Dynamic test generation consists of executing a program while gathering symbolic constraints on inputs from predi-cates encountered in branch statements, and of using a con-straint solver to infer new program inputs from previous con-straints in order to steer next executions towards new pro-gram paths. Variants of this technique have recently been adopted in several bug detection tools, including our white-box fuzzer SAGE, which has found dozens of new expensive security-related bugs in many Windows applications and is now routinely used in various Microsoft groups. In this paper, we discuss how to perform precise symbolic pointer reasoning in the context of dynamic test generation. We present a new memory model for representing arbitrary ...
International audienceContext: Automatic code-based test input generation aims at generating a test ...
We present an algorithm for tests generation tools based on symbolic execution. The algorithm is sup...
Pointer analysis, as a fundamental research, is to identify the possible runtime values of a pointer...
Symbolic execution is a popular program analysis technique that allows seeking for bugs by reasoning...
We propose a novel fine-grained integration of pointer analysis with dynamic analysis, including dyn...
© 2012 Dr. Trevor Alexander HansenSoftware defects are a curse, they are so difficult to find that m...
Coverage-based fuzz testing and dynamic symbolic execution are both popular program testing techniqu...
Software model checkers quickly reach their limits when being applied to verifying pointer safety ...
The incorrect use of pointers is one of the most common source of bugs. As a consequence, any kind o...
AbstractThe size of today’s programs continues to grow, as does the number of bugs they contain. Tes...
The size of today’s programs continues to grow, as does the number of bugs they contain. Testing alo...
This thesis introduces a novel technique for the automated analysis of compiled programs, which is f...
Symbolic execution is a popular software testing technique that can help developers identify complex...
Whitebox fuzzing is a novel form of security testing based on runtime symbolic execution and constra...
Automatic test data generation leads to identify input values on which a selected path or a selected...
International audienceContext: Automatic code-based test input generation aims at generating a test ...
We present an algorithm for tests generation tools based on symbolic execution. The algorithm is sup...
Pointer analysis, as a fundamental research, is to identify the possible runtime values of a pointer...
Symbolic execution is a popular program analysis technique that allows seeking for bugs by reasoning...
We propose a novel fine-grained integration of pointer analysis with dynamic analysis, including dyn...
© 2012 Dr. Trevor Alexander HansenSoftware defects are a curse, they are so difficult to find that m...
Coverage-based fuzz testing and dynamic symbolic execution are both popular program testing techniqu...
Software model checkers quickly reach their limits when being applied to verifying pointer safety ...
The incorrect use of pointers is one of the most common source of bugs. As a consequence, any kind o...
AbstractThe size of today’s programs continues to grow, as does the number of bugs they contain. Tes...
The size of today’s programs continues to grow, as does the number of bugs they contain. Testing alo...
This thesis introduces a novel technique for the automated analysis of compiled programs, which is f...
Symbolic execution is a popular software testing technique that can help developers identify complex...
Whitebox fuzzing is a novel form of security testing based on runtime symbolic execution and constra...
Automatic test data generation leads to identify input values on which a selected path or a selected...
International audienceContext: Automatic code-based test input generation aims at generating a test ...
We present an algorithm for tests generation tools based on symbolic execution. The algorithm is sup...
Pointer analysis, as a fundamental research, is to identify the possible runtime values of a pointer...