chao Zhang

Buffer-overruns are a prevalent vulnerability in software libraries and applications. Fuzz testing is one of the effective techniques to detect vulnerabilities in general. Greybox fuzzers such as AFL automatically generate a sequence of…

Software Engineering · Computer Science 2021-04-22 Raveendra Kumar Medicherla , Malathy Nagalakshmi , Tanya Sharma , Raghavan Komondoor

Most memory sanitizers work by instrumenting the program at compile time. There are only a handful of memory sanitizers that can sanitize a binary program without source code. Most are location-based, and are therefore unable to detect…

Cryptography and Security · Computer Science 2020-07-28 Jos Craaijo

In this paper, we propose a testing framework for validating sanitizer implementations in compilers. Our core components are (1) a program generator specifically designed for producing programs containing undefined behavior (UB), and (2) a…

Cryptography and Security · Computer Science 2024-01-10 Shaohua Li , Zhendong Su

Computational notebooks became indispensable tools for research-related development, offering unprecedented interactivity and flexibility in the development process. However, these benefits come at the cost of reproducibility and an…

Software Engineering · Computer Science 2024-05-06 Konstantin Grotov , Sergey Titov , Yaroslav Zharov , Timofey Bryksin

Static Application Security Testing (SAST) tools using taint analysis are widely viewed as providing higher-quality vulnerability detection results compared to traditional pattern-based approaches. However, performing static taint analysis…

Input sanitization mechanisms are widely used to mitigate vulnerabilities to injection attacks such as cross-site scripting. Static analysis tools and techniques commonly used to ensure that applications utilize sanitization functions.…

Cryptography and Security · Computer Science 2018-04-04 Mahmoud Mohammadi , Bill Chu , Heather Richter Lipford

Over 70% of security vulnerabilities in critical software systems today result from memory safety violations. To address this challenge, fuzzing and static analysis are widely used automated methods to discover such vulnerabilities. Fuzzing…

Cryptography and Security · Computer Science 2026-03-31 Keno Hassler , Philipp Görz , Stephan Lipp

Despite the recent advances in pre-production bug detection, heap-use-after-free and heap-buffer-overflow bugs remain the primary problem for security, reliability, and developer productivity for applications written in C or C++, across all…

Static analysis is one of the most widely adopted techniques to find software bugs before code is put in production. Designing and implementing effective and efficient static analyses is difficult and requires high expertise, which results…

Software Engineering · Computer Science 2019-06-04 Andrew Habib , Michael Pradel

Fuzzing is a widely used software security testing technique that is designed to identify vulnerabilities in systems by providing invalid or unexpected input. Continuous fuzzing systems like OSS-FUZZ have been successful in finding security…

Cryptography and Security · Computer Science 2023-07-04 Chaitanya Rahalkar

Data standardization is a crucial part of the data science life cycle. While tools like Pandas offer robust functionalities, their complexity and the manual effort required for customizing code to diverse column types pose significant…

Machine Learning · Computer Science 2025-06-03 Danrui Qi , Zhengjie Miao , Jiannan Wang

Evaluating Large Language Models (LLMs) is one of the most critical aspects of building a performant compound AI system. Since the output from LLMs propagate to downstream steps, identifying LLM errors is crucial to system performance. A…

Fuzzing has proven to be very effective for discovering certain classes of software flaws, but less effective in helping developers process these discoveries. Conventional crash-based fuzzers lack enough information about failures to…

Cryptography and Security · Computer Science 2024-11-04 Allison Naaktgeboren , Sean Noble Anderson , Andrew Tolmach , Greg Sullivan
‹ Prev 1 2 3 10 Next ›