An empirical study of the reliability of UNIX utilities
Communications of the ACM
Bochs: A Portable PC Emulator for Unix/X
Linux Journal
Art of Software Testing
The Shellcoder's Handbook: Discovering and Exploiting Security Holes
The Shellcoder's Handbook: Discovering and Exploiting Security Holes
Pin: building customized program analysis tools with dynamic instrumentation
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
CUTE: a concolic unit testing engine for C
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
EXE: automatically generating inputs of death
Proceedings of the 13th ACM conference on Computer and communications security
QEMU, a fast and portable dynamic translator
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
ICSE '07 Proceedings of the 29th international conference on Software Engineering
Analysis of the Intel Pentium's ability to support a secure virtual machine monitor
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Automated testing of refactoring engines
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Fuzzing: Brute Force Vulnerability Discovery
Fuzzing: Brute Force Vulnerability Discovery
A Layered Architecture for Detecting Malicious Behaviors
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Differential symbolic execution
Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering
Ether: malware analysis via hardware virtualization extensions
Proceedings of the 15th ACM conference on Computer and communications security
Proceedings of the eighteenth international symposium on Software testing and analysis
Testing system virtual machines
Proceedings of the 19th international symposium on Software testing and analysis
Exploiting program dependencies for scalable multiple-path symbolic execution
Proceedings of the 19th international symposium on Software testing and analysis
N-version disassembly: differential testing of x86 disassemblers
Proceedings of the 19th international symposium on Software testing and analysis
Directed test suite augmentation: techniques and tradeoffs
Proceedings of the eighteenth ACM SIGSOFT international symposium on Foundations of software engineering
Differential static analysis: opportunities, applications, and challenges
Proceedings of the FSE/SDP workshop on Future of software engineering research
eXpress: guided path exploration for efficient regression test generation
Proceedings of the 2011 International Symposium on Software Testing and Analysis
ISC'07 Proceedings of the 10th international conference on Information Security
Hi-index | 0.00 |
A CPU emulator is a software system that simulates a hardware CPU. Emulators are widely used by computer scientists for various kind of activities (e.g., debugging, profiling, and malware analysis). Although no theoretical limitation prevents developing an emulator that faithfully emulates a physical CPU, writing a fully featured emulator is a very challenging and error prone task. Modern CISC architectures have a very rich instruction set, some instructions lack proper specifications, and others may have undefined effects in corner cases. This article presents a testing methodology specific for CPU emulators, based on fuzzing. The emulator is “stressed” with specially crafted test cases, to verify whether the CPU is properly emulated or not. Improper behaviors of the emulator are detected by running the same test case concurrently on the emulated and on the physical CPUs and by comparing the state of the two after the execution. Differences in the final state testify defects in the code of the emulator. We implemented this methodology in a prototype (named as EmuFuzzer), analyzed five state-of-the-art IA-32 emulators (QEMU, Valgrind, Pin, BOCHS, and JPC), and found several defects in each of them, some of which can prevent proper execution of programs.