|
[1] G. Tassey. The economic impacts of inadequate infrastructure for software testing. National Institute of Standards and Technology RTI Project Number 7007.011, 2002. [2] R. S. Boyer, B. Elspas and K. N. Levitt. SELECT—a formal system for testing and debugging programs by symbolic execution. In Proceedings of the International Conference on Reliable Software, Los Angeles, CA, 21–23 April 1975; 234–245. [3] C. Cadar, V. Ganesh, P. M. Pawlowski, D. L. Dill and D. R. Engler. EXE: Automatically generating inputs of death. In Proceedings of the 13th ACM Conference on Computer and Communications Security, 2006. [4] B. Chess and J. West. Secure Programming with Static Analysis. Boston, MA, USA: Addison-Wesley Professional, 2007, [5] C. Kaner, J. L. Falk and H. Q. Nguyen, Testing Computer Software. John Wiley & Sons, Inc. New York, USA, 1999. [6] K. Sen, D. Marinov and G. Agha. CUTE: A concolic unit testing engine for C. In Proceedings of the 10th European Software Engineering Conference Held Jointly with 13th ACM SIGSOFT International Symposium on Foundations of Software Engineering, 2005. 51 [7] C. Cadar, P. Twohey, V. Ganesh and D. Engler. EXE: A system for automatically generating inputs of death using symbolic execution. Technical Report CSTR 200601, Stanford, 2006. [8] J. Larus, T. Ball, M. Das, R. DeLine, M. Fahndrich, J. Pincus, S. Rajamani and R. Venkatapathy, Righting software. IEEE Software, vol. 21, pp. 92-100, 2004. [9] N. Nagappan and T. Ball. Static analysis tools as early indicators of pre-release defect density. In Proceedings of the 27th International Conference on Software Engineering, 2005. [10] S. C. Johnson and inc Bell Telephone Laboratories, Lint, a C Program Checker. Bell Telephone Laboratories, 1977, [11] D. Evans, J. Guttag, J. Homing and Y. M. Tan, LCLint: A tool for using specifications to check code. In Proceedings of the 2nd ACM SIGSOFT symposium on Foundations of software engineering, p.87-96, December 06-09, 1994. [12] C. Flanagan, K. R. M. Leino, M. Lillibridge, G. Nelson, J. B. Saxe and R. Stata. Extended static checking for java. In Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation, June 17-19, 2002. [13] J. Hatcliff and M. Dwyer. Using the bandera tool set to model-check properties of concurrent java software. In Proceedings of the 12th International Conference on Concurrency Theory, p.39-58, August 20-25, 2001. [14] T. Jim, G. Morrisett, D. Grossman, M. Hicks, J. Cheney and Y. Wang. Cyclone: A safe dialect of C. In Proceedings of the General Track: 2002 USENIX Annual Technical Conference, p.275-288, June 10-15, 2002. [15] B. Beizer. Software Testing Techniques. Van Nostrand Reinhold Co. New York, USA, 1990. [16] P. Coward and B. Polytech. Symbolic execution systems-a review. Software Engineering Journal 3(6), pp. 229-239, 1988. [17] K. Sen. Concolic testing. In Proceedings of the Twenty-Second IEEE/ACM International Conference on Automated Software Engineering, 2007, pp. 571-572. [18] C. Cadar and D. Engler. Execution generated test cases: How to make systems code crash itself. In Proceedings of SPIN Workshop, 2005. [19] P. Godefroid, N. Klarlund and K. Sen. DART: Directed automated random testing. In Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation, June 12-15, 2005. 52 [20] R. Majumdar and K. Sen. Hybrid concolic testing. In Proceedings of the 29th international conference on Software Engineering, p.416-426, May 20-26, 2007. [21] R. Majumdar and K. Sen. Latest: Lazy dynamic test input generation. Technical Report UCB/EECS-2007-36, EECS Department, University of California, Berkeley, 2007, [22] U. Shankar, K. Talwar, J. S. Foster and D. Wagner, Detecting format string vulnerabilities with type qualifiers. In Proceedings of the 10th USENIX Security Symposium, 2001, [23] G. C. Necula, S. McPeak, S. P. Rahul and W. Weimer. CIL: Intermediate language and tools for analysis and transformation of C programs. In Proceedings of the 11th International Conference on Compiler Construction, p.213-228, April 08-12, 2002. [24] W. Chang, B. Streiff and C. Lin. Efficient and extensible security enforcement using dynamic data flow analysis. In Proceedings of the 15th ACM conference on Computer and communications security, October 27-31, 2008. [25] OWASP Top 10 2004. http://www.owasp.org/index.php/Top_10_2004 [26] CERT/CC Advisories. http://www.cert.org/advisories/ [27] C. F. Yang. Resolving constraints from COTS/Binary components for concolic random testing. Master thesis, NCTU, 2007. [28] Y. L. Yen. Target directed random testing for feasible state generation. Master thesis, NCTU, 2007. [29] Li-Wen Hsu. Resolving unspecified software features by directed random testing. Master thesis, NCTU, 2007. [30] C. Barrett and C. Tinelli. (2008, CVC3. LECTURE NOTES IN COMPUTER SCIENCE [31] J. Burnim and K. Sen. Heuristics for scalable dynamic test generation. Presented at 23rd IEEE/ACM International Conference on Automated Software Engineering (ASE 2008). [32] O. Ruwase and M. S. Lam. A practical dynamic buffer overflow detector. In Proceedings of the 11th Annual Network and Distributed System Security Symposium, 2004. [33] Metasploit Shellcode, 2009. http://www.metasploit.com/shellcode/ [34] Y. Kannan and K. Sen. Universal symbolic execution and its application to likely data structure invariant generation. In Proceedings of the 2008 International Symposium on Software Testing and Analysis, 2008. 53 [35] R. G. Xu, P. Godefroid and R. Majumdar. Testing for buffer overflows with length abstraction. In Proceedings of the 2008 International Symposium on Software Testing and Analysis, 2008. [36] P. Godefroid, M. Y. Levin and D. Molnar. Automated whitebox fuzz testing. In Proceedings of the Network and Distributed System Security Symposium, 2008. [37] P. Godefroid, M. Y. Levin and D. A. Molnar. Active property checking. In Proceedings of the 7th ACM International Conference on Embedded Software, 2008. [38] C. Cadar, V. Ganesh, P. M. Pawlowski, D. L. Dill and D. R. Engler. EXE: Automatically generating inputs of death. ACM Transactions on Information and System Security, 2008. [39] P. Boonstoppel, C. Cadar and D. Engler. RWset: Attacking path explosion in constraint-based test generation. In Proceedings of Tools and Algorithms for the Construction and Analysis of Systems, 2008. [40] C. Cadar, D. Dunbar and D. Engler. Klee: Unassisted and automatic generation of high-coverage tests for complex systems programs. USENIX Symposium on Operating Systems Design and Implementation, 2008. [41] D. Beyer, A. J. Chlipala, T. A. Henzinger, R. Jhala and R. Majumdar. The blast query language for software verification. In Proceedings of the 11th International Static Analysis Symposium, 2004. [42] A. Zeller, Yesterday, my program worked. Today, it does not. Why?, Proceedings of the 7th European software engineering conference held jointly with the 7th ACM SIGSOFT international symposium on Foundations of software engineering, p.253-267, September 06-10, 1999. [43] A. Zeller, U. des Saarlandes and G. SaarbrOcken, Isolating cause-effect chains from computer programs, Proceedings of the 10th ACM SIGSOFT symposium on Foundations of software engineering, November 18-22, 2002.
|