-------- Original Message -------- Subject: Re: Announcing the Parma Polyhedra Library (version 0.2) Date: Mon, 19 Nov 2001 13:12:33 -0800 (PST) From: David Wagner daw@cs.berkeley.edu To: bagnara@cs.unipr.it (Roberto Bagnara)

Thanks much for the information! This is the answer I sort of expected, given what I've seen from other polyhedra libraries, but thank you for taking the time to describe your experience.

The application that interested me is detection of buffer overrun vulnerabilities in large C applications. Typically one must do a whole-program analysis, and interesting C applications tend to have thousands of relevant integer variables and tens of thousands of statements affecting these variables.

Several colleagues and I looked at this problem, and we used a much less precise form of analysis to cope with the scalability issues. Still, this comes with significant costs: you get many false alarms (warnings that don't correspond to real bugs), and our experience suggests that polyhedra-style analysis could make a big improvement in this respect.

If you're interested to read more about our work, our paper is online at http://www.cs.berkeley.edu/~daw/papers/overruns-ndss00.ps. Nurit Dor, Michael Rodeh, and Mooly Sagiv have done some work on applying polyhedra to the same problem, and they found that they could get a much more accurate analysis, but with the disadvantage that the result could only handle small programs.

Thanks again for your note. I found your comments interesting, and I'll continue to follow your progress on this project!

Regards, -- David