Corpus ID: 14831855

Catchconv : Symbolic execution and run-time type inference for integer conversion errors

  title={Catchconv : Symbolic execution and run-time type inference for integer conversion errors},
  author={D{\'a}vid Moln{\'a}r and D. Wagner},
  • Dávid Molnár, D. Wagner
  • Published 2007
  • We propose an approach that combines symbolic execution and run-time type inference from a sample program run to generate test cases, and we apply our approach to signed/unsigned conversion errors in programs. A signed/unsigned conversion error occurs when a program makes control flow decisions about a value based on treating it as a signed integer, but then later converts the value to an unsigned integer in a way that breaks the program’s implicit assumptions. Our tool follows the approach of… CONTINUE READING

    Figures from this paper.

    Dynamic test generation for large binary programs
    • 4
    • PDF
    Automated Whitebox Fuzz Testing
    • 1,039
    • PDF
    Ewap: Using Symbolic Execution to Exploit Windows Applications
    • 3


    Publications referenced by this paper.
    CUTE: a concolic unit testing engine for C
    • 1,759
    • Highly Influential
    • PDF
    EXE: Automatically Generating Inputs of Death
    • 899
    • Highly Influential
    • PDF
    Symbolic execution and program testing
    • 2,597
    • PDF
    Framework for instruction-level tracing and analysis of program executions
    • 224
    • PDF
    Debugging via Run-Time Type Checking
    • 44
    • PDF
    Using Valgrind to Detect Undefined Value Errors with Bit-Precision
    • 325
    • PDF
    Type-Based Decompilation (or Program Reconstruction via Type Reconstruction)
    • 78
    SYNERGY: a new algorithm for property checking
    • 249
    • PDF
    The Blast Query Language for Software Verification
    • 80
    • PDF
    DART: Directed Automated Random Testing
    • 986
    • PDF