An empirical study of the reliability of UNIX utilities
Communications of the ACM
A semantic model of program faults
ISSTA '96 Proceedings of the 1996 ACM SIGSOFT international symposium on Software testing and analysis
Using production grammars in software testing
Proceedings of the 2nd conference on Domain-specific languages
QuickCheck: a lightweight tool for random testing of Haskell programs
ICFP '00 Proceedings of the fifth ACM SIGPLAN international conference on Functional programming
Symbolic execution and program testing
Communications of the ACM
Introduction to the Theory of Computation
Introduction to the Theory of Computation
Korat: automated testing based on Java predicates
ISSTA '02 Proceedings of the 2002 ACM SIGSOFT international symposium on Software testing and analysis
Generating Test Data with Enhanced Context-Free Grammars
IEEE Software
Massive Stochastic Testing of SQL
VLDB '98 Proceedings of the 24rd International Conference on Very Large Data Bases
CSSV: towards a realistic tool for statically detecting all buffer overflows in C
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
Generating Tests from Counterexamples
Proceedings of the 26th International Conference on Software Engineering
Test input generation with java PathFinder
ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
TestEra: Specification-Based Testing of Java Programs Using SAT
Automated Software Engineering
JCrasher: an automatic robustness tester for Java
Software—Practice & Experience
Check 'n' crash: combining static checking and testing
Proceedings of the 27th international conference on Software engineering
DART: directed automated random testing
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
CUTE: a concolic unit testing engine for C
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
yagg: an easy-to-use generator for structured test inputs
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
An empirical study of the robustness of MacOS applications using random testing
Proceedings of the 1st international workshop on Random testing
DSD-Crasher: a hybrid analysis tool for bug finding
Proceedings of the 2006 international symposium on Software testing and analysis
EXE: automatically generating inputs of death
Proceedings of the 13th ACM conference on Computer and communications security
Compositional dynamic test generation
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Feedback-Directed Random Test Generation
ICSE '07 Proceedings of the 29th international conference on Software Engineering
ICSE '07 Proceedings of the 29th international conference on Software Engineering
A System to Generate Test Data and Symbolically Execute Programs
IEEE Transactions on Software Engineering
Automatic generation of random self-checking test cases
IBM Systems Journal
systematic generation of XML instances to test complex software applications
RISE'06 Proceedings of the 3rd international conference on Rapid integration of software engineering techniques
Eclat: automatic generation and classification of test inputs
ECOOP'05 Proceedings of the 19th European conference on Object-Oriented Programming
Grammar-based whitebox fuzzing
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Testing for buffer overflows with length abstraction
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
Finding bugs in dynamic web applications
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
Deriving input syntactic structure from execution
Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering
A decision procedure for subset constraints over regular languages
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
HAMPI: a solver for string constraints
Proceedings of the eighteenth international symposium on Software testing and analysis
Loop-extended symbolic execution on binary programs
Proceedings of the eighteenth international symposium on Software testing and analysis
CoGenTe: a tool for code generator testing
Proceedings of the IEEE/ACM international conference on Automated software engineering
Solving string constraints lazily
Proceedings of the IEEE/ACM international conference on Automated software engineering
A random testing approach using pushdown automata
TAP'11 Proceedings of the 5th international conference on Tests and proofs
HAMPI: a string solver for testing, analysis and vulnerability detection
CAV'11 Proceedings of the 23rd international conference on Computer aided verification
Evaluating program analysis and testing tools with the RUGRAT random benchmark application generator
Proceedings of the 2012 Workshop on Dynamic Analysis
State of the art: Dynamic symbolic execution for automated test generation
Future Generation Computer Systems
An orchestrated survey of methodologies for automated software test case generation
Journal of Systems and Software
Race directed scheduling of concurrent programs
Proceedings of the 19th ACM SIGPLAN symposium on Principles and practice of parallel programming
| Hi-index | 0.00 |
We present CESE, a tool that combines exhaustive enumeration of test inputs from a structured domain with symbolic execution driven test generation. We target programs whose valid inputs are determined by some context free grammar. We abstract the concrete input syntax with symbolic grammars, where some original tokens are replaced with symbolic constants. This reduces the set of input strings that must be enumerated exhaustively. For each enumerated input string, which may contain symbolic constants, symbolic execution based test generation instantiates the constants based on program execution paths. The "template" generated by enumerating valid strings reduces the burden on the symbolic execution to generate syntactically valid inputs and helps exercise interesting code paths. Together, symbolic grammars provide a link between exhaustive enumeration of valid inputs and execution-directed symbolic test generation Preliminary experiments with CESE show that the combination achieves better coverage than both pure enumerative test generation and pure directed symbolic test generation, in orders of magnitude less time and number of generated inputs. In addition, CESE is able to automatically generate inputs that achieve coverage within 10% of manually constructed tests.