@inproceedings{aboughadareh12dynamic,
author = {Shabnam Aboughadareh and Christoph Csallner and Mehdi Azarmi},
title = {Dynamic analysis of evasive modular malware},
booktitle = {28th Annual Computer Security Applications Conference (ACSAC),
Works In Progress (WiP) Track},
year = 2012,
month = dec,
summary = {Dynamic malware analysis is hard as kernel-level malware may manipulate
kernel data and thereby derail malware analysis. To address this problem
we propose a kernel data duplication scheme that redirects
malware to a copy of the kernel data and thus shields the kernel data
used by all other applications from malicious manipulation.},
paper = {http://ranger.uta.edu/~csallner/papers/aboughadareh12dynamic.pdf},
slides = {http://ranger.uta.edu/~csallner/papers/aboughadareh12dynamic-shabnam.pdf}
}
@inproceedings{aboughadareh13poster,
author = {Shabnam Aboughadareh and Christoph Csallner and Mehdi Azarmi},
title = {Poster: Automatic profiling of evasive mixed-mode malware with {SEMU}},
booktitle = {33rd IEEE Symposium on Security and Privacy (Oakland), Poster session},
year = 2013,
month = may,
summary = {We describe a combination of user- and kernel-mode malware
that can subvert state-of-the-art dynamic malware analysis techniques,
such as those built on the popular TEMU and Ether analysis frameworks.
We present an alternative malware analysis framework, SEMU, which cannot
be subverted by such attacks as it performs whole-system analysis
outside the analyzed (guest) OS.},
paper = {http://ranger.uta.edu/~csallner/papers/aboughadareh13poster.pdf}
}
@inproceedings{aboughadareh14mixed,
author = {Shabnam Aboughadareh and Christoph Csallner and Mehdi Azarmi},
title = {Mixed-mode malware and its analysis},
booktitle = {Proc. 4th Program Protection and Reverse Engineering
Workshop (PPREW)},
year = 2014,
month = dec,
pages = {1:1--1:12},
publisher = {ACM},
summary = {Mixed-mode malware performs interdependent user- and
kernel-level actions. Analyzing such malware requires a whole-system
analysis that operates completely outside the malware's domain.
We describe several mixed-mode malware samples and our mixed-mode
malware analysis tool SEMU.
Received the {\bf Best Paper Award}.},
award = {http://ranger.uta.edu/~csallner/papers/aboughadareh14mixed-Award.jpg},
paper = {http://ranger.uta.edu/~csallner/papers/aboughadareh14mixed.pdf},
doi_url = {http://doi.acm.org/10.1145/2689702.2689703},
overview = {http://ranger.uta.edu/~csallner/papers/aboughadareh14mixed_Overview.pptx}
}
@inproceedings{Aboughadareh16Detecting,
author = {Shabnam Aboughadareh and Christoph Csallner},
title = {Detecting rootkits with the {RAI} runtime application
inventory},
booktitle = {Proc. 6th Workshop on Software Security, Protection, and
Reverse Engineering (SSPREW)},
year = 2016,
month = dec,
summary = {RAI monitors which precise code binaries are running on which
machines, without having to restart the monitored applications. This is
challenging, since the shape of binaries frequently changes in memory
at runtime (e.g., due to an ongoing malware attack) and legacy machines
often do not have advanced hardware features such as TPM.
TDOIM applies RAI to detect rootkits at runtime.},
pages = {3:1--3:12},
publisher = {ACM},
slides = {http://ranger.uta.edu/~csallner/papers/Aboughadareh16Detecting-shabnam.pdf},
paper = {http://ranger.uta.edu/~csallner/papers/Aboughadareh16Detecting.pdf},
doi_url = {http://doi.acm.org/10.1145/3015135.3015138},
overview = {http://ranger.uta.edu/~csallner/papers/Aboughadareh16Detecting_Overview.pptx}
}
@inproceedings{Chowdhury18SLforge,
author = {Shafiul Azam Chowdhury and Soumik Mohian and Sidharth Mehra and Siddhant Gawsane and Taylor T. Johnson and Christoph Csallner},
title = {Automatically finding bugs in a commercial cyber-physical system development tool chain with {SLforge}},
booktitle = {Proc. 40th ACM/IEEE International Conference on Software Engineering (ICSE)},
year = {2018},
month = may,
publisher = {ACM},
pages = {981--992},
summary = {We build the first large collection of public MathWorks
Simulink models. We use these models to guide our new random
Simulink model generator SLforge, which also uses semi-formal
Simulink tool specifications. SLforge found 8 new confirmed
Simulink bugs.},
paper = {http://ranger.uta.edu/~csallner/papers/Chowdhury18SLforge.pdf},
slides = {http://ranger.uta.edu/~csallner/papers/Chowdhury18SLforge_Slides.pptx},
extended_slides = {http://ranger.uta.edu/~csallner/papers/Chowdhury18SLforge_Extended.pptx},
tool_url = {https://github.com/verivital/slsf_randgen/wiki},
doi_url = {http://doi.acm.org/10.1145/3180155.3180231}
}
@inproceedings{Chowdhury18Curated,
author = {Shafiul Azam Chowdhury and Lina Sera Varghese and Soumik Mohian and Taylor T. Johnson and Christoph Csallner},
title = {A curated corpus of {Simulink} models for model-based empirical studies},
booktitle = {Proc. 4th International Workshop on Software Engineering for
Smart Cyber-Physical Systems (SEsCPS)},
year = {2018},
month = may,
publisher = {ACM},
pages = {45--48},
summary = {This paper presents a corpus of over 1,000 freely available MathWorks Simulink models.},
paper = {http://ranger.uta.edu/~csallner/papers/Chowdhury18Curated.pdf},
slides = {http://ranger.uta.edu/~csallner/papers/Chowdhury18Curated_Slides.pptx},
tool_url = {https://github.com/verivital/slsf_randgen/wiki},
doi_url = {http://doi.acm.org/10.1145/3196478.3196484}
}
@inproceedings{Chowdhury17Demo,
author = {Shafiul Azam Chowdhury and Taylor T. Johnson and Christoph Csallner},
title = {Demo: Fuzzing cyber-physical system development environments with {CyFuzz}},
booktitle = {20th ACM International Conference on Hybrid Systems: Computation and
Control, Demo track},
year = 2017,
month = apr,
summary = {This is a demonstration of our CyFuzz tool for finding bugs in
cyber-physical system development environments, i.e., Simulink.},
tool_url = {https://github.com/verivital/slsf_randgen/wiki},
paper = {http://ranger.uta.edu/~csallner/papers/Chowdhury17Demo.pdf}
}
@inproceedings{Chowdhury16CyFuzz,
author = {Shafiul Azam Chowdhury and Taylor T. Johnson and Christoph Csallner},
title = {{CyFuzz}: A differential testing framework for cyber-physical systems
development environments},
booktitle = {Proc. 6th Workshop on Design, Modeling and Evaluation of Cyber
Physical Systems (CyPhy)},
year = 2016,
month = oct,
publisher = {Springer},
pages = {46--60},
summary = {CyFuzz generates random cyber-physical system design models
for the widely used MathWorks Simulink toolchain. CyFuzz compares
simulation results under different Simulink configurations and has
thereby independently reproduced a Simulink bug.},
tool_url = {https://github.com/verivital/slsf_randgen/wiki},
paper = {http://ranger.uta.edu/~csallner/papers/Chowdhury16CyFuzz.pdf},
slides = {http://ranger.uta.edu/~csallner/papers/Chowdhury16CyFuzz_Shafiul.pptx},
doi_url = {https://doi.org/10.1007/978-3-319-51738-4_4}
}
@inproceedings{csallner03fundexplorer,
author = {Christoph Csallner and Marcus Handte and Othmar Lehmann and John Stasko},
title = {{FundExplorer}: Supporting the diversification of mutual fund portfolios using {C}ontext {T}reemaps},
booktitle = {Proc. 9th IEEE Symposium on Information Visualization (InfoVis)},
year = 2003,
month = oct,
pages = {203--208},
publisher = {IEEE},
summary = {FundExplorer distorts a treemap to visualize
positive values and zeros.},
mpeg = {ftp://ftp.cc.gatech.edu/pub/people/stasko/movies/fundexp-infovis03.mpg},
paper = {http://ranger.uta.edu/~csallner/papers/csallner03fundexplorer.pdf},
doi_url = {https://doi.org/10.1109/INFVIS.2003.1249027}
}
@article{csallner04jcrasher,
author = {Christoph Csallner and Yannis Smaragdakis},
title = {{JCrasher}: An automatic robustness tester for {Java}},
journal = {Software---Practice \& Experience},
year = 2004,
month = sep,
volume = 34,
number = 11,
pages = {1025--1050},
summary = {JCrasher generates random test cases by chaining object constructors.
It filters test case execution and presents only those that expose a bug or
lack of robustness.
It also enables JUnit to efficiently undo the changes a test case has
done to testee class fields.},
paper = {http://ranger.uta.edu/~csallner/papers/csallner04jcrasher.pdf},
tool_url = {http://ranger.uta.edu/~csallner/jcrasher/index.html},
doi_url = {https://doi.org/10.1002/spe.602}
}
@inproceedings{csallner05check,
author = {Christoph Csallner and Yannis Smaragdakis},
title = {{Check} 'n' {Crash}: Combining static checking and testing},
booktitle = {Proc. 27th ACM/IEEE International Conference on Software Engineering (ICSE)},
year = 2005,
month = may,
pages = {422--431},
publisher = {ACM},
summary = {Check 'n' Crash uses ESC/Java to statically search for problems like
null dereference, illegal type cast, or illegal array manipulation.
Check 'n' Crash compiles ESC's results to JUnit test cases and executes them
to filter out ESC's false positives.},
paper = {http://ranger.uta.edu/~csallner/papers/csallner05check.pdf},
slides = {http://ranger.uta.edu/~csallner/papers/csallner05check_Slides.pdf},
tool_url = {http://ranger.uta.edu/~csallner/cnc/index.html},
doi_url = {http://doi.acm.org/10.1145/1062455.1062533}
}
@inproceedings{csallner06dynamically,
author = {Christoph Csallner and Yannis Smaragdakis},
title = {Dynamically discovering likely interface invariants},
booktitle = {Proc. 28th ACM/IEEE International Conference on Software Engineering (ICSE),
Emerging Results Track},
year = 2006,
month = may,
publisher = {ACM},
pages = {861--864},
summary = {We propose a two-pass algorithm to support interfaces
and method overriding in dynamic invariant detection.
The first pass associates a method call with the method executed and
all methods it overrides up to and including the static receiver to
derive the methods' preconditions.
The second pass associates a method call with every supertype whose
precondition is met to derive non-conflicting postconditions.},
paper = {http://ranger.uta.edu/~csallner/papers/csallner06dynamically.pdf},
doi_url = {http://doi.acm.org/10.1145/1134435}
}
@inproceedings{csallner06dsd-crasher,
author = {Christoph Csallner and Yannis Smaragdakis},
title = {{DSD}-{C}rasher: A hybrid analysis tool for bug finding},
booktitle = {Proc. ACM SIGSOFT International Symposium on Software
Testing and Analysis (ISSTA)},
year = 2006,
month = jul,
pages = {245--254},
publisher = {ACM},
summary = {DSD-Crasher first uses
Daikon to capture the subject's intended execution behavior,
then statically analyzes this restricted domain with ESC/Java,
and finally lets Check 'n' Crash generate and execute concrete
test-cases to verify the results of ESC/Java.
Received an {\bf ACM SIGSOFT Distinguished Paper Award}.},
tool_url = {http://ranger.uta.edu/~csallner/dsd-crasher/index.html},
award = {https://www.sigsoft.org/awards/distinguishedPaperAward.html},
paper = {http://ranger.uta.edu/~csallner/papers/csallner06dsd-crasher.pdf},
slides = {http://ranger.uta.edu/~csallner/papers/csallner06dsd-crasher_Slides.pdf},
doi_url = {http://doi.acm.org/10.1145/1146238.1146267}
}
@article{csallner08dsd-crasher,
author = {Christoph Csallner and Yannis Smaragdakis and Tao Xie},
title = {{DSD}-{C}rasher: A hybrid analysis tool for bug finding},
journal = {ACM Transactions on Software Engineering and Methodology (TOSEM)},
year = 2008,
month = apr,
pages = {1--37},
volume = {17},
number = {2},
summary = {This is a superset of our earlier ISSTA 2006 paper on DSD-Crasher,
adding a high-level overview, experiments with subjects from the
software-artifact infrastructure repository (SIR), more related work,
and a discussion on increasing code coverage by reasoning about
implicit control flow branches.},
tool_url = {http://ranger.uta.edu/~csallner/dsd-crasher/index.html},
paper = {http://ranger.uta.edu/~csallner/papers/csallner08dsd-crasher.pdf},
doi_url = {http://doi.acm.org/10.1145/1348250.1348254}
}
@inproceedings{csallner08dysy,
author = {Christoph Csallner and Nikolai Tillmann and Yannis Smaragdakis},
title = {{DySy}: Dynamic symbolic execution for invariant inference},
booktitle = {Proc. 30th ACM/IEEE International Conference on
Software Engineering (ICSE)},
year = 2008,
month = may,
pages = {281--290},
publisher = {ACM},
summary = {DySy uses the concolic execution system Pex to detect invariants in arbitrary
.Net programs. DySy can derive much better targeted invariants than previous, template-based
approaches, such as Daikon.},
paper = {http://ranger.uta.edu/~csallner/papers/csallner08dysy.pdf},
doi_url = {http://doi.acm.org/10.1145/1368088.1368127}
}
@phdthesis{csallner08combining,
author = {Christoph Csallner},
title = {Combining over- and under-approximating program analyses for
automatic software testing},
school = {Georgia Tech},
year = 2008,
month = aug,
summary = {An existing static program analysis that
over-approximates the execution paths of the analyzed program
can be made more precise for automatic testing in an
object-oriented programming language, by
combining the over-approximating analysis with
usage-observing and under-approximating analyses.
This summarizes the DSD-Crasher, Check 'n' Crash, and JCrasher work.
Unpublished material includes a critical review of the performed
evaluation, lessons learnt, and how to generalize the approach.},
tool_url = {http://ranger.uta.edu/~csallner/dsd-crasher/index.html},
paper = {http://ranger.uta.edu/~csallner/papers/csallner08combining.pdf},
doi_url = {http://hdl.handle.net/1853/24764}
}
@inproceedings{csallner11new,
author = {Christoph Csallner and Leonidas Fegaras and Chengkai Li},
title = {New Ideas Track: Testing {MapReduce}-style programs},
booktitle = {Proc. 19th ACM SIGSOFT Symposium on the Foundations of
Software Engineering (FSE), New Ideas Track},
year = 2011,
month = sep,
pages = {504--507},
publisher = {ACM},
paper = {http://ranger.uta.edu/~csallner/papers/csallner11new.pdf},
slides = {http://ranger.uta.edu/~csallner/papers/csallner11new_Slides.pptx},
poster = {http://ranger.uta.edu/~csallner/papers/csallner11new_Poster.pptx},
doi_url = {http://doi.acm.org/10.1145/2025113.2025204},
summary = {We formalize a MapReduce-specific correctness condition
that all MapReduce applications have to satisfy, in order to be
free of a certain class of bugs. To detect such bugs, we then
design a technique that encodes the correctness condition as
symbolic program constraints, checks them via dynamic symbolic
execution, and generates corresponding test cases.}
}
@article{Csallner17Inside,
author = {Christoph Csallner},
title = {Inside the fight against malware attacks},
journal = {The Conversation},
year = 2017,
month = aug,
url = {https://theconversation.com/inside-the-fight-against-malware-attacks-81433},
summary = {This article, edited by Jeff Inglis at The Conversation, is
a newspaper-compatible introduction to malware analysis and Shabnam's
dynamic malware analysis tool SEMU.}
}
@inproceedings{grechanik10is,
author = {Mark Grechanik and Christoph Csallner and Chen Fu and Qing Xie},
title = {Is data privacy always good for software testing?},
booktitle = {Proc. 21st IEEE International Symposium on Software
Reliability Engineering (ISSRE)},
year = 2010,
month = nov,
pages = {368--377},
publisher = {IEEE},
summary = {Software testing interacts with data anonymization in
surprising ways. For example, increasing data anonymity to protect data
during testing can drastically decrease test coverage. One problem
is that current anonymization techniques do not take into account how the
application under test actually uses the data. We therefore
propose to guide data anonymization techniques with program analysis.
Received the {\bf Best Paper Award}.},
paper = {http://ranger.uta.edu/~csallner/papers/grechanik10is.pdf},
award = {http://ranger.uta.edu/~csallner/papers/grechanik10is_Award.pdf},
doi_url = {https://doi.org/10.1109/ISSRE.2010.13}
}
@inproceedings{hussain10dynamic,
author = {Ishtiaque Hussain and Christoph Csallner},
title = {Dynamic symbolic data structure repair},
booktitle = {Proc. 32nd ACM/IEEE International Conference on Software
Engineering (ICSE), Volume 2,
Emerging Results Track},
year = 2010,
month = may,
pages = {215--218},
publisher = {ACM},
summary = {We motivate how dynamic symbolic techniques enable
generic repair to support a wider range of correctness conditions
and present DSDSR, a novel repair algorithm based on
dynamic symbolic execution. We implement the algorithm
for Java and report initial empirical results to demonstrate
the promise of our approach for generic repair.},
paper = {http://ranger.uta.edu/~csallner/papers/hussain10dynamic.pdf},
slides = {http://ranger.uta.edu/~csallner/papers/hussain10dynamic_Ishtiaque.pptx},
doi_url = {http://doi.acm.org/10.1145/1810295.1810333}
}
@inproceedings{hussain10dsdsr,
author = {Ishtiaque Hussain and Christoph Csallner},
title = {{DSDSR}: A tool that uses dynamic symbolic execution for data structure repair},
booktitle = {Proc. 8th International Workshop on Dynamic Analysis (WODA)},
year = 2010,
month = jul,
publisher = {ACM},
pages = {20--25},
summary = {This paper discusses the implementation of our dynamic
symbolic data structure repair tool, DSDSR. We provide initial
empirical results of applying DSDSR on different formulations of
the same correctness condition and compare DSDSR with a
state-of-the-art tool, Juzi.},
paper = {http://ranger.uta.edu/~csallner/papers/hussain10dsdsr.pdf},
doi_url = {http://doi.acm.org/10.1145/1868321.1868325}
}
@inproceedings{hussain12evaluating,
author = {Ishtiaque Hussain and Christoph Csallner and Mark Grechanik
and Chen Fu and Qing Xie and Sangmin Park and Kunal Taneja and
B.M. Mainul Hossain},
title = {Evaluating program analysis and testing tools with the {RUGRAT}
random benchmark application generator},
booktitle = {Proc. 10th International Workshop on Dynamic Analysis (WODA)},
year = 2012,
month = jul,
pages = {1--6},
publisher = {ACM},
summary = {RUGRAT aims at generating random benchmark applications for
evaluating program analysis and testing tools. The RUGRAT prototype can
automatically generate large Java applications that consist of a
user-specified mix of Java language features such as iteration,
recursion, and the use of deep subtype hierarchies.},
tool_url = {https://sites.google.com/site/rugratproject/},
slides = {http://ranger.uta.edu/~csallner/papers/hussain12evaluating-Ishtiaque.pdf},
paper = {http://ranger.uta.edu/~csallner/papers/hussain12evaluating.pdf},
doi_url = {http://doi.acm.org/10.1145/2338966.2336798}
}
@article{hussain16rugrat,
author = {Ishtiaque Hussain and Christoph Csallner and Mark Grechanik
and Qing Xie and Sangmin Park and Kunal Taneja and
B.M. Mainul Hossain},
title = {{RUGRAT}: Evaluating program analysis and testing tools and
compilers with large generated random benchmark applications},
journal = {Software---Practice \& Experience},
year = 2016,
month = mar,
volume = 46,
number = 3,
pages = {405--431},
summary = {This article extends our earlier WODA 2012 paper on RUGRAT.
This article explores the computational resources RUGRAT requires,
uses RUGRAT to benchmark Java source-to-bytecode compilers, and
compares RUGRAT benchmarking results to a baseline of
benchmarking with handwritten programs.},
tool_url = {https://sites.google.com/site/rugratproject/},
paper = {http://ranger.uta.edu/~csallner/papers/hussain16rugrat.pdf},
doi_url = {https://doi.org/10.1002/spe.2290}
}
@article{islam14generating,
author = {Mainul Islam and Christoph Csallner},
title = {Generating test cases for programs that are coded against
interfaces and annotations},
journal = {ACM Transactions on Software Engineering and Methodology (TOSEM)},
year = 2014,
volume = 23,
number = 3,
month = may,
pages = {21:1--21:38},
summary = {Some code can only be invoked and tested with instances of
classes that don't yet exist. However state-of-the-art test case
generators such as Randoop and Pex do not generate such classes and
therefore cannot cover such code. This article extends our WODA 2010
paper on generating (mock) classes during dynamic symbolic execution.
This article adds a survey of third-party applications and extends the
approach to generating annotations. Our implementation in Dsc covered
code that state-of-the-art tools could not cover.},
paper = {http://ranger.uta.edu/~csallner/papers/islam14generating.pdf},
doi_url = {http://doi.acm.org/10.1145/2544135}
}
@inproceedings{islam10dsc+mock,
author = {Mainul Islam and Christoph Csallner},
title = {Dsc+{Mock}: A test case + mock class generator in support of coding against interfaces},
booktitle = {Proc. 8th International Workshop on Dynamic Analysis (WODA)},
year = 2010,
month = jul,
publisher = {ACM},
pages = {26--31},
summary = {Dsc+Mock is a dynamic symbolic test case generator that can
reason about type constraints and can generate mock classes that
satisfy such constraints. Our prototype implementation achieved
higher code coverage than related test case generators that do not
generate mock classes, such as Pex.},
tool_url = {http://ranger.uta.edu/~csallner/dsc/index.html},
paper = {http://ranger.uta.edu/~csallner/papers/islam10dsc+mock.pdf},
doi_url = {http://doi.acm.org/10.1145/1868321.1868326}
}
@inproceedings{li10dynamic,
author = {Chengkai Li and Christoph Csallner},
title = {Dynamic symbolic database application testing},
booktitle = {Proc. 3rd International Workshop on Testing Database Systems (DBTest)},
year = 2010,
month = jun,
publisher = {ACM},
summary = {We use dynamic symbolic execution to obtain a program
path-condition. We then use this path-condition as a database query.},
paper = {http://ranger.uta.edu/~csallner/papers/li10dynamic.pdf},
doi_url = {http://doi.acm.org/10.1145/1838126.1838133}
}
@inproceedings{li12residual,
author = {Kaituo Li and Christoph Reichenbach and Christoph Csallner
and Yannis Smaragdakis},
title = {Residual investigation: Predictive and precise bug detection},
booktitle = {Proc. ACM SIGSOFT International Symposium on Software
Testing and Analysis (ISSTA)},
year = 2012,
month = jul,
pages = {298--308},
publisher = {ACM},
summary = {Static bug detectors such as FindBugs produce false warnings.
This paper describes RFBI, the Residual FindBugs Investigator. RFBI
investigates each FindBugs warning for code location A with a set of
residual dynamic analyses at code locations B to Z, such that a
dynamic warning at code location X provides additional evidence that
the static warning at code location A is likely a true warning.
Received an {\bf ACM SIGSOFT Distinguished Paper Award}.},
award = {http://ranger.uta.edu/~csallner/papers/li12residual_Award.pdf},
paper = {http://ranger.uta.edu/~csallner/papers/li12residual.pdf},
doi_url = {http://doi.acm.org/10.1145/2338965.2336789}
}
@inproceedings{li13sedge,
author = {Kaituo Li and Christoph Reichenbach and Yannis Smaragdakis
and Yanlei Diao and Christoph Csallner},
title = {{SEDGE}: Symbolic example data generation for dataflow programs},
booktitle = {Proc. 28nd IEEE/ACM International Conference on Automated Software
Engineering (ASE)},
year = 2013,
month = nov,
pages = {235--245},
publisher = {IEEE},
summary = {Dynamic symbolic execution has traditionally been used on
assembly code (e.g., x86) as well as procedural (i.e., C) and
object-oriented programs (i.e., Java and C#).
SEDGE adapts dynamic symbolic execution to the dataflow programming
language Pig Latin. While Pig Latin programs are typically compiled
to Hadoop MapReduce programs, SEDGE analyzes dataflow programs
directly. In our experiments this yielded better results than either
analyzing the generated MapReduce programs or using the most closely
related test case generator for Pig Latin.},
tool_url = {https://github.com/kaituo/sedge},
paper = {http://ranger.uta.edu/~csallner/papers/li13sedge.pdf},
doi_url = {https://doi.org/10.1109/ASE.2013.6693083}
}
@article{li14residual,
author = {Kaituo Li and Christoph Reichenbach and Christoph Csallner
and Yannis Smaragdakis},
title = {Residual investigation: Predictive and precise bug detection},
journal = {ACM Transactions on Software Engineering and Methodology (TOSEM)},
year = 2014,
month = dec,
volume = 24,
number = 2,
pages = {7:1--7:32},
publisher = {ACM},
summary = {This is a superset of our earlier ISSTA 2012 paper on
residual investigation. The article adds more experiments on applying
residual investigation to FindBugs (RFBI), describes the
implementation complexity of RFBI, and applies residual investigation
in a new context, i.e., static race detection.},
paper = {http://ranger.uta.edu/~csallner/papers/li14residual.pdf},
doi_url = {http://doi.acm.org/10.1145/2656201}
}
@inproceedings{Natarajan18P2A,
author = {Siva Natarajan and Christoph Csallner},
title = {{P2A}: A tool for converting pixels to animated mobile application user interfaces},
booktitle = {Proc. 5th IEEE/ACM International Conference on Mobile Software Engineering and Systems (MOBILESoft)},
year = 2018,
month = may,
publisher = {ACM},
pages = {224--235},
summary = {P2A takes as input a set of screen design bitmaps
(e.g., screenshots of an Android or iPhone app) and converts them to
native app code (i.e., for Android), complete with inter-screen
transitions and in-screen animations. P2A is implemented on top
of REMAUI.},
paper = {http://ranger.uta.edu/~csallner/papers/Natarajan18P2A.pdf},
slides = {http://ranger.uta.edu/~csallner/papers/Natarajan18P2A_Slides.pptx},
doi_url = {http://doi.acm.org/10.1145/3197231.3197249}
}
@inproceedings{nguyen12experiment,
author = {Tuan A. Nguyen and Sarker T.A. Rumee and Christoph Csallner and
Nikolai Tillmann},
title = {An experiment in developing small mobile phone applications
comparing on-phone to off-phone development},
booktitle = {Proc. 1st International Workshop on User Evaluation for
Software Engineering Researchers (USER)},
year = 2012,
month = jun,
pages = {9--12},
publisher = {IEEE},
summary = {TouchDevelop represents a radically new mobile application
development model, as TouchDevelop enables mobile application development
on a mobile device. We describe a first experiment on independent,
non-expert subjects to compare programmer productivity using TouchDevelop
vs. using a more traditional approach to mobile application development.},
talk = {http://research.microsoft.com/apps/video/default.aspx?id=169860},
paper = {http://ranger.uta.edu/~csallner/papers/nguyen12experiment.pdf},
overview = {http://ranger.uta.edu/~csallner/papers/nguyen12experiment_Overview.pptx},
doi_url = {https://doi.org/10.1109/USER.2012.6226586}
}
@inproceedings{nguyen13gropg,
author = {Tuan A. Nguyen and Christoph Csallner and Nikolai Tillmann},
title = {{GROPG}: A graphical on-phone debugger},
booktitle = {Proc. 35th ACM/IEEE International Conference on Software Engineering (ICSE),
New Ideas and Emerging Results (NIER) track},
year = 2013,
month = may,
pages = {1189--1192},
publisher = {IEEE},
summary = {GROPG is the first graphical on-phone debugger. Developers can
use GROPG to debug Android phone applications directly on an Android phone.},
paper = {http://ranger.uta.edu/~csallner/papers/nguyen13gropg.pdf},
slides = {http://ranger.uta.edu/~csallner/papers/nguyen13gropg_Slides.pptx},
poster = {http://ranger.uta.edu/~csallner/papers/nguyen13gropg_Poster.pptx},
doi_url = {https://doi.org/10.1109/ICSE.2013.6606675}
}
@inproceedings{nguyen15reverse,
author = {Tuan A. Nguyen and Christoph Csallner},
title = {Reverse engineering mobile application user interfaces with {REMAUI}},
booktitle = {Proc. 30th IEEE/ACM International Conference on Automated Software
Engineering (ASE)},
year = 2015,
month = nov,
publisher = {IEEE},
pages = {248--259},
summary = {When developing a mobile app (e.g., for Android or iOS), a
graphic designer typically designs the app's screens and hands
them to a programmer, who manually recreates the screen designs in
source code. REMAUI is the first technique for automating this
process end-to-end, from design drawings or screenshots to working
UI code that can be compiled and run on a mobile device.
Received an {\bf ACM SIGSOFT Distinguished Paper Award}.},
award = {https://www.sigsoft.org/awards/distinguishedPaperAward.html},
paper = {http://ranger.uta.edu/~csallner/papers/nguyen15reverse.pdf},
slides = {http://ranger.uta.edu/~csallner/papers/nguyen15reverse_Slides.pptx},
doi_url = {https://doi.org/10.1109/ASE.2015.32}
}
@inproceedings{Nguyen17Reoom,
author = {Tuan A. Nguyen and Christoph Csallner},
title = {Reverse engineering object-oriented applications into
high-level domain models with {Reoom}},
booktitle = {39th IEEE/ACM International Conference on Software Engineering
Companion (ICSE-C), Poster track},
year = 2017,
month = may,
publisher = {IEEE},
pages = {311--313},
summary = {This paper makes two observations about how programmers may
be expressing domain concepts (i.e., high-level business concepts) in
object-oriented code. The Reoom tool encodes these observations in a
light-weight static analysis and on four subjects showed overall higher
precision and recall than Womble, the most closely related tool.},
poster = {http://ranger.uta.edu/~csallner/papers/Nguyen17Reoom_Poster.pptx},
paper = {http://ranger.uta.edu/~csallner/papers/Nguyen17Reoom.pdf},
doi_url = {https://doi.org/10.1109/ICSE-C.2017.63}
}
@inproceedings{nivas11managing,
author = {Tuli Nivas and Christoph Csallner},
title = {Managing performance testing with release certification and data correlation},
booktitle = {19th ACM SIGSOFT Symposium on the Foundations of Software
Engineering (FSE), Industry Track},
year = 2011,
month = sep,
summary = {Testing textbooks prescribe writing performance tests against
performance goals. We observe that in practice business analysts may not
be able to specify such performance goals at a level that is detailed
enough for finding subtle performance bugs. We address this issue by
running two different versions of the same application side-by-side in
the same test environment, which allows us to use the performance profile
of the previous version as the detailed performance specification of
the version under test.},
paper = {http://ranger.uta.edu/~csallner/papers/nivas11managing.pdf}
}
@inproceedings{park12carfast,
author = {Sangmin Park
and Ishtiaque Hussain
and Christoph Csallner
and Kunal Taneja
and B.M. Mainul Hossain
and Mark Grechanik
and Chen Fu
and Qing Xie},
title = {{CarFast}: Achieving higher statement coverage faster},
booktitle = {Proc. 20th ACM SIGSOFT International Symposium on the
Foundations of Software Engineering (FSE)},
year = 2012,
month = nov,
publisher = {ACM},
summary = {For a given branching statement encountered during program
execution, CarFast estimates the number of statements that are yet
uncovered but reachable from the respective branch outcomes. With the
symbolic path condition collected during execution, CarFast selects
input values such that a future execution will trigger a branch (path)
that contains a high number of those yet uncovered statements.},
pages = {35:1--35:11},
tool_url = {https://sites.google.com/site/carfastproject/},
paper = {http://ranger.uta.edu/~csallner/papers/park12carfast.pdf},
doi_url = {http://doi.acm.org/10.1145/2393596.2393636}
}
@inproceedings{Ramachandra18Poster,
author = {Nagendra Prasad Ramachandra and Christoph Csallner},
title = {Poster: Testing web-based applications with the voice controlled accessibility
and testing tool ({VCAT})},
booktitle = {Proc. 40th ACM/IEEE International Conference on Software Engineering (ICSE), Poster track},
year = 2018,
month = may,
publisher = {ACM},
summary = {VCAT allows a user to navigate a web page only via voice commands.
VCAT then exports a voice command sequence as a test case for the web page.
The VCAT prototype is a plug-in for a stock Chrome browser and generates
test cases via Selenium.},
pages = {208--209},
paper = {http://ranger.uta.edu/~csallner/papers/Ramachandra18Poster.pdf},
poster = {http://ranger.uta.edu/~csallner/papers/Ramachandra18Poster_Poster.pptx},
tool_url = {https://github.com/prasadkrn83/VCAT},
doi_url = {http://doi.acm.org/10.1145/3183440.3195099}
}
@inproceedings{Shrestha18Complementing,
author = {Sohil L. Shrestha and Saroj Panda and Christoph Csallner},
title = {Complementing machine learning classifiers via dynamic symbolic execution: ``{Human} vs. bot generated'' tweets},
booktitle = {Proc. 6th International Workshop on Realizing Artificial Intelligence Synergies in Software Engineering (RAISE)},
year = {2018},
month = may,
publisher = {ACM},
summary = {This paper argues that program analysis such as dynamic symbolic execution
can be nicely integrated into an existing supervised machine learning pipeline,
to automatically produce additional labeled training samples.},
pages = {15--20},
paper = {http://ranger.uta.edu/~csallner/papers/Shrestha18Complementing.pdf},
slides = {http://ranger.uta.edu/~csallner/papers/Shrestha18Complementing_Slides.pptx}
}
@inproceedings{smaragdakis07combining,
author = {Yannis Smaragdakis and Christoph Csallner},
title = {Combining static and dynamic reasoning for bug detection},
booktitle = {Proc. International Conference on Tests And Proofs (TAP)},
year = 2007,
month = feb,
pages = {1--16},
publisher = {Springer},
series = {LNCS},
volume = {4454},
summary = {This is an invited paper that reviews our bug finding tools:
Check 'n' Crash addresses the language-level unsoundness of static
bug finding tools whereas DSD-Crasher also addresses their user-level unsoundness.
We use a small case study to compare JCrasher, ESC/Java, Check 'n' Crash, and
DSD-Crasher.},
tool_url = {http://ranger.uta.edu/~csallner/dsd-crasher/index.html},
paper = {http://ranger.uta.edu/~csallner/papers/smaragdakis07combining.pdf},
doi_url = {https://doi.org/10.1007/978-3-540-73770-4_1}
}
@inproceedings{smaragdakis07scalable,
author = {Yannis Smaragdakis and Christoph Csallner and Ranjith Subramanian},
title = {Scalable automatic test data generation from modeling diagrams},
booktitle = {Proc. 22nd IEEE/ACM International Conference on Automated Software
Engineering (ASE)},
year = 2007,
month = nov,
pages = {4--13},
publisher = {ACM},
summary = {Object-Role Modeling (ORM) is a popular language for specifying database schemas.
It supports many constraints and is undecidable in general. We pick a restricted
subset of ORM that is decidable in polynomial time and implement a fast automated solver.
We found that our ORM subset covers the vast majority of
constraints used in our sample of over 160 ORM diagrams from industrial practice.
Received the {\bf Best Paper Award}.},
award = {https://www.sigsoft.org/awards/distinguishedPaperAward.html},
paper = {http://ranger.uta.edu/~csallner/papers/smaragdakis07scalable.pdf},
doi = {http://doi.acm.org/10.1145/1321631.1321635}
}
@article{smaragdakis09scalable,
author = {Yannis Smaragdakis and Christoph Csallner and Ranjith Subramanian},
title = {Scalable satisfiability checking and test data generation from modeling diagrams},
journal = {Automated Software Engineering},
year = 2009,
month = mar,
volume = 16,
number = 1,
pages = {73--99},
summary = {This is a superset of our earlier ASE 2007 paper, expanding the treatment of test data
generation. Object-Role Modeling (ORM) is a popular language for specifying database schemas.
It supports many constraints and is undecidable in general. We pick a restricted
subset of ORM that is decidable in polynomial time and implement a fast automated solver.
We found that our ORM subset covers the vast majority of
constraints used in our sample of over 160 ORM diagrams from industrial practice.},
paper = {http://ranger.uta.edu/~csallner/papers/smaragdakis09scalable.pdf},
doi_url = {https://doi.org/10.1007/s10515-008-0044-6}
}
@inproceedings{Süslü18SPEjs,
author = {Sümeyye Süslü and Christoph Csallner},
title = {{SPEjs}: A Symbolic Partial Evaluator for {JavaScript}},
booktitle = {Proc. 1st International Workshop on Advances in Mobile App Analysis (A-Mobile)},
year = 2018,
month = sep,
tool_url = {https://github.com/SumeyyeSuslu/SPEjs},
paper = {http://ranger.uta.edu/~csallner/papers/Süslü18SPEjs.pdf},
slides = {http://ranger.uta.edu/~csallner/papers/Süslü18SPEjs_Slides.pptx},
summary = {The partial evaluator SPEjs implements a symbolic execution engine for JavaScript
and uses Z3 to resolve the feasibility of program execution paths. SPEjs removes some dead
branches that the state-of-the-art partial evaluator Prepack from Facebook so far cannot
remove.},
publisher = {ACM},
pages = {7--12},
doi_url = {http://doi.acm.org/10.1145/3243218.3243220}
}
@inproceedings{wang11combinatorial,
author = {Wenhua Wang and Yu Lei and Donggang Liu and David Kung and
Christoph Csallner and Dazhi Zhang and Raghu Kacker and Rick Kuhn},
title = {A combinatorial approach to detecting buffer overflow vulnerabilities},
booktitle = {Proc. 41st Annual IEEE/IFIP International Conference on
Dependable Systems and Networks (DSN)},
year = 2011,
month = jun,
publisher = {IEEE},
pages = {269--278},
summary = {This paper describes the Tance tool, which found several
new vulnerabilities in well-known open-source C programs.},
paper = {http://ranger.uta.edu/~csallner/papers/wang11combinatorial.pdf},
doi_url = {https://doi.org/10.1109/DSN.2011.5958225}
}
@inproceedings{zhang10detecting,
author = {Dazhi Zhang and Donggang Liu and Yu Lei
and David Kung and Christoph Csallner and Wenhua Wang},
title = {Detecting vulnerabilities in {C} programs using trace-based testing},
booktitle = {Proc. 40th Annual IEEE/IFIP International Conference on
Dependable Systems and Networks (DSN)},
year = 2010,
month = jun,
pages = {241--250},
publisher = {IEEE},
summary = {This paper describes the SecTAC tool, which found several
new vulnerabilities in well-known open-source C programs.},
paper = {http://ranger.uta.edu/~csallner/papers/zhang10detecting.pdf},
doi_url = {https://doi.org/10.1109/DSN.2010.5544310}
}
@article{zhang12simfuzz,
author = {Dazhi Zhang and Donggang Liu and Yu Lei
and David Kung and Christoph Csallner and Nathaniel Nystrom
and Wenhua Wang},
title = {SimFuzz: Test case similarity directed deep fuzzing},
journal = {Journal of Systems and Software (JSS)},
year = 2012,
month = jan,
volume = 85,
number = 1,
pages = {102--111},
summary = {SimFuzz is a black-box fuzzer for C programs that guides
its test case generation with a test case similarity metric.
The metric computes the edit distance between execution paths, where
each path element corresponds to the out-edge of a branching node in the
program's control-flow graph.},
paper = {http://ranger.uta.edu/~csallner/papers/zhang12simfuzz.pdf},
doi_url = {https://doi.org/10.1016/j.jss.2011.07.028}
}
@article{zhang14distributed,
author = {Dazhi Zhang and Donggang Liu and Christoph Csallner and David Kung and
Jeff Lei},
title = {A distributed framework for demand-driven software vulnerability
detection},
journal = {Journal of Systems and Software (JSS)},
year = 2014,
month = jan,
volume = 87,
number = 1,
pages = {60--73},
summary = {While most heavy-weight symbolic program analysis tools are
run before program release, this symbolic analysis framework runs while
the analyzed program is in production use. Whenever a monitored program
encounters an unexplored path, it submits the path to a central
server for symbolic analysis. Analysis results are distributed back to
other clients.},
paper = {http://ranger.uta.edu/~csallner/papers/zhang14distributed.pdf},
doi_url = {https://doi.org/10.1016/j.jss.2013.08.033}
}
@inproceedings{Chowdhury20SLEMI,
author = {Shafiul Azam Chowdhury and Sohil Lal Shrestha and Taylor T. Johnson and Christoph Csallner},
title = {{SLEMI}: Equivalence modulo input ({EMI}) based mutation of {CPS}
models for finding compiler bugs in {Simulink}},
booktitle = {Proc. 42nd ACM/IEEE International Conference on Software Engineering (ICSE)},
year = 2020,
month = may,
publisher = {ACM},
pages = {335--346},
paper = {http://ranger.uta.edu/~csallner/papers/Chowdhury20SLEMI.pdf},
tool_url = {https://github.com/shafiul/slemi},
talk = {https://youtu.be/7rlCvIZy-7Q?t=1837},
summary = {SLEMI speeds up our earlier SLforge random Simulink-model generator and differential testing tool. Instead of generating each Simulink model from scratch, SLEMI can quickly mutate existing models. SLEMI has found 6 new confirmed Simulink bugs.}
}
@inproceedings{Chowdhury20Demo,
author = {Shafiul Azam Chowdhury and Sohil Lal Shrestha and Taylor T. Johnson and Christoph Csallner},
title = {Demo: {SLEMI}: Finding {Simulink} compiler bugs through equivalence modulo input ({EMI})},
booktitle = {Proc. 42nd ACM/IEEE International Conference on Software Engineering (ICSE), Demonstrations Track},
year = 2020,
month = may,
publisher = {ACM},
paper = {http://ranger.uta.edu/~csallner/papers/Chowdhury20Demo.pdf},
talk = {https://youtu.be/oliPgOLT6eY},
tool_url = {https://github.com/shafiul/slemi},
summary = {This is a tool demonstration of SLEMI. The original SLEMI work appears in ICSE 2020 as a technical paper. This paper also adds a new mutation technique that found one additional new confirmed bug in Simulink.}
}
@inproceedings{Mohian20Doodle2App,
author = {Soumik Mohian and Christoph Csallner},
title = {{Doodle2App}: Native app code by freehand {UI} sketching},
booktitle = {Proc. 7th IEEE/ACM International Conference on Mobile
Software Engineering and Systems (MOBILESoft),
Tool Demos and Mobile Apps Track},
year = {2020},
month = may,
publisher = {ACM},
pages = {81--84},
summary = {We trained Doodle2App on thousands of (manually created)
freehand sketches of 20 common Android UI elements. The resulting
website allows users to sketch an Android screen. The website then
converts the sketched screen to Android code that is ready to compile
and run on stock Android phones. In technical terms: We pre-trained a
classifier on 2 million Google "Quick, Draw!" sketches and retrained the
classifier on thousands of sketches collected via Amazon Mechanical Turk.
In some sense the resulting tool is a modern version of SILK
("Sketching Interfaces Like Krazy").},
paper = {http://ranger.uta.edu/~csallner/papers/Mohian20Doodle2App.pdf},
slides = {http://ranger.uta.edu/~csallner/papers/Mohian20Doodle2App_Slides.pptx},
tool_url = {http://pixeltoapp.com/doodle/}
}
@inproceedings{Shrestha20DeepFuzzSL,
author = {Sohil Lal Shrestha and Shafiul Azam Chowdhury and Christoph Csallner},
title = {{DeepFuzzSL}: Generating models with deep learning to find bugs in the {Simulink} toolchain},
booktitle = {Proc. 2nd Workshop on Testing for Deep Learning and Deep Learning for Testing (DeepTest)},
year = 2020,
month = may,
publisher = {ACM},
summary = {When creating development tools for cyber-physical systems,
a big challenge is that there are no full formal specifications for
popular existing tools and languages such as Simulink. To address this
challenge, DeepFuzzSL attempts to learn such a language specification
from existing Simulink sample models, using a LSTM recurrent neural
network.},
tool_url = {https://github.com/50417/DeepFuzzSL},
paper = {http://ranger.uta.edu/~csallner/papers/Shrestha20DeepFuzzSL.pdf},
slides = {http://ranger.uta.edu/~csallner/papers/Shrestha20DeepFuzzSL_Slides.pptx},
talk = {https://youtu.be/DwADkAUr2ys?t=7495}
}
This file was generated by bibtex2html 1.98.