article

State of the art: Dynamic symbolic execution for automated test generation

Authors:

Xiao-Song Zhang,

Yue WuAuthors Info & Claims

Future Generation Computer Systems, Volume 29, Issue 7

Pages 1758 - 1773

https://doi.org/10.1016/j.future.2012.02.006

Published: 01 September 2013 Publication History

Abstract

Dynamic symbolic execution for automated test generation consists of instrumenting and running a program while collecting path constraint on inputs from predicates encountered in branch instructions, and of deriving new inputs from a previous path constraint by an SMT (Satisfiability Modulo Theories) solver in order to steer next executions toward new program paths. It has been introduced into several applications, such as automated test generation, automated filter generation and malware analysis mainly for its two intrinsic properties: low false positives and high code-coverage. In this paper, we focus on the topics that are closely related to automated test generation. Our contributions are five-fold. First, we summarize the theoretical foundation of dynamic symbolic execution. Second, we highlight the challenges when turning ideas into reality. Besides, we describe the state-of-the-art solutions including advantages and disadvantages for those challenges. In addition, twelve typical tools are analyzed and many properties of those tools are censused. Finally, we outline the prospects of this research field in detail.

References

[1]

Fuzzgrind an automatic fuzzing tool Fuzzgrind. http://esec-lab.sogeti.com/dotclear/index.php?pages/Fuzzgrind.

[2]

P. Godefroid, M. Levin, D. Molnar, Automated whitebox fuzz testing, in: Proceedings of the Network and Distributed System Security Symposium, 2008.

[3]

King, J.C., Symbolic execution and program testing. Journal of the ACM. v19 i7. 385-394.

[4]

Myers, G.J., The Art of Software Testing. 1979. Wiley.

[5]

E.J. Schwartz, T. Avgerinos, D. Brumley, All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask), in: Proceedings of IEEE Symposium on Security and Privacy, 2010, pp. 317-331.

Digital Library

[6]

P. Saxena, D. Akhawe, S. Hanna, F. Mao, S. McCamant, D. Song, A symbolic execution framework for JavaScript, in: Proceedings of IEEE Symposium on Security and Privacy, 2010, pp. 513-528.

Digital Library

[7]

T.L. Wang, T. Wei, G.F. Gu, W. Zou, TaintScope: a checksum-aware directed fuzzing tool for automatic software vulnerability detection, in: Proceedings of IEEE Symposium on Security and Privacy, 2010, pp. 497-512.

Digital Library

[8]

C. Cadar, D. Dunbar, D. Engler, Klee: unassisted and automatic generation of high-coverage tests for complex systems programs, in: Proceedings of the USENIX Symposium on Operating System Design and Implementation, 2008.

[9]

Cadar, C. and Engler, D., Execution generated test cases: how to make systems code crash itself. Lecture Notes in Computer Science. v3639. 2-23.

[10]

C. Cadar, V. Ganesh, P.M. Pawlowski, D.L. Dill, D.R. Engler, EXE: a system for automatically generating inputs of death using symbolic execution, in: Proceedings of the ACM Conference on Computer and Communications Security, 2006.

[11]

P. Godefroid, N. Klarlund, K. Sen, DART: directed automated random testing, in: Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI, 2005, pp. 213-223.

[12]

K. Sen, D. Marinov, G. Agha, CUTE: a concolic unit testing engine for C, in: Proceedings of the Joint 10th European Software Engineering Conference, ESEC, and 13th ACM SIGSOFT Symposium on the Foundations of Software Engineering, FSE-13, 2005, pp. 263-272.

[13]

J. Newsome, B. Karp, D. Song, Polygraph: automatically generating signatures for polymorphic worms, in: Proceedings of IEEE Symposium on Security and Privacy, 2005, pp. 226-241.

Digital Library

[14]

Z.C. Li, M. Sanghi, Y. Chen, M.Y. Kao, B. Chavez, Hamsa: fast signature generation for zero-day polymorphic worms with provable attack resilience, in: Proceedings of IEEE Symposium on Security and Privacy, 2006, pp. 32-46.

[15]

Zhang, X.S., Chen, T., Chen, D.P. and Liu, Z., SISG: self-immune automated signature generation for polymorphic worms. COMPEL-The International Journal for Computation and Mathematics in Electrical and Electronic Engineering. v29 i2. 445-467.

[16]

D. Brumley, J. Newsome, D. Song, H. Wang, S. Jha, Towards automatic generation of vulnerability-based signatures, in: Proceedings of the IEEE Symposium on Security and Privacy, 2006, pp. 2-16.

Digital Library

[17]

Brumley, D., Newsome, J., Song, D., Wang, H. and Jha, S., Theory and techniques for automatic generation of vulnerability-based signatures. IEEE Transactions on Dependable and Secure Computing. v5 i4. 224-241.

[18]

D. Brumley, H. Wang, S. Jha, D. Song, Creating vulnerability signatures using weakest preconditions, in: Proceedings of the IEEE Computer Security Foundations Symposium, 2007, pp. 311-325.

[19]

Z.K. Liang, R. Sekar, Fast and automated generation of attack signatures: a basis for building self-protecting servers, in: Proceedings of the ACM Conference on Computer and Communications Security, 2005, pp. 213-222.

[20]

J. Newsome, D. Brumley, D. Song, J. Chamcham, X. Kovah, Vulnerability-specific execution filtering for exploit prevention on commodity software, in: Proceedings of the Network and Distributed System Security Symposium, 2006.

[21]

D. Brumley, C. Hartwig, M.G. Kang, Z.K. Liang, J. Newsome, P. Poosankam, D. Song, Bitscope: automatically dissecting malicious binaries, Technical Report CS-07-133, 2007.

[22]

Brumley, D., Hartwig, C., Liang, Z.K., Newsome, J., Poosankam, P., Song, D. and Yin, H., Automatically identifying trigger-based behavior in malware. In: Advances in Information Security, vol. 36. Springer-Verlag.

[23]

A. Moser, C. Kruegel, E. Kirda, Exploring multiple execution paths for Malware analysis, in: Proceedings of IEEE Symposium on Security and Privacy, 2007, pp. 229-243.

Digital Library

[24]

D. Song, D. Brumley, Yin Heng, J. Caballero, I. Jager, G.K. Min, Z.K. Liang, J. Newsome, P. Poosankam, P. Saxena, Bitblaze: a new approach to computer security via binary analysis, in: Proceedings 4th International Conference, 2008, pp. 1-25.

Digital Library

[25]

E.M. Clarke, E.A. Emerson, Design and synthesis of synchronization skeletons using branching time temporal logic, in: Proceedings of the IBM Workshop on Logics of Programs, vol. 131, 1981, pp. 52-71.

[26]

Cha, S. and Yoo, J., A safety-focused verification using software fault trees. Future Generation Computer Systems.

[27]

Fraser, G., Wotawa, F. and Ammann, P.E., Testing with model checkers: a survey. Software Testing Verification and Reliability. v19 i3. 215-261.

[28]

A. Biere, A. Climatti, E.M. Clarke, Y.S. Zhu, Symbolic model checking without BDDs, in: Proceedings of the 5th International Conference on Tools and Algorithms for Construction and Analysis of Systems, 1999, pp. 193-207.

Digital Library

[29]

McMinn, P., Search-based software test data generation: a survey. Software Testing Verification and Reliability. v14 i2. 105-156.

[30]

M. Harman, Automated test data generation using search based software engineering, in: Proceedings of International Conference on Software Engineering, 2007.

Digital Library

[31]

M. Harman, R. Hierons, M. Proctor, A new representation and crossover operator for search-based optimization of software modularization, in: Proceedings of the 2002 Conference on Genetic and Evolutionary Computation, GECCO'02, 2002, pp. 1351-1358.

[32]

P. Baker, M. Harman, K. Steinhofel, A. Skaliotis, Search based approaches to component selection and prioritization for the next release problem, in: Proceedings of the 22nd IEEE International Conference on Software Maintenance, ICSM'06, 2006, pp. 176-185.

Digital Library

[33]

S. Bouktif, H. Sahraoui, G. Antoniol, Simulated annealing for improving software quality prediction, in: Proceedings of the 8th Annual Conference on Genetic and Evolutionary Computation, GECCO'06, 2006, pp. 1893-1900.

[34]

Annealing-based heuristics and genetic algorithms for circuit partitioning in parallel test generation. Future Generation Computer Systems. v14 i5-6. 439-451.

[35]

Bueno, P.M.S. and Jino, M., Automatic test data generation for program paths using genetic algorithms. International Journal of Software Engineering and Knowledge Engineering. v12 i6. 691-709.

[36]

X.B. Wang, N. Su, Automatic test data generation for path testing using genetic algorithms, in: Proceedings of 3rd International Conference on Measuring Technology and Mechatronics Automation, vol. 1, 2011, pp. 596-599.

[37]

P. Joshi, K. Sen, M. Shlimovich, Predictive testing: amplifying the effectiveness of software testing, Technical Report No. UCB/EECS-2007-35, 2007.

[38]

N. Tillmann, J. De Halleux, Pex-white box test generation for.NET, in: Proceedings of 2nd International Conference on Tests and Proofs, 2008, pp. 134-153.

[39]

P. Godefroid, Compositional dynamic test generation, in: Proceedings of the 34th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 2007, pp. 47-54.

[40]

S. Anand, P. Godefroid, N. Tillmann, Demand-driven compositional symbolic execution, in: Proceedings of 14th International Conference on Theory and Practice of Software, 2008, pp. 367-381.

[41]

P. Godefroid, A.V. Nori, S.K. Rajamani, S.D. Tetali, Compositional may-must program analysis: unleashing the power of alternation, in: Proceedings of the Annual ACM Symposium on Principles of Programming Languages, 2010, pp. 43-55.

[42]

P. Godefroid, D. Luchaup, Automatic partial loop summarization in dynamic test generation, in: Proceedings of 2011 International Symposium on Software Testing and Analysis, 2011, pp. 23-33.

[43]

P. Godefroid, A. Kiezun, M.Y. Levin, Grammar-based whitebox fuzzing, in: Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation, 2008, pp. 206-215.

Digital Library

[44]

R. Majumdar, R.G. Xu, Directed test generation using symbolic grammars, in: Proceedings of ACM/IEEE International Conference on Automated Software Engineering, 2007, pp. 134-143.

[45]

R.G. Xu, P. Godefroid, R. Majumdar, Testing for buffer overflows with length abstraction, in: Proceedings of the International Symposium on Software Testing and Analysis, 2008, pp. 27-37.

[46]

Majumdar, R. and Xu, R.G., Reducing test inputs using information partitions. In: Lecture Notes in Computer Science, vol. 5643. pp. 555-569.

[47]

P. Godefroid, J. Kinder, Proving memory safety of floating-point computations by combining static and dynamic program analysis, in: Proceedings of the International Symposium on Software Testing and Analysis, 2010, pp. 1-11.

[48]

B. Elkarablieh, P. Godefroid, M.Y. Levin, Precise pointer reasoning for dynamic test generation, in: Proceedings of International Conference on Software Testing and Analysis, 2009, pp. 129-140.

[49]

M.I. Emmi, R. Majumdar, K. Sen, Dynamic test input generation for database applications, in: Proceedings of ACM International Symposium on Software Testing and Analysis, 2007, pp. 151-162.

[50]

K. Taneja, Y. Zhang, T. Xie, MODA: automated test generation for database applications via mock objects, in: Proceedings of the IEEE/ACM International Conference on Automated Software Engineering, 2010, pp. 289-292.

[51]

Godefroid, P., Higher-order test generation. In: The Proceedings of 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 258-269.

[52]

Gupta, A.K., Henzinger, T.A., Majumdar, R., Rybalchenko, A. and Xu, R.G., Proving non-termination. SIGPLAN Notices. v43 i1. 147-158.

[53]

G.C. Necula, S. McPeak, S.P. Rahul, W. Weimer, CIL: intermediate language and tools for analysis and transformation of C programs, in: Proceedings of Conference on Compiler Construction, 2002, pp. 213-228.

[54]

CIL, C intermediate language: http://cil.sourceforge.net/.

[55]

C. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, Vijay Janapa Reddi, K. Hazelwood, Pin: building customized program analysis tools with dynamic instrumentation, in: Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation, 2005, pp. 190-200.

[56]

Pin-A dynamic binary instrumentation tool: http://www.pintool.org/.

[57]

Nethercote, N. and Seward, J., Valgrind: a framework for heavyweight dynamic binary instrumentation. SIGPLAN Notices. v42 i6. 89-100.

[58]

Valgrind: http://valgrind.org/.

[59]

Coverity. http://www.coverity.com/.

[60]

AppScan. http://www-01.ibm.com/software/awdtools/appscan/.

[61]

WebInspect. www.hp.com/go/appsec.

[62]

P.J. Schroeder, B. Korel, Black-box test reduction using input-output analysis, in: Proceedings of the ACM SIGSOFT International Symposium on Software Testing and Analysis, 2000, pp. 173-177.

[63]

L.H. Tahat, B. Vaysburg, B. Korel, A.J. Bader, Requirement-based automated black-box test generation, in: Proceedings of IEEE Computer Society's International Computer Software and Applications Conference, 2001, pp. 489-495.

[64]

H. Kim, Y. Choi, D. Lee, D. Lee, Practical security testing using file fuzzing, in: International Conference on Advanced Communication Technology, vol.¿2, 2008, pp. 1304-1307.

[65]

Kim, H., Choi, Y. and Lee, D., Efficient file fuzz testing using automated analysis of binary file format. Journal of Systems Architecture.

[66]

A survey of new trends in symbolic execution for software testing and analysis. International Journal on Software Tools for Technology Transfer. v11 i4. 339-353.

[67]

D. Coppit, J. Lian, Yagg: an easy-to-use generator forstructured test inputs, in: Conference of Automated Software Engineering, 2005, pp. 356-359.

[68]

R. Lammel, W. Schulte, Controllable combinatorial coverage in grammar-based testing, in: Conference of Testing of Communicating Systems, 2006.

Digital Library

[69]

Leonardo, D.M. and Nikolaj, B., Z3: an efficient SMT solver. In: Lecture Notes in Computer Science, vol. 4963. pp. 337-340.

[70]

STP, Simple theorem prover: http://sourceforge.net/projects/stp-fast-prover.

[71]

CVC3: http://www.cs.nyu.edu/acsys/cvc3/.

[72]

Yices: an SMT solver. http://yices.csl.sri.com/.

[73]

P. Godefroid, M.Y. Levin, D. Molnar, Active property checking, in: Proceedings of the 7th ACM International Conference on Embedded Software, 2007, pp. 207-216.

[74]

V. Chipounov, V. Georgescu, C. Zamfir, G. Candea, Selective symbolic execution, in: Proceeding of 5th Workshop on Hot Topics in System Dependability, HotDep, 2009.

[75]

Chipounov, V., Kuznetsov, V. and Candea, G., S2E: a platform for in-vivo multi-path analysis of software systems. Computer Architecture News. v39 i1. 265-278.

[76]

Garey, M.R. and Johnson, D.S., Computers and Intractability: A Guide to the Theory of NP-Completeness. 1979. W.H. Freeman and Company.

[77]

I. Erete, A. Orso, Optimizing constraint solving to better support symbolic execution, in: Proceedings of 4th IEEE International Conference on Software Testing, Verification, and Validation Workshops, 2011, pp. 310-315.

Digital Library

[78]

E. Uzuncaova, D. Garcia, S. Khurshid, D. Batory, Testing software product lines using incremental test generation, in: Proceedings of International Symposium on Software Reliability Engineering, 2008, pp. 249-258.

Digital Library

[79]

Uzuncaova, E., Khurshid, S. and Batory, D., Incremental test generation for software product lines. IEEE Transactions on Software Engineering. v36 i3. 309-322.

[80]

P. Saxena, P. Poosankam, S. McCamant, D. Song, Loop-extended symbolic execution on binary programs, in: Proceeding of 8th International Symposium on Software Testing and Analysis, 2009, pp. 225-236.

[81]

S. Bhansali, W. Chen, S. De Jong, A. Edwards, M. Drinic, Framework for instruction-level tracing and analysis of programs, in: Second International Conference on Virtual Execution Environments, 2006.

[82]

Y. Hamadi, Disolver: a distributed constraint solver, Technical Report MSR-TR-2003-91, Microsoft Research, 2003.

[83]

Microsoft. Net framework general reference-profiling (unmanaged api reference). http://msdn2.microsoft.com/en-us/library/ms404386.aspx.

[84]

C. Lattner, V. Adve, LLVM: a compilation framework for lifelong program analysis & transformation, in: Proceedings of the International Symposium on Code Generation and Optimization, 2004.

[85]

LP solve. http://lpsolver.sourceforge.net/5.5/.

[86]

D.A. Molnar, D. Wagner, Catchconv: symbolic execution and run-time type inference for integer conversion errors, Technical Report, University of California, Berkeley, 2007-23, 2007.

[87]

F. Bellard, QEMU, a fast and portable dynamic translator, in: Proceedings of the USENIX Annual Technical Conference, 2005.

Digital Library

[88]

P. Godefroid, S.K. Lahiri, C.R. González, Incremental compositional dynamic test generation, Technique Report MSR-TR-2010-11, 2010.

[89]

Ciortea, L., Zamfir, C., Bucur, S., Chipounuv, V. and Candea, G., Cloud9: a software testing service. Operating Systems Review. v43 i4. 5-10.

[90]

G. Candea, S. Bucur, C. Zamfir, Automated software testing as a service, in: Proceedings of the 1st ACM Symposium on Cloud Computing, 2010, pp. 155-160.

[91]

G.D. Li, I. Ghosh, S.P. Rajan, KLOVER: a symbolic execution and automatic test generation tool for C++ programs, in: Proceedings of 23rd International Conference on Computer Aided Verification, 2011.

[92]

T. Xie, N. Tillmann, J. de Halleux, W. Schulte, Fitness-guided path exploration in dynamic symbolic execution, in: Proceedings of IEEE/IFIP International Conference on Dependable Systems & Networks, DSN, 2009, pp. 359-368.

[93]

C. Csallner, N. Tillmann, Y. Smaragdakis, DySy: dynamic symbolic execution for invariant inference, in: Proceedings of ACM/IEEE 30th International Conference on Software Engineering, 2008, pp. 281-290.

[94]

R. Majumdar, K. Sen, Hybrid concolic testing, in: Proceedings of International Conference on Software Engineering, 2007, pp. 416-425.

[95]

P. Boonstoppel, C. Cadar, D. Engler, RWset: attacking path explosion in constraint-based test generation, in: Proceedings of 14th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, 2008, pp. 351-366.

[96]

SMT-COMP 2010. http://www.smtcomp.org/2010/.

[97]

S. Khurshid, C.S. Pasareanu, V. Willem, Generalized symbolic execution for model checking and testing, in: Proceedings of 9th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, 2003, pp. 553-568.

Digital Library

[98]

A. Griesmayer, B. Aichernig, E.B. Johnsen, R. Schlatte, Dynamic symbolic execution of distributed concurrent objects, in: Proceedings of International Conference on Formal Techniques for Distributed Systems and 29th IFIP WG 6.1, 2009, pp. 225-230.

[99]

Bumler, S., Balser, M., Nafz, F., Reif, W. and Schellhorn, G., Interactive verification of concurrent systems using symbolic execution. AI Communications. v23 i2-3. 285-307.

[100]

Siegel, S.F., Mironova, A., Avrunin, G.S. and Clarke, L.A., Combining symbolic execution with model checking to verify parallel numerical programs. ACM Transactions on Software Engineering and Methodology. v17 i2. 1-34.

[101]

S. Anand, C.S. Pasareanu, W. Visser, JPF-SE: a symbolic execution extension to Java PathFinder, in: Proceedings of 13th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, 2007, pp. 134-138.

[102]

K. Lakhotia, N. Tillmann, M. Harman, J. de Halleux, FloPSy-search-based floating point constraint solving for symbolic execution, in: Proceedings of 22nd IFIP WG6.1 International Conference on Testing Software and Systems, 2010, pp. 142-157.

[103]

D. Singer, A. Monnet, JaCK-SAT: a new parallel scheme to solve the satisfiability problem (SAT) based on join-and-check, in: Proceedings of 7th International Conference on Parallel Processing and Applied Mathematics, 2008, pp. 249-258.

[104]

G.J. Holzmann, D. Bosnacki, Multi-core model checking with SPIN, in: Proceedings of IEEE International Parallel and Distributed Processing Symposium, 2007, pp. 1-8.

[105]

S. Misailovic, A. Milicevic, N. Petrovic, S. Khurshid, D. Marinov, Parallel test generation and execution with Korat, in: Proceedings of the 6th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT on the Foundation of Software Engineering, 2007, pp. 135-144.

Digital Library

[106]

P. Godefroid, D. Molnar, Fuzzing in the cloud (position statement), Technique Report MSR-TR-2010-29, 2010.

[107]

Y.D. Wang, NVIDIA CUDA architecture-based parallel incomplete SAT solver, Master Project Final Report, Rochester Institute of Technology, 2010.

Cited By

Ji SWu JQiu JDong J(2023) EffuzzInformation and Software Technology10.1016/j.infsof.2023.107213159:COnline publication date: 1-Jul-2023
https://dl.acm.org/doi/10.1016/j.infsof.2023.107213
Baradaran SHeidari MKamali AMouzarani M(2023)A unit-based symbolic execution method for detecting memory corruption vulnerabilities in executable codesInternational Journal of Information Security10.1007/s10207-023-00691-122:5(1277-1290)Online publication date: 7-May-2023
https://dl.acm.org/doi/10.1007/s10207-023-00691-1
Zhang JHarman MMa LLiu Y(2022)Machine Learning Testing: Survey, Landscapes and HorizonsIEEE Transactions on Software Engineering10.1109/TSE.2019.296202748:1(1-36)Online publication date: 7-Jan-2022
https://dl.acm.org/doi/10.1109/TSE.2019.2962027
Show More Cited By

Index Terms

State of the art: Dynamic symbolic execution for automated test generation
1. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Software defect analysis
        Software testing and debugging

Index terms have been assigned to the content through auto-classification.

Recommendations

Experience report: how is dynamic symbolic execution different from manual testing? a study on KLEE
ISSTA 2015: Proceedings of the 2015 International Symposium on Software Testing and Analysis

Software testing has been the major approach to software quality assurance for decades, but it typically involves intensive manual efforts. To reduce manual efforts, researchers have proposed numerous approaches to automate test-case generation, which ...
Compressing Automatically Generated Unit Test Suites Through Test Parameterization
Fundamentals of Software Engineering
Abstract
Test maintenance has recently gained increasing attention from the software testing research community. When using automated unit test generation tools, the tests are typically created by random test generation or search-based algorithms. Although ...
Automated Test Generation Using Concolic Testing
ISEC '15: Proceedings of the 8th India Software Engineering Conference

In this talk, I will talk about the recent advances and challenges in concolic testing and symbolic execution. Concolic testing, also known as directed automated random testing (DART) or dynamic symbolic execution, is an efficient way to automatically ...

Comments

Information & Contributors

Information

Published In

cover image Future Generation Computer Systems

Future Generation Computer Systems Volume 29, Issue 7

September, 2013

220 pages

ISSN:0167-739X

Issue’s Table of Contents

Copyright © Elsevier B.V. © 2012.

Publisher

Elsevier Science Publishers B. V.

Netherlands

Publication History

Published: 01 September 2013

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

14
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 11 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Ji SWu JQiu JDong J(2023) EffuzzInformation and Software Technology10.1016/j.infsof.2023.107213159:COnline publication date: 1-Jul-2023
https://dl.acm.org/doi/10.1016/j.infsof.2023.107213
Baradaran SHeidari MKamali AMouzarani M(2023)A unit-based symbolic execution method for detecting memory corruption vulnerabilities in executable codesInternational Journal of Information Security10.1007/s10207-023-00691-122:5(1277-1290)Online publication date: 7-May-2023
https://dl.acm.org/doi/10.1007/s10207-023-00691-1
Zhang JHarman MMa LLiu Y(2022)Machine Learning Testing: Survey, Landscapes and HorizonsIEEE Transactions on Software Engineering10.1109/TSE.2019.296202748:1(1-36)Online publication date: 7-Jan-2022
https://dl.acm.org/doi/10.1109/TSE.2019.2962027
Zhang ZWang ZYang FWei JZhou YHuang Z(2022)Random or heuristic? An empirical study on path search strategies for test generation in KLEEJournal of Systems and Software10.1016/j.jss.2022.111269188:COnline publication date: 1-Jun-2022
https://dl.acm.org/doi/10.1016/j.jss.2022.111269
Borzacchiello LCoppa EMaiorca DColumbu ADemetrescu CGiacinto G(2022)Reach Me if You Can: On Native Vulnerability Reachability in Android AppsComputer Security – ESORICS 202210.1007/978-3-031-17143-7_34(701-722)Online publication date: 26-Sep-2022
https://dl.acm.org/doi/10.1007/978-3-031-17143-7_34
Abdul Ghafoor MMahmood MSiddiqui J(2020)Extending symbolic execution for automated testing of stored proceduresSoftware Quality Journal10.1007/s11219-019-09453-628:2(853-887)Online publication date: 1-Jun-2020
https://dl.acm.org/doi/10.1007/s11219-019-09453-6
Baldoni RCoppa ED’elia DDemetrescu CFinocchi I(2018)A Survey of Symbolic Execution TechniquesACM Computing Surveys10.1145/318265751:3(1-39)Online publication date: 23-May-2018
https://dl.acm.org/doi/10.1145/3182657
Wang XSun JChen ZZhang PWang JLin YChaudron MCrnkovic IChechik MHarman M(2018)Towards optimal concolic testingProceedings of the 40th International Conference on Software Engineering10.1145/3180155.3180177(291-302)Online publication date: 27-May-2018
https://dl.acm.org/doi/10.1145/3180155.3180177
Miranda BBertolino A(2017)Scope-aided test prioritization, selection and minimization for software reuseJournal of Systems and Software10.1016/j.jss.2016.06.058131:C(528-549)Online publication date: 1-Sep-2017
https://dl.acm.org/doi/10.1016/j.jss.2016.06.058
Mouzarani MSadeghiyan B(2016)Towards designing an extendable vulnerability detection method for executable codesInformation and Software Technology10.1016/j.infsof.2016.09.00480:C(231-244)Online publication date: 1-Dec-2016
https://dl.acm.org/doi/10.1016/j.infsof.2016.09.004
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents