Many security and software testing applications require checking whether certain properties
of a program hold for any possible usage scenario. For instance, a tool for identifying …

Intelligent vehicles are advancing at a fast speed with the improvement of automation and
connectivity, which opens up new possibilities for different cyber-attacks, including in-vehicle …

Fuzzing has become the de facto standard technique for finding software vulnerabilities.
However, even state-of-the-art fuzzers are not very efficient at finding hard-to-trigger …

Test case generation is among the most labour-intensive tasks in software testing. It also has
a strong impact on the effectiveness and efficiency of software testing. For these reasons, it …

We present a new symbolic execution tool, KLEE, capable of automatically generating tests
that achieve high coverage on a diverse set of complex and environmentally-intensive …

In unit testing, a program is decomposed into units which are collections of functions. A part
of unit can be tested by generating inputs for a single entry function. The entry function may …

Software bugs are a well-known source of security vulnerabilities. One technique for finding
bugs, symbolic execution, considers all possible inputs to a program but suffers from …

The emergence of OpenFlow-capable switches enables exciting new network functionality,
at the risk of programming errors that make communication less reliable. The centralized …

This article presents EXE, an effective bug-finding tool that automatically generates inputs
that crash real code. Instead of running code on manually or randomly constructed input …

A decision procedure is an algorithm that, given a decision problem, terminates with a
correct yes/no answer. In this book, we focus on decision procedures for decidable first …