English
Related papers

Related papers: C to Checked C by 3C

200 papers

Commits often involve refactorings -- behavior-preserving code modifications aiming at software design improvements. Refactoring operations pose a challenge to code reviewers, as distinguishing them from behavior-altering changes is often…

Software Engineering · Computer Science 2025-02-26 Benjamin Ritz , Aleksandar Karakaš , Denis Helic

C-rusted is an innovative technology whereby C programs can be (partly) annotated so as to express: ownership, exclusivity and shareability of language, system and user-defined resources; dynamic properties of objects and the way they…

Programming Languages · Computer Science 2023-08-29 Roberto Bagnara , Abramo Bagnara , Federico Serafini

Buffer overflow detection and mitigation for C programs has been an important concern for a long time. This paper defines a string buffer overflow analysis for C programs. The key ideas of our formulation are (a) separating buffers from the…

Programming Languages · Computer Science 2014-12-30 Uday P. Khedker

Over 70% of security vulnerabilities in critical software systems today result from memory safety violations. To address this challenge, fuzzing and static analysis are widely used automated methods to discover such vulnerabilities. Fuzzing…

Cryptography and Security · Computer Science 2026-03-31 Keno Hassler , Philipp Görz , Stephan Lipp

CodeChecker is an open source project that integrates different static analysis tools such as the Clang Static Analyzer and Clang-Tidy into the build systems, continuous integration loops, and development workflows of C++ programmers. It…

Software Engineering · Computer Science 2024-08-06 Gabor Horvath , Reka Kovacs , Richard Szalay , Zoltan Porkolab , Gyorgy Orban , Daniel Krupp

In languages like C, buffer overflows are widespread. A common mitigation technique is to use tools that detect them during execution and abort the program to prevent the leakage of data or the diversion of control flow. However, for server…

Cryptography and Security · Computer Science 2018-11-26 Manuel Rigger , Daniel Pekarek , Hanspeter Mössenböck

(Note: This work is a preprint.) Static analysis (SA) tools produce many diagnostic alerts indicating that source code in C or C++ may be defective and potentially vulnerable to security exploits. Many of these alerts are false positives.…

Software Engineering · Computer Science 2025-08-06 David Svoboda , Lori Flynn , William Klieber , Michael Duggan , Nicholas Reimer , Joseph Sible

2LS ("tools") is a verification tool for C programs, built upon the CPROVER framework. It allows one to verify user-specified assertions, memory safety properties (e.g. buffer overflows), numerical overflows, division by zero, memory leaks,…

Software Engineering · Computer Science 2023-02-07 Daniel Kroening , Viktor Malík , Peter Schrammel , Tomáš Vojnar

Static analysis is a method of analyzing source code without executing it. It is widely used to find bugs and code smells in industrial software. Besides other methods, the most important techniques are those based on the abstract syntax…

Software Engineering · Computer Science 2024-08-13 Gabor Horvath , Reka Kovacs , Richard Szalay , Zoltan Porkolab

Programmers often add meaningful information about program semantics when naming program entities such as variables, functions, and macros. However, static analysis tools typically discount this information when they look for bugs in a…

Programming Languages · Computer Science 2020-09-22 Roger Scott , Joseph Ranieri , Lucja Kot , Vineeth Kashyap

Current compilers implement security features and optimizations that require nontrivial semantic reasoning about pointers and memory allocation: the program after the insertion of the security feature, or after applying the optimization,…

Logic in Computer Science · Computer Science 2023-12-14 David Monniaux

Computer-based systems have solved several domain problems, including industrial, military, education, and wearable. Nevertheless, such arrangements need high-quality software to guarantee security and safety as both are mandatory for…

Cooperation between verification methods is crucial to tackle the challenging problem of software verification. The paper focuses on the verification of C programs using pointers and it formalizes a cooperation between static analyzers…

Programming Languages · Computer Science 2018-12-03 Bouillaguet Quentin , Bobot François , Sighireanu Mihaela , Yakobowski Boris

The most important security benefit of software memory safety is easy to state: for C and C++ software, attackers can exploit most bugs and vulnerabilities to gain full, unfettered control of software behavior, whereas this is not true for…

Cryptography and Security · Computer Science 2025-03-28 Úlfar Erlingsson

Memory safety in C and C++ remains largely unresolved. A technique usually called "memory tagging" may dramatically improve the situation if implemented in hardware with reasonable overhead. This paper describes two existing implementations…

Cryptography and Security · Computer Science 2018-02-27 Kostya Serebryany , Evgenii Stepanov , Aleksey Shlyapnikov , Vlad Tsyrklevich , Dmitry Vyukov

Memory corruption errors in C/C++ programs remain the most common source of security vulnerabilities in today's systems. Control-flow hijacking attacks exploit memory corruption vulnerabilities to divert program execution away from the…

Cryptography and Security · Computer Science 2019-11-26 Nathan Burow , Scott A. Carr , Joseph Nash , Per Larsen , Michael Franz , Stefan Brunthaler , Mathias Payer

Modern languages are equipped with static type checking/inference that helps programmers to keep a clean programming style and to reduce errors. However, the ever-growing size of programs and their continuous evolution require building fast…

Programming Languages · Computer Science 2018-11-28 Matteo Busi , Pierpaolo Degano , Letterio Galletta

We consider the problem of checkpointing a distributed application efficiently in Content Centric Networks so that it can withstand transient failures. We present CCNCheck, a system which enables a sender optimized way of checkpointing…

Distributed, Parallel, and Cluster Computing · Computer Science 2015-06-02 Nitinder Mohan , Pushpendra Singh

The C and C++ programming languages are notoriously insecure yet remain indispensable. Developers therefore resort to a multi-pronged approach to find security issues before adversaries. These include manual, static, and dynamic program…

Cryptography and Security · Computer Science 2018-06-13 Dokyung Song , Julian Lettner , Prabhu Rajasekaran , Yeoul Na , Stijn Volckaert , Per Larsen , Michael Franz

VeriFast is a prototype tool based on separation logic for modular verification of C and Java programs. We are in the process of adding support for C++. In this report, we describe the features of C++ for which we added support so far, as…

Logic in Computer Science · Computer Science 2022-12-29 Niels Mommen , Bart Jacobs