Many security and software testing applications require checking whether certain properties
of a program hold for any possible usage scenario. For instance, a tool for identifying …

Security attacks abuse software vulnerabilities of IoT devices; hence, detecting and
eliminating these vulnerabilities immediately are crucial. Fuzzing is an efficient method to …

Recently, hybrid fuzzing has been proposed to address the limitations of fuzzing and
concolic execution by combining both approaches. The hybrid approach has shown its …

Fuzzing is an effective software testing technique to find bugs. Given the size and complexity
of real-world applications, modern fuzzers tend to be either scalable, but not effective in …

Unlike coverage-based fuzzing that gives equal attention to every part of a code, directed
fuzzing aims to direct a fuzzer to a specific target in the code, eg, the code with potential …

Symbolic execution for software testing Page 1 82 communicaTionS of The acm | february
2013 | vol. 56 | no. 2 review articles ill us tra tion b y marius w a tz sYMBoliC eXeCUtioN has …

Test case generation is among the most labour-intensive tasks in software testing. It also has
a strong impact on the effectiveness and efficiency of software testing. For these reasons, it …

We present a system Dynodroid for generating relevant inputs to unmodified Android apps.
Dynodroid views an app as an event-driven program that interacts with its environment by …

In this paper we present Mayhem, a new system for automatically finding exploitable bugs in
binary (ie, executable) programs. Every bug reported by Mayhem is accompanied by a …

We present a new symbolic execution tool, KLEE, capable of automatically generating tests
that achieve high coverage on a diverse set of complex and environmentally-intensive …