EXE: Automatically Generating Inputs of Death

  title={EXE: Automatically Generating Inputs of Death},
  author={Cristian Cadar and Vijay Ganesh and Peter M. Pawlowski and David L. Dill and Dawson R. Engler},
  journal={ACM Trans. Inf. Syst. Secur.},
This article presents EXE, an effective bug-finding tool that automatically generates inputs that crash real code. Instead of running code on manually or randomly constructed input, EXE runs it on symbolic input initially allowed to be anything. As checked code runs, EXE tracks the constraints on each symbolic (i.e., input-derived) memory location. If a statement uses a symbolic value, EXE does not run it, but instead adds it as an input-constraint; all other statements run as usual. If code… CONTINUE READING


Publications referenced by this paper.
Showing 1-10 of 19 references

Automatically generating malicious disks using symbolic execution

2006 IEEE Symposium on Security and Privacy (S&P'06) • 2006
View 5 Excerpts
Highly Influenced

A theory of predicate-complete test coverage and generation

T. Ball
In Proceedings of the Third International Symposium on Formal Methods for Components and Objects, • 2004
View 10 Excerpts
Highly Influenced

Saturn: A SAT-Based Tool for Bug Detection

View 6 Excerpts
Highly Influenced

A practical approach to partial functions in CVC Lite

C. Barrett, S. Berezin, +3 authors D. L. Dill
In PDPAR’04 Workshop, • 2004
View 14 Excerpts
Highly Influenced