SIGMOD '93 Proceedings of the 1993 ACM SIGMOD international conference on Management of data
Practical Unix and Internet security (2nd ed.)
Practical Unix and Internet security (2nd ed.)
Advanced Windows (3rd ed.)
Inside Windows NT
Testing the Robustness of Windows NT Software
ISSRE '98 Proceedings of the The Ninth International Symposium on Software Reliability Engineering
ATEC '02 Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference
ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
JCrasher: an automatic robustness tester for Java
Software—Practice & Experience
DART: directed automated random testing
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
CUTE: a concolic unit testing engine for C
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Good/fast/cheap: contexts, relationships and professional responsibility during software development
Proceedings of the 2006 ACM symposium on Applied computing
An empirical study of the robustness of MacOS applications using random testing
Proceedings of the 1st international workshop on Random testing
Is adaptive random testing really better than random testing
Proceedings of the 1st international workshop on Random testing
Adaptive random testing with randomly translated failure region
Proceedings of the 1st international workshop on Random testing
An empirical analysis and comparison of random testing techniques
Proceedings of the 2006 ACM/IEEE international symposium on Empirical software engineering
Testing across configurations: implications for combinatorial testing
ACM SIGSOFT Software Engineering Notes
Enhancing adaptive random testing in high dimensional input domains
Proceedings of the 2007 ACM symposium on Applied computing
Parallel Randomized State-Space Search
ICSE '07 Proceedings of the 29th international conference on Software Engineering
Feedback-Directed Random Test Generation
ICSE '07 Proceedings of the 29th international conference on Software Engineering
ICSE '07 Proceedings of the 29th international conference on Software Engineering
Predictive testing: amplifying the effectiveness of software testing
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Predictive testing: amplifying the effectiveness of software testing
The 6th Joint Meeting on European software engineering conference and the ACM SIGSOFT symposium on the foundations of software engineering: companion papers
Effective random testing of concurrent programs
Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
Information Assurance: Dependability and Security in Networked Systems
Information Assurance: Dependability and Security in Networked Systems
Grammar-based whitebox fuzzing
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Finding errors in .net with feedback-directed random testing
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
TFTP vulnerability finding technique based on fuzzing
Computer Communications
Distributing test cases more evenly in adaptive random testing
Journal of Systems and Software
Evaluating the Quality of Open Source Software
Electronic Notes in Theoretical Computer Science (ENTCS)
Enhanced lattice-based adaptive random testing
Proceedings of the 2009 ACM symposium on Applied Computing
WISE: Automated test generation for worst-case complexity
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Adaptive random testing based on distribution metrics
Journal of Systems and Software
Heuristics for Scalable Dynamic Test Generation
ASE '08 Proceedings of the 2008 23rd IEEE/ACM International Conference on Automated Software Engineering
Robust signatures for kernel data structures
Proceedings of the 16th ACM conference on Computer and communications security
Security assessment for application network services using fault injection
PAISI'07 Proceedings of the 2007 Pacific Asia conference on Intelligence and security informatics
Exhaustive testing of exception handlers with enforcer
FMCO'06 Proceedings of the 5th international conference on Formal methods for components and objects
SUDS: an infrastructure for creating dynamic software defect detection tools
Automated Software Engineering
Randomized constraint solvers: a comparative study
Innovations in Systems and Software Engineering
pTest: an adaptive testing tool for concurrent software on embedded multicore processors
Proceedings of the Conference on Design, Automation and Test in Europe
Contract-driven testing of javascript code
TOOLS'10 Proceedings of the 48th international conference on Objects, models, components, patterns
Efficient file fuzz testing using automated analysis of binary file format
Journal of Systems Architecture: the EUROMICRO Journal
H-fuzzing: a new heuristic method for fuzzing data generation
NPC'11 Proceedings of the 8th IFIP international conference on Network and parallel computing
SNOOZE: toward a stateful network protocol fuzZEr
ISC'06 Proceedings of the 9th international conference on Information Security
SAGE: whitebox fuzzing for security testing
Communications of the ACM
SAGE: Whitebox Fuzzing for Security Testing
Queue - Networks
Adaptive random testing through iterative partitioning
Ada-Europe'06 Proceedings of the 11th Ada-Europe international conference on Reliable Software Technologies
Enforcer – efficient failure injection
FM'06 Proceedings of the 14th international conference on Formal Methods
ASE '11 Proceedings of the 2011 26th IEEE/ACM International Conference on Automated Software Engineering
A systematic review of software robustness
Information and Software Technology
Test input generation using dynamic programming
Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering
CarFast: achieving higher statement coverage faster
Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering
Behavioral fuzzing operators for UML sequence diagrams
SAM'12 Proceedings of the 7th international conference on System Analysis and Modeling: theory and practice
Using likely invariants for automated software fault localization
Proceedings of the eighteenth international conference on Architectural support for programming languages and operating systems
Billions and billions of constraints: whitebox fuzz testing in production
Proceedings of the 2013 International Conference on Software Engineering
Obfuscation resilient binary code reuse through trace-oriented programming
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
| Hi-index | 0.02 |
We report on the third in a series of studies on the reliability of application programs in the face of random input. In 1990 and 1995, we studied the reliability of UNIX application programs, both command line and X-Window based (GUI). In this study, we apply our testing techniques to applications running on the Windows NT operating system. Our testing is simple black-box random input testing; by any measure, it is a crude technique, but it seems to be effective at locating bugs in real programs. We tested over 30 GUI-based applications by subjecting them to two kinds of random input: (1) streams of valid keyboard and mouse events and (2) streams of random Win32 messages. We have built a tool that helps automate the testing of Windows NT applications. With a few simple parameters, any application can be tested. Using our random testing techniques, our previous UNIX-based studies showed that we could crash a wide variety of command-line and X-window based applications on several UNIX platforms. The test results are similar for NT-based applications. When subjected to random valid input that could be produced by using the mouse and keyboard, we crashed 21% of applications that we tested and hung an additional 24% of applications. When subjected to raw random Win32 messages, we crashed or hung all the applications that we tested. We report which applications failed under which tests, and provide some analysis of the failures.