Symbolic execution and program testing
Communications of the ACM
CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs
CC '02 Proceedings of the 11th International Conference on Compiler Construction
JCrasher: an automatic robustness tester for Java
Software—Practice & Experience
DART: directed automated random testing
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
CUTE: a concolic unit testing engine for C
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
EXE: automatically generating inputs of death
Proceedings of the 13th ACM conference on Computer and communications security
An empirical study of the robustness of Windows NT applications using random testing
WSS'00 Proceedings of the 4th conference on USENIX Windows Systems Symposium - Volume 4
A System to Generate Test Data and Symbolically Execute Programs
IEEE Transactions on Software Engineering
Automatic generation of random self-checking test cases
IBM Systems Journal
A fast linear-arithmetic solver for DPLL(T)
CAV'06 Proceedings of the 18th international conference on Computer Aided Verification
Eclat: automatic generation and classification of test inputs
ECOOP'05 Proceedings of the 19th European conference on Object-Oriented Programming
Guided model checking for programs with polymorphism
Proceedings of the 2009 ACM SIGPLAN workshop on Partial evaluation and program manipulation
Structural coverage of feasible code
Proceedings of the 5th Workshop on Automation of Software Test
Directed test generation for effective fault localization
Proceedings of the 19th international symposium on Software testing and analysis
An empirical investigation into branch coverage for C programs using CUTE and AUSTIN
Journal of Systems and Software
Symbolic execution for software testing in practice: preliminary assessment
Proceedings of the 33rd International Conference on Software Engineering
eXpress: guided path exploration for efficient regression test generation
Proceedings of the 2011 International Symposium on Software Testing and Analysis
Statically-directed dynamic automated test generation
Proceedings of the 2011 International Symposium on Software Testing and Analysis
A Parallel Approach to Concolic Testing with Low-cost Synchronization
Electronic Notes in Theoretical Computer Science (ENTCS)
Enhancing structural software coverage by incrementally computing branch executability
Software Quality Control
Software logical structure verification method by modeling implemented specification
KES'11 Proceedings of the 15th international conference on Knowledge-based and intelligent information and engineering systems - Volume Part III
SAS'11 Proceedings of the 18th international conference on Static analysis
Extracting and verifying cryptographic models from C protocol code by symbolic execution
Proceedings of the 18th ACM conference on Computer and communications security
Synthesizing method sequences for high-coverage testing
Proceedings of the 2011 ACM international conference on Object oriented programming systems languages and applications
Automated error localization and correction for imperative programs
Proceedings of the International Conference on Formal Methods in Computer-Aided Design
Predicting concurrency failures in the generalized execution traces of x86 executables
RV'11 Proceedings of the Second international conference on Runtime verification
AUSTIN: An open source tool for search based software testing of C programs
Information and Software Technology
S2PF: speculative symbolic PathFinder
ACM SIGSOFT Software Engineering Notes
CarFast: achieving higher statement coverage faster
Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering
Symbolic execution for software testing: three decades later
Communications of the ACM
An efficient software testing method by decision table verification
International Journal of Computer Applications in Technology
Coverage-directed observability-based validation for embedded software
ACM Transactions on Design Automation of Electronic Systems (TODAES)
Feedback-directed unit test generation for C/C++ using concolic execution
Proceedings of the 2013 International Conference on Software Engineering
Boosting concolic testing via interpolation
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
Steering symbolic execution to less traveled paths
Proceedings of the 2013 ACM SIGPLAN international conference on Object oriented programming systems languages & applications
Repair with on-the-fly program analysis
HVC'12 Proceedings of the 8th international conference on Hardware and Software: verification and testing
FoREnSiC: an automatic debugging environment for C programs
HVC'12 Proceedings of the 8th international conference on Hardware and Software: verification and testing
Redundant state detection for dynamic symbolic execution
USENIX ATC'13 Proceedings of the 2013 USENIX conference on Annual Technical Conference
Prototyping symbolic execution engines for interpreted languages
Proceedings of the 19th international conference on Architectural support for programming languages and operating systems
Race directed scheduling of concurrent programs
Proceedings of the 19th ACM SIGPLAN symposium on Principles and practice of parallel programming
Safely reducing the cost of unit level symbolic execution through read/write analysis
ACM SIGSOFT Software Engineering Notes
| Hi-index | 0.02 |
Recently there has been great success in using symbolic execution to automatically generate test inputs for small software systems. A primary challenge in scaling such approaches to larger programs is the combinatorial explosion of the path space. It is likely that sophisticated strategies for searching this path space are needed to generate inputs that effectively test large programs (by, e.g., achieving significant branch coverage). We present several such heuristic search strategies, including a novel strategy guided by the control flow graph of the program under test. We have implemented these strategies in CREST, our open source concolic testing tool for C, and evaluated them on two widely-used software tools, grep 2.2 (15 K lines of code) and Vim 5.7 (150 K lines). On these benchmarks, the presented heuristics achieve significantly greater branch coverage on the same testing budget than concolic testing with a traditional depth-first search strategy.