We present Harvey, an industrial greybox fuzzer for smart contracts, which are programs
managing accounts on a blockchain. Greybox fuzzing is a lightweight test-generation …

Robustness is a key concern for Rust library development because Rust promises no risks
of undefined behaviors if developers use safe APIs only. Fuzzing is a practical approach for …

Concolic testing integrates concrete execution (eg, random testing) and symbolic execution
for test case generation. It is shown to be more cost-effective than random testing or …

One of the biggest challenges in concolic testing, an automatic test generation technique, is
its huge search space. Concolic testing generates next inputs by selecting branches from …

One of the major concerns of dynamic symbolic execution (DSE) based automated test case
generation is its huge search space which restricts its usage for industrial-size program …

Formal verification of software is a bit of a niche activity: it is only applied to the most safety-
critical or security-critical software and it is typically only performed by specialized …

Current testing practice in industry is often ineffective and slow to detect bugs, since most
projects utilize manually generated test cases. Concolic testing alleviates this problem by …

What is a test case for? Sometimes, to expose a fault. Tests can also exercise code, use
memory or time, or produce desired output. Given a desired effect, a test case can be seen …

The size and complexity of software applications is increasing at an accelerating pace.
Source code repositories (along with their dependencies) require vast amounts of labor to …

We present a technique to automatically generate search heuristics for concolic testing. A
key challenge in concolic testing is how to effectively explore the program's execution paths …