On 11/08/2016 06:47 PM, Pádraig Brady wrote:
p.s. These Symbolic Execution techniques are intriguing. Have you any more details.
Thanks for your interest in our techniques. Symbolic Execution is a dynamic analysis method to automatically find bugs by executing a program with symbolic inputs, therefore reasoning about all possible execution paths. We based our work on KLEE [1], a symbolic execution engine, which has previously been used to find memory access violations in the GNU Coreutils suite [2]. We extended KLEE by adding the ability to automatically find unintended non-termination, such as the two bugs we reported on this mailing list. Unfortunately, I cannot share any details right now, as we are currently preparing a publication of our work. I will be happy to follow up once our paper has been published.
[1] http://klee.github.io [2] http://llvm.org/pubs/2008-12-OSDI-KLEE.html Regards, Julian
