Efficient implementation of a BDD package
DAC '90 Proceedings of the 27th ACM/IEEE Design Automation Conference
Dynamically discovering likely program invariants to support program evolution
Proceedings of the 21st international conference on Software engineering
A specification matching based approach to reverse engineering
Proceedings of the 21st international conference on Software engineering
Symbolic execution and program testing
Communications of the ACM
Dynamically Discovering Likely Program Invariants to Support Program Evolution
IEEE Transactions on Software Engineering - Special issue on 1999 international conference on software engineering
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Predicate abstraction for software verification
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Extended static checking for Java
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Data Structures and Algorithm Analysis in Java
Data Structures and Algorithm Analysis in Java
Automatic extraction of object-oriented component interfaces
ISSTA '02 Proceedings of the 2002 ACM SIGSOFT international symposium on Software testing and analysis
Tracking down software bugs using automatic anomaly detection
Proceedings of the 24th International Conference on Software Engineering
Invariant inference for static checking:
Proceedings of the 10th ACM SIGSOFT symposium on Foundations of software engineering
Strongest postcondition semantics as the formal basis for reverse engineering
WCRE '95 Proceedings of the Second Working Conference on Reverse Engineering
Dynamically inferring temporal properties
Proceedings of the 5th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Inferring Specifications to Detect Errors in Code
Proceedings of the 19th IEEE international conference on Automated software engineering
Efficient incremental algorithms for dynamic detection of likely invariants
Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
Scalable statistical bug isolation
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
DART: directed automated random testing
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
CUTE: a concolic unit testing engine for C
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Inculcating invariants in introductory courses
Proceedings of the 28th international conference on Software engineering
Dynamically discovering likely interface invariants
Proceedings of the 28th international conference on Software engineering
From daikon to agitator: lessons and challenges in building a commercial tool for developer testing
Proceedings of the 2006 international symposium on Software testing and analysis
DSD-Crasher: a hybrid analysis tool for bug finding
Proceedings of the 2006 international symposium on Software testing and analysis
Tool-assisted unit-test generation and selection based on operational abstractions
Automated Software Engineering
Extending Dynamic Constraint Detection with Polymorphic Analysis
WODA '07 Proceedings of the 5th International Workshop on Dynamic Analysis
The Daikon system for dynamic detection of likely invariants
Science of Computer Programming
Pex: white box test generation for .NET
TAP'08 Proceedings of the 2nd international conference on Tests and proofs
Discovering likely method specifications
ICFEM'06 Proceedings of the 8th international conference on Formal Methods and Software Engineering
DSD-Crasher: A hybrid analysis tool for bug finding
ACM Transactions on Software Engineering and Methodology (TOSEM)
Finding bugs in dynamic web applications
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
Universal symbolic execution and its application to likely data structure invariant generation
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
Dynamic inference of likely data preconditions over predicates by tree learning
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
Combining Static and Dynamic Reasoning for the Discovery of Program Properties
SPIN '08 Proceedings of the 15th international workshop on Model Checking Software
Synthesizing intensional behavior models by graph transformation
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Detecting precise behavioral models
Proceedings of the doctoral symposium for ESEC/FSE on Doctoral symposium
Test generation through programming in UDITA
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 1
DETERMIN: inferring likely deterministic specifications of multithreaded programs
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 1
Using dynamic execution traces and program invariants to enhance behavioral model inference
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 2
Exploiting program dependencies for scalable multiple-path symbolic execution
Proceedings of the 19th international symposium on Software testing and analysis
On test repair using symbolic execution
Proceedings of the 19th international symposium on Software testing and analysis
From test cases to FSMs: augmented test-driven development and property inference
Proceedings of the 9th ACM SIGPLAN workshop on Erlang
An empirical investigation into branch coverage for C programs using CUTE and AUSTIN
Journal of Systems and Software
Scalable SMT-based verification of GPU kernel functions
Proceedings of the eighteenth ACM SIGSOFT international symposium on Foundations of software engineering
Future of developer testing: building quality in code
Proceedings of the FSE/SDP workshop on Future of software engineering research
Testing techniques in software engineering
Testing techniques in software engineering
Dynamic inference of static types for ruby
Proceedings of the 38th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Inferring loop invariants using postconditions
Fields of logic and computation
Proceedings of the 33rd International Conference on Software Engineering
NFM'11 Proceedings of the Third international conference on NASA Formal methods
Directed incremental symbolic execution
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Path exploration based on symbolic output
Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering
Enriching dynamically detected invariants in the case of arrays
ICCSA'11 Proceedings of the 2011 international conference on Computational science and Its applications - Volume Part V
Mining temporal specifications from object usage
Automated Software Engineering
On possibility of conditional invariant detection
KES'11 Proceedings of the 15th international conference on Knowledge-based and intelligent information and engineering systems - Volume Part II
Automatic inference of model fields and their representation
Proceedings of the 13th Workshop on Formal Techniques for Java-Like Programs
PRECIS: Inferring invariants using program path guided clustering
ASE '11 Proceedings of the 2011 26th IEEE/ACM International Conference on Automated Software Engineering
Understanding user understanding: determining correctness of generated program invariants
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Measuring enforcement windows with symbolic trace interpretation: what well-behaved programs say
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Inferring method specifications from natural language API descriptions
Proceedings of the 34th International Conference on Software Engineering
JSART: javascript assertion-based regression testing
ICWE'12 Proceedings of the 12th international conference on Web Engineering
JMF: Java measurement framework: language-supported runtime integrity measurement
Proceedings of the seventh ACM workshop on Scalable trusted computing
Automatic inference of specifications using matching logic
PEPM '13 Proceedings of the ACM SIGPLAN 2013 workshop on Partial evaluation and program manipulation
ICFEM'12 Proceedings of the 14th international conference on Formal Engineering Methods: formal methods and software engineering
AFChecker: Effective model checking for context-aware adaptive applications
Journal of Systems and Software
State of the art: Dynamic symbolic execution for automated test generation
Future Generation Computer Systems
Second-order constraints in dynamic invariant inference
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
Loop invariants: Analysis, classification, and examples
ACM Computing Surveys (CSUR)
Path exploration based on symbolic output
ACM Transactions on Software Engineering and Methodology (TOSEM) - Testing, debugging, and error handling, formal methods, lifecycle concerns, evolution and maintenance
Hi-index | 0.00 |
Dynamically discovering likely program invariants from concrete test executions has emerged as a highly promising software engineering technique. Dynamic invariant inference has the advantage of succinctly summarizing both "expected" program inputs and the subset of program behaviors that is normal under those inputs. In this paper, we introduce a technique that can drastically increase the relevance of inferred invariants, or reduce the size of the test suite required to obtain good invariants. Instead of falsifying invariants produced by pre-set patterns, we determine likely program invariants by combining the concrete execution of actual test cases with a simultaneous symbolic execution of the same tests. The symbolic execution produces abstract conditions over program variables that the concrete tests satisfy during their execution. In this way, we obtain the benefits of dynamic inference tools like Daikon: the inferred invariants correspond to the observed program behaviors. At the same time, however, our inferred invariants are much more suited to the program at hand than Daikon's hard-coded invariant patterns. The symbolic invariants are literally derived from the program text itself, with appropriate value substitutions as dictated by symbolic execution. We implemented our technique in the DySy tool, which utilizes a powerful symbolic execution and simplification engine. The results confirm the benefits of our approach. In Daikon's prime example benchmark, we infer the majority of the interesting Daikon invariants, while eliminating invariants that a human user is likely to consider irrelevant.