Partial-Order Methods for the Verification of Concurrent Systems: An Approach to the State-Explosion Problem
Bebop: A Symbolic Model Checker for Boolean Programs
Proceedings of the 7th International SPIN Workshop on SPIN Model Checking and Software Verification
Improved probabilistic verification by hash compaction
CHARME '95 Proceedings of the IFIP WG 10.5 Advanced Research Working Conference on Correct Hardware Design and Verification Methods
DART: directed automated random testing
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Operating Systems Design and Implementation (3rd Edition)
Operating Systems Design and Implementation (3rd Edition)
CUTE: a concolic unit testing engine for C
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
A dead variable analysis for explicit model checking
Proceedings of the 2006 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation
EXE: automatically generating inputs of death
Proceedings of the 13th ACM conference on Computer and communications security
Compositional dynamic test generation
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Thorough static analysis of device drivers
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
ICSE '07 Proceedings of the 29th international conference on Software Engineering
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
A decision procedure for bit-vectors and arrays
CAV'07 Proceedings of the 19th international conference on Computer aided verification
Execution generated test cases: how to make systems code crash itself
SPIN'05 Proceedings of the 12th international conference on Model Checking Software
Taint-based directed whitebox fuzzing
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Reducing Test Inputs Using Information Partitions
CAV '09 Proceedings of the 21st International Conference on Computer Aided Verification
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Reverse engineering of binary device drivers with RevNIC
Proceedings of the 5th European conference on Computer systems
Execution synthesis: a technique for automated software debugging
Proceedings of the 5th European conference on Computer systems
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 1
Abstract path testing with PathCrawler
Proceedings of the 5th Workshop on Automation of Software Test
KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Testing closed-source binary device drivers with DDT
USENIXATC'10 Proceedings of the 2010 USENIX conference on USENIX annual technical conference
Testing techniques in software engineering
Testing techniques in software engineering
S2E: a platform for in-vivo multi-path analysis of software systems
Proceedings of the sixteenth international conference on Architectural support for programming languages and operating systems
Parallel symbolic execution for automated real-world software testing
Proceedings of the sixth conference on Computer systems
Symbolic crosschecking of floating-point and SIMD code
Proceedings of the sixth conference on Computer systems
A framework for automated testing of javascript web applications
Proceedings of the 33rd International Conference on Software Engineering
Symbolic execution for software testing in practice: preliminary assessment
Proceedings of the 33rd International Conference on Software Engineering
High coverage testing of Haskell programs
Proceedings of the 2011 International Symposium on Software Testing and Analysis
A Parallel Approach to Concolic Testing with Low-cost Synchronization
Electronic Notes in Theoretical Computer Science (ENTCS)
Path exploration based on symbolic output
Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering
Linear obfuscation to combat symbolic execution
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Efficient deterministic multithreading through schedule relaxation
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
Efficient loop navigation for symbolic execution
ATVA'11 Proceedings of the 9th international conference on Automated technology for verification and analysis
The S2E Platform: Design, Implementation, and Applications
ACM Transactions on Computer Systems (TOCS) - Special Issue APLOS 2011
Efficient state merging in symbolic execution
Proceedings of the 33rd ACM SIGPLAN conference on Programming Language Design and Implementation
Proceedings of the 2012 International Symposium on Software Testing and Analysis
make test-zesti: a symbolic execution solution for improving regression testing
Proceedings of the 34th International Conference on Software Engineering
STING: finding name resolution vulnerabilities in programs
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Automated concolic testing of smartphone apps
Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering
Symbolic execution for software testing: three decades later
Communications of the ACM
Automated testing with targeted event sequence generation
Proceedings of the 2013 International Symposium on Software Testing and Analysis
Partition-based regression verification
Proceedings of the 2013 International Conference on Software Engineering
State of the art: Dynamic symbolic execution for automated test generation
Future Generation Computer Systems
Automated debugging for arbitrarily long executions
HotOS'13 Proceedings of the 14th USENIX conference on Hot Topics in Operating Systems
Boosting concolic testing via interpolation
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
An orchestrated survey of methodologies for automated software test case generation
Journal of Systems and Software
Steering symbolic execution to less traveled paths
Proceedings of the 2013 ACM SIGPLAN international conference on Object oriented programming systems languages & applications
AppIntent: analyzing sensitive data transmission in android for privacy leakage detection
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Path exploration based on symbolic output
ACM Transactions on Software Engineering and Methodology (TOSEM) - Testing, debugging, and error handling, formal methods, lifecycle concerns, evolution and maintenance
MetaSymploit: day-one defense against script-based attacks with security-enhanced symbolic analysis
SEC'13 Proceedings of the 22nd USENIX conference on Security
FIE on firmware: finding vulnerabilities in embedded systems using symbolic execution
SEC'13 Proceedings of the 22nd USENIX conference on Security
Redundant state detection for dynamic symbolic execution
USENIX ATC'13 Proceedings of the 2013 USENIX conference on Annual Technical Conference
Toward a verifiable software dataplane
Proceedings of the Twelfth ACM Workshop on Hot Topics in Networks
Safely reducing the cost of unit level symbolic execution through read/write analysis
ACM SIGSOFT Software Engineering Notes
Software dataplane verification
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
Hi-index | 0.02 |
Recent work has used variations of symbolic execution to automatically generate high-coverage test inputs [3, 4, 7, 8, 14]. Such tools have demonstrated their ability to find very subtle errors. However, one challenge they all face is how to effectively handle the exponential number of paths in checked code. This paper presents a new technique for reducing the number of traversed code paths by discarding those that must have side-effects identical to some previously explored path. Our results on a mix of open source applications and device drivers show that this (sound) optimization reduces the numbers of paths traversed by several orders of magnitude, often achieving program coverage far out of reach for a standard constraint-based execution system.