QuickCheck: a lightweight tool for random testing of Haskell programs
ICFP '00 Proceedings of the fifth ACM SIGPLAN international conference on Functional programming
Simplifying and Isolating Failure-Inducing Input
IEEE Transactions on Software Engineering
Why Programs Fail: A Guide to Systematic Debugging
Why Programs Fail: A Guide to Systematic Debugging
HDD: hierarchical delta debugging
Proceedings of the 28th international conference on Software engineering
EXE: automatically generating inputs of death
Proceedings of the 13th ACM conference on Computer and communications security
Fuzzing: Brute Force Vulnerability Discovery
Fuzzing: Brute Force Vulnerability Discovery
Back to the future: revisiting precise program verification using SMT solvers
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Using SMT solvers to verify high-integrity programs
Proceedings of the second workshop on Automated formal methods
Decision procedures for bit-vectors, arrays and integers
Decision procedures for bit-vectors, arrays and integers
Grammar-based whitebox fuzzing
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Fuzzing for Software Security Testing and Quality Assurance
Fuzzing for Software Security Testing and Quality Assurance
BTOR: bit-precise modelling of word-level problems for model checking
SMT '08/BPR '08 Proceedings of the Joint Workshops of the 6th International Workshop on Satisfiability Modulo Theories and 1st International Workshop on Bit-Precise Reasoning
CAV'07 Proceedings of the 19th international conference on Computer aided verification
A decision procedure for bit-vectors and arrays
CAV'07 Proceedings of the 19th international conference on Computer aided verification
A lazy and layered SMT(BV) solver for hard industrial verification problems
CAV'07 Proceedings of the 19th international conference on Computer aided verification
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
Pex: white box test generation for .NET
TAP'08 Proceedings of the 2nd international conference on Tests and proofs
An automatic verifier for Java-like programs based on dynamic frames
FASE'08/ETAPS'08 Proceedings of the Theory and practice of software, 11th international conference on Fundamental approaches to software engineering
KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Testing and debugging techniques for answer set solver development
Theory and Practice of Logic Programming
Automated testing and debugging of SAT and QBF solvers
SAT'10 Proceedings of the 13th international conference on Theory and Applications of Satisfiability Testing
Fast LCF-Style proof reconstruction for z3
ITP'10 Proceedings of the First international conference on Interactive Theorem Proving
Reconstruction of z3's bit-vector proofs in HOL4 and Isabelle/HOL
CPP'11 Proceedings of the First international conference on Certified Programs and Proofs
Testing static analyzers with randomly generated programs
NFM'12 Proceedings of the 4th international conference on NASA Formal Methods
PSI'11 Proceedings of the 8th international conference on Perspectives of System Informatics
Coprocessor 2.0: a flexible CNF simplifier
SAT'12 Proceedings of the 15th international conference on Theory and Applications of Satisfiability Testing
| Hi-index | 0.00 |
SMT solvers are widely used as core engines in many applications. Therefore, robustness and correctness are essential criteria. Current testing techniques used by developers of SMT solvers do not satisfy the high demand for correct and robust solvers, as our testing experiments show. To improve this situation, we propose to complement traditional testing techniques with grammar-based blackbox fuzz testing, combined with delta-debugging. We demonstrate the effectiveness of our approach and report on critical bugs and incorrect results which we found in current state-of-the-art SMT solvers for bit-vectors and arrays.