• Publications
  • Influence
KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs
We present a new symbolic execution tool, KLEE, capable of automatically generating tests that achieve high coverage on a diverse set of complex and environmentally-intensive programs. We used KLEEExpand
  • 2,372
  • 363
EXE: Automatically Generating Inputs of Death
This article presents EXE, an effective bug-finding tool that automatically generates inputs that crash real code. Instead of running code on manually or randomly constructed input, EXE runs it onExpand
  • 890
  • 114
Preventing Memory Error Exploits with WIT
Attacks often exploit memory errors to gain control over the execution of vulnerable programs. These attacks remain a serious problem despite previous research on techniques to prevent them. WeExpand
  • 285
  • 34
Symbolic execution for software testing: three decades later
The challenges---and great promise---of modern symbolic execution techniques, and the tools to help implement them.
  • 513
  • 28
Enhancing Server Availability and Security Through Failure-Oblivious Computing
We present a new technique, failure-oblivious computing, that enables servers to execute through memory errors without memory corruption. Our safe compiler for C inserts checks that dynamicallyExpand
  • 352
  • 18
Execution Generated Test Cases: How to Make Systems Code Crash Itself
This paper presents a technique that uses code to automatically generate its own test cases at run time by using a combination of symbolic and concrete (i.e regular) execution The input values to aExpand
  • 241
  • 16
Symbolic execution for software testing in practice: preliminary assessment
We present results for the "Impact Project Focus Area" on the topic of symbolic execution as used in software testing. Symbolic execution is a program analysis technique introduced in the 70s thatExpand
  • 297
  • 12
EXE: automatically generating inputs of death
This paper presents EXE, an effective bug-finding tool that automatically generates inputs that crash real code. Instead of running code on manually or randomly constructed input, EXE runs it onExpand
  • 189
  • 12
VARAN the Unbelievable: An Efficient N-version Execution Framework
With the widespread availability of multi-core processors, running multiple diversified variants or several different versions of an application in parallel is becoming a viable approach forExpand
  • 45
  • 11
RWset: Attacking Path Explosion in Constraint-Based Test Generation
Recent work has used variations of symbolic execution to automatically generate high-coverage test inputs [3, 4, 7, 8, 14]. Such tools have demonstrated their ability to find very subtle errors.Expand
  • 210
  • 10