Many security and software testing applications require checking whether certain properties
of a program hold for any possible usage scenario. For instance, a tool for identifying …

We present VerX, the first automated verifier able to prove functional properties of Ethereum
smart contracts. VerX addresses an important problem as all real-world contracts must …

Dynamic symbolic execution for automated test generation consists of instrumenting and
running a program while collecting path constraint on inputs from predicates encountered in …

This paper presents SAILFISH, a scalable system for automatically finding state-
inconsistency bugs in smart contracts. To make the analysis tractable, we introduce a hybrid …

Test case generation is among the most labour-intensive tasks in software testing. It also has
a strong impact on the effectiveness and efficiency of software testing. For these reasons, it …

We present a new symbolic execution tool, KLEE, capable of automatically generating tests
that achieve high coverage on a diverse set of complex and environmentally-intensive …

Performance problems in software can arise unexpectedly when programs are provided with
inputs that exhibit worst-case behavior. A large body of work has focused on diagnosing …

We present an algorithm and a system for generating input events to exercise smartphone
apps. Our approach is based on concolic testing and generates sequences of events …

Code obfuscation is widely used by software developers to protect intellectual property, and
malware writers to hamper program analysis. However, there seems to be little work on …

This paper describes some of the challenges and opportunities when deploying static and
dynamic analysis at scale, drawing on the authors' experience with the Infer and Sapienz …