SQL is the de facto language for manipulating relational data. Though powerful, many users
find it difficult to write SQL queries due to highly expressive constructs. While using the …

Abstract Satisfiability Modulo Theories (SMT) refers to the problem of determining whether a
first-order formula is satisfiable with respect to some logical theory. Solvers based on SMT …

String constraint solving refers to solving combinatorial problems involving constraints over
string variables. String solving approaches have become popular over the past few years …

As AJAX applications gain popularity, client-side JavaScript code is becoming increasingly
complex. However, few automated vulnerability analysis tools for JavaScript exist. In this …

Many program analyses require statically inferring the possible values of composite types.
However, current approaches either do not account for correlations between object fields or …

We present a technique for finding security vulnerabilities in Web applications. SQL Injection
(SQLI) and cross-site scripting (XSS) attacks are widespread forms of attack in which the …

Analyzing web applications requires reasoning about strings and non-strings cohesively.
Existing string solvers either ignore non-string program behavior or support limited set of …

Symbolic PathFinder (SPF) is a software analysis tool that combines symbolic execution with
model checking for automated test case generation and error detection in Java bytecode …

Motivated by the vulnerability analysis of web programs which work on string inputs, we
present S3, a new symbolic string solver. Our solver employs a new algorithm for a …

An increasing number of applications in verification and security rely on or could benefit from
automatic solvers that can check the satisfiability of constraints over a rich set of data types …