EXE: A system for automatically generating inputs of death using symbolic execution

@inproceedings{Cadar2006EXEAS,
  title={EXE: A system for automatically generating inputs of death using symbolic execution},
  author={Cristian Cadar and Vijay Ganesh and Peter M. Pawlowski and David L. Dill and Dawson R. Engler},
  booktitle={CCS 2006},
  year={2006}
}
Systems code defines an error-prone execution state space built from deeply nested conditionals and function call chains, massive amounts of code, and enthusiastic use of casting and pointer operations. Such code is hard to test and difficult to inspect, yet a single error can crash a machine or form the basis of a security breach. This paper presents EXE, a system designed to automatically find bugs in such code using symbolic execution. At a high level, rather than running the code on… CONTINUE READING

Citations

Publications citing this paper.
SHOWING 1-10 OF 42 CITATIONS

References

Publications referenced by this paper.
SHOWING 1-10 OF 29 REFERENCES

Discovering malicious disks with symbolic execution

  • C. Sar, P. Twohey, J. Yang, C. Cadar, D. Engler
  • In IEEE Symposium on Security and Privacy,
  • 2006
Highly Influential
4 Excerpts

A theory of predicate-complete test coverage and generation

  • T. Ball
  • In FMCO’: Symp. on Formal Methods for Components…
  • 2004
Highly Influential
7 Excerpts

Similar Papers

Loading similar papers…