Z3: an efficient SMT solver
Leonardo de Moura,Nikolaj Bjørner +1 more
- pp 337-340
Reads0
Chats0
TLDR
Z3 is a new and efficient SMT Solver freely available from Microsoft Research that is used in various software verification and analysis applications.Abstract:
Satisfiability Modulo Theories (SMT) problem is a decision problem for logical first order formulas with respect to combinations of background theories such as: arithmetic, bit-vectors, arrays, and uninterpreted functions. Z3 is a new and efficient SMT Solver freely available from Microsoft Research. It is used in various software verification and analysis applications.read more
Citations
More filters
Book ChapterDOI
Pex: white box test generation for .NET
TL;DR: Pex automatically produces a small test suite with high code coverage for a .NET program by performing a systematic program analysis using dynamic symbolic execution, similar to path-bounded model-checking, to determine test inputs for Parameterized Unit Tests.
Book ChapterDOI
Dafny: an automatic program verifier for functional correctness
TL;DR: A tour of the language and verifier Dafny, which has been used to verify the functional correctness of a number of challenging pointer-based programs, is given and the full functional specification of the Schorr-Waite algorithm is shown.
Book ChapterDOI
Satisfiability Modulo Theories
Clark Barrett,Cesare Tinelli +1 more
TL;DR: The architecture of a lazy SMT solver is discussed, examples of theory solvers are given, how to combine such solvers modularly is shown, and several extensions of the lazy approach are mentioned.
Proceedings ArticleDOI
SOK: (State of) The Art of War: Offensive Techniques in Binary Analysis
Yan Shoshitaishvili,Ruoyu Wang,Christopher Salls,Nick Stephens,Mario Polino,Andrew Dutcher,John Grosen,Siji Feng,Christophe Hauser,Christopher Kruegel,Giovanni Vigna +10 more
TL;DR: This paper presents a binary analysis framework that implements a number of analysis techniques that have been proposed in the past and implements these techniques in a unifying framework, which allows other researchers to compose them and develop new approaches.
Journal ArticleDOI
Symbolic execution for software testing: three decades later
Cristian Cadar,Koushik Sen +1 more
TL;DR: The challenges---and great promise---of modern symbolic execution techniques, and the tools to help implement them.
References
More filters
Book ChapterDOI
The spec# programming system: an overview
TL;DR: The goals and architecture of thespec# programming system, consisting of the object-oriented Spec# programming language, the Spec# compiler, and the Boogie static program verifier, are described.
Proceedings ArticleDOI
The SLAM project: debugging system software via static analysis
Thomas Ball,Sriram K. Rajamani +1 more
TL;DR: This work has successfully applied the SLAM toolkit to Windows XP device drivers, to both validate behavior and find defects in their usage of kernel APIs.
Journal ArticleDOI
Simplify: a theorem prover for program checking
TL;DR: The article describes two techniques, error context reporting and error localization, for helping the user to determine the reason that a false conjecture is false, and includes detailed performance figures on conjectures derived from realistic program-checking problems.
Journal ArticleDOI
Vigilante: end-to-end containment of internet worms
Manuel Costa,Jon Crowcroft,Miguel Castro,Antony Rowstron,Lidong Zhou,Lintao Zhang,Paul Barham +6 more
TL;DR: Vigilante, a new end-to-end approach to contain worms automatically that addresses limitations of network-level techniques, can automatically contain fast-spreading worms that exploit unknown vulnerabilities without blocking innocuous traffic.
Journal Article
A fast linear-arithmetic solver for DPLL(T)
Bruno Dutertre,Leonardo de Moura +1 more
TL;DR: In this paper, a Simplex-based linear arithmetic solver that can be integrated efficiently in the DPLL(T) framework is presented. But this solver does not support a priori simplification to reduce the problem size, and provides an efficient form of theory propagation.