Precise interprocedural dataflow analysis via graph reachability
POPL '95 Proceedings of the 22nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Model checking of hierarchical state machines
SIGSOFT '98/FSE-6 Proceedings of the 6th ACM SIGSOFT international symposium on Foundations of software engineering
A static analyzer for finding dynamic programming errors
Software—Practice & Experience
Symbolic execution and program testing
Communications of the ACM
Automatic predicate abstraction of C programs
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Generating Test Data for Branch Coverage
ASE '00 Proceedings of the 15th IEEE international conference on Automated software engineering
Tracking pointers with path and context sensitivity for bug detection in C programs
Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
Test input generation with java PathFinder
ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
Scalable error detection using boolean satisfiability
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Check 'n' crash: combining static checking and testing
Proceedings of the 27th international conference on Software engineering
DART: directed automated random testing
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Generalizing symbolic execution to library classes
PASTE '05 Proceedings of the 6th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
EXE: automatically generating inputs of death
Proceedings of the 13th ACM conference on Computer and communications security
Compositional dynamic test generation
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Under-constrained execution: making automatic code destruction easy and scalable
Proceedings of the 2007 international symposium on Software testing and analysis
Low-level library analysis and summarization
CAV'07 Proceedings of the 19th international conference on Computer aided verification
Structural abstraction of software verification conditions
CAV'07 Proceedings of the 19th international conference on Computer aided verification
DSD-Crasher: A hybrid analysis tool for bug finding
ACM Transactions on Software Engineering and Methodology (TOSEM)
Finding bugs in dynamic web applications
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
Using Dynamic Symbolic Execution to Improve Deductive Verification
SPIN '08 Proceedings of the 15th international workshop on Model Checking Software
Differential symbolic execution
Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering
Symbolic program analysis using term rewriting and generalization
Proceedings of the 2008 International Conference on Formal Methods in Computer-Aided Design
Snugglebug: a powerful approach to weakest preconditions
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Reducing Test Inputs Using Information Partitions
CAV '09 Proceedings of the 21st International Conference on Computer Aided Verification
Efficient Testing of Concurrent Programs with Abstraction-Guided Symbolic Execution
Proceedings of the 16th International SPIN Workshop on Model Checking Software
Compositional may-must program analysis: unleashing the power of alternation
Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
PLDI '10 Proceedings of the 2010 ACM SIGPLAN conference on Programming language design and implementation
Abstract path testing with PathCrawler
Proceedings of the 5th Workshop on Automation of Software Test
Exploiting program dependencies for scalable multiple-path symbolic execution
Proceedings of the 19th international symposium on Software testing and analysis
KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Testing techniques in software engineering
Testing techniques in software engineering
Proceedings of the 33rd International Conference on Software Engineering
Theoretical aspects of compositional symbolic execution
FASE'11/ETAPS'11 Proceedings of the 14th international conference on Fundamental approaches to software engineering: part of the joint European conferences on theory and practice of software
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Modular bug detection with inertial refinement
Proceedings of the 2010 Conference on Formal Methods in Computer-Aided Design
Automatic partial loop summarization in dynamic test generation
Proceedings of the 2011 International Symposium on Software Testing and Analysis
Compositional CLP-based test data generation for imperative languages
LOPSTR'10 Proceedings of the 20th international conference on Logic-based program synthesis and transformation
A Parallel Approach to Concolic Testing with Low-cost Synchronization
Electronic Notes in Theoretical Computer Science (ENTCS)
Statically validating must summaries for incremental compositional dynamic test generation
SAS'11 Proceedings of the 18th international conference on Static analysis
Efficient loop navigation for symbolic execution
ATVA'11 Proceedings of the 9th international conference on Automated technology for verification and analysis
A slice-based decision procedure for type-based partial orders
IJCAR'10 Proceedings of the 5th international conference on Automated Reasoning
Symbolic execution of UML-RT State Machines
Proceedings of the 27th Annual ACM Symposium on Applied Computing
Efficient state merging in symbolic execution
Proceedings of the 33rd ACM SIGPLAN conference on Programming Language Design and Implementation
Symbolic execution of communicating and hierarchically composed UML-RT state machines
NFM'12 Proceedings of the 4th international conference on NASA Formal Methods
Compositional load test generation for software pipelines
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Build code analysis with symbolic evaluation
Proceedings of the 34th International Conference on Software Engineering
Automated concolic testing of smartphone apps
Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering
Information reuse for multi-goal reachability analyses
ESOP'13 Proceedings of the 22nd European conference on Programming Languages and Systems
State of the art: Dynamic symbolic execution for automated test generation
Future Generation Computer Systems
Boosting concolic testing via interpolation
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
An orchestrated survey of methodologies for automated software test case generation
Journal of Systems and Software
Toward a verifiable software dataplane
Proceedings of the Twelfth ACM Workshop on Hot Topics in Networks
Finding trojan message vulnerabilities in distributed systems
Proceedings of the 19th international conference on Architectural support for programming languages and operating systems
A distributed framework for demand-driven software vulnerability detection
Journal of Systems and Software
Software dataplane verification
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
| Hi-index | 0.00 |
We discuss how to perform symbolic execution of large programs in a manner that is both compositional (hence more scalable) and demand-driven. Compositional symbolic execution means finding feasible interprocedural program paths by composing symbolic executions of feasible intraprocedural paths. By demand-driven, we mean that as few intraprocedural paths as possible are symbolically executed in order to form an interprocedural path leading to a specific target branch or statement of interest (like an assertion). A key originality of this work is that our demand-driven compositional interprocedural symbolic execution is performed entirely using first-order logic formulas solved with an off-the-shelf SMT (Satisfiability-Modulo-Theories) solver - no procedure in-lining or custom algorithm is required for the interprocedural part. This allows a uniform and elegant way of summarizing procedures at various levels of detail and of composing those using logic formulas. We have implemented a prototype of this novel symbolic execution technique as an extension of Pex, a general automatic testing framework for .NET applications. Preliminary experimental results are encouraging. For instance, our prototype was able to generate tests triggering assertion violations in programs with large numbers of program paths that were beyond the scope of non-compositional test generation.