An empirical study of the reliability of UNIX utilities
Communications of the ACM
The chaining approach for software test data generation
ACM Transactions on Software Engineering and Methodology (TOSEM)
IEEE Transactions on Software Engineering - Special issue on formal methods in software practice
Model checking for programming languages using VeriSoft
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Automatic test data generation using constraint solving techniques
Proceedings of the 1998 ACM SIGSOFT international symposium on Software testing and analysis
Automated test data generation using an iterative relaxation method
SIGSOFT '98/FSE-6 Proceedings of the 6th ACM SIGSOFT international symposium on Foundations of software engineering
Bandera: extracting finite-state models from Java source code
Proceedings of the 22nd international conference on Software engineering
A static analyzer for finding dynamic programming errors
Software—Practice & Experience
Type-based race detection for Java
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
Simplification by Cooperating Decision Procedures
ACM Transactions on Programming Languages and Systems (TOPLAS)
Enforcing high-level protocols in low-level software
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Automatic predicate abstraction of C programs
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Automatically validating temporal safety properties of interfaces
SPIN '01 Proceedings of the 8th international SPIN workshop on Model checking of software
Flow-sensitive type qualifiers
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
ESP: path-sensitive program verification in polynomial time
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Extended static checking for Java
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Introduction to Algorithms
CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs
CC '02 Proceedings of the 11th International Conference on Compiler Construction
CAV '02 Proceedings of the 14th International Conference on Computer Aided Verification
ACSD '01 Proceedings of the Second International Conference on Application of Concurrency to System Design
ASE '00 Proceedings of the 15th IEEE international conference on Automated software engineering
SELECT—a formal system for testing and debugging programs by symbolic execution
Proceedings of the international conference on Reliable software
Scalable error detection using boolean satisfiability
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
DART: directed automated random testing
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
CUTE: a concolic unit testing engine for C
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Hardware verification using ANSI-C programs as a reference
ASP-DAC '03 Proceedings of the 2003 Asia and South Pacific Design Automation Conference
Towards Automatic Generation of Vulnerability-Based Signatures
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Automatically Generating Malicious Disks using Symbolic Execution
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Using model checking to find serious file system errors
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
High coverage detection of input-related security facults
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Generalized symbolic execution for model checking and testing
TACAS'03 Proceedings of the 9th international conference on Tools and algorithms for the construction and analysis of systems
A theory of predicate-complete test coverage and generation
FMCO'04 Proceedings of the Third international conference on Formal Methods for Components and Objects
Proceedings of the 18th international conference on Computer Aided Verification
CAV'06 Proceedings of the 18th international conference on Computer Aided Verification
Saturn: a SAT-based tool for bug detection
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
Cogent: accurate theorem proving for program verification
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
Interface contracts for TinyOS
Proceedings of the 6th international conference on Information processing in sensor networks
A Smart Fuzzer for x86 Executables
SESS '07 Proceedings of the Third International Workshop on Software Engineering for Secure Systems
Under-constrained execution: making automatic code destruction easy and scalable
Proceedings of the 2007 international symposium on Software testing and analysis
Delta execution for efficient state-space exploration of object-oriented programs
Proceedings of the 2007 international symposium on Software testing and analysis
Directed test generation using symbolic grammars
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Bouncer: securing software by blocking bad input
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Directed test generation using symbolic grammars
The 6th Joint Meeting on European software engineering conference and the ACM SIGSOFT symposium on the foundations of software engineering: companion papers
Directed test generation using symbolic grammars
Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
Context-aware statistical debugging: from bug predictors to faulty control flow paths
Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
Flayer: exposing application internals
WOOT '07 Proceedings of the first USENIX workshop on Offensive Technologies
Formal verification at higher levels of abstraction
Proceedings of the 2007 IEEE/ACM international conference on Computer-aided design
Better bug reporting with better privacy
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
DSD-Crasher: A hybrid analysis tool for bug finding
ACM Transactions on Software Engineering and Methodology (TOSEM)
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Grammar-based whitebox fuzzing
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
Testing for buffer overflows with length abstraction
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
Finding errors in .net with feedback-directed random testing
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
Dynamic test input generation for web applications
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
White-box testing of behavioral web service contracts with Pex
TAV-WEB '08 Proceedings of the 2008 workshop on Testing, analysis, and verification of web services and applications
Automatic, evolutionary test data generation for dynamic software testing
Journal of Systems and Software
Dynamic Binary Instrumentation-Based Framework for Malware Defense
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
On the Limits of Information Flow Techniques for Malware Analysis and Containment
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Using Dynamic Symbolic Execution to Improve Deductive Verification
SPIN '08 Proceedings of the 15th international workshop on Model Checking Software
Leveraging User Interactions for In-Depth Testing of Web Applications
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
EMSOFT '08 Proceedings of the 8th ACM international conference on Embedded software
Profile-guided program simplification for effective testing and analysis
Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering
EXE: Automatically Generating Inputs of Death
ACM Transactions on Information and System Security (TISSEC)
Covering code behavior on input validation in functional testing
Information and Software Technology
Context-Sensitive Relevancy Analysis for Efficient Symbolic Execution
APLAS '08 Proceedings of the 6th Asian Symposium on Programming Languages and Systems
Automatic generation of XSS and SQL injection attacks with goal-directed model checking
SS'08 Proceedings of the 17th conference on Security symposium
Dynamic Path Reduction for Software Model Checking
IFM '09 Proceedings of the 7th International Conference on Integrated Formal Methods
Whispec: white-box testing of libraries using declarative specifications
LCSD '07 Proceedings of the 2007 Symposium on Library-Centric Software Design
Symbolic program analysis using term rewriting and generalization
Proceedings of the 2008 International Conference on Formal Methods in Computer-Aided Design
Test Input Generation for Programs with Pointers
TACAS '09 Proceedings of the 15th International Conference on Tools and Algorithms for the Construction and Analysis of Systems: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009,
Path Feasibility Analysis for String-Manipulating Programs
TACAS '09 Proceedings of the 15th International Conference on Tools and Algorithms for the Construction and Analysis of Systems: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009,
A decision procedure for subset constraints over regular languages
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
WISE: Automated test generation for worst-case complexity
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Taint-based directed whitebox fuzzing
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Property based coverage criterion
Proceedings of the 2nd International Workshop on Defects in Large Software Systems: Held in conjunction with the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2009)
MODIST: transparent model checking of unmodified distributed systems
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
HAMPI: a solver for string constraints
Proceedings of the eighteenth international symposium on Software testing and analysis
Precise pointer reasoning for dynamic test generation
Proceedings of the eighteenth international symposium on Software testing and analysis
Loop-extended symbolic execution on binary programs
Proceedings of the eighteenth international symposium on Software testing and analysis
Proceedings of the eighteenth international symposium on Software testing and analysis
Reducing Test Inputs Using Information Partitions
CAV '09 Proceedings of the 21st International Conference on Computer Aided Verification
Yataglass: Network-Level Code Emulation for Analyzing Memory-Scanning Attacks
DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
ACM Computing Surveys (CSUR)
Self-healing: science, engineering, and fiction
NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms
Robustly secure computer systems: a new security paradigm of system discontinuity
NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms
Tapas: Theory Combinations and Practical Applications
FORMATS '09 Proceedings of the 7th International Conference on Formal Modeling and Analysis of Timed Systems
Integration of verification methods for program systems
Programming and Computing Software
ODR: output-deterministic replay for multicore debugging
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Test Case Generation by Contract Mutation in Spec#
Electronic Notes in Theoretical Computer Science (ENTCS)
Heuristics for Scalable Dynamic Test Generation
ASE '08 Proceedings of the 2008 23rd IEEE/ACM International Conference on Automated Software Engineering
Fuzzing and delta-debugging SMT solvers
Proceedings of the 7th International Workshop on Satisfiability Modulo Theories
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
An Incremental Approach to Scope-Bounded Checking Using a Lightweight Formal Method
FM '09 Proceedings of the 2nd World Congress on Formal Methods
An Empirical Study of Structural Constraint Solving Techniques
ICFEM '09 Proceedings of the 11th International Conference on Formal Engineering Methods: Formal Methods and Software Engineering
Compositional may-must program analysis: unleashing the power of alternation
Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Cloud9: a software testing service
ACM SIGOPS Operating Systems Review
Reverse engineering of binary device drivers with RevNIC
Proceedings of the 5th European conference on Computer systems
Type-dependence analysis and program transformation for symbolic execution
TACAS'07 Proceedings of the 13th international conference on Tools and algorithms for the construction and analysis of systems
JPF-SE: a symbolic execution extension to Java PathFinder
TACAS'07 Proceedings of the 13th international conference on Tools and algorithms for the construction and analysis of systems
Deciding bit-vector arithmetic with abstraction
TACAS'07 Proceedings of the 13th international conference on Tools and algorithms for the construction and analysis of systems
A decision procedure for bit-vectors and arrays
CAV'07 Proceedings of the 19th international conference on Computer aided verification
Mixing concrete and symbolic execution to improve the performance of dynamic test generation
NTMS'09 Proceedings of the 3rd international conference on New technologies, mobility and security
RWset: attacking path explosion in constraint-based test generation
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
Demand-driven compositional symbolic execution
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
Pex: white box test generation for .NET
TAP'08 Proceedings of the 2nd international conference on Tests and proofs
Structural statistical software testing with active learning in a graph
ILP'07 Proceedings of the 17th international conference on Inductive logic programming
Mixing type checking and symbolic execution
PLDI '10 Proceedings of the 2010 ACM SIGPLAN conference on Programming language design and implementation
Test generation through programming in UDITA
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 1
Practical fault localization for dynamic web applications
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 1
Using symbolic evaluation to understand behavior in configurable software systems
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 1
Automated software testing as a service
Proceedings of the 1st ACM symposium on Cloud computing
Abstract path testing with PathCrawler
Proceedings of the 5th Workshop on Automation of Software Test
Structural coverage of feasible code
Proceedings of the 5th Workshop on Automation of Software Test
Proceedings of the 19th international symposium on Software testing and analysis
Directed test generation for effective fault localization
Proceedings of the 19th international symposium on Software testing and analysis
Automatic detection of unsafe component loadings
Proceedings of the 19th international symposium on Software testing and analysis
Testing system virtual machines
Proceedings of the 19th international symposium on Software testing and analysis
KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Dynamic test generation to find integer bugs in x86 binary linux programs
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Testing closed-source binary device drivers with DDT
USENIXATC'10 Proceedings of the 2010 USENIX conference on USENIX annual technical conference
Fault prediction in distributed systems gone wild
Proceedings of the 4th International Workshop on Large Scale Distributed Systems and Middleware
Programming and Computing Software
Dsc+Mock: a test case + mock class generator in support of coding against interfaces
Proceedings of the Eighth International Workshop on Dynamic Analysis
Random testing for higher-order, stateful programs
Proceedings of the ACM international conference on Object oriented programming systems languages and applications
A MILP-based approach to path sensitization of embedded software
Proceedings of the Conference on Design, Automation and Test in Europe
An autonomic testing framework for IPv6 configuration protocols
AIMS'10 Proceedings of the Mechanisms for autonomous management of networks and services, and 4th international conference on Autonomous infrastructure, management and security
Directed test suite augmentation: techniques and tradeoffs
Proceedings of the eighteenth ACM SIGSOFT international symposium on Foundations of software engineering
IntPatch: automatically fix integer-overflow-to-buffer-overflow vulnerability at compile-time
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Combining static analysis and test generation for C program debugging
TAP'10 Proceedings of the 4th international conference on Tests and proofs
Testing techniques in software engineering
Testing techniques in software engineering
Taxonomy and classification of automatic monitoring of program security vulnerability exploitations
Journal of Systems and Software
Stable deterministic multithreading through schedule memoization
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Experimental comparison of concolic and random testing for java card applets
SPIN'10 Proceedings of the 17th international SPIN conference on Model checking software
Trace-driven verification of multithreaded programs
ICFEM'10 Proceedings of the 12th international conference on Formal engineering methods and software engineering
S2E: a platform for in-vivo multi-path analysis of software systems
Proceedings of the sixteenth international conference on Architectural support for programming languages and operating systems
Making the common case the only case with anticipatory memory allocation
FAST'11 Proceedings of the 9th USENIX conference on File and stroage technologies
Parallel symbolic execution for automated real-world software testing
Proceedings of the sixth conference on Computer systems
Deriving common malware behavior through graph clustering
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Symbolic execution for software testing in practice: preliminary assessment
Proceedings of the 33rd International Conference on Software Engineering
Directed test suite augmentation
Proceedings of the 33rd International Conference on Software Engineering
Theoretical aspects of compositional symbolic execution
FASE'11/ETAPS'11 Proceedings of the 14th international conference on Fundamental approaches to software engineering: part of the joint European conferences on theory and practice of software
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Cause clue clauses: error localization using maximum satisfiability
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Vision: automated security validation of mobile apps at app markets
MCS '11 Proceedings of the second international workshop on Mobile cloud computing and services
eXpress: guided path exploration for efficient regression test generation
Proceedings of the 2011 International Symposium on Software Testing and Analysis
Statically-directed dynamic automated test generation
Proceedings of the 2011 International Symposium on Software Testing and Analysis
Automatic partial loop summarization in dynamic test generation
Proceedings of the 2011 International Symposium on Software Testing and Analysis
Finding protocol manipulation attacks
Proceedings of the ACM SIGCOMM 2011 conference
Association of under-approximation techniques for generating tests from models
TAP'11 Proceedings of the 5th international conference on Tests and proofs
HAMPI: a string solver for testing, analysis and vulnerability detection
CAV'11 Proceedings of the 23rd international conference on Computer aided verification
Enhancing structural software coverage by incrementally computing branch executability
Software Quality Control
Linear obfuscation to combat symbolic execution
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
SAS'11 Proceedings of the 18th international conference on Static analysis
Statically validating must summaries for incremental compositional dynamic test generation
SAS'11 Proceedings of the 18th international conference on Static analysis
Practical software model checking via dynamic interface reduction
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
Server-side verification of client behavior in online games
ACM Transactions on Information and System Security (TISSEC)
SimFuzz: Test case similarity directed deep fuzzing
Journal of Systems and Software
Symbolic execution of alloy models
ICFEM'11 Proceedings of the 13th international conference on Formal methods and software engineering
Detecting malware's failover C&C strategies with squeeze
Proceedings of the 27th Annual Computer Security Applications Conference
Making the common case the only case with anticipatory memory allocation
ACM Transactions on Storage (TOS)
The S2E Platform: Design, Implementation, and Applications
ACM Transactions on Computer Systems (TOCS) - Special Issue APLOS 2011
(Quickly) testing the tester via path coverage
WODA '09 Proceedings of the Seventh International Workshop on Dynamic Analysis
Path-exploration lifting: hi-fi tests for lo-fi emulators
ASPLOS XVII Proceedings of the seventeenth international conference on Architectural Support for Programming Languages and Operating Systems
Formal testing for separation assurance
Annals of Mathematics and Artificial Intelligence
SAFERPHP: finding semantic vulnerabilities in PHP applications
Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security
Architecture- and OS-Independent binary-level dynamic test generation
ICICS'09 Proceedings of the 11th international conference on Information and Communications Security
An alternative to SAT-Based approaches for bit-vectors
TACAS'10 Proceedings of the 16th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Mitigating program security vulnerabilities: Approaches and challenges
ACM Computing Surveys (CSUR)
Symbolic execution enhanced system testing
VSTTE'12 Proceedings of the 4th international conference on Verified Software: theories, tools, experiments
Program slicing enhances a verification technique combining static and dynamic analysis
Proceedings of the 27th Annual ACM Symposium on Applied Computing
Proceedings of the 27th Annual ACM Symposium on Applied Computing
Efficient state merging in symbolic execution
Proceedings of the 33rd ACM SIGPLAN conference on Programming Language Design and Implementation
Verifying GPU kernels by test amplification
Proceedings of the 33rd ACM SIGPLAN conference on Programming Language Design and Implementation
An advanced approach for modeling and detecting software vulnerabilities
Information and Software Technology
Discovering invariants via simple component analysis
Journal of Symbolic Computation
Undangle: early detection of dangling pointers in use-after-free and double-free vulnerabilities
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Unbounded symbolic execution for program verification
RV'11 Proceedings of the Second international conference on Runtime verification
Using unfoldings in automated testing of multithreaded programs
Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering
Diagnosing abstraction failure for separation logic-based analyses
CAV'12 Proceedings of the 24th international conference on Computer Aided Verification
Beyond first-order satisfaction: fixed points, interpolants, automata and polynomials
SPIN'12 Proceedings of the 19th international conference on Model Checking Software
A lesson on structural testing with pathcrawler-online.com
TAP'12 Proceedings of the 6th international conference on Tests and Proofs
HAMPI: A solver for word equations over strings, regular expressions, and context-free grammars
ACM Transactions on Software Engineering and Methodology (TOSEM)
Binary stirring: self-randomizing instruction addresses of legacy x86 binary code
Proceedings of the 2012 ACM conference on Computer and communications security
Precise enforcement of progress-sensitive security
Proceedings of the 2012 ACM conference on Computer and communications security
Program extrapolation with jennisys
Proceedings of the ACM international conference on Object oriented programming systems languages and applications
Scaling symbolic execution using ranged analysis
Proceedings of the ACM international conference on Object oriented programming systems languages and applications
Higher-order symbolic execution via contracts
Proceedings of the ACM international conference on Object oriented programming systems languages and applications
Efficient patch-based auditing for web application vulnerabilities
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
Efficient coverage of parallel and hierarchical stateflow models for test case generation
Software Testing, Verification & Reliability
Symbolic execution for software testing: three decades later
Communications of the ACM
An efficient software testing method by decision table verification
International Journal of Computer Applications in Technology
Dual analysis for proving safety and finding bugs
Science of Computer Programming
Verifying systems rules using rule-directed symbolic execution
Proceedings of the eighteenth international conference on Architectural support for programming languages and operating systems
AMC: verifying user interface properties for vehicular applications
Proceeding of the 11th annual international conference on Mobile systems, applications, and services
A compiler-level intermediate representation based binary analysis and rewriting system
Proceedings of the 8th ACM European Conference on Computer Systems
Billions and billions of constraints: whitebox fuzz testing in production
Proceedings of the 2013 International Conference on Software Engineering
Feedback-directed unit test generation for C/C++ using concolic execution
Proceedings of the 2013 International Conference on Software Engineering
State of the art: Dynamic symbolic execution for automated test generation
Future Generation Computer Systems
Boosting concolic testing via interpolation
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
KATCH: high-coverage testing of software patches
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
Continuous test suite augmentation in software product lines
Proceedings of the 17th International Software Product Line Conference
Bridging the Semantic Gap in Virtual Machine Introspection via Online Kernel Data Redirection
ACM Transactions on Information and System Security (TISSEC)
Scaling symbolic execution using staged analysis
Innovations in Systems and Software Engineering
Current challenges in automatic software repair
Software Quality Control
Obfuscation resilient binary code reuse through trace-oriented programming
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
AppIntent: analyzing sensitive data transmission in android for privacy leakage detection
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles
ACM SIGOPS 24th Symposium on Operating Systems Principles
The scalable commutativity rule: designing scalable software for multicore processors
Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles
A methodology for testing CPU emulators
ACM Transactions on Software Engineering and Methodology (TOSEM) - Testing, debugging, and error handling, formal methods, lifecycle concerns, evolution and maintenance
Multi-solver support in symbolic execution
CAV'13 Proceedings of the 25th international conference on Computer Aided Verification
Word equations with length constraints: what's decidable?
HVC'12 Proceedings of the 8th international conference on Hardware and Software: verification and testing
LCT: A Parallel Distributed Testing Tool for Multithreaded Java Programs
Electronic Notes in Theoretical Computer Science (ENTCS)
Dowsing for overflows: a guided fuzzer to find buffer boundary violations
SEC'13 Proceedings of the 22nd USENIX conference on Security
MetaSymploit: day-one defense against script-based attacks with security-enhanced symbolic analysis
SEC'13 Proceedings of the 22nd USENIX conference on Security
FIE on firmware: finding vulnerabilities in embedded systems using symbolic execution
SEC'13 Proceedings of the 22nd USENIX conference on Security
Redundant state detection for dynamic symbolic execution
USENIX ATC'13 Proceedings of the 2013 USENIX conference on Annual Technical Conference
ARMORY: An automatic security testing tool for buffer overflow defect detection
Computers and Electrical Engineering
Race directed scheduling of concurrent programs
Proceedings of the 19th ACM SIGPLAN symposium on Principles and practice of parallel programming
Communications of the ACM
A distributed framework for demand-driven software vulnerability detection
Journal of Systems and Software
Runtime verification of microcontroller binary code
Science of Computer Programming
Behind the scenes in SANTE: a combination of static and dynamic analyses
Automated Software Engineering
Using type analysis in compiler to mitigate integer-overflow-to-buffer-overflow threat
Journal of Computer Security - ESORICS 2010
Software dataplane verification
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
Hi-index | 0.03 |
This paper presents EXE, an effective bug-finding tool that automatically generates inputs that crash real code. Instead of running code on manually or randomly constructed input, EXE runs it on symbolic input initially allowed to be "anything." As checked code runs, EXE tracks the constraints on each symbolic (i.e., input-derived) memory location. If a statement uses a symbolic value, EXE does not run it, but instead adds it as an input-constraint; all other statements run as usual. If code conditionally checks a symbolic expression, EXE forks execution, constraining the expression to be true on the true branch and false on the other. Because EXE reasons about all possible values on a path, it has much more power than a traditional runtime tool: (1) it can force execution down any feasible program path and (2) at dangerous operations (e.g., a pointer dereference), it detects if the current path constraints allow any value that causes a bug.When a path terminates or hits a bug, EXE automatically generates a test case by solving the current path constraints to find concrete values using its own co-designed constraint solver, STP. Because EXE's constraints have no approximations, feeding this concrete input to an uninstrumented version of the checked code will cause it to follow the same path and hit the same bug (assuming deterministic code).EXE works well on real code, finding bugs along with inputs that trigger them in: the BSD and Linux packet filter implementations, the udhcpd DHCP server, the pcre regular expression library, and three Linux file systems.