Corpus ID: 10000643

EXE: A system for automatically generating inputs of death using symbolic execution

@inproceedings{Cadar2006EXEAS,
  title={EXE: A system for automatically generating inputs of death using symbolic execution},
  author={Cristian Cadar and Vijay Ganesh and Peter M. Pawlowski and D. Dill and D. Engler},
  booktitle={CCS 2006},
  year={2006}
}
  • Cristian Cadar, Vijay Ganesh, +2 authors D. Engler
  • Published in CCS 2006
  • Computer Science
  • Systems code defines an error-prone execution state space built from deeply nested conditionals and function call chains, massive amounts of code, and enthusiastic use of casting and pointer operations. Such code is hard to test and difficult to inspect, yet a single error can crash a machine or form the basis of a security breach. This paper presents EXE, a system designed to automatically find bugs in such code using symbolic execution. At a high level, rather than running the code on… CONTINUE READING
    72 Citations
    Automatically generating malicious disks using symbolic execution
    • 105
    • PDF
    State of the art: Dynamic symbolic execution for automated test generation
    • 57
    • PDF
    Online Taint Propagation Analysis with Precise Pointer-to Analysis for Detecting Bugs in Binaries
    • Gen Li, Y. Zhang, Shuangxi Wang, K. Lu
    • Computer Science
    • 2014 IEEE Intl Conf on High Performance Computing and Communications, 2014 IEEE 6th Intl Symp on Cyberspace Safety and Security, 2014 IEEE 11th Intl Conf on Embedded Software and Syst (HPCC,CSS,ICESS)
    • 2014
    Test Generation for Embedded Executables via Concolic Execution in a Real Environment
    • 10
    A Generating-Extension-Generator for Machine Code
    All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask)
    • 584
    • Highly Influenced
    • PDF

    References

    SHOWING 1-10 OF 32 REFERENCES
    Automatically generating malicious disks using symbolic execution
    • 105
    • PDF
    Generalized Symbolic Execution for Model Checking and Testing
    • 604
    • PDF
    Execution Generated Test Cases: How to Make Systems Code Crash Itself
    • 246
    • PDF
    CUTE: a concolic unit testing engine for C
    • 1,773
    • PDF
    SELECT—a formal system for testing and debugging programs by symbolic execution
    • 327
    A static analyzer for finding dynamic programming errors
    • 419
    • PDF
    Bandera: extracting finite-state models from Java source code
    • 541
    Scalable error detection using boolean satisfiability
    • 191
    • PDF
    DART: directed automated random testing
    • 1,453
    • PDF
    High Coverage Detection of Input-Related Security Faults
    • 107
    • PDF