A static analyzer for finding dynamic programming errors
Software—Practice & Experience
Symbolic execution and program testing
Communications of the ACM
A system and language for building system-specific, static analyses
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Art of Software Testing
Generating Tests from Counterexamples
Proceedings of the 26th International Conference on Software Engineering
Test input generation with java PathFinder
ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
Check 'n' crash: combining static checking and testing
Proceedings of the 27th international conference on Software engineering
DART: directed automated random testing
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
CUTE: a concolic unit testing engine for C
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Combining abstract interpreters
Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation
Modular checking for buffer overflows in the large
Proceedings of the 28th international conference on Software engineering
EXE: automatically generating inputs of death
Proceedings of the 13th ACM conference on Computer and communications security
Compositional dynamic test generation
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Framework for instruction-level tracing and analysis of program executions
Proceedings of the 2nd international conference on Virtual execution environments
Automatically classifying benign and harmful data races using replay analysis
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Valgrind: a framework for heavyweight dynamic binary instrumentation
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
High coverage detection of input-related security facults
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Precise pointer reasoning for dynamic test generation
Proceedings of the eighteenth international symposium on Software testing and analysis
Compositional may-must program analysis: unleashing the power of alternation
Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
SUDS: an infrastructure for creating dynamic software defect detection tools
Automated Software Engineering
Proceedings of the 19th international symposium on Software testing and analysis
Combining static analysis and test generation for C program debugging
TAP'10 Proceedings of the 4th international conference on Tests and proofs
Experimental comparison of concolic and random testing for java card applets
SPIN'10 Proceedings of the 17th international SPIN conference on Model checking software
SAS'11 Proceedings of the 18th international conference on Static analysis
Program slicing enhances a verification technique combining static and dynamic analysis
Proceedings of the 27th Annual ACM Symposium on Applied Computing
Verifying GPU kernels by test amplification
Proceedings of the 33rd ACM SIGPLAN conference on Programming Language Design and Implementation
Automated synthesis of symbolic instruction encodings from I/O samples
Proceedings of the 33rd ACM SIGPLAN conference on Programming Language Design and Implementation
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Augmented dynamic symbolic execution
Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering
State of the art: Dynamic symbolic execution for automated test generation
Future Generation Computer Systems
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
DroidFuzzer: Fuzzing the Android Apps with Intent-Filter Tag
Proceedings of International Conference on Advances in Mobile Computing & Multimedia
Hi-index | 0.00 |
Runtime property checking (as implemented in tools like Purify or Valgrind) checks whether a program execution satisfies a property. Active property checking extends runtime checking by checking whether the property is satisfied by all program executions that follow the same program path. This check is performed on a symbolic execution of the given program path using a constraint solver. If the check fails, the constraint solver generates an alternative program input triggering a new program execution that follows the same program path but exhibits a property violation. Combined with systematic dynamic test generation, which attempts to exercise all feasible paths in a program, active property checking defines a new form of dynamic software model checking (program verification). In this paper, we formalize and study active property checking. We show how static and dynamic type checking can be extended with active type checking. Then, we discuss how to implement active property checking efficiently. Finally, we discuss results of experiments with media playing applications on Windows, where active property checking was able to detect several new security-related bugs.