Filters








1,238 Hits in 2.4 sec

Guiding dynamic symbolic execution toward unverified program executions

Maria Christakis, Peter Müller, Valentin Wüstholz
2016 Proceedings of the 38th International Conference on Software Engineering - ICSE '16  
These annotations are then used to guide dynamic symbolic execution toward unverified program executions.  ...  We have implemented our technique for the .NET static analyzer Clousot and the dynamic symbolic execution tool Pex.  ...  By guiding dynamic symbolic execution toward unverified program executions, our technique also alleviates path explosion.  ... 
doi:10.1145/2884781.2884843 dblp:conf/icse/Christakis0W16 fatcat:y5bryau4nve4xb5c2ngqsmqa2i

On narrowing the gap between verification and systematic testing

Maria Christakis
2017 it - Information Technology  
In the second direction, we push systematic testing toward checking as many executions as possible of a real and complex image parser, so as to prove the absence of a certain class of errors.  ...  In the first direction, we explore how to effectively combine static analysis with systematic testing, so as to guide test generation toward properties that have not been previously checked by a static  ...  To address this problem, we developed a technique for combining verification and systematic testing, which guides the latter not only toward program executions for which a verification warning has been  ... 
doi:10.1515/itit-2017-0001 fatcat:4htvx2unmfezplgrh7pt2dr6ti

Synergies among Testing, Verification, and Repair for Concurrent Programs (Dagstuhl Seminar 16201)

Julian Dolby, Orna Grumberg, Peter Müller, Omer Tripp, Marc Herbstritt
2016 Dagstuhl Reports  
These include Dagstuhl Seminar 13021 "Symbolic Methods in Testing"; Dagstuhl  ...  This report documents the program and the outcomes of Dagstuhl Seminar 16201 "Synergies among Testing, Verification, and Repair for Concurrent Programs".  ...  We provide inference rules for guaranteeing these properties about future execution states without introducing explicit traces or temporal logics.  ... 
doi:10.4230/dagrep.6.5.56 dblp:journals/dagstuhl-reports/DolbyGMT16 fatcat:3ou6mdvytrfnfhjf542sbpn6lm

Integrated Environment for Diagnosing Verification Errors [chapter]

Maria Christakis, K. Rustan M. Leino, Peter Müller, Valentin Wüstholz
2016 Lecture Notes in Computer Science  
To help a user with this task, this paper presents an extension of the Dafny IDE that seamlessly integrates the Dafny verifier, a dynamic symbolic execution engine, a verification debugger, and a technique  ...  Consequently, the symbolic execution collects constraints on such variables and generates inputs for them, which guide execution toward all those unexplored paths.  ...  Dynamic symbolic execution.  ... 
doi:10.1007/978-3-662-49674-9_25 fatcat:wj3x2pop75gwtiwfg6s5z6sboq

Targeted Greybox Fuzzing with Static Lookahead Analysis [article]

Valentin Wüstholz, Maria Christakis
2019 arXiv   pre-print
Existing work has, therefore, focused on guiding the exploration toward program parts that are more likely to contain bugs by using an offline static analysis.  ...  In this paper, we introduce a novel technique for targeted greybox fuzzing using an online static analysis that guides the fuzzer toward a set of target locations, for instance, located in recently modified  ...  To make bug detection more effective, existing work has focused on guiding the exploration toward warnings reported by a static analysis (e.g., [13] , [14] , [15] ), unverified program executions (e.g  ... 
arXiv:1905.07147v1 fatcat:6l2vbpwi2nc4rnujozgytadjwy

Past-sensitive pointer analysis for symbolic execution

David Trabish, Timotej Kapus, Noam Rinetzky, Cristian Cadar
2020 Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering  
We propose a novel fine-grained integration of pointer analysis with dynamic analysis, including dynamic symbolic execution.  ...  We evaluate our technique in three application scenarios: chopped symbolic execution, symbolic pointer resolution, and write integrity testing.  ...  [17] combine partial static verification with dynamic symbolic execution by guiding the latter to check the unverified program executions from the former.  ... 
doi:10.1145/3368089.3409698 dblp:conf/sigsoft/TrabishKRC20 fatcat:2a7dspz455dttnl3yc5wvpz2su

SAVIOR: Towards Bug-Driven Hybrid Testing

Yaohui Chen, Peng Li, Jun Xu, Shengjian Guo, Rundong Zhou, Yulong Zhang, Tao Wei, Long Lu
2020 2020 IEEE Symposium on Security and Privacy (SP)  
Moreover, SAVIOR verifies all vulnerable program locations along the executing program path.  ...  As a result, hybrid testing is able to reach deeper into program state space than fuzz testing or concolic execution alone. Recently, hybrid testing has seen significant advancement.  ...  In addition, SAVIOR relies on fuzz testing to stably approach the to-beverified paths, while others use heuristic based approaches to guide symbolic execution towards the marked label. VII.  ... 
doi:10.1109/sp40000.2020.00002 dblp:conf/sp/ChenLXGZZWL20 fatcat:5kieeedzrzbetkohcjwwv3abqy

Low maintenance verification

Valeria Bertacco
2006 Proceedings of the 19th annual symposium on Integrated circuits and systems design - SBCCI '06  
a system's execution, if and when it lands on an unverified state.  ...  on dynamic and statistical estimates, evaluate how frequently the system, once deployed, will fall into one of those unverified configurations. 3) Post-Silicon Hardware Mechanisms.  ... 
doi:10.1145/1150343.1150347 dblp:conf/sbcci/Bertacco06a fatcat:g7l2sxlwfvg5jbqolcvezk6orm

Collaborative Verification and Testing with Explicit Assumptions [chapter]

Maria Christakis, Peter Müller, Valentin Wüstholz
2012 Lecture Notes in Computer Science  
Our technique is also useful to obtain small test suites for partially-verified programs.  ...  These compromises include not checking certain program properties as well as making implicit, unsound assumptions.  ...  We apply dynamic symbolic execution [18, 23] , also called concolic testing [23] , to automatically generate parameterized unit tests from the program code, the specification, and the results of static  ... 
doi:10.1007/978-3-642-32759-9_13 fatcat:zty4uaxa7rat7aior4prmehgum

SCSE: Boosting Symbolic Execution via State Concretization

Huibin WANG, Chunqiang LI, Jianyi MENG, Xiaoyan XIANG
2019 IEICE transactions on information and systems  
Through experimental evaluation on real programs, we show that state concretization helps to speed up symbolic execution significantly.  ...  To mitigate it, this paper proposes State Concretization based Symbolic Execution (SCSE). SCSE speeds up symbolic execution via state concretization.  ...  Research [24] uses annotations to guide dynamic symbolic execution toward unverified program executions.  ... 
doi:10.1587/transinf.2018edp7298 fatcat:dqxybbs6brhtlld3mx7zdmus5q

Abstraction-driven Concolic Testing [chapter]

Przemysław Daca, Ashutosh Gupta, Thomas A. Henzinger
2015 Lecture Notes in Computer Science  
In contrast, model checkers based on counterexample-guided abstraction refinement explore programs exhaustively, while failing to scale on large programs with precision.  ...  Concolic testing is a promising method for generating test suites for large programs.  ...  These locations guide symbolic search toward the target and predicates in failed symbolic executions are analyzed to find new relevant locations.  ... 
doi:10.1007/978-3-662-49122-5_16 fatcat:pvfm4iq75nf6zjc5iif2p4loiu

SoK: Computer-Aided Cryptography [article]

Manuel Barbosa, Gilles Barthe, Karthikeyan Bhargavan, Bruno Blanchet, Cas Cremers, Kevin Liao, Bryan Parno
2019 IACR Cryptology ePrint Archive  
We present a cross-cutting systematization of the computer-aided cryptography literature, focusing on three main areas: (i) design-level security (both symbolic security and computational security), (ii  ...  The simplest leakage model is the program counter policy, where the program control-flow is leaked during execution [151] .  ...  This is a natural and important step towards the Holy Grail of computer-aided cryptography: to deliver guarantees on executable code that match the strength and elegance of guarantees on cryptographic  ... 
dblp:journals/iacr/BarbosaBBBCLP19 fatcat:ky7xph7q3vfpxd2q2cfpybhw5e

SoK: Computer-Aided Cryptography

Manuel Barbosa, Gilles Barthe, Karthik Bhargavan, Bruno Blanchet, Cas Cremers, Kevin Liao, Bryan Parno
2021 2021 IEEE Symposium on Security and Privacy (SP)  
We present a cross-cutting systematization of the computer-aided cryptography literature, focusing on three main areas: (i) design-level security (both symbolic security and computational security), (ii  ...  The simplest leakage model is the program counter policy, where the program control-flow is leaked during execution [151] .  ...  This is a natural and important step towards the Holy Grail of computer-aided cryptography: to deliver guarantees on executable code that match the strength and elegance of guarantees on cryptographic  ... 
doi:10.1109/sp40001.2021.00008 fatcat:hvor2dotoracledftqympf5ai4

Abstraction-driven Concolic Testing [article]

Przemysław Daca, Ashutosh Gupta, Thomas A. Henzinger
2015 arXiv   pre-print
In contrast, model checkers based on counterexample-guided abstraction refinement explore programs exhaustively, while failing to scale on large programs with precision.  ...  Concolic testing is a promising method for generating test suites for large programs.  ...  These locations guide symbolic search toward the target and predicates in failed symbolic executions are analyzed to find new relevant locations.  ... 
arXiv:1511.02615v2 fatcat:fc3ng5lke5fexcdvqgo3fclyd4

Formal verification of a realistic compiler

Xavier Leroy
2009 Communications of the ACM  
, using the Coq proof assistant both for programming the compiler and for proving its correctness.  ...  verified compiler is useful in the context of critical software and its formal verification: the verification of the compiler guarantees that the safety properties proved on the source code hold for the executable  ...  Yet, compilers-and especially optimizing compilers-are complex programs that perform complicated symbolic transformations.  ... 
doi:10.1145/1538788.1538814 fatcat:s257oqdrs5davejppnzzo44qse
« Previous Showing results 1 — 15 out of 1,238 results