• Publications
  • Influence
Coverage-Based Greybox Fuzzing as Markov Chain
TLDR
We show that CGF is considerably more efficient if energy is inversely proportional to the density of the stationary distribution and increases monotonically every time that seed is chosen. Expand
  • 236
  • 45
  • PDF
Directed Greybox Fuzzing
TLDR
We introduce Directed Greybox Fuzzing (DGF) which generates inputs with the objective of reaching a given set of target program locations efficiently. Expand
  • 229
  • 31
  • PDF
Coverage-Based Greybox Fuzzing as Markov Chain
TLDR
Coverage-based Greybox Fuzzing (CGF) is a random testing approach that requires no program analysis. Expand
  • 112
  • 24
Model-based whitebox fuzzing for program binaries
TLDR
We present Model-based Whitebox Fuzzing (MoWF), an automated testing technique for industrial-size program binaries that process structured inputs. Expand
  • 62
  • 4
  • PDF
Smart Greybox Fuzzing
TLDR
We introduce smart greybox fuzzing (SGF) which leverages a high-level structural representation of the seed file to generate new files. Expand
  • 42
  • 3
  • PDF
Hercules: Reproducing Crashes in Real-World Application Binaries
TLDR
Binary analysis is a well-investigated area in software engineering and security. Expand
  • 26
  • 2
  • PDF
AFLNET: A Greybox Fuzzer for Network Protocols
TLDR
We present AFLNET, the first greybox fuzzer for protocol implementations. Expand
  • 13
  • 2
  • PDF
Bucketing Failing Tests via Symbolic Analysis
TLDR
We propose a new symbolic analysis-based clustering algorithm that uses the semantic reason behind failures to group failing tests into more "meaningful" clusters. Expand
  • 9
  • 1
  • PDF
Integrated Timing Analysis of Application and Operating Systems Code
TLDR
In this work, we present a framework for RTOS aware WCET analysis - where the timing effects of system calls and interrupts can be accounted for. Expand
  • 9
  • PDF
Human-In-The-Loop Automatic Program Repair
TLDR
We introduce LEARN2FIX, the first human-in-the-loop, semi-automatic repair technique when no bug oracle–except for the user who is reporting the bug–is available. Expand
  • 2
  • PDF
...
1
2
...