Papers
KLEE: Unassisted and Automatic Generation of High-coverage Tests for Complex Systems Programs. 2008 | C. Cadar, D. Dunbar, D. Engler | ||
L. De Moura, N. Bjørner | |||
An Extensible SAT-solver. 2004 | N. Eén, N. Sörensson | ||
S2E: A Platform for In-vivo Multi-path Analysis of Software Systems. 2011 | V. Chipounov, V. Kuznetsov, G. Candea | ||
P. Godefroid, N. Klarlund, K. Sen | |||
LLVM: A Compilation Framework for Lifelong Program Analysis & Transformation. 2004 | C. Lattner, V. Adve | ||
E. Schwartz, T. Avgerinos, D. Brumley | |||
S. Cha, T. Avgerinos, A. Rebert, D. Brumley | |||
On computable numbers, with an application to the Entscheidungsproblem. 1937 | A. Turing | ||
Pin: building customized program analysis tools with dynamic instrumentation. 2005 | C. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V. Reddi, K. Hazelwood | ||
(State of) The Art of War: Offensive Techniques in Binary Analysis. 2016 | Y. Shoshitaishvili, R. Wang, C. Salls, N. Stephens, M. Polino, A. Dutcher, J. Grosen, S. Feng, C. Hauser, C. Kruegel, G. Vigna | ||
JPF-SE: A Symbolic Execution Extension to Java PathFinder. 2007 | S. Anand, C. Păsăreanu, W. Visser | ●●●●● | |
W. Visser, C. Păsăreanu, S. Khurshid | |||
Green: Reducing, Reusing and Recycling Constraints in Program Analysis. 2012 | W. Visser, J. Geldenhuys, M. Dwyer | ||
Driller: Augmenting Fuzzing Through Selective Symbolic Execution. 2016 | N. Stephens, J. Grosen, C. Salls, A. Dutcher, R. Wang, J. Corbetta, Y. Shoshitaishvili, C. Kruegel, G. Vigna | ||
K. Sen, D. Marinov, G. Agha | |||
Symbolic PathFinder: Symbolic Execution of Java Bytecode. 2010 | C. Păsăreanu, N. Rungta | ||
The RoadRunner Dynamic Analysis Framework for Concurrent Programs. 2010 | C. Flanagan, S. Freund | ||
Lok Kwong Yan, Heng Yin | |||
PEBIL: Efficient static binary instrumentation for Linux. 2010 | M. A. Laurenzano, M. M. Tikir, L. Carrington, A. Snavely | ||
T. Avgerinos, A. Rebert, S. Cha, D. Brumley | |||
A System to Generate Test Data and Symbolically Execute Programs. 1976 | L. A. Clarke | ||
P. Wegner, D. Goldin | |||
TaintDroid: An Information-flow Tracking System for Realtime Privacy Monitoring on Smartphones. 2010 | W. Enck, P. Gilbert, B. Chun, L. Cox, J. Jung, P. McDaniel, A. Sheth | ●●●●●●●●●● ●●●●● | |
R. Xu, P. Godefroid, R. Majumdar | |||
CUTE and jCUTE: Concolic Unit Testing and Explicit Path Model-checking Tools. 2006 | K. Sen, G. Agha | ||
Under-constrained Symbolic Execution: Correctness Checking for Real Code. 2015 | D. Ramos, D. Engler | ||
Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware. 2015 | Y. Shoshitaishvili, R. Wang, C. Hauser, C. Kruegel, G. Vigna | ||
T. Avgerinos, S. Cha, A. Rebert, E. Schwartz, M. Woo, D. Brumley | |||
DyTa: Dynamic Symbolic Execution Guided with Static Verification Results. 2011 | |||
A Systematic Study of Automated Program Repair: Fixing 55 out of 105 Bugs for $8 Each. 2012 | C. Le Goues, M. Dewey-Vogt, S. Forrest, W. Weimer | ||
Replayer: Automatic Protocol Replay by Binary Analysis. 2006 | J. Newsome, D. Brumley, J. Franklin, D. Song | ||
High coverage detection of input-related security faults. 2003 | E. Larson, T. Austin | ||
P. Saxena, P. Poosankam, S. McCamant, D. Song | |||
A Symbolic Java Virtual Machine for Test Case Generation. 2004 | R. Müller, C. Lembeck, H. Kuchen | ||
C. Cadar, V. Ganesh, P. Pawlowski, D. Dill, D. Engler | ●●●●●●●●●● ●●●● | ||
J. King | ●●●●●●●●●● | ||
DTA++: Dynamic Taint Analysis with Targeted Control-Flow Propagation. 2011 | Min Gyung Kang, S. McCamant, P. Poosankam, D. Song | ||
CalFuzzer: An extensible active testing framework for concurrent programs. 2009 | P. Joshi, M. Naik, C. Park, K. Sen | ||
KLOVER: A Symbolic Execution and Automatic Test Generation Tool for C++ Programs. 2011 | G. Li, I. Ghosh, S. Rajan | ||
A Comparative Study of Incremental Constraint Solving Approaches in Symbolic Execution. 2014 | T. Liu, M. jo, M. d'Amorim, M. Taghdiri | ||
K. Luckow, M. Dimjašević, D. Giannakopoulou, F. Howar, M. Isberner, T. Kahsai, Z. Rakamarić, V. Raman | |||
Event Listener Analysis and Symbolic Execution for Testing GUI Applications. 2009 | S. Ganov, C. Killmar, S. Khurshid, D. Perry | ||
D. Detlefs, G. Nelson, J. Saxe | |||
Javana: A System for Building Customized Java Program Analysis Tools. 2006 | J. Maebe, D. Buytaert, L. Eeckhout, K. De Bosschere | ||
Sherlock: Scalable Deadlock Detection for Concurrent Programs. 2014 | M. Eslamimehr, J. Palsberg | ||
Z3-str: A Z3-based String Solver for Web Application Analysis. 2013 | Y. Zheng, X. Zhang, V. Ganesh | ●●●●●●●● | |
Catchconv: Symbolic execution and run-time type inference for integer conversion errors. 2007 | D. Molnar, D. Wagner | ||
W. Drewry, T. Ormandy | |||
M. Paterson | |||
V. Kuznetsov, J. Kinder, S. Bucur, G. Candea | ●●●●●●●●●● ●● | ||
PySMT: a Solver-Agnostic Library for Fast Prototyping of SMT-Based Algorithms. 2015 | M. Gario, A. Micheli | ||
On Tracking Information Flows Through JNI in Android Applications. 2014 | C. Qian, X. Luo, Y. Shao, A. Chan | ||
Theory and Techniques for Automatic Generation of Vulnerability-Based Signatures. 2008 | D. Brumley, J. Newsome, D. Song, H. Wang, S. Jha | ||
M. Veanes, P. Halleux, N. Tillmann | ●●●●●●●●●● | ||
Автоматизированный метод построения эксплойтов для уязвимости переполнения буфера на стеке. 2014 | В. Падарян, В. Каушан, А. Федотов | ||
R. Vallée-Rai, P. Co, E. Gagnon, L. Hendren, P. Lam, V. Sundaresan | ●●●●●●●●●● ●●●●●●●●●● ●●●●●●●●●● ●●●●●●●●●● ●●●●●●●●●● ●●●●●●●●●● ●●●●●●●●●● ●●●●●●●●●● ●●●●●●●●●● ●●●●●●●●●● ●●●●●●●●●● ●●●●● | ||
K. Ma, K. Phang, J. Foster, M. Hicks | ●●●●●●●●●● ●●●●●●● | ||
Symbolic Execution of Multithreaded Programs from Arbitrary Program Contexts. 2014 | T. Bergan, D. Grossman, L. Ceze | ●●●●●●●●●● ●●●●●● | |
FloPSy - Search-Based Floating Point Constraint Solving for Symbolic Execution. 2010 | K. Lakhotia, N. Tillmann, M. Harman, J. de Halleux | ●●●●●●●●●● ●●●●●● | |
M. Neugschwandtner, P. Milani Comparetti, I. Haller, H. Bos | |||
A. Sharma | |||
D. Buytaert, J. Maebe, L. Eeckhout, K. De Bosschere | |||
Guiding Dynamic Symbolic Execution toward Unverified Program Executions. 2016 | M. Christakis, P. Müller, V. Wüstholz | ●●●●●●●●●● ●● | |
S. Tobin-Hochstadt, D. Van Horn | ●●●●●●●●●● ●●●●●●●● | ||
Heap Cloning: Enabling Dynamic Symbolic Execution of Java Program. 2011 | |||
ExpliSAT: Guiding SAT-based Software Verification with Explicit States. 2006 | S. Barner, C. Eisner, Z. Glazberg, D. Kroening, I. Rabinovitz | ●●●●●●●●●● ●●●●●●● | |
J. Salwan, F. Saudel | |||
Automatic Low Overhead Program Instrumentation with the LOPI Framework. 2005 | S. Kagstrom, H. Grahn, L. Lundberg | ●●●●●●●●●● ●● | |
Abstract Interpretation: A Unified Lattice Model for Static Analysis of Programs by Construction or Approximation of Fixpoints. 1977 | P. Cousot, R. Cousot | ||
C. Csallner, Y. Smaragdakis | |||
Send Hardest Problems My Way: Probabilistic Path Prioritization for Hybrid Fuzzing. 2009 | L. Zhao, Y. Duan, H. Yin, J. Xuan | ||
Related terms search based on WordNet / Wiktionary and its application in Ontology Matching. 2009 | A. A. Krizhanovsky, F. Lin | ||
Fuzzing: Art, Science, and Engineering. 2018 | Valentin J. M. s, HyungSeok Han, Choongwoo Han, Sang Kil Cha, Manuel Egele, Edward J. Schwartz, Maverick Woo | ||
Межпроцедурный контекстно-чувствительный статический анализ для поиска ошибок в исходном коде программ на языках Си и Си++. 2016 | А. Бородин | ||
Внутрипроцедурный анализ для поиска ошибок на основе символьного выполнения. 2019 | А. Бородин | ||
JDriver: Automatic Driver Class Generation for AFL-Based Java Fuzzing Tools. 2018 | Z. Huang, Y. Wang | ||
Smart Greybox Fuzzing. 2018 | V. Pham, M. Böhme, A. Santosa, A. Căciulescu, A. Roychoudhury | ●●●●●●●●●● ●●●●●● | |
ARTist: The Android runtime instrumentation and security toolkit. 2017 | M. Backes, S. Bugiel, O. Schranz, P. von Styp-Rekowsky, S. Weisgerber | ●●●●●●●●●● ●●●●● | |
Assisting in Auditing of Buffer Overflow Vulnerabilities via Machine Learning. 2017 | Q. Meng, C. Feng, B. Zhang, C. Tang | ●●●●●●●●●● ●●●● | |
Survey of Automated Vulnerability Detection and Exploit Generation Techniques in Cyber Reasoning Systems. 2017 | T. Brooks | ||
The Mayhem Cyber Reasoning System. 2018 | T. Avgerinos, D. Brumley, J. Davis, R. Goulden, T. Nighswander, A. Rebert, N. Williamson | ||
The Art of Computer Programming, Volume 1 (3rd Ed.): Fundamental Algorithms. 1997 | D. Knuth | ||
PLDI 2002: Extended Static Checking for Java. 2013 | C. Flanagan, K. Leino, M. Lillibridge, G. Nelson, J. Saxe, R. Stata | ||
Measuring Channel Capacity to Distinguish Undue Influence. 2009 | J. Newsome, S. McCamant, D. Song | ||
Using Dynamic Symbolic Execution to Improve Deductive Verification. 2008 | D. Vanoverberghe, N. Bjørner, J. de Halleux, W. Schulte, N. Tillmann | ||
Discovering Application-Level Insider Attacks Using Symbolic Execution. 2009 | |||
Proving Memory Safety of the ANI Windows Image Parser Using Compositional Exhaustive Testing. 2015 | |||
Execution Synthesis: A Technique for Automated Software Debugging. 2010 | |||
Symbolic Query Exploration. 2009 | |||
Temporal search: detecting hidden malware timebombs with virtual machines. 2006 | |||
A Framework for Automated Architecture-independent Gadget Search. 2010 | T. Dullien, T. Kornau, R. Weinmann | ||
Better bug reporting with better privacy. 2008 | |||
Dynamically validating static memory leak warnings. 2012 | |||
Symbolic Execution for Software Testing in Practice: Preliminary Assessment. 2011 | C. Cadar, P. Godefroid, S. Khurshid, C. Păsăreanu, K. Sen, N. Tillmann, W. Visser | ||
lp_solve: Mixed Integer Linear Programming solver. 2003 | |||
Autodafé: an Act of Software Torture. 2005 | M. Vuagnoux | ||
Probabilistic symbolic execution. 2012 | |||
Detecting Security Vulnerabilities in Web Applications Using Dynamic Analysis with Penetration Testing. 2008 | |||
Toward Automated Detection of Logic Vulnerabilities in Web Applications. 2010 | |||
The MATHSAT 4 SMT solver: Tool paper. 2008 | R. Bruttomesso, A. Cimatti, A. Franzén, A. Griggio, R. Sebastiani | ||
A Search-Based Framework for Failure Reproduction. 2012 | |||
Efficient Testing of Concurrent Programs with Abstraction-Guided Symbolic Execution. 2009 | |||
Symbolic Execution with Interval Solving and Meta-heuristic Search. 2012 | |||
Statically-Directed Dynamic Automated Test Generation. 2011 | |||
Memoized symbolic execution. 2012 | |||
Mcsema: Static translation of x86 instructions to llvm. 2014 | A. Dinaburg, A. Ruef | ||
Sound, Complete and Scalable Path-sensitive Analysis. 2008 | I. Dillig, T. Dillig, A. Aiken | ||
Program Analysis via Satisfiability Modulo Path Programs. 2010 | |||
HadoopToSQL: a mapReduce query optimizer. 2010 | |||
Context-Sensitive Relevancy Analysis for Efficient Symbolic Execution. 2008 | |||
Generalized Symbolic Execution for Model Checking and Testing. 2003 | |||
No Java without caffeine: A tool for dynamic analysis of Java programs. 2002 | Y. G. Gueheneuc, R. Douence, N. Jussien | ||
Symbolic Execution for Software Testing: Three Decades Later. 2013 | C. Cadar, K. Sen | ||
Feedback-directed unit test generation for C/C++ using concolic execution. 2013 | |||
CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs. 2002 | G. Necula, S. McPeak, S. Rahul, W. Weimer | ||
Creating Vulnerability Signatures Using Weakest Preconditions. 2007 | |||
PathCrawler: Automatic Generation of Path Tests by Combining Static and Dynamic Analysis. 2005 | N. Williams, B. Marre, P. Mouy, M. Roger | ||
Path Feasibility Analysis for String-Manipulating Programs. 2009 | |||
Active Property Checking. 2008 | P. Godefroid, M. Levin, D. Molnar | ||
Hacking Blind. 2014 | A. Bittau, A. Belay, A. Mashtizadeh, D. Mazi`eres, D. Boneh | ||
Vigilante: End-to-End Containment of Internet Worm Epidemics. 2008 | |||
Combining unit-level symbolic execution and system-level concrete execution for testing NASA software. 2008 | |||
A Decision Procedure for Bit-Vectors and Arrays. 2007 | V. Ganesh, D. Dill | ||
Comprehensive multi-platform dynamic program analysis for the Java and Dalvik virtual machines. 2014 | |||
Exact and Approximate Probabilistic Symbolic Execution for Nondeterministic Programs. 2014 | |||
Demand-Driven Compositional Symbolic Execution. 2008 | |||
LCT: An Open Source Concolic Testing Tool for Java Programs. 2011 | |||
Test input generation for java containers using state matching. 2006 | |||
Статический анализатор Svace для поиска дефектов в исходном коде программ. 2014 | В. Иванников, А. Белеванцев, А. Бородин, В. Игнатьев, Д. Журихин, А. Аветисян, М. Леонов | ||
CRAX: software CRash analysis for Automatic eXploit generation | |||
BitBlaze: A New Approach to Computer Security via Binary Analysis. 2008 | D. Song, D. Brumley, H. Yin, J. Caballero, I. Jager, M. Kang, Z. Liang, J. Newsome, P. Poosankam, P. Saxena | ||
Pex: White Box Test Generation for .NET. 2008 | N. Tillmann, J. De Halleux | ||
Enhancing Symbolic Execution with Built-In Term Rewriting and Constrained Lazy Initialization. 2013 | |||
Symbolic Execution with Abstract Subsumption Checking. 2006 | |||
Precise Identification of Problems for Structural Test Generation. 2011 | |||
Systematic Testing for Control Applications. 2010 | |||
Compositional Dynamic Test Generation. 2007 | P. Godefroid | ||
Exploring Multiple Execution Paths for Malware Analysis. 2007 | |||
Analyzing Memory Accesses in x86 Executables. 2004 | G. Balakrishnan, T. Reps | ||
Symbolic Execution with Mixed Concrete-Symbolic Solving. 2011 | |||
Solving string constraints lazily. 2010 | |||
JCHARMING: A Bug Reproduction Approach using Crash Traces and Directed Model Checking. 2015 | |||
Collective Assertions. 2011 | |||
Mixing type checking and symbolic execution. 2010 | |||
Memory Management in the Java HotSpot™ Virtual Machine | |||
Experimental comparison of concolic and random testing for java card applets. 2010 | |||
Higher-Order Test Generation. 2011 | |||
One VM to Rule Them All. 2013 | T. Würthinger, C. Wimmer, A. Wöß, L. Stadler, G. Duboscq, C. Humer, G. Richards, D. Simon, M. Wolczko | ||
Dynamic Test Generation To Find Integer Bugs in x86 Binary Linux Programs. 2009 | |||
Symbolic Security Analysis of Ruby-on-Rails Web Applications. 2010 | |||
Efficient, transparent, and comprehensive runtime code manipulation. 2004 | D. Bruening | ||
Symbolic Crosschecking of Floating-Point and SIMD Code. 2011 | |||
An Orchestrated Survey of Methodologies for Automated Software Test Case Generation. 2013 | S. Anand, E. Burke, T. Chen, J. Clark, M. Cohen, W. Grieskamp, M. Harman, M. Harrold, P. Mcminn | ||
The Geometry of Innocent Flesh on the Bone: Return-into-libc Without Function Calls (on the x86). 2007 | H. Shacham | ||
Automatically Generating Malicious Disks using Symbolic Execution. 2006 | |||
Randomized Instruction Set Emulation. 2005 | E. Barrantes, D. Ackley, S. Forrest, D. Stefanović | ||
CERT | |||
Scalable and scope-bounded software verification in Varvel. 2015 | F. ić, G. Balakrishnan, A. Gupta, S. Sankaranarayanan, N. Maeda, T. Imoto, R. Pothengil, M. Hussain | ||
Computational verification of C protocol implementations by symbolic execution. 2012 | |||
База данных Common Weakness Enumeration (CWE). 2016 | |||
A Decision Procedure for Subset Constraints over Regular Languages. 2009 | P. Hooimeijer, W. Weimer | ||
kb-Anonymity: A Model for Anonymized Behavior-Preserving Test and Debugging Data. 2011 | |||
Bogor: an extensible and highly-modular software model checking framework. 2003 | |||
Reggae: Automated Test Generation for Programs Using Complex Regular Expressions. 2009 | |||
A Static Analyzer for Finding Dynamic Programming Errors. 2000 | W. Bush, J. Pincus, D. Sielaff | ||
Valgrind: A Framework for Heavyweight Dynamic Binary Instrumentation. 2007 | N. Nethercote, J. Seward | ||
WAPTEC: whitebox analysis of web applications for parameter tampering exploit construction. 2011 | |||
Comprehensive Multi-platform Dynamic Program Analysis for Java and Android | |||
Surgically returning to randomized lib(c). 2009 | G. Roglia, L. Martignoni, R. Paleari, D. Bruschi | ||
Statistical Symbolic Execution with Informed Sampling. 2014 | |||
A History of Satisfiability. 2009 | J. Franco, J. Martin | ||
Using Test Case Reduction and Prioritization to Improve Symbolic Execution. 2014 | |||
Multi-Prover Verification of Floating-Point Programs. 2010 | |||
Определение тьюринг-полноты | |||
Avian. A lightweight alternative to Java | |||
STAR: Stack Trace based Automatic Crash Reproduction via Symbolic Execution. 2015 | |||
Make Test-zesti: A Symbolic Execution Solution for Improving Regression Testing. 2012 | P. Marinescu, C. Cadar | ||
Test Input Generation for Programs with Pointers. 2009 | |||
Precise pointer reasoning for dynamic test generation. 2009 | |||
Data Races vs. Data Race Bugs: Telling the Difference with Portend. 2012 | |||
Selecting peers for execution comparison. 2011 | |||
Binary Analysis Tools and Binary Code | |||
REIL: A platform-independent intermediate representation of disassembled code for static code analysis. 2009 | T. Dullien, S. Porst | ||
eXpress: Guided Path Exploration for Efficient Regression Test Generation. 2011 | |||
Bounded Integer Linear Constraint Solving via Lattice Search. 2015 | |||
Automatically Identifying Trigger-based Behavior in Malware. 2008 | |||
Execution Generated Test Cases: How to Make Systems Code Crash Itself. 2005 | |||
Path Exploration based on Symbolic Output. 2011 | |||
MultiSE: multi-path symbolic execution using value summaries. 2015 | |||
Avalanche. Применение динамического анализа для генерации входных данных, демонстрирующих критические ошибки и уязвимости в программах. 2010 | И. Исаев, Д. Сидоров | ||
Randomized directed testing (REDIRECT) for Simulink/Stateflow models. 2008 | |||
Bouncer: securing software by blocking bad input. 2007 | |||
SAGE: Whitebox Fuzzing for Security Testing. 2012 | P. Godefroid, M. Levin, D. Molnar | ||
Automated Concolic Testing of Smartphone Apps. 2012 | |||
Finding Bugs in Exceptional Situations of JNI Programs. 2009 | |||
Automated Whitebox Fuzz Testing. 2008 | P. Godefroid, M. Levin, D. Molnar | ||
Type-dependence Analysis and Program Transformation for Symbolic Execution. 2007 | S. Anand, A. Orso, M. Harrold | ||
The Model Checker SPIN. 1997 | G. Holzmann | ||
A dynamic marking method for implicit information flow in dynamic taint analysis. 2015 | Xuefei Wang, Hengtai Ma, Lisha Jing | ||
Extended Static Checking for Java. 2002 | |||
Fitness-guided path exploration in dynamic symbolic execution. 2009 | |||
Finding the Bad in Good Code: Automated Return-Oriented Programming Exploit Discovery. 2009 | R. Roemer | ||
Структурный анализ в задаче декомпиляции | |||
Runtime Exception Detection in Java Programs Using Symbolic Execution. 2013 | |||
Framing Signals – A Return to Portable Shellcode. 2014 | E. Bosman, H. Bos | ||
Dynamic Symbolic Execution with Interpolation Based Path Merging. 2016 | |||
Integration testing of software product lines using compositional symbolic execution. 2012 | |||
Memoise: A tool for memoized symbolic execution. 2013 | |||
Unbounded Symbolic Execution for Program Verification. 2011 | |||
Dynamic test input generation for database applications. 2007 | |||
TRACER: A Symbolic Execution Tool for Verification. 2012 | |||
Плагин exploitable для gdb | |||
GKLEE: concolic verification and test generation for GPUs. 2012 | |||
How We Get There: A Context-Guided Search Strategy in Concolic Testing. 2014 | |||
Path-based Inductive Synthesis for Program Inversion. 2011 | |||
Testing MapReduce-style programs. 2011 | |||
Symstra: A Framework for Generating Object-Oriented Unit Tests Using Symbolic Execution. 2005 | |||
Redundant State Detection for Dynamic Symbolic Execution. 2013 | |||
TaintAll. 2016 | |||
Grammar-based Whitebox Fuzzing. 2008 | P. Godefroid, A. Kiezun, M. Levin | ||
Counterexample-Guided Abstraction Refinement. 2000 | E. Clarke, O. Grumberg, S. Jha, Y. Lu, H. Veith | ||
Symbolic Robustness Analysis. 2009 | |||
Return-oriented Rootkits: Bypassing Kernel Code Integrity Protection Mechanisms. 2009 | R. Hund, T. Holz, F. Freiling | ||
Practical, low-effort verification of real code using under-constrained execution. 2011 | |||
Test-Suite Augmentation for Evolving Software. 2008 | |||
Privacy-preserving genomic computation through program specialization. 2010 | |||
Efficiently Computing Static Single Assignment Form and the Control Dependence Graph. 1991 | R. Cytron, J. Ferrante, B. Rosen, M. Wegman, F. Zadeck | ||
Generalizing symbolic execution to library classes. 2005 | |||
Collaborative Verification and Testing with Explicit Assumptions. 2012 | |||
Reliability analysis in symbolic pathfinder. 2013 | |||
CVC4. 2011 | C. Barrett, C. Conway, M. Deters, L. Hadarean, D. Jovanović, T. King, A. Reynolds, C. Tinelli | ||
Darwin: an approach for debugging evolving programs. 2009 | |||
Extending a Search-Based Test Generator with Adaptive Dynamic Symbolic Execution. 2014 | |||
Automatic Partial Loop Summarization in Dynamic Test Generation. 2011 | |||
Lazy symbolic execution for test data generation. 2011 | |||
A Generic Framework for Symbolic Execution. 2013 | |||
Theoretical aspects of compositional symbolic execution. 2011 | |||
Test input generation for red-black trees using abstraction. 2005 | |||
Is Data Privacy Always Good for Software Testing?. 2010 | |||
Automatically Preparing Safe SQL Queries. 2010 | |||
Using symbolic evaluation to understand behavior in configurable software systems. 2010 | |||
Reverse engineering of binary device drivers with RevNIC. 2010 | |||
MATRIX: Maintenance-Oriented Testing Requirements Identifier and Examiner. 2006 | |||
Proving Memory Safety of Floating-Point Computations by Combining Static and Dynamic Program Analysis. 2010 | |||
Explicating symbolic execution (xSymExe): an evidence-based verification framework. 2013 | |||
Automated Software Test Data Generation. 1990 | B. Korel | ||
NoTamper: Automatic Blackbox Detection of Parameter Tampering Opportunities in Web Applications. 2010 | |||
Dowsing for overflows: A guided fuzzer to find buffer boundary violations. 2013 | I. Haller, A. Slowinska, M. Neugschwandtner, H. Bos | ||
Differential symbolic execution. 2008 | |||
Selective Symbolic Execution. 2009 | |||
Exploiting program dependencies for scalable multiple-path symbolic execution. 2010 | |||
Symbolic Security Analysis of Ruby-on-rails Web Applications. 2010 | A. Chaudhuri, J. Foster | ||
Symbolic Optimization with SMT Solvers. 2014 | Y. Li, A. Albarghouthi, Z. Kincaid, A. Gurfinkel, M. Chechik | ||
Automatic creation of SQL Injection and cross-site scripting attacks. 2009 | |||
Input Generation via Decomposition and Re-Stitching: Finding Bugs in Malware. 2010 | |||
Automating mimicry attacks using static binary analysis. 2005 | |||
Automatic Formal Verification of MPI-Based Parallel Programs. 2011 | |||
ATOM A System for Building Customized Program Analysis Tools. 1994 | A. Srivastava, A. Eustace | ||
Обнаружение ошибок доступа к буферу в программах на языке C/C++ с помощью статического анализа | |||
Finding Trojan Message Vulnerabilities in Distributed Systems. 2014 | |||
An empirical investigation into branch coverage for C programs using CUTE and AUSTIN. 2010 | |||
Symbolic Testing and the DISSECT Symbolic Evaluation System. 1977 | |||
BAP: A Binary Analysis Platform. 2011 | D. Brumley, I. Jager, T. Avgerinos, E. Schwartz | ||
Jalangi: a tool framework for concolic testing, selective record-replay, and dynamic analysis of JavaScript. 2013 | |||
Dynamic Test Input Generation for Web Applications. 2008 | |||
Synthesizing Parameterized Unit Tests to Detect Object Invariant Violations. 2014 | |||
Hey, you, get off of my market: detecting malicious apps in official and alternative android markets.. 2012 | Y. Zhou, Z. Wang, W. Zhou, X. Jiang | ||
Towards Automatic Discovery of Deviations in Binary Implementations with Applications to Error Detection and Fingerprint Generation. 2007 | D. Brumley, J. Caballero, Z. Liang, J. Newsome, D. Song | ||
Parallel Symbolic Execution for Automated Real-world Software Testing. 2011 | S. Bucur, V. Ureche, C. Zamfir, G. Candea | ||
Reducing Test Inputs Using Information Partitions. 2009 | |||
A Decision Procedure for Bit-vectors and Arrays. 2007 | V. Ganesh, D. Dill | ||
Scaling symbolic execution using ranged analysis. 2012 | |||
Capstone. The Ultimate Disassembler | |||
Deconstructing Dynamic Symbolic Execution. 2015 | |||
Anywhere, any-time binary instrumentation. 2011 | A. Bernat, B. Miller | ||
Billions and Billions of Constraints: Whitebox Fuzz Testing in Production. 2013 | |||
Symbolic execution with abstraction. 2009 | |||
An advanced automatic construction method of ROP. 2015 | Y. Ouyang, Q. Wang, J. Peng, J. Zeng | ||
HAMPI: A Solver for String Constraints. 2009 | A. Kiezun, V. Ganesh, P. Guo, P. Hooimeijer, M. Ernst | ||
Dynamic Test Generation with Static Fields and Initializers. 2014 | |||
Software Crash Analysis for Automatic Exploit Generation on Binary Programs | |||
MACE: Model-inference-Assisted Concolic Exploration for Protocol and Vulnerability Discovery. 2011 | |||
Jinn: Synthesizing Dynamic Bug Detectors for Foreign Language Interfaces. 2010 | B. Lee, B. Wiedermann, M. Hirzel, R. Grimm, K. McKinley | ||
JReq: Database Queries in Imperative Languages. 2010 | |||
SymDroid: Symbolic Execution for Dalvik Bytecode. 2012 | J. Jeon, K. Micinski, J. Foster | ||
Directed Test Generation for Effective Fault Localization. 2010 | |||
Bogor/Kiasan: A k-bounded Symbolic Execution for Checking Strong Heap Properties of Open Systems. 2006 | |||
QAGen: generating query-aware test databases. 2007 | |||
An API for Runtime Code Patching. 2000 | B. Buck, J. Hollingsworth | ||
The Complexity of Theorem-Proving Procedures. 1971 | S. Cook | ||
Automatic Generation of Control Flow Hijacking Exploits for Software Vulnerabilities. 2009 | S. Heelan | ||
Optimizing Constraint Solving to Better Support Symbolic Execution. 2011 | |||
Universal symbolic execution and its application to likely data structure invariant generation. 2008 | |||
Automatically Discovering, Reporting and Reproducing Android Application Crashes. 2016 | |||
WISE: Automated test generation for worst-case complexity. 2009 | |||
Personalized Defect Prediction. 2013 | |||
ThreadSanitizer: Data Race Detection in Practice. 2009 | K. Serebryany, T. Iskhodzhanov | ||
Symdrive: testing drivers without devices. 2012 | |||
Euclide: A Constraint-Based Testing Framework for Critical C Programs. 2009 | |||
QEMU, a fast and portable dynamic translator. 2005 | Bellard F. | ||
Steering symbolic execution to less traveled paths. 2013 | |||
SmacC: A Retargetable Symbolic Execution Engine. 2013 | |||
Snugglebug: a powerful approach to weakest preconditions. 2009 | |||
Looper: Lightweight Detection of Infinite Loops at Runtime. 2009 | |||
SymJS: Automatic Symbolic Testing of JavaScript Web Applications. 2014 | G. Li, E. Andreasen, I. Ghosh | ||
State Joining and Splitting for the Symbolic Execution of Binaries. 2009 | |||
RWset: Attacking Path Explosion in Constraint-Based Test Generation. 2008 | |||
Precise interface identification to improve testing and analysis of web applications. 2009 | |||
Codesonar for binaries | |||
Input-covering schedules for multithreaded programs. 2013 | |||
Heuristics for Scalable Dynamic Test Generation. 2008 | |||
Abstract Analysis of Symbolic Executions. 2010 | |||
Predictive testing: amplifying the effectiveness of software testing. 2007 | |||
Symbiotic: Synergy of instrumentation, slicing, and symbolic execution. 2013 | |||
Boosting concolic testing via interpolation. 2013 | |||
Boolector: An Efficient SMT Solver for Bit-Vectors and Arrays. 2009 | R. Brummayer, A. Biere | ||
Directed test generation using symbolic grammars. 2007 | |||
Saturn: A scalable framework for error detection using Boolean satisfiability. 2007 | |||
A Scalable Distributed Concolic Testing Approach: An Empirical Evaluation. 2012 | |||
IntScope: Automatically Detecting Integer Overflow Vulnerability in X86 Binary Using Symbolic Execution. 2009 | |||
Dynamic symbolic database application testing. 2010 | |||
Dytan: a generic dynamic taint analysis framework. 2007 | J. Clause, W. Li, A. Orso | ||
Augmented dynamic symbolic execution. 2012 | K. Jamrozik, G. Fraser, N. Tillmann, J. De Halleux | ||
Varieties of Static Analyzers: A Comparison with ASTREE. 2007 | P. Cousot, R. Cousot, J. Feret, A. Miné, L. Mauborgne, D. Monniaux, X. Rival | ||
Parallel Symbolic Execution for Automated Real-World Software Testing. 2011 | |||
Directed Incremental Symbolic Execution. 2011 | |||
Bandera: a source-level interface for model checking Java programs. 2000 | |||
Symbolic execution of floating-point computations. 2006 | |||
The Program Dependence Graph and Its Use in Optimization. 1987 | J. Ferrante, K. Ottenstein, J. Warren | ||
Q: Exploit Hardening Made Easy. 2011 | E. Schwartz, T. Avgerinos, D. Brumley | ||
Camouflage: Automated Anonymization of Field Data. 2011 | |||
The SMT-LIB Standard. 2015 | C. Barrett, P. Fontaine, C. Tinelli | ||
Triton: A Dynamic Symbolic Execution Framework. 2015 | F. Saudel, J. Salwan | ||
Prototyping Symbolic Execution Engines for Interpreted Languages. 2014 | |||
Rubicon: bounded verification of web applications. 2012 | |||
Parallel symbolic execution for structural test generation. 2010 | |||
Verification of Java Programs Using Symbolic Execution and Invariant Generation. 2004 | |||
Eraser: A Dynamic Data Race Detector for Multithreaded Programs. 1997 | S. Savage, M. Burrows, G. Nelson, P. Sobalvarro, T. Anderson | ||
Panalyst: privacy-aware remote error analysis on commodity software. 2008 | |||
S2E: Design, Implementations and Applications. 2012 | V. Chipounov, V. Kuznetsov, G. Candea | ||
Combining symbolic execution with model checking to verify parallel numerical programs. 2008 | |||
The JVM is Not Observable Enough (and What To Do About It). 2012 | |||
Multi-solver Support in Symbolic Execution. 2013 | |||
Automated Extraction of Failure Reproduction Steps from User Interaction Traces. 2015 | |||
Variably interprocedural program analysis for runtime error detection. 2007 | |||
Loop invariant symbolic execution for parallel programs. 2012 | |||
Finding latent code errors via machine learning over program executions. 2004 | Y. Brun, M. Ernst | ||
Verifying systems rules using rule-directed symbolic execution. 2013 | |||
Z3str2: an efficient solver for strings, regular expressions, and length constraints. 2017 | Y. Zheng, V. Ganesh, S. Subramanian, O. Tripp, M. Berzish, J. Dolby, X. Zhang | ||
An SMT-LIB Theory of Binary Floating-Point Arithmetic. 2010 | |||
Compositional may-must program analysis: unleashing the power of alternation. 2010 | |||
Analyzing memory accesses in x86 executables.. 2004 | G. Balakrishnan, T. Reps | ||
AppIntent: Analyzing Sensitive Data Transmission in Android for Privacy Leakage Detection. 2013 | Z. Yang, M. Yang, Y. Zhang, G. Gu, P. Ning, X. Wang | ||
A survey of new trends in symbolic execution for software testing and analysis. 2009 | C. Păsăreanu, W. Visser | ||
DySy: dynamic symbolic execution for invariant inference. 2008 | |||
Analyze Crashes to Find Security Vulnerabilities in Your Apps | |||
Sireum/Topi LDP: a lightweight semi-decision procedure for optimizing symbolic execution-based analyses. 2009 | |||
Hybrid Concolic Testing. 2007 | R. Majumdar, K. Sen | ||
BitScope: Automatically Dissecting Malicious Binaries. 2007 | |||
Calysto: scalable and precise extended static checking. 2008 | |||
Path-exploration Lifting: Hi-fi Tests for Lo-fi Emulators. 2012 | L. Martignoni, S. McCamant, P. Poosankam, D. Song, P. Maniatis | ||
Exploiting Undefined Behaviors for Efficient Symbolic Execution. 2014 | A. Sharma | ||
CIVL: The Concurrency Intermediate Verification Language. 2015 | S. Siegel, M. Zheng, Z. Luo, T. Zirkel, A. Marianiello, J. Edenhofner, M. Dwyer, M. Rogers | ||
Symbolic Execution Debugger (SED). 2014 | M. Hentschel, R. Bubel, R. hnle | ||
Chaff: Engineering an Efficient SAT Solver. 2001 | M. Moskewicz, C. Madigan, Y. Zhao, L. Zhang, S. Malik | ||
GRASP---a New Search Algorithm for Satisfiability. 1996 | J. Silva, K. Sakallah | ||
SATO: An Efficient Propositional Prover. 1997 | H. Zhang | ||
A Computing Procedure for Quantification Theory. 1960 | M. Davis, H. Putnam | ||
jFuzz: A Concolic Whitebox Fuzzer for Java. 2009 | K. Jayaraman, D. Harvison, V. Ganesh, A. Kie.zun | ||
SWEET: Serving the Web by Exploiting Email Tunnels. 2012 | A. Houmansadr, W. Zhou, M. Caesar, N. Borisov | ||
JumpBox -- A Seamless Browser Proxy for Tor Pluggable Transports. 2015 | J. Massar, I. Mason, L. Briesemeister, V. Yegneswaran | ||
CensorSpoofer: Asymmetric Communication Using IP Spoofing for Censorship-resistant Web Browsing. 2012 | Q. Wang, X. Gong, G. Nguyen, A. Houmansadr, N. Borisov | ||
On the evolution of buffer overflows. 2007 | M. Vallentin | ||
SELECT&Mdash;a Formal System for Testing and Debugging Programs by Symbolic Execution. 1975 | R. Boyer, B. Elspas, K. Levitt | ||
Improving Function Coverage with Munch: A Hybrid Fuzzing and Directed Symbolic Execution Approach. 2017 | S. Ognawala, T. Hutzelmann, E. Psallida, A. Pretschner | ||
String Constraints for Verification. 2014 | P. Abdulla, M. Atig, Y. Chen, L. k, A. Rezine, P. mmer, J. Stenman | ||
Beaver: Engineering an Efficient SMT Solver for Bit-Vector Arithmetic. 2009 | S. Jha, R. Limaye, S. Seshia |
Sergey Vartanov, 2007–2020