Directed Symbolic Execution

Ma, Kin-Keung; Phang, Khoo Yit; Foster, Jeffrey S.; Hicks, Michael

doi:10.1007/978-3-642-23702-7_11

Cited by 144 publications

(137 citation statements)

References 30 publications

Supporting

Mentioning

132

Contrasting

Order By: Relevance

“…For example, the research community has invested a lot of effort in designing techniques for improving the testing of software patches, ranging from test suite prioritisation and selection algorithms [11,30,35] to program analysis techniques for test case generation and bug finding [1,2,20,21,27,28,36,40] to methods for surviving errors introduced by patches at runtime [14]. Many of these techniques depend on the existence of a manual test suite, sometimes requiring the availability of a test exercising the patch [24,37], sometimes making assumptions about the stability of program coverage or external behaviour over time [14,29], other times using it as a starting point for exploration [10,16,22,39], and often times employing it as a baseline for comparison [3,6,9,26].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Covrig: a framework for the analysis of code, test, and coverage evolution in real software

Marinescu

Hošek

Cadar

2014

Proceedings of the 2014 International Symposium on Software Testing and Analysis

View full text Add to dashboard Cite

Software repositories provide rich information about the construction and evolution of software systems. While static data that can be mined directly from version control systems has been extensively studied, dynamic metrics concerning the execution of the software have received much less attention, due to the inherent difficulty of running and monitoring a large number of software versions.In this paper, we present Covrig, a flexible infrastructure that can be used to run each version of a system in isolation and collect static and dynamic software metrics, using a lightweight virtual machine environment that can be deployed on a cluster of local or cloud machines.We use Covrig to conduct an empirical study examining how code and tests co-evolve in six popular open-source systems. We report the main characteristics of software patches, analyse the evolution of program and patch coverage, assess the impact of nondeterminism on the execution of test suites, and investigate whether the coverage of code containing bugs and bug fixes is higher than average.

show abstract

Section: Introductionmentioning

confidence: 99%

“…20 Therefore, the results aim to count a line as covered if the test suite may execute it. The blue (upper) lines in Figure 6 plot the overall line coverage for all benchmarks.…”

Section: Overall Code Coveragementioning

confidence: 99%

Covrig: a framework for the analysis of code, test, and coverage evolution in real software

Marinescu

Hošek

Cadar

2014

Proceedings of the 2014 International Symposium on Software Testing and Analysis

View full text Add to dashboard Cite

show abstract

“…Thummalapenta et al [129] and Ma et al [94] both confirmed that approaches such as PEX, KLEE, and SAGE without the ability to precisely focus on a particular code element may not be sufficient to improve coverage and to enhance error detection capabilities. Baluda et al [12] proposed ARC-B by combining dynamic symbolic execution and abstraction refinement for structural coverage improvements and infeasible code identification.…”

Section: Literature Reviewmentioning

confidence: 95%

Goal-oriented dynamic test generation

Khoo

Fong

et al. 2015

Information and Software Technology

View full text Add to dashboard Cite

“…A similar intuition has been applied to the control flow of a program (as opposed to information flow as we consider); examples include the static analysis tool ARCHER [29] and the call-chain-backward symbolic execution approach of Ma et al [19].…”

Section: Related Workmentioning

confidence: 99%

HI-CFG: Construction by Binary Analysis and Application to Attack Polymorphism

Caselden

Bazhanyuk²,

Payer

et al. 2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Security analysis often requires understanding both the control and data-flow structure of a binary. We introduce a new program representation, a hybrid information-and control-flow graph (HI-CFG), and give algorithms to infer it from an instruction-level trace. As an application, we consider the task of generalizing an attack against a program whose inputs undergo complex transformations before reaching a vulnerability. We apply the HI-CFG to find the parts of the program that implement each transformation, and then generate new attack inputs under a user-specified combination of transformations. Structural knowledge allows our approach to scale to applications that are infeasible with monolithic symbolic execution. Such attack polymorphism shows the insufficiency of any filter that does not support all the same transformations as the vulnerable application. In case studies, we show this attack capability against a PDF viewer and a word processor.

show abstract

Directed Symbolic Execution

Cited by 144 publications

References 30 publications

Covrig: a framework for the analysis of code, test, and coverage evolution in real software

Covrig: a framework for the analysis of code, test, and coverage evolution in real software

Goal-oriented dynamic test generation

HI-CFG: Construction by Binary Analysis and Application to Attack Polymorphism

Contact Info

Product

Resources

About