Symbolic execution systems—a review
Software Engineering Journal
Foundations of programming languages
Foundations of programming languages
Quickly detecting relevant program invariants
Proceedings of the 22nd international conference on Software engineering
Symbolic execution and program testing
Communications of the ACM
Dynamically Discovering Likely Program Invariants to Support Program Evolution
IEEE Transactions on Software Engineering - Special issue on 1999 international conference on software engineering
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Extended static checking for Java
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Automatic extraction of object-oriented component interfaces
ISSTA '02 Proceedings of the 2002 ACM SIGSOFT international symposium on Software testing and analysis
Tracking down software bugs using automatic anomaly detection
Proceedings of the 24th International Conference on Software Engineering
Soot - a Java bytecode optimization framework
CASCON '99 Proceedings of the 1999 conference of the Centre for Advanced Studies on Collaborative research
Generating Test Data for Functions with Pointer Inputs
Proceedings of the 17th IEEE international conference on Automated software engineering
Dynamically inferring temporal properties
Proceedings of the 5th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Test input generation with java PathFinder
ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
Synthesis of interface specifications for Java classes
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
DART: directed automated random testing
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Using symbolic execution to guide test generation: Research Articles
Software Testing, Verification & Reliability
CUTE: a concolic unit testing engine for C
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Inferring specifications to detect errors in code
Automated Software Engineering
A System to Generate Test Data and Symbolically Execute Programs
IEEE Transactions on Software Engineering
DySy: dynamic symbolic execution for invariant inference
Proceedings of the 30th international conference on Software engineering
Generating representation invariants of structurally complex data
TACAS'07 Proceedings of the 13th international conference on Tools and algorithms for the construction and analysis of systems
Generalized symbolic execution for model checking and testing
TACAS'03 Proceedings of the 9th international conference on Tools and algorithms for the construction and analysis of systems
Discovering likely method specifications
ICFEM'06 Proceedings of the 8th international conference on Formal Methods and Software Engineering
A fast linear-arithmetic solver for DPLL(T)
CAV'06 Proceedings of the 18th international conference on Computer Aided Verification
Symstra: a framework for generating object-oriented unit tests using symbolic execution
TACAS'05 Proceedings of the 11th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Data structure specifications via local equality axioms
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
Dynamic shape analysis via degree metrics
Proceedings of the 2009 international symposium on Memory management
On test repair using symbolic execution
Proceedings of the 19th international symposium on Software testing and analysis
PRECIS: Inferring invariants using program path guided clustering
ASE '11 Proceedings of the 2011 26th IEEE/ACM International Conference on Automated Software Engineering
Second-order constraints in dynamic invariant inference
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
| Hi-index | 0.00 |
Local data structure invariants are asserted over a bounded fragment of a data structure around a distinguished node M of the data structure. An example of such an invariant for a sorted doubly linked list is "for all nodes M of the list, if M ≠ null and M.next ≠ null, then M.next.prev = M and M.value ≤ M.next.value." It has been shown that such local invariants are both natural and sufficient for describing a large class of data structures. This paper explores a novel technique, called Krystal, to infer likely local data structure invariants using a variant of symbolic execution, called universal symbolic execution. Universal symbolic execution is like traditional symbolic execution except the fact that we create a fresh symbolic variable for every read of a lvalue that has no mapping in the symbolic state rather than creating a symbolic variable only for inputs. This helps universal symbolic execution to symbolically track data flow for all memory locations along an execution even if input values do not flow directly into those memory locations. We have implemented our algorithm and applied it to several data structure implementations in Java. Our experimental results show that we can infer many interesting local invariants for these data structures.