Chaff: engineering an efficient SAT solver
Proceedings of the 38th annual Design Automation Conference
Finding bugs with a constraint solver
Proceedings of the 2000 ACM SIGSOFT international symposium on Software testing and analysis
Introduction to the Theory of Computation
Introduction to the Theory of Computation
Applications in Constraint Logic Programming with Strings
PPCP '94 Proceedings of the Second International Workshop on Principles and Practice of Constraint Programming
Mona & Fido: The Logic-Automaton Connection in Practice
CSL '97 Selected Papers from the11th International Workshop on Computer Science Logic
Static approximation of dynamically generated Web pages
WWW '05 Proceedings of the 14th international conference on World Wide Web
DART: directed automated random testing
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
CUTE: a concolic unit testing engine for C
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
EXE: automatically generating inputs of death
Proceedings of the 13th ACM conference on Computer and communications security
Sound and precise analysis of web applications for injection vulnerabilities
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Dynamic test input generation for database applications
Proceedings of the 2007 international symposium on Software testing and analysis
A Static Analysis Framework For Detecting SQL Injection Vulnerabilities
COMPSAC '07 Proceedings of the 31st Annual International Computer Software and Applications Conference - Volume 01
Abstracting Symbolic Execution with String Analysis
TAICPART-MUTATION '07 Proceedings of the Testing: Academic and Industrial Conference Practice and Research Techniques - MUTATION
Directed test generation using symbolic grammars
Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
WASP: Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation
IEEE Transactions on Software Engineering
Static detection of cross-site scripting vulnerabilities
Proceedings of the 30th international conference on Software engineering
Grammar-based whitebox fuzzing
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Program analysis as constraint solving
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Test Data Generation for C Programs with String-Handling Functions
TASE '08 Proceedings of the 2008 2nd IFIP/IEEE International Symposium on Theoretical Aspects of Software Engineering
Dynamic test input generation for web applications
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
A decision procedure for subset constraints over regular languages
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Precise analysis of string expressions
SAS'03 Proceedings of the 10th international conference on Static analysis
A decision procedure for bit-vectors and arrays
CAV'07 Proceedings of the 19th international conference on Computer aided verification
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
CP'06 Proceedings of the 12th international conference on Principles and Practice of Constraint Programming
SAT'04 Proceedings of the 7th international conference on Theory and Applications of Satisfiability Testing
SUDS: an infrastructure for creating dynamic software defect detection tools
Automated Software Engineering
OCAT: object capture-based automated testing
Proceedings of the 19th international symposium on Software testing and analysis
A DSL for intrusion detection based on constraint programming
Proceedings of the 3rd international conference on Security of information and networks
Solving string constraints lazily
Proceedings of the IEEE/ACM international conference on Automated software engineering
NoTamper: automatic blackbox detection of parameter tampering opportunities in web applications
Proceedings of the 17th ACM conference on Computer and communications security
Future of developer testing: building quality in code
Proceedings of the FSE/SDP workshop on Future of software engineering research
Symbolic automata constraint solving
LPAR'10 Proceedings of the 17th international conference on Logic for programming, artificial intelligence, and reasoning
An evaluation of automata algorithms for string analysis
VMCAI'11 Proceedings of the 12th international conference on Verification, model checking, and abstract interpretation
Patching vulnerabilities with sanitization synthesis
Proceedings of the 33rd International Conference on Software Engineering
Fast and precise sanitizer analysis with BEK
SEC'11 Proceedings of the 20th USENIX conference on Security
Static detection of access control vulnerabilities in web applications
SEC'11 Proceedings of the 20th USENIX conference on Security
HAMPI: a string solver for testing, analysis and vulnerability detection
CAV'11 Proceedings of the 23rd international conference on Computer aided verification
String abstractions for string verification
Proceedings of the 18th international SPIN conference on Model checking software
Context-sensitive auto-sanitization in web templating languages using type qualifiers
Proceedings of the 18th ACM conference on Computer and communications security
SCRIPTGARD: automatic context-sensitive sanitization for large-scale legacy web applications
Proceedings of the 18th ACM conference on Computer and communications security
Test data generation for web application using a UML class diagram with OCL constraints
Innovations in Systems and Software Engineering
A formalisation of java strings for program specification and verification
SEFM'11 Proceedings of the 9th international conference on Software engineering and formal methods
Symbolic finite state transducers: algorithms and applications
POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A case for alloy annotations for efficient incremental analysis via domain specific solvers
ASE '11 Proceedings of the 2011 26th IEEE/ACM International Conference on Automated Software Engineering
The guardol language and verification system
TACAS'12 Proceedings of the 18th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Symbolic automata: the toolkit
TACAS'12 Proceedings of the 18th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Mutation based test case generation via a path selection strategy
Information and Software Technology
A type system for regular expressions
Proceedings of the 14th Workshop on Formal Techniques for Java-like Programs
Verifying client-side input validation functions using string analysis
Proceedings of the 34th International Conference on Software Engineering
Security testing of web applications: a research plan
Proceedings of the 34th International Conference on Software Engineering
Lightweight string reasoning for OCL
ECMFA'12 Proceedings of the 8th European conference on Modelling Foundations and Applications
HAMPI: A solver for word equations over strings, regular expressions, and context-free grammars
ACM Transactions on Software Engineering and Methodology (TOSEM)
S2PF: speculative symbolic PathFinder
ACM SIGSOFT Software Engineering Notes
Symbolic execution of programs with strings
Proceedings of the South African Institute for Computer Scientists and Information Technologists Conference
A DSL for cross-domain security
Proceedings of the 2012 ACM conference on High integrity language technology
Annotations for alloy: automated incremental analysis using domain specific solvers
ICFEM'12 Proceedings of the 14th international conference on Formal Engineering Methods: formal methods and software engineering
Unbounded model-checking with interpolation for regular language constraints
TACAS'13 Proceedings of the 19th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Extending XData to kill SQL query mutants in the wild
Proceedings of the Sixth International Workshop on Testing Database Systems
Solving equations on words through boolean satisfiability
Proceedings of the 28th Annual ACM Symposium on Applied Computing
Path sensitive static analysis of web applications for remote code execution vulnerability detection
Proceedings of the 2013 International Conference on Software Engineering
Z3-str: a z3-based string solver for web application analysis
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
RADA: a tool for reasoning about algebraic data types with abstractions
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
Information and Software Technology
Path- and index-sensitive string analysis based on monadic second-order logic
ACM Transactions on Software Engineering and Methodology (TOSEM) - Testing, debugging, and error handling, formal methods, lifecycle concerns, evolution and maintenance
Smten: automatic translation of high-level symbolic computations into SMT queries
CAV'13 Proceedings of the 25th international conference on Computer Aided Verification
Word equations with length constraints: what's decidable?
HVC'12 Proceedings of the 8th international conference on Hardware and Software: verification and testing
MetaSymploit: day-one defense against script-based attacks with security-enhanced symbolic analysis
SEC'13 Proceedings of the 22nd USENIX conference on Security
Automata-based symbolic string analysis for vulnerability detection
Formal Methods in System Design
Hi-index | 0.00 |
Many automatic testing, analysis, and verification techniques for programs can be effectively reduced to a constraint generation phase followed by a constraint-solving phase. This separation of concerns often leads to more effective and maintainable tools. The increasing efficiency of off-the-shelf constraint solvers makes this approach even more compelling. However, there are few effective and sufficiently expressive off-the-shelf solvers for string constraints generated by analysis techniques for string-manipulating programs. We designed and implemented Hampi, a solver for string constraints over fixed-size string variables. Hampi constraints express membership in regular languages and fixed-size context-free languages. Hampi constraints may contain context-free-language definitions, regular language definitions and operations, and the membership predicate. Given a set of constraints, Hampi outputs a string that satisfies all the constraints, or reports that the constraints are unsatisfiable. Hampi is expressive and efficient, and can be successfully applied to testing and analysis of real programs. Our experiments use Hampi in: static and dynamic analyses for finding SQL injection vulnerabilities in Web applications; automated bug finding in C programs using systematic testing; and compare Hampi with another string solver. Hampi's source code, documentation, and the experimental data are available at http://people.csail.mit.edu/akiezun/hampi.