EXE : A System for Automatically Generating Inputs of Death Using Symbolic Execution

  title={EXE : A System for Automatically Generating Inputs of Death Using Symbolic Execution},
  author={Cristian Cadar and Paul Twohey and V. Ganesh and Dawson R. Engler},
Systems code defines an error-prone execution state space built from deeply nested conditionals and function call chains, massive amounts of code, and enthusiastic use of casting and pointer operations. Such code is hard to test and difficult to inspect, yet a single error can crash a machine or form the basis of a security breach. This paper presents EXE, a system designed to automatically find bugs in such code using symbolic execution. At a high level, rather than running the code on… CONTINUE READING
Highly Influential
This paper has highly influenced 11 other papers. REVIEW HIGHLY INFLUENTIAL CITATIONS
Highly Cited
This paper has 57 citations. REVIEW CITATIONS


Publications citing this paper.
Showing 1-10 of 41 extracted citations

58 Citations

Citations per Year
Semantic Scholar estimates that this publication has 58 citations based on the available data.

See our FAQ for additional information.


Publications referenced by this paper.
Showing 1-10 of 28 references

Discovering malicious disks with symbolic execution

  • C. Sar, P. Twohey, J. Yang, C. Cadar, D. Engler
  • In IEEE Symposium on Security and Privacy,
  • 2006
Highly Influential
4 Excerpts

A theory of predicate-complete test coverage and generation

  • T. Ball
  • In FMCO’2004: Symp. on Formal Methods for…
  • 2004
Highly Influential
9 Excerpts

Similar Papers

Loading similar papers…