EXE: Effective Checking of Complex Software

Date: 
Saturday, February 21, 2009 - 10:44am

UCSB COMPUTER SCIENCE DEPARTMENT PRESENTS:
WEDNESDAY, MARCH 4, 2009
3:30 – 4:30
CS Conference Room, Room 1132

HOST: Tevfik Bultan

SPEAKER: CRISTIAN CADAR
Stanford University

Title: EXE: Effective Checking of Complex Software

Abstract:

We present EXE (EXecution-generated Executions), an effective symbolic
execution-based approach for automatically generating inputs that cover
most statements in real code.
The three EXE tools that we designed automatically generated inputs
exposing serious bugs and security vulnerabilities in a diverse set of
software systems, including file systems, device drivers, packet
filters, networking tools and library code. In addition, we used our
latest tool KLEE to thoroughly check all 89 stand-alone applications in
the GNU Coreutils suite, which form the core user-level environment
installed on millions of UNIX systems, and arguably are the single most
heavily tested set of open-source programs in existence. KLEE generated
test suites achieving on average over 90% line coverage, significantly
beating the coverage of an extensive manual test suite built
incrementally over a period of more than fifteen years.

This is joint work with Dawson Engler, Daniel Dunbar, Junfeng Yang,Vijay
Ganesh, David Dill, Peter Boonstoppel, Peter Pawlowski, Can Sar, Paul
Twohey.

Bio:

Cristian Cadar is a PhD candidate in Computer Science at Stanford
University. His research interests include most aspects related to
software conformance and reliability, and span the areas of software
engineering, program analysis, and computer security. Cristian received
a B.S. in Computer Science, a B.S. in Mathematics, and an M.Eng. in
Computer Science from the Massachusetts Institute of Technology.