Symbolic execution and program testing
Communications of the ACM
Automatic Structures: Richness and Limitations
LICS '04 Proceedings of the 19th Annual IEEE Symposium on Logic in Computer Science
DART: directed automated random testing
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
EXE: automatically generating inputs of death
Proceedings of the 13th ACM conference on Computer and communications security
Compositional dynamic test generation
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A Static Analysis Framework For Detecting SQL Injection Vulnerabilities
COMPSAC '07 Proceedings of the 31st Annual International Computer Software and Applications Conference - Volume 01
Abstracting Symbolic Execution with String Analysis
TAICPART-MUTATION '07 Proceedings of the Testing: Academic and Industrial Conference Practice and Research Techniques - MUTATION
Test Data Generation for C Programs with String-Handling Functions
TASE '08 Proceedings of the 2008 2nd IFIP/IEEE International Symposium on Theoretical Aspects of Software Engineering
Precise analysis of string expressions
SAS'03 Proceedings of the 10th international conference on Static analysis
Pex: white box test generation for .NET
TAP'08 Proceedings of the 2nd international conference on Tests and proofs
What else is decidable about integer arrays?
FOSSACS'08/ETAPS'08 Proceedings of the Theory and practice of software, 11th international conference on Foundations of software science and computational structures
CUTE and jCUTE: concolic unit testing and explicit path model-checking tools
CAV'06 Proceedings of the 18th international conference on Computer Aided Verification
What's decidable about arrays?
VMCAI'06 Proceedings of the 7th international conference on Verification, Model Checking, and Abstract Interpretation
Tapas: Theory Combinations and Practical Applications
FORMATS '09 Proceedings of the 7th International Conference on Formal Modeling and Analysis of Timed Systems
ICFEM '09 Proceedings of the 11th International Conference on Formal Engineering Methods: Formal Methods and Software Engineering
Testing techniques in software engineering
Testing techniques in software engineering
An evaluation of automata algorithms for string analysis
VMCAI'11 Proceedings of the 12th international conference on Verification, model checking, and abstract interpretation
Relational string verification using multi-track automata
CIAA'10 Proceedings of the 15th international conference on Implementation and application of automata
Symbolic execution for software testing in practice: preliminary assessment
Proceedings of the 33rd International Conference on Software Engineering
Fast and precise sanitizer analysis with BEK
SEC'11 Proceedings of the 20th USENIX conference on Security
HAMPI: a string solver for testing, analysis and vulnerability detection
CAV'11 Proceedings of the 23rd international conference on Computer aided verification
KLOVER: a symbolic execution and automatic test generation tool for C++ programs
CAV'11 Proceedings of the 23rd international conference on Computer aided verification
A slice-based decision procedure for type-based partial orders
IJCAR'10 Proceedings of the 5th international conference on Automated Reasoning
Generating range fixes for software configuration
Proceedings of the 34th International Conference on Software Engineering
Lightweight string reasoning for OCL
ECMFA'12 Proceedings of the 8th European conference on Modelling Foundations and Applications
HAMPI: A solver for word equations over strings, regular expressions, and context-free grammars
ACM Transactions on Software Engineering and Methodology (TOSEM)
Symbolic execution of programs with strings
Proceedings of the South African Institute for Computer Scientists and Information Technologists Conference
Automated concolic testing of smartphone apps
Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering
Jalangi: a selective record-replay and dynamic analysis framework for JavaScript
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
An orchestrated survey of methodologies for automated software test case generation
Journal of Systems and Software
Path- and index-sensitive string analysis based on monadic second-order logic
ACM Transactions on Software Engineering and Methodology (TOSEM) - Testing, debugging, and error handling, formal methods, lifecycle concerns, evolution and maintenance
Automata-based symbolic string analysis for vulnerability detection
Formal Methods in System Design
| Hi-index | 0.00 |
We discuss the problem of path feasibility for programs manipulating strings using a collection of standard string library functions. We prove results on the complexity of this problem, including its undecidability in the general case and decidability of some special cases. In the context of test-case generation, we are interested in an efficient finite model finding method for string constraints. To this end we develop a two-tier finite model finding procedure. First, an integer abstraction of string constraints are passed to an SMT (Satisfiability Modulo Theories) solver. The abstraction is either unsatisfiable, or the solver produces a model that fixes lengths of enough strings to reduce the entire problem to be finite domain. The resulting fixed-length string constraints are then solved in a second phase. We implemented the procedure in a symbolic execution framework, report on the encouraging results and discuss directions for improving the method further.