QuickCheck: a lightweight tool for random testing of Haskell programs
ICFP '00 Proceedings of the fifth ACM SIGPLAN international conference on Functional programming
Simplifying and Isolating Failure-Inducing Input
IEEE Transactions on Software Engineering
Programming languages for information security
Programming languages for information security
On-the-Fly Generation of K-Path Tests for C Functions
Proceedings of the 19th IEEE international conference on Automated software engineering
Random Testing in Isabelle/HOL
SEFM '04 Proceedings of the Software Engineering and Formal Methods, Second International Conference
DART: directed automated random testing
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Randoop: feedback-directed random testing for Java
Companion to the 22nd ACM SIGPLAN conference on Object-oriented programming systems and applications companion
Efficient purely-dynamic information flow analysis
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
Proceedings of the Eighth International Workshop on the ACL2 Theorem Prover and its Applications
Dynamic vs. Static Flow-Sensitive Security Analysis
CSF '10 Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium
KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Symbolic execution for software testing in practice: preliminary assessment
Proceedings of the 33rd International Conference on Software Engineering
Finding and understanding bugs in C compilers
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Flexible dynamic information flow control in Haskell
Proceedings of the 4th ACM symposium on Haskell
Run your research: on the effectiveness of lightweight mechanization
POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
QuickCheck testing for fun and profit
PADL'07 Proceedings of the 9th international conference on Practical Aspects of Declarative Languages
From dynamic to static and back: riding the roller coaster of information-flow control research
PSI'09 Proceedings of the 7th international Andrei Ershov Memorial conference on Perspectives of Systems Informatics
Smart testing of functional programs in isabelle
LPAR'12 Proceedings of the 18th international conference on Logic for Programming, Artificial Intelligence, and Reasoning
Test-case reduction for C compiler bugs
Proceedings of the 33rd ACM SIGPLAN conference on Programming Language Design and Implementation
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Information-Flow Security for a Core of JavaScript
CSF '12 Proceedings of the 2012 IEEE 25th Computer Security Foundations Symposium
The new quickcheck for isabelle: random, exhaustive and symbolic testing under one roof
CPP'12 Proceedings of the Second international conference on Certified Programs and Proofs
All Your IFCException Are Belong to Us
SP '13 Proceedings of the 2013 IEEE Symposium on Security and Privacy
A verified information-flow architecture
Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
Hi-index | 0.00 |
Information-flow control mechanisms are difficult to design and labor intensive to prove correct. To reduce the time wasted on proof attempts doomed to fail due to broken definitions, we advocate modern random testing techniques for finding counterexamples during the design process. We show how to use QuickCheck, a property-based random-testing tool, to guide the design of a simple information-flow abstract machine. We find that both sophisticated strategies for generating well-distributed random programs and readily falsifiable formulations of noninterference properties are critically important. We propose several approaches and evaluate their effectiveness on a collection of injected bugs of varying subtlety. We also present an effective technique for shrinking large counterexamples to minimal, easily comprehensible ones. Taken together, our best methods enable us to quickly and automatically generate simple counterexamples for all these bugs.