csallner.bib

@inproceedings{aboughadareh12dynamic,
  author = {Shabnam Aboughadareh and Christoph Csallner and Mehdi Azarmi},
  title = {Dynamic analysis of evasive modular malware},
  booktitle = {28th Annual Computer Security Applications Conference (ACSAC),
		Works In Progress (WiP) Track},
  year = 2012,
  month = dec,
  summary = {Dynamic malware analysis is hard as kernel-level malware may manipulate 
		kernel data and thereby derail malware analysis. To address this problem
		we propose a kernel data duplication scheme that redirects
		malware to a copy of the kernel data and thus shields the kernel data 
		used by all other applications from malicious manipulation.},
  paper = {http://ranger.uta.edu/~csallner/papers/aboughadareh12dynamic.pdf},
  slides = {http://ranger.uta.edu/~csallner/papers/aboughadareh12dynamic-shabnam.pdf}
}
@inproceedings{aboughadareh13poster,
  author = {Shabnam Aboughadareh and Christoph Csallner and Mehdi Azarmi},
  title = {Poster: Automatic profiling of evasive mixed-mode malware with {SEMU}},
  booktitle = {33rd IEEE Symposium on Security and Privacy (Oakland), Poster session},
  year = 2013,
  month = may,
  summary = {We describe a combination of user- and kernel-mode malware 
		that can subvert state-of-the-art dynamic malware analysis techniques,
		such as those built on the popular TEMU and Ether analysis frameworks.
		We present an alternative malware analysis framework, SEMU, which cannot
		be subverted by such attacks as it performs whole-system analysis
		outside the analyzed (guest) OS.},
  paper = {http://ranger.uta.edu/~csallner/papers/aboughadareh13poster.pdf}
}
@inproceedings{aboughadareh14mixed,
  author = {Shabnam Aboughadareh and Christoph Csallner and Mehdi Azarmi},
  title = {Mixed-mode malware and its analysis},
  booktitle = {Proc. 4th Program Protection and Reverse Engineering 
		Workshop (PPREW)},
  year = 2014,
  month = dec,
  pages = {1:1--1:12},
  publisher = {ACM},
  summary = {Mixed-mode malware performs interdependent user- and 
		kernel-level actions. Analyzing such malware requires a whole-system 
		analysis that operates completely outside the malware's domain.
		We describe several mixed-mode malware samples and our mixed-mode 
		malware analysis tool SEMU.
		Received the {\bf Best Paper Award}.},
  award = {http://ranger.uta.edu/~csallner/papers/aboughadareh14mixed-Award.jpg},
  paper = {http://ranger.uta.edu/~csallner/papers/aboughadareh14mixed.pdf},
  doi_url = {http://doi.acm.org/10.1145/2689702.2689703},
  overview = {http://ranger.uta.edu/~csallner/papers/aboughadareh14mixed_Overview.pptx}
}
@inproceedings{Aboughadareh16Detecting,
  author = {Shabnam Aboughadareh and Christoph Csallner},
  title = {Detecting rootkits with the {RAI} runtime application 
		inventory},
  booktitle = {Proc. 6th Workshop on Software Security, Protection, and 
			Reverse Engineering (SSPREW)},
  year = 2016,
  month = dec,
  summary = {RAI monitors which precise code binaries are running on which 
		machines, without having to restart the monitored applications. This is 
		challenging, since the shape of binaries frequently changes in memory 
		at runtime (e.g., due to an ongoing malware attack) and legacy machines 
		often do not have advanced hardware features such as TPM. 
		TDOIM applies RAI to detect rootkits at runtime.},
  pages = {3:1--3:12},
  publisher = {ACM},
  slides = {http://ranger.uta.edu/~csallner/papers/Aboughadareh16Detecting-shabnam.pdf},
  paper = {http://ranger.uta.edu/~csallner/papers/Aboughadareh16Detecting.pdf},
  doi_url = {http://doi.acm.org/10.1145/3015135.3015138},
  overview = {http://ranger.uta.edu/~csallner/papers/Aboughadareh16Detecting_Overview.pptx}
}
@inproceedings{Chowdhury18SLforge,
  author = {Shafiul Azam Chowdhury and Soumik Mohian and Sidharth Mehra and Siddhant Gawsane and Taylor T. Johnson and Christoph Csallner},
  title = {Automatically finding bugs in a commercial cyber-physical system development tool chain with {SLforge}},
  booktitle = {Proc. 40th ACM/IEEE International Conference on Software Engineering (ICSE)},
  year = {2018},
  month = may,
  publisher = {ACM},
  pages = {981--992},
  summary = {We build the first large collection of public MathWorks 
		Simulink models. We use these models to guide our new random 
		Simulink model generator SLforge, which also uses semi-formal 
		Simulink tool specifications. SLforge found 8 new confirmed 
		Simulink bugs.},
  paper = {http://ranger.uta.edu/~csallner/papers/Chowdhury18SLforge.pdf},
  slides = {http://ranger.uta.edu/~csallner/papers/Chowdhury18SLforge_Slides.pptx},
  extended_slides = {http://ranger.uta.edu/~csallner/papers/Chowdhury18SLforge_Extended.pptx},
  tool_url = {https://github.com/verivital/slsf_randgen/wiki},
  doi_url = {http://doi.acm.org/10.1145/3180155.3180231}
}
@inproceedings{Chowdhury18Curated,
  author = {Shafiul Azam Chowdhury and Lina Sera Varghese and Soumik Mohian and  Taylor T. Johnson and Christoph Csallner},
  title = {A curated corpus of {Simulink} models for model-based empirical studies},
  booktitle = {Proc. 4th International Workshop on Software Engineering for 
		Smart Cyber-Physical Systems (SEsCPS)},
  year = {2018},
  month = may,
  publisher = {ACM},
  pages = {45--48},
  summary = {This paper presents a corpus of over 1,000 freely available MathWorks Simulink models.},
  paper = {http://ranger.uta.edu/~csallner/papers/Chowdhury18Curated.pdf},
  slides = {http://ranger.uta.edu/~csallner/papers/Chowdhury18Curated_Slides.pptx},
  tool_url = {https://github.com/verivital/slsf_randgen/wiki},
  doi_url = {http://doi.acm.org/10.1145/3196478.3196484}
}
@inproceedings{Chowdhury17Demo,
  author = {Shafiul Azam Chowdhury and Taylor T. Johnson and Christoph Csallner},
  title = {Demo: Fuzzing cyber-physical system development environments with {CyFuzz}},
  booktitle = {20th ACM International Conference on Hybrid Systems: Computation and 
	Control, Demo track},
  year = 2017,
  month = apr,
  summary = {This is a demonstration of our CyFuzz tool for finding bugs in 
	cyber-physical system development environments, i.e., Simulink.},
  tool_url = {https://github.com/verivital/slsf_randgen/wiki},
  paper = {http://ranger.uta.edu/~csallner/papers/Chowdhury17Demo.pdf}
}
@inproceedings{Chowdhury16CyFuzz,
  author = {Shafiul Azam Chowdhury and	Taylor T. Johnson and Christoph Csallner},
  title = {{CyFuzz}: A differential testing framework for cyber-physical systems 
	development environments},
  booktitle = {Proc. 6th Workshop on Design, Modeling and Evaluation of Cyber 
	Physical Systems (CyPhy)},
  year = 2016,
  month = oct,
  publisher = {Springer},
  pages = {46--60},
  summary = {CyFuzz generates random cyber-physical system design models 	
			for the widely used MathWorks Simulink toolchain. CyFuzz compares
			simulation results under different Simulink configurations and has 
			thereby independently reproduced a Simulink bug.},
  tool_url = {https://github.com/verivital/slsf_randgen/wiki},
  paper = {http://ranger.uta.edu/~csallner/papers/Chowdhury16CyFuzz.pdf},
  slides = {http://ranger.uta.edu/~csallner/papers/Chowdhury16CyFuzz_Shafiul.pptx},
  doi_url = {https://doi.org/10.1007/978-3-319-51738-4_4}
}
@inproceedings{csallner03fundexplorer,
  author = {Christoph Csallner and Marcus Handte and Othmar Lehmann and John Stasko},
  title = {{FundExplorer}: Supporting the diversification of mutual fund portfolios using {C}ontext {T}reemaps},
  booktitle = {Proc. 9th IEEE Symposium on Information Visualization (InfoVis)},
  year = 2003,
  month = oct,
  pages = {203--208},
  publisher = {IEEE},
  summary = {FundExplorer distorts a treemap to visualize
        positive values and zeros.},
  mpeg = {ftp://ftp.cc.gatech.edu/pub/people/stasko/movies/fundexp-infovis03.mpg},
  paper = {http://ranger.uta.edu/~csallner/papers/csallner03fundexplorer.pdf},
  doi_url = {https://doi.org/10.1109/INFVIS.2003.1249027}
}
@article{csallner04jcrasher,
  author = {Christoph Csallner and Yannis Smaragdakis},
  title = {{JCrasher}: An automatic robustness tester for {Java}},
  journal = {Software---Practice \& Experience},
  year = 2004,
  month = sep,
  volume = 34,
  number = 11,
  pages = {1025--1050},
  summary = {JCrasher generates random test cases by chaining object constructors.
        It filters test case execution and presents only those that expose a bug or
        lack of robustness.
        It also enables JUnit to efficiently undo the changes a test case has
        done to testee class fields.},
  paper = {http://ranger.uta.edu/~csallner/papers/csallner04jcrasher.pdf},
  tool_url = {http://ranger.uta.edu/~csallner/jcrasher/index.html},
  doi_url = {https://doi.org/10.1002/spe.602}
}
@inproceedings{csallner05check,
  author = {Christoph Csallner and Yannis Smaragdakis},
  title = {{Check} 'n' {Crash}: Combining static checking and testing},
  booktitle = {Proc. 27th ACM/IEEE International Conference on Software Engineering (ICSE)},
  year = 2005,
  month = may,
  pages = {422--431},
  publisher = {ACM},
  summary = {Check 'n' Crash uses ESC/Java to statically search for problems like
        null dereference, illegal type cast, or illegal array manipulation.
        Check 'n' Crash compiles ESC's results to JUnit test cases and executes them
        to filter out ESC's false positives.},
  paper = {http://ranger.uta.edu/~csallner/papers/csallner05check.pdf},
  slides = {http://ranger.uta.edu/~csallner/papers/csallner05check_Slides.pdf},
  tool_url = {http://ranger.uta.edu/~csallner/cnc/index.html},
  doi_url = {http://doi.acm.org/10.1145/1062455.1062533}
}
@inproceedings{csallner06dynamically,
  author = {Christoph Csallner and Yannis Smaragdakis},
  title = {Dynamically discovering likely interface invariants},
  booktitle = {Proc. 28th ACM/IEEE International Conference on Software Engineering (ICSE),
        Emerging Results Track},
  year = 2006,
  month = may,
  publisher = {ACM},
  pages = {861--864},
  summary = {We propose a two-pass algorithm to support interfaces
    and method overriding in dynamic invariant detection.
    The first pass associates a method call with the method executed and
    all methods it overrides up to and including the static receiver to
    derive the methods' preconditions.
    The second pass associates a method call with every supertype whose
    precondition is met to derive non-conflicting postconditions.},
  paper = {http://ranger.uta.edu/~csallner/papers/csallner06dynamically.pdf},
  doi_url = {http://doi.acm.org/10.1145/1134435}
}
@inproceedings{csallner06dsd-crasher,
  author = {Christoph Csallner and Yannis Smaragdakis},
  title = {{DSD}-{C}rasher: A hybrid analysis tool for bug finding},
  booktitle = {Proc. ACM SIGSOFT International Symposium on Software
   		Testing and Analysis (ISSTA)},
  year = 2006,
  month = jul,
  pages = {245--254},
  publisher = {ACM},
  summary = {DSD-Crasher first uses
    Daikon to capture the subject's intended execution behavior,
    then statically analyzes this restricted domain with ESC/Java,
    and finally lets Check 'n' Crash generate and execute concrete
    test-cases to verify the results of ESC/Java.
    Received an {\bf ACM SIGSOFT Distinguished Paper Award}.},
  tool_url = {http://ranger.uta.edu/~csallner/dsd-crasher/index.html},
  award = {https://www.sigsoft.org/awards/distinguishedPaperAward.html},
  paper = {http://ranger.uta.edu/~csallner/papers/csallner06dsd-crasher.pdf},
  slides = {http://ranger.uta.edu/~csallner/papers/csallner06dsd-crasher_Slides.pdf},
  doi_url = {http://doi.acm.org/10.1145/1146238.1146267}
}
@article{csallner08dsd-crasher,
  author = {Christoph Csallner and Yannis Smaragdakis and Tao Xie},
  title = {{DSD}-{C}rasher: A hybrid analysis tool for bug finding},
  journal = {ACM Transactions on Software Engineering and Methodology (TOSEM)},
  year = 2008,
  month = apr,
  pages = {1--37},
  volume = {17},
  number = {2},
  summary = {This is a superset of our earlier ISSTA 2006 paper on DSD-Crasher, 
        adding a high-level overview, experiments with subjects from the
        software-artifact infrastructure repository (SIR), more related work, 
        and a discussion on increasing code coverage by reasoning about 
        implicit control flow branches.},
  tool_url = {http://ranger.uta.edu/~csallner/dsd-crasher/index.html},
  paper = {http://ranger.uta.edu/~csallner/papers/csallner08dsd-crasher.pdf},
  doi_url = {http://doi.acm.org/10.1145/1348250.1348254}
}
@inproceedings{csallner08dysy,
  author = {Christoph Csallner and Nikolai Tillmann and Yannis Smaragdakis},
  title = {{DySy}: Dynamic symbolic execution for invariant inference},
  booktitle = {Proc. 30th ACM/IEEE International Conference on 
      Software Engineering (ICSE)},
  year = 2008,
  month = may,
  pages = {281--290},
  publisher = {ACM},
  summary = {DySy uses the concolic execution system Pex to detect invariants in arbitrary
      .Net programs. DySy can derive much better targeted invariants than previous, template-based
      approaches, such as Daikon.},
  paper = {http://ranger.uta.edu/~csallner/papers/csallner08dysy.pdf},
  doi_url = {http://doi.acm.org/10.1145/1368088.1368127}
}
@phdthesis{csallner08combining,
  author = {Christoph Csallner},
  title = {Combining over- and under-approximating program analyses for 
          automatic software testing},
  school = {Georgia Tech},
  year = 2008,
  month = aug,
  summary = {An existing static program analysis that 
      over-approximates the execution paths of the analyzed program 
      can be made more precise for automatic testing in an 
      object-oriented programming language, by 
      combining the over-approximating analysis with
      usage-observing and under-approximating analyses.
      This summarizes the DSD-Crasher, Check 'n' Crash, and JCrasher work.
      Unpublished material includes a critical review of the performed 
      evaluation, lessons learnt, and how to generalize the approach.},
  tool_url = {http://ranger.uta.edu/~csallner/dsd-crasher/index.html},
  paper = {http://ranger.uta.edu/~csallner/papers/csallner08combining.pdf},
  doi_url = {http://hdl.handle.net/1853/24764}
}
@inproceedings{csallner11new,
  author = {Christoph Csallner and Leonidas Fegaras and Chengkai Li},
  title = {New Ideas Track: Testing {MapReduce}-style programs},
  booktitle = {Proc. 19th ACM SIGSOFT Symposium on the Foundations of 
		Software Engineering (FSE), New Ideas Track},
  year = 2011,
  month = sep,
  pages = {504--507},
  publisher = {ACM},
  paper = {http://ranger.uta.edu/~csallner/papers/csallner11new.pdf},
  slides = {http://ranger.uta.edu/~csallner/papers/csallner11new_Slides.pptx},
  poster = {http://ranger.uta.edu/~csallner/papers/csallner11new_Poster.pptx},
  doi_url = {http://doi.acm.org/10.1145/2025113.2025204},
  summary = {We formalize a MapReduce-specific correctness condition 
		that all MapReduce applications have to satisfy, in order to be 
		free of a certain class of bugs. To detect such bugs, we then 
		design a technique that encodes the correctness condition as 
		symbolic program constraints, checks them via dynamic symbolic 
		execution, and generates corresponding test cases.}
}
@article{Csallner17Inside,
  author = {Christoph Csallner},
  title = {Inside the fight against malware attacks},
  journal = {The Conversation},
  year = 2017,
  month = aug,
  url = {https://theconversation.com/inside-the-fight-against-malware-attacks-81433},
  summary = {This article, edited by Jeff Inglis at The Conversation, is 
		a newspaper-compatible introduction to malware analysis and Shabnam's 
		dynamic malware analysis tool SEMU.}
}
@inproceedings{grechanik10is,
  author = {Mark Grechanik and Christoph Csallner and Chen Fu and Qing Xie},
  title = {Is data privacy always good for software testing?},
  booktitle = {Proc. 21st IEEE International Symposium on Software 
				Reliability Engineering (ISSRE)},
  year = 2010,
  month = nov,
  pages = {368--377},
  publisher = {IEEE},
  summary = {Software testing interacts with data anonymization in
				surprising ways. For example, increasing data anonymity to protect data
				during testing can drastically decrease test coverage. One problem
				is that current anonymization techniques do not take into account how the
				application under test actually uses the data. We therefore 
				propose to guide data anonymization techniques with program analysis.
				Received the {\bf Best Paper Award}.},
  paper = {http://ranger.uta.edu/~csallner/papers/grechanik10is.pdf},
  award = {http://ranger.uta.edu/~csallner/papers/grechanik10is_Award.pdf},
  doi_url = {https://doi.org/10.1109/ISSRE.2010.13}
}
@inproceedings{hussain10dynamic,
  author = {Ishtiaque Hussain and Christoph Csallner},
  title = {Dynamic symbolic data structure repair},
  booktitle = {Proc. 32nd ACM/IEEE International Conference on Software 
				Engineering (ICSE), Volume 2,
        Emerging Results Track},
  year = 2010,
  month = may,
  pages = {215--218},
  publisher = {ACM},
  summary = {We motivate how dynamic symbolic techniques enable
			generic repair to support a wider range of correctness conditions
			and present DSDSR, a novel repair algorithm based on
			dynamic symbolic execution. We implement the algorithm
			for Java and report initial empirical results to demonstrate
			the promise of our approach for generic repair.},
  paper = {http://ranger.uta.edu/~csallner/papers/hussain10dynamic.pdf},
  slides = {http://ranger.uta.edu/~csallner/papers/hussain10dynamic_Ishtiaque.pptx},
  doi_url = {http://doi.acm.org/10.1145/1810295.1810333}
}
@inproceedings{hussain10dsdsr,
  author = {Ishtiaque Hussain and Christoph Csallner},
  title = {{DSDSR}: A tool that uses dynamic symbolic execution for data structure repair},
  booktitle = {Proc. 8th International Workshop on Dynamic Analysis (WODA)},
  year = 2010,
  month = jul,
  publisher = {ACM},
  pages = {20--25},
  summary = {This paper discusses the implementation of our dynamic 
		symbolic data structure repair tool, DSDSR. We provide initial 
		empirical results of applying DSDSR on different formulations of 
		the same correctness condition and compare DSDSR with a 
		state-of-the-art tool, Juzi.},
  paper = {http://ranger.uta.edu/~csallner/papers/hussain10dsdsr.pdf},
  doi_url = {http://doi.acm.org/10.1145/1868321.1868325}
}
@inproceedings{hussain12evaluating,
  author = {Ishtiaque Hussain and Christoph Csallner and Mark Grechanik
		and Chen Fu and Qing Xie and Sangmin Park and Kunal Taneja and
		B.M. Mainul Hossain},
  title = {Evaluating program analysis and testing tools with the {RUGRAT}
		random benchmark application generator},
  booktitle = {Proc. 10th International Workshop on Dynamic Analysis (WODA)},
  year = 2012,
  month = jul,
  pages = {1--6},
  publisher = {ACM},
  summary = {RUGRAT aims at generating random benchmark applications for 
		evaluating program analysis and testing tools. The RUGRAT prototype can
		automatically generate large Java applications that consist of a 
		user-specified mix of Java language features such as iteration, 
		recursion, and the use of deep subtype hierarchies.},
  tool_url = {https://sites.google.com/site/rugratproject/},
  slides = {http://ranger.uta.edu/~csallner/papers/hussain12evaluating-Ishtiaque.pdf},
  paper = {http://ranger.uta.edu/~csallner/papers/hussain12evaluating.pdf},
  doi_url = {http://doi.acm.org/10.1145/2338966.2336798}
}
@article{hussain16rugrat,
  author = {Ishtiaque Hussain and Christoph Csallner and Mark Grechanik
		and Qing Xie and Sangmin Park and Kunal Taneja and
		B.M. Mainul Hossain},
  title = {{RUGRAT}: Evaluating program analysis and testing tools and
		compilers with large generated random benchmark applications},
  journal = {Software---Practice \& Experience},
  year = 2016,
  month = mar,
  volume = 46,
  number = 3,
  pages = {405--431},
  summary = {This article extends our earlier WODA 2012 paper on RUGRAT.
		This article explores the computational resources RUGRAT requires,
		uses RUGRAT to benchmark Java source-to-bytecode compilers, and
		compares RUGRAT benchmarking results to a baseline of 
		benchmarking with handwritten programs.},
  tool_url = {https://sites.google.com/site/rugratproject/},
  paper = {http://ranger.uta.edu/~csallner/papers/hussain16rugrat.pdf},
  doi_url = {https://doi.org/10.1002/spe.2290}
}
@article{islam14generating,
  author = {Mainul Islam and Christoph Csallner},
  title = {Generating test cases for programs that are coded against 
	interfaces and annotations},
  journal = {ACM Transactions on Software Engineering and Methodology (TOSEM)},
  year = 2014,
  volume = 23,
  number = 3,
  month = may,
  pages = {21:1--21:38},
  summary = {Some code can only be invoked and tested with instances of 
		classes that don't yet exist. However state-of-the-art test case 
		generators such as Randoop and Pex do not generate such classes and
		therefore cannot cover such code. This article extends our WODA 2010 
		paper on generating (mock) classes during dynamic symbolic execution. 
		This article adds a survey of third-party applications and extends the 
		approach to generating annotations. Our implementation in Dsc covered 
		code that state-of-the-art tools could not cover.},
  paper = {http://ranger.uta.edu/~csallner/papers/islam14generating.pdf},
  doi_url = {http://doi.acm.org/10.1145/2544135}
}
@inproceedings{islam10dsc+mock,
  author = {Mainul Islam and Christoph Csallner},
  title = {Dsc+{Mock}: A test case + mock class generator in support of coding against interfaces},
  booktitle = {Proc. 8th International Workshop on Dynamic Analysis (WODA)},
  year = 2010,
  month = jul,
  publisher = {ACM},
  pages = {26--31},
  summary = {Dsc+Mock is a dynamic symbolic test case generator that can 
		reason about type constraints and can generate mock classes that 
		satisfy such constraints. Our prototype implementation achieved 
		higher code coverage than related test case generators that do not 
		generate mock classes, such as Pex.},
  tool_url = {http://ranger.uta.edu/~csallner/dsc/index.html},
  paper = {http://ranger.uta.edu/~csallner/papers/islam10dsc+mock.pdf},
  doi_url = {http://doi.acm.org/10.1145/1868321.1868326}
}
@inproceedings{li10dynamic,
  author = {Chengkai Li and Christoph Csallner},
  title = {Dynamic symbolic database application testing},
  booktitle = {Proc. 3rd International Workshop on Testing Database Systems (DBTest)},
  year = 2010,
  month = jun,
  publisher = {ACM},
  summary = {We use dynamic symbolic execution to obtain a program 
		path-condition. We then use this path-condition as a database query.},
  paper = {http://ranger.uta.edu/~csallner/papers/li10dynamic.pdf},
  doi_url = {http://doi.acm.org/10.1145/1838126.1838133}
}
@inproceedings{li12residual,
  author = {Kaituo Li and Christoph Reichenbach and Christoph Csallner 
	and Yannis Smaragdakis},
  title = {Residual investigation: Predictive and precise bug detection},
  booktitle = {Proc. ACM SIGSOFT International Symposium on Software
   		Testing and Analysis (ISSTA)},
  year = 2012,
  month = jul,
  pages = {298--308},
  publisher = {ACM},
  summary = {Static bug detectors such as FindBugs produce false warnings. 
		This paper describes RFBI, the Residual FindBugs Investigator. RFBI
		investigates each FindBugs warning for code location A with a set of
		residual dynamic analyses at code locations B to Z, such that a 
		dynamic warning at code location X provides additional evidence that 
		the static warning at code location A is likely a true warning.
		Received an {\bf ACM SIGSOFT Distinguished Paper Award}.},
  award = {http://ranger.uta.edu/~csallner/papers/li12residual_Award.pdf},
  paper = {http://ranger.uta.edu/~csallner/papers/li12residual.pdf},
  doi_url = {http://doi.acm.org/10.1145/2338965.2336789}
}
@inproceedings{li13sedge,
  author = {Kaituo Li and Christoph Reichenbach and Yannis Smaragdakis
		and Yanlei Diao and Christoph Csallner},
  title = {{SEDGE}: Symbolic example data generation for dataflow programs},
  booktitle = {Proc. 28nd IEEE/ACM International Conference on Automated Software 
		Engineering (ASE)},
  year = 2013,
  month = nov,
  pages = {235--245},
  publisher = {IEEE},
  summary = {Dynamic symbolic execution has traditionally been used on
		assembly code (e.g., x86) as well as procedural (i.e., C) and 
		object-oriented programs (i.e., Java and C#).
		SEDGE adapts dynamic symbolic execution to the dataflow programming 
		language Pig Latin. While Pig Latin programs are typically compiled 
		to Hadoop MapReduce programs, SEDGE analyzes dataflow programs 
		directly. In our experiments this yielded better results than either 
		analyzing the generated MapReduce programs or using the most closely 
		related test case generator for Pig Latin.},
  tool_url = {https://github.com/kaituo/sedge},
  paper = {http://ranger.uta.edu/~csallner/papers/li13sedge.pdf},
  doi_url = {https://doi.org/10.1109/ASE.2013.6693083}
}
@article{li14residual,
  author = {Kaituo Li and Christoph Reichenbach and Christoph Csallner 
	and Yannis Smaragdakis},
  title = {Residual investigation: Predictive and precise bug detection},
  journal = {ACM Transactions on Software Engineering and Methodology (TOSEM)},
  year = 2014,
  month = dec,
  volume = 24,
  number = 2,
  pages = {7:1--7:32},
  publisher = {ACM},
  summary = {This is a superset of our earlier ISSTA 2012 paper on 
		residual investigation. The article adds more experiments on applying 
		residual investigation to FindBugs (RFBI), describes the 
		implementation complexity of RFBI, and applies residual investigation 
		in a new context, i.e., static race detection.},
  paper = {http://ranger.uta.edu/~csallner/papers/li14residual.pdf},
  doi_url = {http://doi.acm.org/10.1145/2656201}
}
@inproceedings{Natarajan18P2A,
  author = {Siva Natarajan and Christoph Csallner},
  title = {{P2A}: A tool for converting pixels to animated mobile application user interfaces},
  booktitle = {Proc. 5th IEEE/ACM International Conference on Mobile Software Engineering and Systems (MOBILESoft)},
  year = 2018,
  month = may,
  publisher = {ACM},
  pages = {224--235},
  summary = {P2A takes as input a set of screen design bitmaps 
		(e.g., screenshots of an Android or iPhone app) and converts them to 
		native app code (i.e., for Android), complete with inter-screen 
		transitions and in-screen animations. P2A is implemented on top
		of REMAUI.},
  paper = {http://ranger.uta.edu/~csallner/papers/Natarajan18P2A.pdf},
  slides = {http://ranger.uta.edu/~csallner/papers/Natarajan18P2A_Slides.pptx},
  doi_url = {http://doi.acm.org/10.1145/3197231.3197249}
}
@inproceedings{nguyen12experiment,
  author = {Tuan A. Nguyen and Sarker T.A. Rumee and Christoph Csallner and
		Nikolai Tillmann},
  title = {An experiment in developing small mobile phone applications
		comparing on-phone to off-phone development},
  booktitle = {Proc. 1st International Workshop on User Evaluation for
		Software Engineering Researchers (USER)},
  year = 2012,
  month = jun,
  pages = {9--12},
  publisher = {IEEE},
  summary = {TouchDevelop represents a radically new mobile application 
		development model, as TouchDevelop enables mobile application development 
		on a mobile device. We describe a first experiment on independent, 
		non-expert subjects to compare programmer productivity using TouchDevelop 
		vs. using a more traditional approach to mobile application development.},
  talk = {http://research.microsoft.com/apps/video/default.aspx?id=169860},
  paper = {http://ranger.uta.edu/~csallner/papers/nguyen12experiment.pdf},
  overview = {http://ranger.uta.edu/~csallner/papers/nguyen12experiment_Overview.pptx},
  doi_url = {https://doi.org/10.1109/USER.2012.6226586}
}
@inproceedings{nguyen13gropg,
  author = {Tuan A. Nguyen and Christoph Csallner and Nikolai Tillmann},
  title = {{GROPG}: A graphical on-phone debugger},
  booktitle = {Proc. 35th ACM/IEEE International Conference on Software Engineering (ICSE),
        New Ideas and Emerging Results (NIER) track},
  year = 2013,
  month = may,
  pages = {1189--1192},
  publisher = {IEEE},
  summary = {GROPG is the first graphical on-phone debugger. Developers can 
		use GROPG to debug Android phone applications directly on an Android phone.},
  paper = {http://ranger.uta.edu/~csallner/papers/nguyen13gropg.pdf},
  slides = {http://ranger.uta.edu/~csallner/papers/nguyen13gropg_Slides.pptx},
  poster = {http://ranger.uta.edu/~csallner/papers/nguyen13gropg_Poster.pptx},
  doi_url = {https://doi.org/10.1109/ICSE.2013.6606675}
}
@inproceedings{nguyen15reverse,
  author = {Tuan A. Nguyen and Christoph Csallner},
  title = {Reverse engineering mobile application user interfaces with {REMAUI}},
  booktitle = {Proc. 30th IEEE/ACM International Conference on Automated Software 
		Engineering (ASE)},
  year = 2015,
  month = nov,
  publisher = {IEEE},
  pages = {248--259},
  summary = {When developing a mobile app (e.g., for Android or iOS), a
			graphic designer typically designs the app's screens and hands
			them to a programmer, who manually recreates the screen designs in 
			source code. REMAUI is the first technique for automating this 
			process end-to-end, from design drawings or screenshots to working 
			UI code that can be compiled and run on a mobile device.
			Received an {\bf ACM SIGSOFT Distinguished Paper Award}.},
  award = {https://www.sigsoft.org/awards/distinguishedPaperAward.html},
  paper = {http://ranger.uta.edu/~csallner/papers/nguyen15reverse.pdf},
  slides = {http://ranger.uta.edu/~csallner/papers/nguyen15reverse_Slides.pptx},
  doi_url = {https://doi.org/10.1109/ASE.2015.32}
}
@inproceedings{Nguyen17Reoom,
  author = {Tuan A. Nguyen and Christoph Csallner},
  title = {Reverse engineering object-oriented applications into 
			high-level domain models with {Reoom}},
  booktitle = {39th IEEE/ACM International Conference on Software Engineering 
		Companion (ICSE-C), Poster track},
  year = 2017,
  month = may,
  publisher = {IEEE},
  pages = {311--313},
  summary = {This paper makes two observations about how programmers may 
		be expressing domain concepts (i.e., high-level business concepts) in 
		object-oriented code. The Reoom tool encodes these observations in a 
		light-weight static analysis and on four subjects showed overall higher 
		precision and recall than Womble, the most closely related tool.},
  poster = {http://ranger.uta.edu/~csallner/papers/Nguyen17Reoom_Poster.pptx},
  paper = {http://ranger.uta.edu/~csallner/papers/Nguyen17Reoom.pdf},
  doi_url = {https://doi.org/10.1109/ICSE-C.2017.63}
}
@inproceedings{nivas11managing,
  author = {Tuli Nivas and Christoph Csallner},
  title = {Managing performance testing with release certification and data correlation},
  booktitle = {19th ACM SIGSOFT Symposium on the Foundations of Software 
		Engineering (FSE), Industry Track},
  year = 2011,
  month = sep,
  summary = {Testing textbooks prescribe writing performance tests against 
		performance goals. We observe that in practice business analysts may not 
		be able to specify such performance goals at a level that is detailed 
		enough for finding subtle performance bugs. We address this issue by 
		running two different versions of the same application side-by-side in 
		the same test environment, which allows us to use the performance profile 
		of the previous version as the detailed performance specification of 
		the version under test.},
  paper = {http://ranger.uta.edu/~csallner/papers/nivas11managing.pdf}
}
@inproceedings{park12carfast,
  author = {Sangmin Park
		and Ishtiaque Hussain
		and Christoph Csallner
		and Kunal Taneja
		and B.M. Mainul Hossain
		and Mark Grechanik
		and Chen Fu
		and Qing Xie},
  title = {{CarFast}: Achieving higher statement coverage faster},
  booktitle = {Proc. 20th ACM SIGSOFT International Symposium on the 
		Foundations of Software Engineering (FSE)},
  year = 2012,
  month = nov,
  publisher = {ACM},
  summary = {For a given branching statement encountered during program 
		execution, CarFast estimates the number of statements that are yet
		uncovered but reachable from the respective branch outcomes. With the 
		symbolic path condition collected during execution, CarFast selects 
		input values such that a future execution will trigger a branch (path) 
		that contains a high number of those yet uncovered statements.},
  pages = {35:1--35:11},
  tool_url = {https://sites.google.com/site/carfastproject/},
  paper = {http://ranger.uta.edu/~csallner/papers/park12carfast.pdf},
  doi_url = {http://doi.acm.org/10.1145/2393596.2393636}
}
@inproceedings{Ramachandra18Poster,
  author = {Nagendra Prasad Ramachandra and Christoph Csallner},
  title = {Poster: Testing web-based applications with the voice controlled accessibility 
    	and testing tool ({VCAT})},
  booktitle = {Proc. 40th ACM/IEEE International Conference on Software Engineering (ICSE), Poster track},
  year = 2018,
  month = may,
  publisher = {ACM},
  summary = {VCAT allows a user to navigate a web page only via voice commands. 
		VCAT then exports a voice command sequence as a test case for the web page. 
		The VCAT prototype is a plug-in for a stock Chrome browser and generates 
		test cases via Selenium.},
  pages = {208--209},
  paper = {http://ranger.uta.edu/~csallner/papers/Ramachandra18Poster.pdf},
  poster = {http://ranger.uta.edu/~csallner/papers/Ramachandra18Poster_Poster.pptx},
  tool_url = {https://github.com/prasadkrn83/VCAT},
  doi_url = {http://doi.acm.org/10.1145/3183440.3195099}
}
@inproceedings{Shrestha18Complementing,
  author = {Sohil L. Shrestha and Saroj Panda and Christoph Csallner},
  title = {Complementing machine learning classifiers via dynamic symbolic execution: ``{Human} vs. bot generated'' tweets},
  booktitle = {Proc. 6th International Workshop on Realizing Artificial Intelligence Synergies in Software Engineering (RAISE)},
  year = {2018},
  month = may,
  publisher = {ACM},
  summary = {This paper argues that program analysis such as dynamic symbolic execution 
		can be nicely integrated into an existing supervised machine learning pipeline, 
		to automatically produce additional labeled training samples.},
  pages = {15--20},
  paper = {http://ranger.uta.edu/~csallner/papers/Shrestha18Complementing.pdf},
  slides = {http://ranger.uta.edu/~csallner/papers/Shrestha18Complementing_Slides.pptx}
}
@inproceedings{smaragdakis07combining,
  author = {Yannis Smaragdakis and Christoph Csallner},
  title = {Combining static and dynamic reasoning for bug detection},
  booktitle = {Proc. International Conference on Tests And Proofs (TAP)},
  year = 2007,
  month = feb,
  pages = {1--16},
  publisher = {Springer},
  series = {LNCS},
  volume = {4454},
  summary = {This is an invited paper that reviews our bug finding tools:
		Check 'n' Crash addresses the language-level unsoundness of static
		bug finding tools whereas DSD-Crasher also addresses their user-level unsoundness.
		We use a small case study to compare JCrasher, ESC/Java, Check 'n' Crash, and
		DSD-Crasher.},
  tool_url = {http://ranger.uta.edu/~csallner/dsd-crasher/index.html},
  paper = {http://ranger.uta.edu/~csallner/papers/smaragdakis07combining.pdf},
  doi_url = {https://doi.org/10.1007/978-3-540-73770-4_1}
}
@inproceedings{smaragdakis07scalable,
  author = {Yannis Smaragdakis and Christoph Csallner and Ranjith Subramanian},
  title = {Scalable automatic test data generation from modeling diagrams},
  booktitle = {Proc. 22nd IEEE/ACM International Conference on Automated Software 
		Engineering (ASE)},
  year = 2007,
  month = nov,
  pages = {4--13},
  publisher = {ACM},
  summary = {Object-Role Modeling (ORM) is a popular language for specifying database schemas.
		It supports many constraints and is undecidable in general. We pick a restricted 
		subset of ORM that is decidable in polynomial time and implement a fast automated solver.
		We found that our ORM subset covers the vast majority of 
		constraints used in our sample of over 160 ORM diagrams from industrial practice.
		Received the {\bf Best Paper Award}.},
  award = {https://www.sigsoft.org/awards/distinguishedPaperAward.html},
  paper = {http://ranger.uta.edu/~csallner/papers/smaragdakis07scalable.pdf},
  doi = {http://doi.acm.org/10.1145/1321631.1321635}
}
@article{smaragdakis09scalable,
  author = {Yannis Smaragdakis and Christoph Csallner and Ranjith Subramanian},
  title = {Scalable satisfiability checking and test data generation from modeling diagrams},
  journal = {Automated Software Engineering},
  year = 2009,
  month = mar,
  volume = 16,
  number = 1,
  pages = {73--99},
  summary = {This is a superset of our earlier ASE 2007 paper, expanding the treatment of test data
		generation. Object-Role Modeling (ORM) is a popular language for specifying database schemas.
		It supports many constraints and is undecidable in general. We pick a restricted 
		subset of ORM that is decidable in polynomial time and implement a fast automated solver.
		We found that our ORM subset covers the vast majority of 
		constraints used in our sample of over 160 ORM diagrams from industrial practice.},
  paper = {http://ranger.uta.edu/~csallner/papers/smaragdakis09scalable.pdf},
  doi_url = {https://doi.org/10.1007/s10515-008-0044-6}
}
@inproceedings{Süslü18SPEjs,
  author = {Sümeyye Süslü and Christoph Csallner},
  title = {{SPEjs}: A Symbolic Partial Evaluator for {JavaScript}},
  booktitle = {Proc. 1st International Workshop on Advances in Mobile App Analysis (A-Mobile)},
  year = 2018,
  month = sep,
  tool_url = {https://github.com/SumeyyeSuslu/SPEjs},
  paper = {http://ranger.uta.edu/~csallner/papers/Süslü18SPEjs.pdf},
  slides = {http://ranger.uta.edu/~csallner/papers/Süslü18SPEjs_Slides.pptx},
  summary = {The partial evaluator SPEjs implements a symbolic execution engine for JavaScript 
		and uses Z3 to resolve the feasibility of program execution paths. SPEjs removes some dead 
		branches that the state-of-the-art partial evaluator Prepack from Facebook so far cannot 
		remove.},
  publisher = {ACM},
  pages = {7--12},
  doi_url = {http://doi.acm.org/10.1145/3243218.3243220}
}
@inproceedings{wang11combinatorial,
  author = {Wenhua Wang and Yu Lei and Donggang Liu and David Kung and 
			Christoph Csallner and Dazhi Zhang and Raghu Kacker and Rick Kuhn},
  title = {A combinatorial approach to detecting buffer overflow vulnerabilities},
  booktitle = {Proc. 41st Annual IEEE/IFIP International Conference on 
			Dependable Systems and Networks (DSN)},
  year = 2011,
  month = jun,
  publisher = {IEEE},
  pages = {269--278},
  summary = {This paper describes the Tance tool, which found several 
		new vulnerabilities in well-known open-source C programs.},
  paper = {http://ranger.uta.edu/~csallner/papers/wang11combinatorial.pdf},
  doi_url = {https://doi.org/10.1109/DSN.2011.5958225}
}
@inproceedings{zhang10detecting,
  author = {Dazhi Zhang and Donggang Liu and Yu Lei 
			and David Kung and Christoph Csallner and Wenhua Wang},
  title = {Detecting vulnerabilities in {C} programs using trace-based testing},
  booktitle = {Proc. 40th Annual IEEE/IFIP International Conference on 
			Dependable Systems and Networks (DSN)},
  year = 2010,
  month = jun,
  pages = {241--250},
  publisher = {IEEE},
  summary = {This paper describes the SecTAC tool, which found several 
		new vulnerabilities in well-known open-source C programs.},
  paper = {http://ranger.uta.edu/~csallner/papers/zhang10detecting.pdf},
  doi_url = {https://doi.org/10.1109/DSN.2010.5544310}
}
@article{zhang12simfuzz,
  author = {Dazhi Zhang and Donggang Liu and Yu Lei 
			and David Kung and Christoph Csallner and Nathaniel Nystrom 
			and Wenhua Wang},
  title = {SimFuzz: Test case similarity directed deep fuzzing},
  journal = {Journal of Systems and Software (JSS)},
  year = 2012,
  month = jan,
  volume = 85,
  number = 1,
  pages = {102--111},
  summary = {SimFuzz is a black-box fuzzer for C programs that guides 
		its test case generation with a test case similarity metric. 
		The metric computes the edit distance between execution paths, where 
		each path element corresponds to the out-edge of a branching node in the 
		program's control-flow graph.},
  paper = {http://ranger.uta.edu/~csallner/papers/zhang12simfuzz.pdf},
  doi_url = {https://doi.org/10.1016/j.jss.2011.07.028}
}
@article{zhang14distributed,
  author = {Dazhi Zhang and Donggang Liu and Christoph Csallner and David Kung and 
	Jeff Lei},
  title = {A distributed framework for demand-driven software vulnerability 
	detection},
  journal = {Journal of Systems and Software (JSS)},
  year = 2014,
  month = jan,
  volume = 87,
  number = 1,
  pages = {60--73},
  summary = {While most heavy-weight symbolic program analysis tools are 
		run before program release, this symbolic analysis framework runs while 
		the analyzed program is in production use. Whenever a monitored program 
		encounters an unexplored path, it submits the path to a central 
		server for symbolic analysis. Analysis results are distributed back to 
		other clients.},
  paper = {http://ranger.uta.edu/~csallner/papers/zhang14distributed.pdf},
  doi_url = {https://doi.org/10.1016/j.jss.2013.08.033}
}
@inproceedings{Chowdhury20SLEMI,
  author = {Shafiul Azam Chowdhury and Sohil Lal Shrestha and Taylor T. Johnson and Christoph Csallner},
  title = {{SLEMI}: Equivalence modulo input ({EMI}) based mutation of {CPS}
              models for finding compiler bugs in {Simulink}},
  booktitle = {Proc. 42nd ACM/IEEE International Conference on Software Engineering (ICSE)},
  year = 2020,
  month = may,
  publisher = {ACM},
  pages = {335--346},
  paper = {http://ranger.uta.edu/~csallner/papers/Chowdhury20SLEMI.pdf},
  tool_url = {https://github.com/shafiul/slemi},
  talk = {https://youtu.be/7rlCvIZy-7Q?t=1837},
  summary = {SLEMI speeds up our earlier SLforge random Simulink-model generator and differential testing tool. Instead of generating each Simulink model from scratch, SLEMI can quickly mutate existing models. SLEMI has found 6 new confirmed Simulink bugs.}
}
@inproceedings{Chowdhury20Demo,
  author = {Shafiul Azam Chowdhury and Sohil Lal Shrestha and Taylor T. Johnson and Christoph Csallner},
  title = {Demo: {SLEMI}: Finding {Simulink} compiler bugs through equivalence modulo input ({EMI})},
  booktitle = {Proc. 42nd ACM/IEEE International Conference on Software Engineering (ICSE), Demonstrations Track},
  year = 2020,
  month = may,
  publisher = {ACM},
  paper = {http://ranger.uta.edu/~csallner/papers/Chowdhury20Demo.pdf},
  talk = {https://youtu.be/oliPgOLT6eY},
  tool_url = {https://github.com/shafiul/slemi},
  summary = {This is a tool demonstration of SLEMI. The original SLEMI work appears in ICSE 2020 as a technical paper. This paper also adds a new mutation technique that found one additional new confirmed bug in Simulink.}
}
@inproceedings{Mohian20Doodle2App,
  author = {Soumik Mohian and Christoph Csallner},
  title = {{Doodle2App}: Native app code by freehand {UI} sketching},
  booktitle = {Proc. 7th IEEE/ACM International Conference on Mobile 
		Software Engineering and Systems (MOBILESoft), 
		Tool Demos and Mobile Apps Track},
  year = {2020},
  month = may,
  publisher = {ACM},
  pages = {81--84},
  summary = {We trained Doodle2App on thousands of (manually created) 
		freehand sketches of 20 common Android UI elements. The resulting 
		website allows users to sketch an Android screen. The website then 
		converts the sketched screen to Android code that is ready to compile 
		and run on stock Android phones. In technical terms: We pre-trained a 
		classifier on 2 million Google "Quick, Draw!" sketches and retrained the 
		classifier on thousands of sketches collected via Amazon Mechanical Turk. 
		In some sense the resulting tool is a modern version of SILK 
		("Sketching Interfaces Like Krazy").},
  paper = {http://ranger.uta.edu/~csallner/papers/Mohian20Doodle2App.pdf},
  slides = {http://ranger.uta.edu/~csallner/papers/Mohian20Doodle2App_Slides.pptx},
  tool_url = {http://pixeltoapp.com/doodle/}
}
@inproceedings{Shrestha20DeepFuzzSL,
  author = {Sohil Lal Shrestha and Shafiul Azam Chowdhury and Christoph Csallner},
  title = {{DeepFuzzSL}: Generating models with deep learning to find bugs in the {Simulink} toolchain},
  booktitle = {Proc. 2nd Workshop on Testing for Deep Learning and Deep Learning for Testing (DeepTest)},
  year = 2020,
  month = may,
  publisher = {ACM},
  summary = {When creating development tools for cyber-physical systems, 
		a big challenge is that there are no full formal specifications for 
		popular existing tools and languages such as Simulink. To address this 
		challenge, DeepFuzzSL attempts to learn such a language specification 
		from existing Simulink sample models, using a LSTM recurrent neural 
		network.},
  tool_url = {https://github.com/50417/DeepFuzzSL},
  paper = {http://ranger.uta.edu/~csallner/papers/Shrestha20DeepFuzzSL.pdf},
  slides = {http://ranger.uta.edu/~csallner/papers/Shrestha20DeepFuzzSL_Slides.pptx},
  talk = {https://youtu.be/DwADkAUr2ys?t=7495}
}

This file was generated by bibtex2html 1.98.