A Structure-preserving Clause Form Translation
Journal of Symbolic Computation
Efficiently computing static single assignment form and the control dependence graph
ACM Transactions on Programming Languages and Systems (TOPLAS)
The chaining approach for software test data generation
ACM Transactions on Software Engineering and Methodology (TOSEM)
A semantic model of program faults
ISSTA '96 Proceedings of the 1996 ACM SIGSOFT international symposium on Software testing and analysis
Automated program flaw finding using simulated annealing
Proceedings of the 1998 ACM SIGSOFT international symposium on Software testing and analysis
Chaff: engineering an efficient SAT solver
Proceedings of the 38th annual Design Automation Conference
Proceedings of the 8th European software engineering conference held jointly with 9th ACM SIGSOFT international symposium on Foundations of software engineering
A Rule-Based Software Test Data Generator
IEEE Transactions on Knowledge and Data Engineering
Symbolic Model Checking without BDDs
TACAS '99 Proceedings of the 5th International Conference on Tools and Algorithms for Construction and Analysis of Systems
Benefits of Bounded Model Checking at an Industrial Setting
CAV '01 Proceedings of the 13th International Conference on Computer Aided Verification
A Practical Approach to Coverage in Model Checking
CAV '01 Proceedings of the 13th International Conference on Computer Aided Verification
Behavioral consistency of C and verilog programs using bounded model checking
Proceedings of the 40th annual Design Automation Conference
Generating Tests from Counterexamples
Proceedings of the 26th International Conference on Software Engineering
TestEra: Specification-Based Testing of Java Programs Using SAT
Automated Software Engineering
DART: directed automated random testing
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
CUTE: a concolic unit testing engine for C
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
Pex: white box test generation for .NET
TAP'08 Proceedings of the 2nd international conference on Tests and proofs
Parameterized unit testing with Pex
TAP'08 Proceedings of the 2nd international conference on Tests and proofs
KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
On the adoption of model checking in safety-related software industry
SAFECOMP'11 Proceedings of the 30th international conference on Computer safety, reliability, and security
Formal verification and validation of ERTMS industrial railway train spacing system
CAV'12 Proceedings of the 24th international conference on Computer Aided Verification
Hi-index | 0.00 |
Testing and Bounded Model Checking (BMC) are two techniques used in Software Verification for bug-hunting. They are expression of two different philosophies: testing is used on the compiled code and it is more suited to find errors in common behaviors, while BMC is used on the source code to find errors in uncommon behaviors of the system. Nowadays, testing is by far the most used technique for software verification in industry: it is easy to use and even when no error is found, it can release a set of tests certifying the (partial) correctness of the compiled system. In the case of safety critical software, in order to increase the confidence of the correctness of the compiled system, it is often required that the provided set of tests covers 100% of the code. This requirement, however, substantially increases the costs associated to the testing phase, since it often involves the manual generation of tests. In this paper we show how BMC can be productively applied to the Software Verification process in industry. In particular, we show how to productively use a Bounded Model Checker for C programs (CBMC) as an automatic test generator for the Coverage Analysis of Safety Critical Software. In particular, we experimented CBMC on a subset of the modules of the European Train Control System (ETCS) of the European Rail Traffic Management System (ERTMS) source code, an industrial system for the control of the traffic railway, provided by Ansaldo STS. The Code of the ERTMS/ETCS, with thousands of lines, has been used as trial application with CBMC obtaining a set of tests satisfying the target 100% code coverage, requested by the CENELEC EN50128 guidelines for software development of safety critical systems. The use of CBMC for test generation led to a dramatic increase in the productivity of the entire Software Development process by substantially reducing the costs of the testing phase. To the best of our knowledge, this is the first time that BMC techniques have been used in an industrial setting for automatically generating tests achieving full coverage of Safety-Critical Software. The positive results demonstrate the maturity of Bounded Model Checking techniques for automatic test generation in industry.