Symbolic bounds analysis of pointers, array indices, and accessed memory regions
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
Finding bugs with a constraint solver
Proceedings of the 2000 ACM SIGSOFT international symposium on Software testing and analysis
Extended static checking for Java
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Parametric shape analysis via 3-valued logic
ACM Transactions on Programming Languages and Systems (TOPLAS)
Korat: automated testing based on Java predicates
ISSTA '02 Proceedings of the 2002 ACM SIGSOFT international symposium on Software testing and analysis
An analyzable annotation language
OOPSLA '02 Proceedings of the 17th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Automated Software Engineering
Symmetry Reduction Criteria for Software Model Checking
Proceedings of the 9th International SPIN Workshop on Model Checking of Software
DynAlloy: upgrading alloy with actions
Proceedings of the 27th international conference on Software engineering
MuJava: an automated class mutation system: Research Articles
Software Testing, Verification & Reliability
Test input generation for java containers using state matching
Proceedings of the 2006 international symposium on Software testing and analysis
Modular verification of code with SAT
Proceedings of the 2006 international symposium on Software testing and analysis
Saturn: A scalable framework for error detection using Boolean satisfiability
ACM Transactions on Programming Languages and Systems (TOPLAS) - Special issue on POPL 2005
Finding bugs efficiently with a SAT solver
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
SEFM '07 Proceedings of the Fifth IEEE International Conference on Software Engineering and Formal Methods
Efficient Analysis of DynAlloy Specifications
ACM Transactions on Software Engineering and Methodology (TOSEM)
Proceedings of the the 7th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Using first-order theorem provers in the Jahob data structure verification system
VMCAI'07 Proceedings of the 8th international conference on Verification, model checking, and abstract interpretation
Kodkod: a relational model finder
TACAS'07 Proceedings of the 13th international conference on Tools and algorithms for the construction and analysis of systems
Checking properties of heap-manipulating procedures with a constraint solver
TACAS'03 Proceedings of the 9th international conference on Tools and algorithms for the construction and analysis of systems
Beyond assertions: advanced specification and verification with JML and ESC/Java2
FMCO'05 Proceedings of the 4th international conference on Formal Methods for Components and Objects
F-SOFT: software verification platform
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
An incremental heap canonicalization algorithm
SPIN'05 Proceedings of the 12th international conference on Model Checking Software
Testing container classes: random or systematic?
FASE'11/ETAPS'11 Proceedings of the 14th international conference on Fundamental approaches to software engineering: part of the joint European conferences on theory and practice of software
Incorporating coverage criteria in bounded exhaustive black box test generation of structural inputs
TAP'11 Proceedings of the 5th international conference on Tests and proofs
A dataflow analysis to improve SAT-based bounded program verification
SEFM'11 Proceedings of the 9th international conference on Software engineering and formal methods
Combining search-based and constraint-based testing
ASE '11 Proceedings of the 2011 26th IEEE/ACM International Conference on Automated Software Engineering
Proceedings of the 27th Annual ACM Symposium on Applied Computing
SMT-based enumeration of object graphs from UML class diagrams
ACM SIGSOFT Software Engineering Notes
Probabilistic symbolic execution
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Sound empirical evidence in software testing
Proceedings of the 34th International Conference on Software Engineering
Comparing non-adequate test suites using coverage criteria
Proceedings of the 2013 International Symposium on Software Testing and Analysis
Parallel bounded analysis in code with rich invariants by refinement of field bounds
Proceedings of the 2013 International Symposium on Software Testing and Analysis
Scaling symbolic execution using staged analysis
Innovations in Systems and Software Engineering
Growing solver-aided languages with rosette
Proceedings of the 2013 ACM international symposium on New ideas, new paradigms, and reflections on programming & software
Hi-index | 0.00 |
SAT-based bounded verification of annotated code consists of translating the code together with the annotations to a propositional formula, and analyzing the formula for specification violations using a SAT-solver. If a violation is found, an execution trace exposing the error is exhibited. Code involving linked data structures with intricate invariants is particularly hard to analyze using these techniques. In this article we present TACO, a prototype tool which implements a novel, general and fully automated technique for the SAT-based analysis of JML-annotated Java sequential programs dealing with complex linked data structures. We instrument code analysis with a symmetry-breaking predicate that allows for the parallel, automated computation of tight bounds for Java fields. Experiments show that the translations to propositional formulas require significantly less propositional variables, leading in the experiments we have carried out to an improvement on the efficiency of the analysis of orders of magnitude, compared to the non-instrumented SAT-based analysis. We show that, in some cases, our tool can uncover bugs that cannot be detected by state-of-the-art tools based on SAT-solving, model checking or SMT-solving.