KLEE

Version 2.1

Publications

Publications and Systems Using KLEE

Below you can find a list of 100+ papers and systems that either use or extend KLEE. They are listed in chronological order.

Additional information about systems and research based on KLEE can be found on the website of the 1st International KLEE Workshop on Symbolic Execution.

If you have used or extended KLEE and would like to have your paper listed here, please open a pull request at https://github.com/klee/klee.github.io/pulls. Alternatively, email klee-dev-owner or c.cadar@imperial.ac.uk.

  1. KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs
    Cristian Cadar, Daniel Dunbar, Dawson Engler
    USENIX Symposium on Operating Systems Design and Implementation (OSDI 2008)
    December 8-10, 2008, San Diego, CA, USA

  2. HAMPI: A Solver for String Constraints
    Adam Kiezun, Vijay Ganesh, Philip Guo, Pieter Hooimeijer, Michael Ernst
    International Symposium on Software Testing and Analysis (ISSTA 2009)
    July 19-23, 2009, Chicago, IL, USA

  3. Server-side Verification of Client Behavior in Online Games
    Darrell Bethea, Robert Cochran, Michael Reiter
    Network and Distributed System Security Symposium (NDSS 2010)
    February 28 - March 3, 2010, San Diego, CA, USA

  4. KleeNet: Discovering Insidious Interaction Bugs in Wireless Sensor Networks Before Deployment
    Raimondas Sasnauskas, Olaf Landsiedel, Muhammad Hamad Alizai, Carsten Weise, Stefan Kowalewski, Klaus Wehrle
    ACM/IEEE International Conference on Information Processing in Sensor Networks (IPSN 2010)
    April 12-16, 2010, Stockholm, Sweden
    KleeNet is available here.

  5. Execution Synthesis: A Technique for Automated Software Debugging
    Cristian Zamfir, George Candea
    ACM SIGOPS/EuroSys European Conference on Computer Systems (EuroSys 2010)
    April 13-16, 2010, Paris, France

  6. Reverse Engineering of Binary Device Drivers with RevNIC
    Vitaly Chipounov, George Candea
    ACM SIGOPS/EuroSys European Conference on Computer Systems (EuroSys 2010)
    April 13-16, 2010, Paris, France

  7. Testing Closed-Source Binary Device Drivers with DDT
    Volodymyr Kuznetsov, Vitaly Chipounov, George Candea
    USENIX Annual Technical Conference (USENIX ATC 2010)
    June 22-25, 2010, Boston, MA, USA

  8. Stable Deterministic Multithreading through Schedule Memoization
    Heming Cui, Jingyue Wu, Chia-che Tsai, Junfeng Yang
    USENIX Symposium on Operating Systems Design and Implementation (OSDI 2010)
    October 4-6, 2010, Vancouver, BC, Canada

  9. AEG: Automatic Exploit Generation
    Thanassis Avgerinos, Sang Kil Cha, Brent Lim Tze Hao, David Brumley
    Network and Distributed System Security Symposium (NDSS 2011)
    February 6-9, 2011, San Diego, CA, USA

  10. Howard: A Dynamic Excavator for Reverse Engineering Data Structures
    Asia Slowinska, Traian Stancescu, Herbert Bos
    Network and Distributed System Security Symposium (NDSS 2011)
    February 6-9, 2011, San Diego, CA, USA

  11. S2E: A Platform for In Vivo Multi-Path Analysis of Software Systems
    Vitaly Chipounov, Volodymyr Kuznetsov, George Candea
    International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2011)
    March 5-11, 2011, Newport Beach, CA
    S2E is available at EPFL and GitHub.

  12. Parallel Symbolic Execution for Automated Real-World Software Testing
    Stefan Bucur, Vlad Ureche, Cristian Zamfir, George Candea
    ACM SIGOPS/EuroSys European Conference on Computer Systems (EuroSys 2011)
    April 10-13, 2011, Salzburg, Austria
    Cloud9 is available here.

  13. Symbolic Crosschecking of Floating-Point and SIMD Code
    Peter Collingbourne, Cristian Cadar, Paul H. J. Kelly
    ACM SIGOPS/EuroSys European Conference on Computer Systems (EuroSys 2011)
    April 10-13, 2011, Salzburg, Austria

  14. Scalable Symbolic Execution of Distributed Systems
    Raimondas Sasnauskas, Oscar Dustmann, Benjamin Lucien Kaminski, Carsten Weise, Stefan Kowalewski, Klaus Wehrle
    IEEE International Conference on Distributed Computing Systems (ICDCS 2011)
    June 20-24, 2011, Minneapolis, MN, USA

  15. KLOVER: A Symbolic Execution and Automatic Test Generation Tool for C++ Programs
    Guodong Li, Indradeep Ghosh, Sreeranga Rajan
    International Conference on Computer Aided Verification (CAV 2011)
    July 14-20, 2011, Cliff Lodge, Snowbird, UT, USA

  16. Practical, Low-Effort Equivalence Verification of Real Code
    David Ramos, Dawson Engler
    International Conference on Computer Aided Verification (CAV 2011)
    July 16-20, 2011, Snowbird, UT, USA

  17. Selecting Peers for Execution Comparison
    William N. Sumner, Tao Bao, Xiangyu Zhang
    ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2011)
    July 17-21, 2011, Toronto, CA

  18. Directed Symbolic Execution
    Kin-Keung Ma, Khoo Yit Phang, Jeffrey S. Foster, Michael Hicks
    International Conference on Static Analysis (SAS 2011)
    September 14-16, 2011, Venice, Italy

  19. Efficient Deterministic Multithreading through Schedule Relaxation
    Heming Cui, Jingyue Wu, John Gallagher, Huayang Guo, Junfeng Yang
    ACM Symposium on Operating Systems Principles (SOSP 2011)
    October 23-26, 2011, Cascais, Portugal

  20. Symbolic Testing of OpenCL Code
    Peter Collingbourne, Cristian Cadar, Paul H. J. Kelly
    Haifa Verification Conference (HVC 2011)
    December 6-8, 2011, Haifa, Israel

  21. GKLEE: Concolic Verification and Test Generation for GPUs
    Guodong Li, Peng Li, Geof Sawaya, Ganesh Gopalakrishnan, Indradeep Ghosh, Sreeranga P. Rajan
    ACM Symposium on Principles and Practice of Parallel Programming (PPoPP 2012)
    February 25-29, 2012, New Orleans, LA, USA
    GKLEE is available here.

  22. Staged Symbolic Execution
    Junaid Haroon Siddiqui, Sarfraz Khurshid
    ACM Symposium on Applied Computing (SAC 2012)
    March 26-30, 2012, Trento, Italy

  23. Scalable Testing of File System Checkers
    João Carlos Menezes Carreira, Rodrigo Rodrigues, George Candea, Rupak Majumdar
    ACM SIGOPS/EuroSys European Conference on Computer Systems (EuroSys 2012)
    April 10-13, 2012, Bern, Switzerland

  24. make test-zesti: A Symbolic Execution Solution for Improving Regression Testing
    Paul Dan Marinescu, Cristian Cadar
    ACM/IEEE International Conference on Software Engineering (ICSE 2012)
    June 2-9, 2012, Zurich, Switzerland
    ZESTI is available here.

  25. BugRedux: Reproducing Field Failures for In-House Debugging
    Wei Jin, Alessandro Orso
    ACM/IEEE International Conference on Software Engineering (ICSE 2012)
    June 2-9, 2012, Zurich, Switzerland
    BugRedux is available here.

  26. Industrial Application of Concolic Testing Approach: A Case Study on libexif by Using CREST-BV and KLEE
    Yunho Kim, Moonzoo Kim, YoungJoo Kim, Yoonkyu Jang
    ACM/IEEE International Conference on Software Engineering (ICSE 2012)
    June 2-9, 2012, Zurich, Switzerland

  27. Efficient State Merging in Symbolic Execution
    Volodymyr Kuznetsov, Johannes Kinder, Stefan Bucur, George Candea
    ACM Conference on Programming Language Design and Implementation (PLDI 2012)
    June 11-16, 2012, Beijing, China

  28. Noninterference via Symbolic Execution
    Dimiter Milushev, Wim Beck, Dave Clarke
    In: Giese H., Rosu G. (eds) Formal Techniques for Distributed Systems. Lecture Notes in Computer Science, vol 7273. Springer, Berlin, Heidelberg (FMOODS/FORTE 2012)
    June 13-16, 2012, Stockholm, Sweden

  29. CRAX: Software Crash Analysis for Automatic Exploit Generation by Modeling Attacks as Symbolic Continuations
    Shih-Kun Huang, Min-Hsiang Huang, Po-Yen Huang, Chung-Wei Lai, Han-Lin Lu, Wai-Meng Leong
    International Conference on Software Security and Reliability (SERE 2012)
    June 20-22, 2012, Gaithersburg, USA

  30. High-Coverage Symbolic Patch Testing
    Paul Dan Marinescu, Cristian Cadar
    SPIN Workshop on Model Checking of Software (SPIN 2012)
    July 23-24, 2012, Oxford, UK

  31. Checking Properties Described by State Machines: On Synergy of Instrumentation, Slicing, and Symbolic Execution
    Jiri Slaby, Jan Strejcek, Marek Trtík
    International Workshop on Formal Methods for Industrial Critical Systems (FMICS 2012)
    August 27-28, 2012, Paris, France

  32. SymDrive: Testing Drivers without Devices
    Matthew J. Renzelmann, Asim Kadav, Michael M. Swift
    USENIX Symposium on Operating Systems Design and Implementation (OSDI 2012)
    October 8-10, 2012, Hollywood, USA

  33. Scaling Symbolic Execution Using Ranged Analysis
    Junaid Haroon Siddiqui, Sarfraz Khurshid
    ACM International Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA 2012)
    October 19-26, 2012, Tucson, Arizona, USA

  34. Detecting Problematic Message Sequences and Frequencies in Distributed Systems
    Charles Lucas, Sebastian Elbaum, David S. Rosenblum
    ACM International Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA 2012)
    October 19-26, 2012, Tucson, USA

  35. Enhancing Symbolic Execution to Test the Compatibility of Re-engineered Industrial Software
    Susumu Tokumoto, Tadahiro Uehara, Kazuki Munakata, Haruyuki Ishida, Toru Eguchi, Masafumi Baba
    Asia-Pacific Software Engineering Conference
    December 4-7, 2012, Hong Kong, China

  36. A SOFT Way for OpenFlow Switch Interoperability Testing
    Maciej Kuzniar, Peter Peresini, Marco Canini, Daniele Venzano, Dejan Kostic
    International Conference on emerging Networking EXperiments and Technologies (CoNEXT 2012)
    December 10-13, 2012, Nice, France

  37. Symbolic Simulation for Debugging and Analysis of REKO Models Using KLEE
    Marta Vicente Romero
    Master Thesis, Luleå University of Technology
    2013, Luleå, Sweden

  38. Automatic Detection of Floating-Point Exceptions
    Peter C. Rigby, Earl T. Barr, Christian Bird, Premkumar Devanbu, Daniel M. German
    ACM Symposium on Principles of Programming Languages (POPL 2013)
    January 23-25, 2013, Rome, Italy

  39. Symbiotic: Synergy of Instrumentation, Slicing, and Symbolic Execution (Competition Contribution)
    Jiri Slaby, Jan Strejcek, Marek Trtík
    International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2013)
    March 16-24, 2013, Rome, Italy
    Symbiotic is available here.

  40. SemFix: Program Repair via Semantic Analysis
    Hoang Duong Thien Nguyen, Dawei Qi, Abhik Roychoudhury, Satish Chandra
    ACM/IEEE International Conference on Software Engineering (ICSE 2013)
    May 18-26, 2013, San Francisco, CA, USA

  41. Post-silicon Conformance Checking with Virtual Prototypes
    Li Lei, Fei Xie, Kai Cong
    Design Automation Conference (DAC 2013)
    June 1-5, 2013, San Francisco, CA, USA

  42. CLAP: Recording Local Executions to Reproduce Concurrency Failures
    Jeff Huang, Charles Zhang, Julian Dolby
    ACM Conference on Programming Language Design and Implementation (PLDI 2013)
    June 16-22, 2013, Seattle, WA, USA

  43. CRAXweb: Automatic Web Application Testing and Attack Generation
    Shih-Kun Huang, Han-Lin Lu, Wai-Meng Leong, Huan Liu
    International Conference on Software Security and Reliability (SERE 2013)
    June 18-20, 2013, Gaithersburg, USA

  44. Redundant State Detection for Dynamic Symbolic Execution
    Suhabe Bugrara, Dawson Engler
    USENIX Annual Technical Conference (USENIX ATC 2013)
    June 26-28, 2013, San Jose, California

  45. Multi-solver Support in Symbolic Execution
    Hristina Palikareva, Cristian Cadar
    International Conference on Computer Aided Verification (CAV 2013)
    July 13-19, 2013, St Petersburg, Russia
    KLEE-Multisolver is available here.

  46. F3: Fault Localization for Field Failures
    Wei Jin, Alessandro Orso
    International Symposium on Software Testing and Analysis (ISSTA 2013)
    July 15-20, 2013, Lugano, Switzerland

  47. FIE on Firmware: Finding Vulnerabilities in Embedded Systems using Symbolic Execution
    Drew Davidson, Benjamin Moench, Somesh Jha, Thomas Ristenpart
    22nd USENIX Security Symposium (USENIX Security ‘13)
    August 14–16, 2013, Washington, D.C., USA

  48. KATCH: High-Coverage Testing of Software Patches
    Paul Dan Marinescu, Cristian Cadar
    Joint meeting of the European Software Engineering Conference and the Symposium on the Foundations of Software Engineering (ESEC/FSE 2013)
    August 18-26, 2013, St Petersburg, Russia

  49. Symbolic Software Model Validation
    Cynthia Sturton, Rohit Sinha, Thurston H.Y. Dang, Sakshi Jain, Michael McCoyd, Wei Yang Tan, Petros Maniatis, Sanjit A. Seshia, David Wagner
    ACM-IEEE International Conference on Formal Methods and Models for System Design (MEMOCON 2013)
    October 18-20, 2013, Portland, USA

  50. Steering Symbolic Execution to Less Traveled Paths
    You Li, Zhendong Su, Linzhang Wang, Xuandong Li
    ACM International Conference on Object Oriented Programming, Systems, Languages, and Applications (OOPSLA 2013)
    October 26-31, 2013, Indianapolis, USA

  51. Modeling Firmware as Service Functions and Its Application to Test Generation
    Sunha Ahn, Sharad Malik
    Haifa Verification Conference (HVC 2013)
    November 5-7, 2013, Haifa, Israel

  52. Chaining Test Cases for Reactive System Testing
    Peter Schrammel, Tom Melham, Daniel Kroening
    IFIP International Conference on Testing Software and Systems (ICTSS 2013)
    November 13-15, 2013, Istanbul, Turkey

  53. Automatic Concolic Test Generation with Virtual Prototypes for Post-silicon Validation
    Kai Cong, Fei Xie, Li Lei
    International Conference on Computer-aided Design (ICCAD 2013)
    November 18-21, 2013, San Jose, CA, USA

  54. Static Analysis Driven Cache Performance Testing
    Abhijeet Banerjee, Sudipta Chattopadhyay, Abhik Roychoudhury
    IEEE Real-Time Systems Symposium (RTSS 2013)
    December 3-6, 2013, Vancouver, CA

  55. Conflict-Driven Symbolic Execution
    Celina Gomes do Val
    Master Thesis, University of British Columbia
    March 2014, Vancouver, CA
    KITE is available here.

  56. Reproducing Field Failures for Programs with Complex Grammar-Based Input
    Fitsum Meshesha Kifetew, Wei Jin, Roberto Tiella, Alessandro Orso, Paolo Tonella
    IEEE International Conference on Software Testing, Verification and Validation (ICST 2014)
    March 31 - April 4, 2014, Cleveland, USA

  57. Automated Testcase Generation for Numerical Support Functions in Embedded Systems
    Johann Schumann, Stefan-Alexander Schneider
    International Symposium on NASA Formal Methods (NFM 2014)
    April 29 - May 1, 2014, Houston, TX, USA

  58. Practical Use of Formal Verification for Safety Critical Cyber-Physical Systems: A Case Study
    Tasuku Ishigooka, Habib Saissi, Thorsten Piper, Stefan Winter, Neeraj Suri
    IEEE International Conference on Cyber-Physical Systems, Networks, and Applications (CPSNA 2014)
    August 25-26, 2014, Hong Kong, China

  59. Docovery: Toward Generic Automatic Document Recovery
    Tomasz Kuchta, Cristian Cadar, Miguel Castro, Manuel Costa
    International Conference on Automated Software Engineering (ASE 2014)
    September 15-19, 2014, Vasteras, Sweden
    Docovery is available here.

  60. Control Flow Obfuscation using Neural Network to Fight Concolic Testing
    Haoyu Ma, Xinjie Ma, Weijie Liu, Zhipeng Huang, Debin GAO, Chunfu Jia
    International Conference on Security and Privacy in Communication Networks (SecureComm 2014)
    September 24-26, 2014, Beijing, China

  61. Automated Software Testing of Memory Performance in Embedded GPUs
    Sudipta Chattopadhyay, Petru Eles, Zebo Peng
    International Conference on Embedded Software (EMSOFT 2014)
    October 12-17, 2014, Jaypee Greens, India

  62. Symbolic Execution of Multithreaded Programs from Arbitrary Program Contexts
    Tom Bergan, Dan Grossman, Luis Ceze
    ACM International Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA 2014)
    October 20-24, 2014, Portland, USA

  63. Methods for Binary Symbolic Execution
    Anthony Romano
    Dissertation, Stanford University, Department of Computer Science
    December 2014, Stanford, USA

  64. Frog Program Bug Finder
    Qirong Wang, 2015
    Software testing and debugging tool combining KLEE test generation with fault localization

  65. Postconditioned Symbolic Execution
    Qiuping Yi, Zijiang Yang, Shengjian Guo, Chao Wang, Jian Liu, Chen Zhao
    IEEE International Conference on Software Testing, Verification and Validation (ICST 2015)
    April 13-17, 2015, Graz, Austria

  66. Generating Succinct Test Cases Using Don’t Care Analysis
    Cuong Nguyen, Hiroaki Yoshida, Mukul Prasad, Indradeep Ghosh, Koushik Sen
    IEEE International Conference on Software Testing, Verification and Validation (ICST 2015)
    April 13-17, 2015, Graz, Austria

  67. The Use of Symbolic Execution for Testing of Real-Time Safety-Related Software
    Martin Hořeňovský
    Bachelor Thesis, Czech Technical University in Prague
    May 2015, Prague, CZ

  68. Analyzing Protocol Implementations for Interoperability
    Luis Pedrosa, Ari Fogel, Nupur Kothari, Ramesh Govindan, Ratul Mahajan, Todd Millstein
    USENIX Symposium on Networked Systems Design and Implementation (NSDI 2015)
    May 4-6, 2015, Oakland, CA, USA
    PIC is available here.

  69. A Synergistic Analysis Method for Explaining Failed Regression Tests
    Qiuping Yi, Zijiang Yang, Jian Liu, Chen Zhao, Chao Wang
    ACM/IEEE International Conference on Software Engineering (ICSE 2015)
    May 16-24, 2015, Florence, Italy

  70. DASE: Document-Assisted Symbolic Execution for Improving Automated Software Testing
    Edmund Wong, Lei Zhang, Song Wang, Taiyue Liu, Lin Tan
    International Conference on Software Engineering (ICSE 2015)
    May 16-24, 2015, Florence, Italy

  71. A Framework for Measuring Software Obfuscation Resilience Against Automated Attacks
    Sebastian Banescu, Martin Ochoa, Alexander Pretschner
    International Workshop on Software Protection (SPRO 2015)
    May 17, 2015, Florence, Italy

  72. Explaining Software Failures by Cascade Fault Localization
    Qiuping Yi, Zijiang Yang, Jian Liu, Chen Zhao, Chao Wang
    ACM Transactions on Design Automation of Electronic Systems, Volume 20 Issue 3 (TODAES)
    June, 2015

  73. Symbolic Execution for BIOS Security
    Oleksandr Bazhaniuk, John Loucaides, Lee Rosenbaum, Mark R. Tuttle, Vincent Zimmer
    USENIX Workshop on Offensive Technologies (WOOT 2015)
    August 10-11, 2015, Washington D.C., USA

  74. Under-Constrained Symbolic Execution: Correctness Checking for Real Code
    David A. Ramos, Dawson Engler
    USENIX Security Symposium (SEC 2015)
    August 12-14, 2015, Washington D.C., USA

  75. Parallel SMT Solving and Concurrent Symbolic Execution
    Emil Rakadjiev, Taku Shimosawa, Hiroshi Mine, Satoshi Oshima
    IEEE Trustcom/BigDataSE/ISPA 2015
    August 20-22, 2015, Helsinki, Finland

  76. Parallel Symbolic Execution: Merging In-Flight Requests
    Martin Nowack, Katja Tietze, Christof Fetzer
    Haifa Verification Conference (HVC 2015)
    November 17-19, 2015, Haifa, Israel

  77. Studying the Influence of Standard Compiler Optimizations on Symbolic Execution
    Shiyu Dong, Oswaldo Olivo, Lingming Zhang, Sarfraz Khurshid
    IEEE International Symposium on Software Reliability Engineering (ISSRE 2015)
    November 2-5, 2015, Gaithersbury, MD, USA

  78. Generating High Coverage Tests for SystemC Designs Using Symbolic Execution
    Bin Lin, Zhenkun Yang, Kai Cong, Fei Xie
    Asia and South Pacific Design Automation Conference (ASP-DAC 2016)
    January 25-28, 2016, Macau, China

  79. Profiting from Unit Tests for Integration Testing
    Dominik Holling, Andreas Hofbauer, Alexander Pretschner, Matthias Gemmar
    IEEE International Conference on Software Testing, Verification and Validation (ICST 2016)
    April 11-15, 2016, Chicago, IL, USA

  80. Nequivack: Assessing Mutation Score Confidence
    Dominik Holling, Sebastian Banescu, Marco Probst, Ana Petrovska, Alexander Pretschner
    IEEE International Conference on Software Testing, Verification and Validation (ICST 2016)
    April 11-15, 2016, Chicago, IL, USA

  81. Angelix: Scalable Multiline Program Patch Synthesis via Symbolic Analysis
    Sergey Mechtaev, Jooyong Yi, Abhik Roychoudhury
    ACM/IEEE International Conference on Software Engineering (ICSE 2016)
    May 14-22, 2016, Austin, Texas, USA
    Angelix is available here.

  82. Shadow of a Doubt: Testing for Divergences Between Software Versions
    Hristina Palikareva, Tomasz Kuchta, Cristian Cadar
    ACM/IEEE International Conference on Software Engineering (ICSE 2016)
    May 14-22, 2016, Austin, Texas, USA
    Shadow is available here.

  83. On the Techniques We Create, the Tools We Build, and Their Misalignments: A Study of KLEE
    Eric F. Rizzi, Sebastian Elbaum, Matthew B. Dwyer
    International Conference on Software Engineering (ICSE 2016)
    May 14-22, 2016, Austin, Texas, USA

  84. Automatic Generation of High-coverage Tests for RTL Designs Using Software Techniques and Tools
    Yu Zhang, Wenlong Feng, Mengxing Huang
    IEEE Conference on Industrial Electronics and Applications (ICIEA 2016)
    June 5-7, 2016, Hefei, China

  85. Automated Feedback Framework for Introductory Programming Courses
    Jianxiong Gao, Bei Pang, Steven S. Lumetta
    Annual Conference on Innovation and Technology in Computer Science Education (ITiCSE 2016)
    July 11-13, 2016, Arequipa, Peru

  86. MACKE: Compositional Analysis of Low-level Vulnerabilities with Symbolic Execution
    Saahil Ognawala, Martín Ochoa, Alexander Pretschner, Tobias Limmer
    IEEE/ACM International conference on Automated Software Engineering (ASE 2016)
    September 3-7, 2016, Singapore, Singapore

  87. LLSPLAT: Improving Concolic Testing by Bounded Model Checking
    Min Gao, Lei He, Rupak Majumdar, Zilong Wang
    IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM 2016)
    October 2-3, 2016, Raleigh, NC, USA

  88. Building Robust Distributed Systems and Network Protocols by Using Adversarial Testing and Behavioral Analysis
    Endadul Hoque, Cristina Nita-Rotaru
    IEEE Cybersecurity Development (SecDev 2016)
    November 3-4, 2016, Boston, MA, USA

  89. Hotspot Symbolic Execution of Floating-point Programs
    Minghui Quan
    ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE 2016)
    November 13-18, 2016, Seattle, WA, USA

  90. Eliminating Path Redundancy via Postconditioned Symbolic Execution
    Qiuping Yi, Zijiang Yang, Shengjian Guo, Chao Wang, Jian Liu, Chen Zhao
    IEEE Transactions on Software Engineering, Volume: PP, Issue: 99
    January 26, 2017

  91. Patch-related Vulnerability Detection Based on Symbolic Execution
    Weizhong Qiang, Yuehua Liao, Guozhong Sun, Laurence T. Yang, Deqing Zou, Hai Jin
    IEEE Access, vol. PP, no. 99
    March 1, 2017

  92. Case Study on LLVM as Suitable Intermediate Language for Binary Analysis
    Florian Märkl
    Seminar “Reverse Code Engineering” Winter 2016/2017, Technische Universität München
    March 22, 2017, Munich, Germany

  93. Non-Semantics-Preserving Transformations for Higher-Coverage Test Generation Using Symbolic Execution
    Hayes Converse, Oswaldo Olivo, Sarfraz Khurshid
    IEEE International Conference on Software Testing, Verification and Validation (ICST 2017)
    March 13-17, 2017, Tokyo, Japan

  94. Heuristically Matching Solution Spaces of Arithmetic Formulas to Efficiently Reuse Solutions
    Andrea Aquino, Giovanni Denaro, Mauro Pezzè
    ACM/IEEE International Conference on Software Engineering (ICSE 2017)
    May 20-28, 2017, Buenos Aires, Argentina

  95. An Empirical Study on Mutation, Statement and Branch Coverage Fault Revelation that Avoids the Unreliable Clean Program Assumption
    Thierry Titcheu Chekam, Mike Papadakis, Yves Le Traon, Mark Harman
    ACM/IEEE International Conference on Software Engineering (ICSE 2017)
    May 20-28, 2017, Buenos Aires, Argentina

  96. SymCerts: Practical Symbolic Execution for Exposing Noncompliance in X.509 Certificate Validation Implementations
    Sze Yiu Chau, Omar Chowdhury, Endadul Hoque, Huangyi Ge, Aniket Kate, Cristina Nita-Rotaru, Ninghui Li
    IEEE Symposium on Security and Privacy (S&P 2017)
    May 22-24, 2017, San Jose, CA, USA

  97. Analyzing Operational Behavior of Stateful Protocol Implementations for Detecting Semantic Bugs
    Endadul Hoque, Omar Chowdhury, Sze Yiu Chau, Cristina Nita-Rotaru, Ninghui Li
    IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2017)
    June 26-29, 2017, Denver, CO, USA

  98. pbSE: Phase-Based Symbolic Execution
    Qixue Xiao, Yu Chen, Chengang Wu, Kang Li, Junjie Mao
    IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2017)
    June 26-29, 2017, Denver, CO, USA

  99. StatSym: Vulnerable Path Discovery through Statistics-Guided Symbolic Execution
    Fan Yao, Yongbo Li, Yurong Chen
    IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2017)
    June 26-29, 2017, Denver, USA

  100. Accelerating Array Constraints in Symbolic Execution
    David M. Perry, Andrea Mattavelli, Xiangyu Zhang, Cristian Cadar
    International Symposium on Software Testing and Analysis (ISSTA 2017)
    July 10-14, 2017, Santa Barbara, CA, USA
    KLEE-Array is available here.

  101. Automatic Detection and Validation of Race Conditions in Interrupt-Driven Embedded Software
    Yu Wang, Linzhang Wang, Tingting Yu, Jianhua Zhao, Xuandong Li
    International Symposium on Software Testing and Analysis (ISSTA 2017)
    July 10-14, 2017, Santa Barbara, CA, USA

  102. Effectiveness of Synthesis in Concolic Deobfuscation
    Fabrizio Biondi, Sébastien Josse, Axel Legay, Thomas Sirvent
    Computers & Security (Volume: 70, 2017)
    September 2017

  103. Failure-Directed Program Trimming
    Kostas Ferles, Valentin Wüstholz, Maria Christakis, Isil Dillig
    Joint Meeting on Foundations of Software Engineering (ESEC/FSE 2017)
    September 4-8, 2017, Paderborn, Germany

  104. Symbolic Execution of Programmable Logic Controller Code
    Shengjian Guo, Meng Wu, Chao Wang
    Joint Meeting on Foundations of Software Engineering (ESEC/FSE 2017)
    September 4-8, 2017, Paderborn, Germany

  105. Did we Learn from LLC Side Channel Attacks? A Cache Leakage Detection Tool for Crypto Libraries
    Gorka Irazoqui, Kai Cong, Xiaofei Guo, Hareesh Khattri, Arun Kanuparthi, Thomas Eisenbarth, Berk Sunar
    arXiv, September 5, 2017

  106. KLOVER: Automatic Test Generation for C and C++ Programs, Using Symbolic Execution
    Guodong Li, Takuki Kamiya, Indradeep Ghosh, Sreeranga Rajan, Susumu Tokumoto, Kazuki Munakata, Tadahiro Uehara
    IEEE Software (Volume: 34, Issue: 5, 2017)
    September 22, 2017

  107. Quantifying the Information Leak in Cache Attacks via Symbolic Execution
    Sudipta Chattopadhyay, Moritz Beck, Ahmed Rezine, Andreas Zeller
    ACM-IEEE International Conference on Formal Methods and Models for System Design (MEMOCODE 2017)
    September 29 - October 2, 2017, Vienna, Austria

  108. Automatic Testing of Symbolic Execution Engines via Program Generation and Differential Testing
    Timotej Kapus, Cristian Cadar
    IEEE/ACM International conference on Automated Software Engineering (ASE 2017)
    October 30 - November 3, 2017, Urbana-Champaign, IL, USA

  109. Floating-Point Symbolic Execution: A Case Study in N-version Programming
    Daniel Liew, Daniel Schemmel, Cristian Cadar, Alastair Donaldson, Rafael Zähl, Klaus Wehrle
    IEEE/ACM International conference on Automated Software Engineering (ASE 2017)
    October 30 - November 3, 2017, Urbana-Champaign, IL, USA

  110. New Directions for Container Debloating
    Vaibhav Rastogi, Chaitra Niddodi, Sibin Mohan, Somesh Jha
    Workshop on Forming an Ecosystem Around Software Transformation (FEAST 2017)
    November 3, 2017, Dallas, USA

  111. Souper: A Synthesizing Superoptimizer
    Raimondas Sasnauskas, Yang Chen, Peter Collingbourne, Jeroen Ketema, Gratian Lup, Jubi Taneja, John Regehr
    arXiv, November 13, 2017
    Souper is available here.

  112. Resilience Evaluation via Symbolic Fault Injection on Intermediate Code
    Hoang M. Le, Vladimir Herdt, Daniel Große, Rolf Drechsler
    Design, Automation and Test in Europe (DATE 2018)
    March 19 - 23, 2018, Dresden, Germany

  113. Symbolic Assertion Mining for Security Validation
    Alessandro Danese, Valeria Bertacco, Graziano Pravadelli
    Design, Automation & Test in Europe (DATE 2018)
    March 19 - 23, 2018, Dresden, Germany

  114. Uncovering Bugs in P4 Programs with Assertion-based Verification
    Lucas Freire, Miguel Neves, Lucas Leal, Kirill Levchenko, Alberto Schaeffer-Filho, Marinho Barcellos
    Symposium on SDN Research (SOSR 2018)
    March 28-29, 2018, Los Angeles, USA

  115. CRETE: A Versatile Binary-Level Concolic Testing Framework
    Bo Chen, Christopher Havlicek, Zhenkun Yang, Kai Cong, Raghudeep Kannavara, Fei Xie
    International Conference on Fundamental Approaches to Software Engineering (FASE 2018)
    April 14-20, 2018, Thessaloniki, Greece
    CRETE is available here.

  116. Map2Check Using LLVM and KLEE
    Rafael Menezes, Herbert Rocha, Lucas Cordeiro, Raimundo Barreto
    International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2018)
    April 14-20, 2018, Thessaloniki, Greece
    Map2Check is available here.

  117. Evaluating Manual Intervention to Address the Challenges of Bug Finding with KLEE
    John Galea, Sean Heelan, Daniel Neville, Daniel Kroening
    arXiv, May 9, 2018

  118. Chopped Symbolic Execution
    David Trabish, Andrea Mattavelli, Noam Rinetzky, Cristian Cadar
    ACM/IEEE International Conference on Software Engineering (ICSE 2018)
    May 27 - June 3, 2018, Gothenburg, Sweden
    Chopper is available here.

  119. SAFL: Increasing and Accelerating Testing Coverage with Symbolic Execution and Guided Fuzzing
    Mingzhe Wang, Jie Liang, Yuanliang Chen, Yu Jiang, Xun Jiao, Han Liu, Xibin Zhao, Jiaguang Sun
    ACM/IEEE International Conference on Software Engineering (ICSE 2018 Companion)
    May 27 - June 3, 2018, Gothenburg, Sweden
    (Demo on Youtube)

  120. Semantic Program Repair Using a Reference Implementation
    Sergey Mechtaev, Manh-Dung Nguyen, Yannic Noller, Lars Grunske, Abhik Roychoudhury
    ACM/IEEE International Conference on Software Engineering (ICSE 2018)
    May 27 - June 3, 2018, Gothenburg, Sweden

  121. Indexing Operators to Extend the Reach of Symbolic Execution
    Earl T. Barr, David Clark, Mark Harman, Alexandru Marginean
    arXiv, June 26, 2018

  122. Symbolic Liveness Analysis for Real-World Software
    Daniel Schemmel, Julian Büning, Oscar Soria Dustmann, Thomas Noll, Klaus Wehrle
    International Conference on Computer Aided Verification (CAV 2018)
    July 14-17, 2018, Oxford, UK
    Implementation is available here.

  123. Learning to Accelerate Symbolic Execution via Code Transformation
    Junjie Chen, Wenxiang Hu, Lingming Zhang, Dan Hao, Sarfraz Khurshid, Lu Zhang
    European Conference on Object-Oriented Programming (ECOOP 2018)
    July 15-21, 2018, Amsterdam, Netherlands

  124. No Panic! Verification of Rust Programs by Symbolic Execution
    Marcus Lindner, Jorge Aparicius, Per Lindgren
    IEEE International Conference on Industrial Informatics (INDIN 2018)
    July 18-20, 2018, Porto, Protugal
    cargo-klee is available here.

  125. Symbolic Execution of Security Protocol Implementations: Handling Cryptographic Primitives
    Mathy Vanhoef, Frank Piessens
    USENIX Workshop on Offensive Technologies (WOOT 2018)
    August 13-14, 2018, Baltimore, USA

  126. Inception: System-Wide Security Testing of Real-World Embedded Systems Software
    Nassim Corteggiani, Giovanni Camurati, Aurélien Francillon
    USENIX Security Symposium (Security 2018)
    August 15-17, 2018, Baltimore, USA
    Inception is available here.

  127. CPA-SymExec: Efficient Symbolic Execution in CPAchecker
    Dirk Beyer, Thomas Lemberger
    International Conference on Automated Software Engineering (ASE 2018)
    September 3-7, 2018, Montpellier, France

  128. Loop Path Reduction by State Pruning
    Jianxiong Gao, Steven S. Lumetta
    International Conference on Automated Software Engineering (ASE 2018)
    September 3-7, 2018, Montpellier, France

  129. PARTI: A Multi-interval Theory Solver for Symbolic Execution
    Oscar Soria Dustmann, Klaus Wehrle, Cristian Cadar
    International Conference on Automated Software Engineering (ASE 2018)
    September 3-7, 2018, Montpellier, France

  130. End-to-End Automated Exploit Generation for Validating the Security of Processor Designs
    Rui Zhang, Calvin Deutschbein, Peng Huang, Cynthia Sturton
    IEEE/ACM International Symposium on Microarchitecture (MICRO 2018)
    October 20-24, 2018, Fukuoka, Japan
    Coppelia is available here.

  131. Automata Learning for Symbolic Execution
    Bernhard K. Aichernig, Roderick Bloem, Masoud Ebrahimi, Martin Tappler, Johannes Winter
    Formal Methods in Computer Aided Design (FMCAD 2018)
    October 30 - November 2, 2018, Austin, USA

  132. Adversarial Symbolic Execution for Detecting Concurrency-Related Cache Timing Leaks
    Shengjian Guo, Meng Wu, Chao Wang
    Joint meeting of the European Software Engineering Conference and the Symposium on the Foundations of Software Engineering (ESEC/FSE 2018)
    November 4-9, 2018, Lake Buena Vista, USA

  133. Symbolic Execution with Existential Second-Order Constraints
    Sergey Mechtaev, Alberto Griggio, Alessandro Cimatti, Abhik Roychoudhury
    Joint meeting of the European Software Engineering Conference and the Symposium on the Foundations of Software Engineering (ESEC/FSE 2018)
    November 4-9, 2018, Lake Buena Vista, USA

  134. Interoperability-Guided Testing of QUIC Implementations using Symbolic Execution
    Felix Rath, Daniel Schemmel, Klaus Wehrle
    Workshop on the Evolution, Performance, and Interoperability of QUIC (EPIQ 2018)
    December 4, 2018, Heraklion, Greece

  135. Boost Symbolic Execution Using Dynamic State Merging and Forking
    Chao Zhang Weiliang Yin Zhiqiang Lin
    International Workshop on Quantitative Approaches to Software Quality (QuASoQ 2018)
    December 4, 2018, Nara, Japan

  136. Quantifying the Information Leakage in Cache Attacks via Symbolic Execution
    Moritz Beck, Ahmed Rezine, Andreas Zeller
    ACM Transactions on Embedded Computing Systems, Volume 18, Issue: 1 (TECS)
    February, 2019

  137. Analyzing Semantic Correctness with Symbolic Execution: A Case Study on PKCS#1 v1.5 Signature Verification
    Sze Yiu Chau, Moosa Yahyazadeh, Omar Chowdhury, Aniket Kate, Ninghui Li
    Network and Distributed System Security Symposium (NDSS 2019)
    February 24-27, 2019, San Diego, USA

  138. Neuro-Symbolic Execution: Augmenting Symbolic Execution with Neural Constraints
    Shen Shiqi, Shweta Shinde, Soundarya Ramesh, Abhik Roychoudhury, Prateek Saxena
    Network and Distributed System Security Symposium (NDSS 2019)
    February 24-27, 2019, San Diego, USA

  139. Compositional Fuzzing Aided by Targeted Symbolic Execution
    Saahil Ognawala, Fabian Kilger, Alexander Pretschner
    arXiv, March 7, 2019

  140. Symbolic Execution based Verification of Compliance with the ISO 26262 Functional Safety Standard
    Mazen Ahmed, Mona Safar
    International Conference on Design and Technology of Integrated Systems in Nanoscale Era (DTIS 2019)
    April 16-18, 2019, Mykonos, Greece

  141. Mimicking User Behavior to Improve In-House Test Suites
    Qianqian Wang, Alessandro Orso
    IEEE/ACM International Conference on Software Engineering (ICSE 2019)
    May 25-31, 2019, Montreal, Canada

  142. Zero-Overhead Path Prediction with Progressive Symbolic Execution
    Richard Rutledge, Sunjae Park, Haider Khan, Alessandro Orso, Milos Prvulovic, Alenka Zajic
    IEEE/ACM International Conference on Software Engineering (ICSE 2019)
    May 25-31, 2019, Montreal, Canada
    pg-klee is available here.

  143. ApproxSymate: Path Sensitive Program Approximation using Symbolic Execution
    Himeshi De Silva, Andrew E. Santosa, Nhut-Minh Ho, Weng-Fai Wong
    ACM International Conference on Languages, Compilers, and Tools for Embedded Systems (LCTES 2019)
    June 23, 2019, Phoenix, USA
    ApproxSymate is available here.

  144. Computing Summaries of String Loops in C for Better Testing and Refactoring
    Timotej Kapus, Oren Ish-Shalom, Shachar Itzhaky, Noam Rinetzky, Cristian Cadar
    ACM Conference on Programming Language Design and Implementation (PLDI 2019)
    June 24-26, 2019, Phoenix, USA

  145. Deferred Concretization in Symbolic Execution via Fuzzing
    Awanish Pandey, Phani Raj Goutham Kotcharlakota, Subhajit Roy
    ACM International Symposium on Software Testing and Analysis (ISSTA 2019)
    July 15-19, 2019, Beijing, China

  146. Verification of Safety Functions Implemented in Rust - a Symbolic Execution based approach
    Marcus Lindner, Nils Fitinghoff, Johan Eriksson, Per Lindgren
    IEEE International Conference on Industrial Informatics (INDIN 2019)
    July 22-25, Helsinki, Finland

  147. SCSE: Boosting Symbolic Execution via State Concretization
    Huibin Wang, Chunqiang Li, Jianyi Meng, Xiaoyan Xiang
    IEICE Transactions on Information and Systems (Issue 8)
    August 2019

  148. A Segmented Memory Model for Symbolic Execution
    Timotej Kapus, Cristian Cadar
    ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2019)
    August 26-30, 2019, Tallin, Estonia
    The implementation is available here.

  149. Target-Driven Compositional Concolic Testing with Function Summary Refinement for Effective Bug Detection
    Yunho Kim, Shin Hong, Moonzoo Kim
    ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2019)
    August 26-30, 2019, Tallin, Estonia

  150. KLEESPECTRE: Detecting Information Leakage through Speculative Cache Attacks via Symbolic Execution
    Guanhua Wang, Sudipta Chattopadhyay, Arnab Kumar Biswas, Tulika Mitra, Abhik Roychoudhury
    arXiv, September 2, 2019
    KLEESpectre is available here.

  151. Constraints in Dynamic Symbolic Execution: Bitvectors or Integers?
    Timotej Kapus, Martin Nowack, Cristian Cadar
    International Conference on Tests and Proofs (TAP 2019)
    October 9-11, 2019, Porto, Portugal

  152. SpecuSym: Speculative Symbolic Execution for Cache Timing Leak Detection
    Shengjian Guo, Yueqi Chen, Peng Li, Yueqiang Cheng, Huibo Wang, Meng Wu, Zhiqiang Zuo
    arXiv, November 4, 2019

  153. Fine-grain Memory Object Representation in Symbolic Execution
    Martin Nowack
    International Conference on Automated Software Engineering (ASE 2019)
    November 10-15, 2019, San Diego, USA

  154. SAVIOR: Towards Bug-Driven Hybrid Testing
    Yaohui Chen, Peng Li, Jun Xu, Shengjian Guo, Rundong Zhou, Yulong Zhang, Taowei, Long Lu
    IEEE Symposium on Security and Privacy (S&P 2020)
    May 18-20, 2020, San Francisco, USA
    SAVIOR is available here.

  155. MEUZZ: Smart Seed Scheduling for Hybrid Fuzzing
    Yaohui Chen, Mansour Ahmadi, Reza Mirzazade farkhani, Boyu Wang, Long Lu
    arXiv, February 20, 2020