Archived Notes

Symbolic Execution

• A-Survey-of-Symbolic-Execution-Techniques.Paper; Very detailed survey published in 2018, capturing some early works.
• Symbolic-execution-for-software-testing-Three-decades-later.Paper; Just a survey.
• EXE-Automatically-Generating-Inputs-of-Death.Paper; EXE, one of the foundamental research on concolic execution.
• Coyote-C-An-Industrial-Strength-Fully-Automated-Unit-Testing-Tool.Paper; Claims to be fully automated.
• CUTE-A-Concolic-Unit-Testing-Engine-for-C.Paper; CUTE, one of the foundamental research on concolic execution.
• DART-Directed-Automated-Random-Testing.Paper; DART, one of the foundamental research on concolic execution.
• KLEE-unassisted-and-automatic-generation-of-high-coverage-tests-for-complex-systems-programs.Paper; KLEE, one of the foundamental research on concolic execution.
• QSYM-A-practical-concolic-execution-engine-tailored-for-hybrid-fuzzing.Paper; QSYM, super well structured paper, essentially it is optimizing concolic execution with ideas from fuzzing.
• Symbolic-execution-with-SYMCC-dont-interpret-compile.Paper; SymCC, compile rather than interpret!

Kernel Testing

• Leveraging-Binary-Coverage-for-Effective-Generation-Guidance-in-Kernel-Fuzzing.Paper; Proposed the idea of including memory info in metrics for kernel fuzzing.
• Toward-Rigorous-Object-Code-Coverage-Criteria.Paper; Some work on collecting and categorizing assembly instructions that creates branching.
• Discovering-instructions-for-robust-binary-level-coverage-criteria.Paper; More work on collecting and categorizing assembly instructions that creates branching.

Arm Architecture

• A-tour-of-the-ARM-architecture-and-its-Linux-support.Video; A 40 min Youtube video explaining core concepts of ARM architecture.

Bisimulation and Coinduction

• Advanced-Topics-in-Bisimulation-and-Coinduction.Video; A series of Youtube video recording lectures related to bisimulation and coinduction.