• Publications
  • Influence
DART: directed automated random testing
DART is a new tool for automatically testing software that combines three main techniques, automated extraction of the interface of a program with its external environment using static source-code parsing, and dynamic analysis of how the program behaves under random testing and automatic generation of new test inputs to direct systematically the execution along alternative program paths.
Partial-Order Methods for the Verification of Concurrent Systems
Using partial orders to tackle state explosion and persistent sets for verification of safety properties and model checking are used.
Dynamic partial-order reduction for model checking software
We present a new approach to partial-order reduction for model checking software. This approach is based on initially exploring an arbitrary interleaving of the various concurrent processes/threads,
Automated Whitebox Fuzz Testing
This work presents an alternative whitebox fuzz testing approach inspired by recent advances in symbolic execution and dynamic test generation, and implemented this algorithm in SAGE (Scalable, Automated, Guided Execution), a new tool employing x86 instruction-level tracing and emulation for white box fuzzing of arbitrary file-reading Windows applications.
Model checking for programming languages using VeriSoft
This paper discusses how model checking can be extended to deal directly with "actual" descriptions of concurrent systems, e.g., implementations of communication protocols written in programming languages such as C or C++, and introduces a new search technique that is suitable for exploring the state spaces of such systems.
Compositional dynamic test generation
This paper introduces a new algorithm, dubbed SMART for Systematic Modular Automated Random Testing, that extends DART by testing functions in isolation, encoding test results as function summaries expressed using input preconditions and output postconditions, and then re-using those summaries when testing higher-level functions.
Generalized Model Checking: Reasoning about Partial State Spaces
The problem of model checking temporal properties on partial Kripke structures, which were used in [BG99] to represent incomplete state spaces, is discussed and a new semantics for 3-valued temporal logics is introduced that can give more definite answers than the previous one.
Checking Beliefs in Dynamic Networks
NoD generalizes a specialized system, SecGuru, and is currently use in production to catch hundreds of configuration bugs a year and can also scale to large to large header spaces because of a new filter-project operator and a symbolic header representation.
Learn&Fuzz: Machine learning for input fuzzing
This paper shows how to automate the generation of an input grammar suitable for input fuzzing using sample inputs and neural-network-based statistical machine-learning techniques and presents a new algorithm for this learn&fuzz challenge which uses a learnt input probability distribution to intelligently guide where to fuzz inputs.
Analysis of recursive state machines
This study examines the verification of linear time properties of RSMs, and easily derive algorithms for linear time temporal logic model checking with the same complexity in the model.