Using formal specifications to support testing
Formal methods and testing are two important approaches that assist in the development of
high-quality software. While traditionally these approaches have been seen as rivals, in …
high-quality software. While traditionally these approaches have been seen as rivals, in …
Automating software testing using program analysis
P Godefroid, P de Halleux, AV Nori… - IEEE …, 2008 - ieeexplore.ieee.org
During the last 10 years, code inspection for standard programming errors has largely been
automated with static code analysis. During the next 10 years, we expect to see similar …
automated with static code analysis. During the next 10 years, we expect to see similar …
[PDF][PDF] Klee: unassisted and automatic generation of high-coverage tests for complex systems programs.
We present a new symbolic execution tool, KLEE, capable of automatically generating tests
that achieve high coverage on a diverse set of complex and environmentally-intensive …
that achieve high coverage on a diverse set of complex and environmentally-intensive …
Genprog: A generic method for automatic software repair
This paper describes GenProg, an automated method for repairing defects in off-the-shelf,
legacy programs without formal specifications, program annotations, or special coding …
legacy programs without formal specifications, program annotations, or special coding …
A few billion lines of code later: using static analysis to find bugs in the real world
A Bessey, K Block, B Chelf, A Chou, B Fulton… - Communications of the …, 2010 - dl.acm.org
A few billion lines of code later Page 1 66 communicAtions of the Acm | FeBrUAry 2010 | vOl.
53 | nO. 2 contributed articles In 2002, COVErITY commercialized3 a research static bug-finding …
53 | nO. 2 contributed articles In 2002, COVErITY commercialized3 a research static bug-finding …
EXE: Automatically generating inputs of death
This article presents EXE, an effective bug-finding tool that automatically generates inputs
that crash real code. Instead of running code on manually or randomly constructed input …
that crash real code. Instead of running code on manually or randomly constructed input …
{Under-Constrained} symbolic execution: Correctness checking for real code
Software bugs are a well-known source of security vulnerabilities. One technique for finding
bugs, symbolic execution, considers all possible inputs to a program but suffers from …
bugs, symbolic execution, considers all possible inputs to a program but suffers from …
Extended static checking for Java
C Flanagan, KRM Leino, M Lillibridge… - Proceedings of the …, 2002 - dl.acm.org
Software development and maintenance are costly endeavors. The cost can be reduced if
more software defects are detected earlier in the development cycle. This paper introduces …
more software defects are detected earlier in the development cycle. This paper introduces …
Semantics-aware malware detection
A malware detector is a system that attempts to determine whether a program has malicious
intent. In order to evade detection, malware writers (hackers) frequently use obfuscation to …
intent. In order to evade detection, malware writers (hackers) frequently use obfuscation to …
[图书][B] Decision procedures
D Kroening, O Strichman - 2016 - Springer
A decision procedure is an algorithm that, given a decision problem, terminates with a
correct yes/no answer. In this book, we focus on decision procedures for decidable first …
correct yes/no answer. In this book, we focus on decision procedures for decidable first …