ATOM: a system for building customized program analysis tools
PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
Efficient detection of all pointer and array access errors
PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
IEEE Transactions on Software Engineering - Special issue on formal methods in software practice
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Interprocedural pointer alias analysis
ACM Transactions on Programming Languages and Systems (TOPLAS)
A static analyzer for finding dynamic programming errors
Software—Practice & Experience
ABCD: eliminating array bounds checks on demand
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
Symbolic execution and program testing
Communications of the ACM
Protecting privacy using the decentralized label model
ACM Transactions on Software Engineering and Methodology (TOSEM)
The SLAM project: debugging system software via static analysis
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
CCured: type-safe retrofitting of legacy code
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Symbolic Model Checking
Efficient instrumentation for code coverage testing
ISSTA '02 Proceedings of the 2002 ACM SIGSOFT international symposium on Software testing and analysis
MOPS: an infrastructure for examining security properties of software
Proceedings of the 9th ACM conference on Computer and communications security
Isolating cause-effect chains from computer programs
Proceedings of the 10th ACM SIGSOFT symposium on Foundations of software engineering
Automated Software Engineering
Designing the McCAT Compiler Based on a Family of Structured Intermediate Representations
Proceedings of the 5th International Workshop on Languages and Compilers for Parallel Computing
Type-Assisted Dynamic Buffer Overflow Detection
Proceedings of the 11th USENIX Security Symposium
CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs
CC '02 Proceedings of the 11th International Conference on Compiler Construction
CSSV: towards a realistic tool for statically detecting all buffer overflows in C
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
ICSE '81 Proceedings of the 5th international conference on Software engineering
ARCHER: using symbolic, path-sensitive analysis to detect memory access errors
Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
Characterizing the 'Security Vulnerability Likelihood' of Software Functions
ICSM '03 Proceedings of the International Conference on Software Maintenance
ISESE '04 Proceedings of the 2004 International Symposium on Empirical Software Engineering
CMC: a pragmatic approach to model checking real code
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Pin: building customized program analysis tools with dynamic instrumentation
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
DART: directed automated random testing
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
CUTE: a concolic unit testing engine for C
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Preventing format-string attacks via automatic and efficient dynamic checking
Proceedings of the 12th ACM conference on Computer and communications security
Dynamic Taint Propagation for Java
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Bug Classification Using Program Slicing Metrics
SCAM '06 Proceedings of the Sixth IEEE International Workshop on Source Code Analysis and Manipulation
An empirical study of static program slice size
ACM Transactions on Software Engineering and Methodology (TOSEM)
Valgrind: a framework for heavyweight dynamic binary instrumentation
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Detecting format string vulnerabilities with type qualifiers
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
High coverage detection of input-related security facults
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
An empirical study of the robustness of Windows NT applications using random testing
WSS'00 Proceedings of the 4th conference on USENIX Windows Systems Symposium - Volume 4
Dytan: a generic dynamic taint analysis framework
Proceedings of the 2007 international symposium on Software testing and analysis
Effective memory protection using dynamic tainting
Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
Dynamic taint propagation: Finding vulnerabilities without attacking
Information Security Tech. Report
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
Testing for buffer overflows with length abstraction
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
EMSOFT '08 Proceedings of the 8th ACM international conference on Embedded software
Finding programming errors earlier by evaluating runtime monitors ahead-of-time
Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering
Marple: a demand-driven path-sensitive buffer overflow detector
Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering
Taint-based directed whitebox fuzzing
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
HAMPI: a solver for string constraints
Proceedings of the eighteenth international symposium on Software testing and analysis
Precise pointer reasoning for dynamic test generation
Proceedings of the eighteenth international symposium on Software testing and analysis
Proceedings of the eighteenth international symposium on Software testing and analysis
Penumbra: automatically identifying failure-relevant inputs using dynamic tainting
Proceedings of the eighteenth international symposium on Software testing and analysis
A few billion lines of code later: using static analysis to find bugs in the real world
Communications of the ACM
JPF-SE: a symbolic execution extension to Java PathFinder
TACAS'07 Proceedings of the 13th international conference on Tools and algorithms for the construction and analysis of systems
Pex: white box test generation for .NET
TAP'08 Proceedings of the 2nd international conference on Tests and proofs
KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Baggy bounds checking: an efficient and backwards-compatible defense against out-of-bounds errors
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Dynamic test generation to find integer bugs in x86 binary linux programs
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
PathCrawler: automatic generation of path tests by combining static and dynamic analysis
EDCC'05 Proceedings of the 5th European conference on Dependable Computing
Hi-index | 0.00 |
SUDS is a powerful infrastructure for creating dynamic software defect detection tools. It contains phases for both static analysis and dynamic instrumentation allowing users to create tools that take advantage of both paradigms. The results of static analysis phases can be used to improve the quality of dynamic defect detection tools created with SUDS by focusing the instrumentation on types of defects, sources of data, or regions of code. The instrumentation engine is designed in a manner that allows users to create their own correctness models quickly but is flexible to support construction of a wide range of different tools. The effectiveness of SUDS is demonstrated by showing that it is capable of finding bugs and that performance improves when static analysis is used to eliminate unnecessary instrumentation.