English
Related papers

Related papers: Exposing Go's Hidden Bugs: A Novel Concolic Framew…

200 papers

Symbolic execution is a powerful program analysis technique that allows for the systematic exploration of all program paths. Path explosion, where the number of states to track becomes unwieldy, is one of the biggest challenges hindering…

Cryptography and Security · Computer Science 2025-08-12 Joshua Bailey , Charles Nicholas

Software testing is one of the most popular validation techniques in the software industry. Surprisingly, we can only find a few approaches to testing in the context of logic programming. In this paper, we introduce a systematic approach…

Programming Languages · Computer Science 2020-02-19 Fred Mesnard , Étienne Payet , Germán Vidal

In this paper, we present a concolic execution technique for detecting SQL injection vulnerabilities in Android apps, with a new tool we called ConsiDroid. We extend the source code of apps with mocking technique, such that the execution of…

Software Engineering · Computer Science 2019-08-09 Ehsan Edalat , Babak Sadeghiyan , Fatemeh Ghassemi

We introduce `Goxpyriment', a new open-source software framework for programming behavioral and cognitive experiments using the Go programming language. The library is designed to address some limitations of existing Python-based experiment…

Neurons and Cognition · Quantitative Biology 2026-04-17 Christophe Pallier , Julie Bonnaire , Marie-France Fourcade

We propose a symbolic execution method for analyzing the safety of software under fault attacks both accurately and efficiently. Fault attacks leverage physically injected hardware faults in an embedded system to break the safety of a…

Software Engineering · Computer Science 2026-04-27 Yuzhou Fang , Chenyu Zhou , Jingbo Wang , Chao Wang

In Go, the widespread adoption of open-source software has led to a flourishing ecosystem of third-party dependencies, which are often integrated into critical systems. However, the reuse of dependencies introduces significant supply chain…

Cryptography and Security · Computer Science 2025-09-05 Carmine Cesarano , Vivi Andersson , Roberto Natella , Martin Monperrus

The effectiveness of concolic testing deteriorates as the size of programs increases. A promising way out is to test programs modularly, e.g., on a per function or class basis. Alas, this idea hits a roadblock in modern programming…

Programming Languages · Computer Science 2020-06-23 Shu-Hung You , Robert Bruce Findler , Christos Dimoulas

For all the successes in verifying low-level, efficient, security-critical code, little has been said or studied about the structure, architecture and engineering of such large-scale proof developments. We present the design, implementation…

Programming Languages · Computer Science 2023-07-10 Son Ho , Aymeric Fromherz , Jonathan Protzenko

Instruction set randomization (ISR) was initially proposed with the main goal of countering code-injection attacks. However, ISR seems to have lost its appeal since code-injection attacks became less attractive because protection mechanisms…

Cryptography and Security · Computer Science 2017-03-09 Dean Sullivan , Orlando Arias , David Gens , Lucas Davi , Ahmad-Reza Sadeghi , Yier Jin

Many types of formal verification establish properties about abstract high-level program representations, leaving a large gap to programs at runtime. Although gaps can sometimes be narrowed by techniques such as refinement, a verified…

Logic in Computer Science · Computer Science 2025-03-19 Karl Palmskog , Andreas Lindner , Scott Constable , Roberto Guanciale , Hamed Nemati

Directed fuzzing is a critical technique in cybersecurity, targeting specific sections of a program. This approach is essential in various security-related domains such as crash reproduction, patch testing, and vulnerability detection.…

Cryptography and Security · Computer Science 2025-05-28 Jia Li , Jiacheng Shen , Yuxin Su , Michael R. Lyu

Golang (also known as Go for short) has become popular in building concurrency programs in distributed systems. As the unique features, Go employs lightweight Goroutines to support highly parallelism in user space. Moreover, Go leverages…

Programming Languages · Computer Science 2022-01-27 Chongxin Zhong , Qidong Zhao , Xu Liu

Symbolic execution is an SMT-based software verification and testing technique. Symbolic execution requires tracking performed computations during software simulation to reason about branches in the software under test. The prevailing…

Software Engineering · Computer Science 2025-05-27 Sören Tempel , Tobias Brandt , Christoph Lüth , Christian Dietrich , Rolf Drechsler

Recently, Graph Neural Network (GNN)-based vulnerability detection systems have achieved remarkable success. However, the lack of explainability poses a critical challenge to deploy black-box models in security-related domains. For this…

Cryptography and Security · Computer Science 2024-01-29 Sicong Cao , Xiaobing Sun , Xiaoxue Wu , David Lo , Lili Bo , Bin Li , Wei Liu

Hybrid systems exhibit both continuous and discrete behavior. Analyzing hybrid systems is known to be hard. Inspired by the idea of concolic testing (of programs), we investigate whether we can combine random sampling and symbolic execution…

Software Engineering · Computer Science 2016-09-01 Pingfan Kong , Yi Li , Xiaohong Chen , Jun Sun , Meng Sun , Jingyi Wang

Zero-knowledge (ZK) proof systems have emerged as a promising solution for building security-sensitive applications. However, bugs in ZK applications are extremely difficult to detect and can allow a malicious party to silently exploit the…

Cryptography and Security · Computer Science 2023-04-19 Junrui Liu , Ian Kretz , Hanzhi Liu , Bryan Tan , Jonathan Wang , Yi Sun , Luke Pearson , Anders Miltner , Işıl Dillig , Yu Feng

Control flow in unstructured programs can be complex and dynamic, which makes static analysis difficult. Yet, automated reasoning about unstructured control flow is important when certifying properties of binary (machine) code in…

Programming Languages · Computer Science 2026-01-15 Andreas Lindner , Karl Palmskog , Scott Constable , Mads Dam , Roberto Guanciale , Hamed Nemati

This paper describes a static verification framework for the message-passing fragment of the Go programming language. Our framework extracts models that over-approximate the message-passing behaviour of a program. These models, or…

Programming Languages · Computer Science 2020-04-06 Nicolas Dilley , Julien Lange

Code generation systems have been extensively developed in recent years to generate source code based on natural language instructions. However, despite their advancements, these systems still face robustness issues where even slightly…

Software Engineering · Computer Science 2023-08-28 Ming Yan , Junjie Chen , Jie M. Zhang , Xuejie Cao , Chen Yang , Mark Harman

Model-sharing platforms, such as Hugging Face, ModelScope, and OpenCSG, have become central to modern machine learning development, enabling developers to share, load, and fine-tune pre-trained models with minimal effort. However, the…

Software Engineering · Computer Science 2026-01-21 Mohammed Latif Siddiq , Tanzim Hossain Romel , Natalie Sekerak , Beatrice Casey , Joanna C. S. Santos