Tools
Sorted by:
Try your query at:
 |
 |
 |
 |
 |
 |
Results 1 - 10
of
496
Generalized Symbolic Execution for Model Checking and Testing
, 2003
"... Modern software systems, which often are concurrent and manipulate complex data structures must be extremely reliable. We present a novel framework based on symbolic execution, for automated checking of such systems. We provide a two-fold generalization of traditional symbolic execution based ap ..."
Abstract
-
Cited by 232 (52 self)
- Add to MetaCart
approaches. First, we de ne a source to source translation to instrument a program, which enables standard model checkers to perform symbolic execution of the program. Second, we give a novel symbolic execution algorithm that handles dynamically allocated structures (e.g., lists and trees), method
Automated Whitebox Fuzz Testing
"... Fuzz testing is an effective technique for finding security vulnerabilities in software. Traditionally, fuzz testing tools apply random mutations to well-formed inputs of a program and test the resulting values. We present an alternative whitebox fuzz testing approach inspired by recent advances in ..."
Abstract
-
Cited by 311 (25 self)
- Add to MetaCart
in symbolic execution and dynamic test generation. Our approach records an actual run of the program under test on a well-formed input, symbolically evaluates the recorded trace, and gathers constraints on inputs capturing how the program uses these. The collected constraints are then negated one by one
Fitness-Guided Path Exploration in Dynamic Symbolic Execution
"... Dynamic symbolic execution is a structural testing technique that systematically explores feasible paths of the program under test by running the program with different test inputs. Its main goal is to find a set of test inputs that lead to the coverage of particular test targets, e.g., specific sta ..."
Abstract
-
Cited by 62 (19 self)
- Add to MetaCart
Dynamic symbolic execution is a structural testing technique that systematically explores feasible paths of the program under test by running the program with different test inputs. Its main goal is to find a set of test inputs that lead to the coverage of particular test targets, e.g., specific
DySy: dynamic symbolic execution for invariant inference.
- In Proceedings of the 30th International Conference on Software Engineering (ICSE ’08),
, 2008
"... ABSTRACT Dynamically discovering likely program invariants from concrete test executions has emerged as a highly promising software engineering technique. Dynamic invariant inference has the advantage of succinctly summarizing both "expected" program inputs and the subset of program behav ..."
Abstract
-
Cited by 58 (8 self)
- Add to MetaCart
ABSTRACT Dynamically discovering likely program invariants from concrete test executions has emerged as a highly promising software engineering technique. Dynamic invariant inference has the advantage of succinctly summarizing both "expected" program inputs and the subset of program
Augmented Dynamic Symbolic Execution
"... Dynamic symbolic execution (DSE) can efficiently explore all simple paths through a program, reliably determining whether there are any program crashes or violations of assertions or code contracts. However, if such automated oracles do not exist, the traditional approach is to present the developer ..."
Abstract
-
Cited by 3 (2 self)
- Add to MetaCart
Dynamic symbolic execution (DSE) can efficiently explore all simple paths through a program, reliably determining whether there are any program crashes or violations of assertions or code contracts. However, if such automated oracles do not exist, the traditional approach is to present
Deconstructing Dynamic Symbolic Execution
"... Abstract. Dynamic symbolic execution (DSE) is a well-known technique for automatically generating tests to achieve higher levels of coverage in a program. Two keys ideas of DSE are to: (1) seed symbolic execution by executing a program on an initial input; (2) using concrete values from the program ..."
Abstract
- Add to MetaCart
Abstract. Dynamic symbolic execution (DSE) is a well-known technique for automatically generating tests to achieve higher levels of coverage in a program. Two keys ideas of DSE are to: (1) seed symbolic execution by executing a program on an initial input; (2) using concrete values from
All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask
- In Proceedings of the IEEE Symposium on Security and Privacy
, 2010
"... Abstract—Dynamic taint analysis and forward symbolic execution are quickly becoming staple techniques in security analyses. Example applications of dynamic taint analysis and forward symbolic execution include malware analysis, input filter generation, test case generation, and vulnerability discove ..."
Abstract
-
Cited by 106 (5 self)
- Add to MetaCart
Abstract—Dynamic taint analysis and forward symbolic execution are quickly becoming staple techniques in security analyses. Example applications of dynamic taint analysis and forward symbolic execution include malware analysis, input filter generation, test case generation, and vulnerability
Efficient state merging in symbolic execution
- In Proceedings of the ACM SIGPLAN 2012 Conference on Programming Language Design and Implementation (PLDI ’12
, 2012
"... Symbolic execution has proven to be a practical technique for building automated test case generation and bug finding tools. Nevertheless, due to state explosion, these tools still struggle to achieve scalability. Given a program, one way to reduce the number of states that the tools need to explore ..."
Abstract
-
Cited by 35 (2 self)
- Add to MetaCart
Symbolic execution has proven to be a practical technique for building automated test case generation and bug finding tools. Nevertheless, due to state explosion, these tools still struggle to achieve scalability. Given a program, one way to reduce the number of states that the tools need
Scalable Symbolic Execution For Verification
"... Abstract. In previous work, we presented a symbolic execution method which starts with a concrete model of the program but progressively abstracts away details only when these are known to be irrelevant using interpolation. In this paper, we extend the technique to handle unbounded loops. The centra ..."
Abstract
-
Cited by 1 (0 self)
- Add to MetaCart
Abstract. In previous work, we presented a symbolic execution method which starts with a concrete model of the program but progressively abstracts away details only when these are known to be irrelevant using interpolation. In this paper, we extend the technique to handle unbounded loops
Symbolic Execution for Software Testing in Practice – Preliminary Assessment
"... We present results for the “Impact Project Focus Area ” on the topic of symbolic execution as used in software testing. Symbolic execution is a program analysis technique introduced in the 70s that has received renewed interest in recent years, due to algorithmic advances and increased availability ..."
Abstract
-
Cited by 39 (6 self)
- Add to MetaCart
of computational power and constraint solving technology. We review classical symbolic execution and some modern extensions such as generalized symbolic execution and dynamic test generation. We also give a preliminary assessment of the use in academia, research labs, and industry.
Results 1 - 10
of
496
