[1] Schwartz E J, Avgerinos T, Brumley D. All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution[C]//Proc. of IEEE Symposium on Security and Privacy. Oakland, USA: IEEE Computer Society Press, 2010.
[2] Wang Tielei, Wei Tao, Lin Zhiqiang, et al. Intscope: Automatically Detecting Integer Overflow Vulnerability in X86 Binary Using Symbolic Execution[C]//Proc. of the 16th Network and Distributed System Security Symposium. San Diego, USA: [s. n.], 2009.
[3] Saxena P, Poosankam P, McCamant S, et al. Loop-extended Symbolic Execution on Binary Programs[C]//Proc. of the 18th International Symposium on Software Testing and Analysis. Chicago, USA: ACM Press, 2009.
[4] Tsitovich A, Sharygina N, Wintersteiger C, et al. Loop Summari- zation and Termination Analysis[C]//Proc. of the 17th International Conference on Tools and Algorithms for the Construction and Analysis of System. Saarbrücken, Germany: Springer-Verlag, 2011.
[5] Godefroid P, Luchaup D. Automatic Partial Loop Summarization in Dynamic Test Generation[C]//Proc. of the 20th International Symposium on Software Testing and Analysis. Toronto, Canada: ACM Press, 2011.
[6] Brumley D, Wang Hao, Jha S, et al. Creating Vulnerability Signa- tures Using Weakest Pre-conditions[C]//Proc. of the 20th IEEE Computer Security Foundations Symposium. Venice, Italy: IEEE Computer Society Press, 2007.
[7] Appel A W. Modern Compiler Implementation in C[M]. [S. l.]: Cambridge University Press, 2004.
[8] Ganesh V, Dill D. STP: A Decision Procedure for Bit-vectors and Arrays[C]//Proc. of the 19th International Conference on Computer Aided Verification. Berlin, Germany: Springer-Verlag, 2007.
[9] 王嘉捷, 蒋 凡, 张 涛. 一种多重循环程序内存访问越界检测方法[J]. 中国科学院研究生院学报, 2010, 27(1): 117-126.
[10] Microsoft Corporation. Phoenix[EB/OL]. (2010-10-04). http:// research.microsoft.com/en-us/collaboration/focus/cs/phoenix.aspx. |