Academia and more

I've recently returned from Vienna where our CCS 2006 paper on EXE , co-authored with Vijay, Peter, David and Dawson, has received the ACM CCS Test of Time Award , which "recognizes works that had significant impact on the field, as seen from a ten-year perspective." Besides contemplating the fact that I'm old enough now to have papers that are a decade old, I was also reflecting on the various decisions taken while building EXE, as I see them ten years later. The CCS'06 paper on EXE was one of the first papers on modern symbolic execution—"modern" in the sense that symbolic execution was originally introduced in the 70s, but at a time and in a form that was not ready for primetime.  EXE was the direct successor of EGT , a system  in which we introduced the main ingredients of dynamic symbolic execution (DSE), but in a simplified form (and which was developed concurrently with the  DART  system, which introduced a different flavour of DSE).  EXE is a

A large fraction of the costs of maintaining software applications is associated with detecting and fixing errors introduced by patches. Patches are prone to introducing failures  and as a result, users are often reluctant to upgrade their software to the most recent version , relying instead on older versions which typically expose a reduced set of features and are frequently susceptible to critical bugs and security vulnerabilities. To properly test a patch, each line of code in the patch, and all the new behaviours introduced by the patch, should be covered by at least one test case. However, the large effort involved in coming up with relevant test cases means that such thorough testing rarely happens in practice. ...  the full blog post can be read in the IEEE Software Blog