A static analyzer for finding dynamic programming errors
Software—Practice & Experience
Symbolic execution and program testing
Communications of the ACM
Using symbolic execution for verifying safety-critical systems
Proceedings of the 8th European software engineering conference held jointly with 9th ACM SIGSOFT international symposium on Foundations of software engineering
ACM '76 Proceedings of the 1976 annual conference
DART: directed automated random testing
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
CUTE: a concolic unit testing engine for C
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Test input generation for java containers using state matching
Proceedings of the 2006 international symposium on Software testing and analysis
Using model checking with symbolic execution to verify parallel numerical programs
Proceedings of the 2006 international symposium on Software testing and analysis
Compositional dynamic test generation
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Variably interprocedural program analysis for runtime error detection
Proceedings of the 2007 international symposium on Software testing and analysis
Kiasan/KUnit: Automatic Test Case Generation and Analysis Feedback for Open Object-oriented Systems
TAICPART-MUTATION '07 Proceedings of the Testing: Academic and Industrial Conference Practice and Research Techniques - MUTATION
Just enough learning (of association rules): the TAR2 "Treatment" learner
Artificial Intelligence Review
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
Automating Software Testing Using Program Analysis
IEEE Software
EXE: Automatically Generating Inputs of Death
ACM Transactions on Information and System Security (TISSEC)
Model Based Analysis and Test Generation for Flight Software
SMC-IT '09 Proceedings of the Third IEEE International Conference on Space Mission Challenges for Information Technology
A race-detection and flipping algorithm for automated testing of multi-threaded programs
HVC'06 Proceedings of the 2nd international Haifa verification conference on Hardware and software, verification and testing
Generalized symbolic execution for model checking and testing
TACAS'03 Proceedings of the 9th international conference on Tools and algorithms for the construction and analysis of systems
Pex: white box test generation for .NET
TAP'08 Proceedings of the 2nd international conference on Tests and proofs
Exploiting program dependencies for scalable multiple-path symbolic execution
Proceedings of the 19th international symposium on Software testing and analysis
KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Symbolic PathFinder: symbolic execution of Java bytecode
Proceedings of the IEEE/ACM international conference on Automated software engineering
FloPSy: search-based floating point constraint solving for symbolic execution
ICTSS'10 Proceedings of the 22nd IFIP WG 6.1 international conference on Testing software and systems
CORAL: solving complex constraints for symbolic pathfinder
NFM'11 Proceedings of the Third international conference on NASA Formal methods
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Symstra: a framework for generating object-oriented unit tests using symbolic execution
TACAS'05 Proceedings of the 11th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Formal testing for separation assurance
Annals of Mathematics and Artificial Intelligence
Heap cloning: Enabling dynamic symbolic execution of java programs
ASE '11 Proceedings of the 2011 26th IEEE/ACM International Conference on Automated Software Engineering
Mutation based test case generation via a path selection strategy
Information and Software Technology
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Puzzle-based automatic testing: bringing humans into the loop by solving puzzles
Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering
Verifying systems rules using rule-directed symbolic execution
Proceedings of the eighteenth international conference on Architectural support for programming languages and operating systems
Feedback-directed unit test generation for C/C++ using concolic execution
Proceedings of the 2013 International Conference on Software Engineering
Enhancing symbolic execution with built-in term rewriting and constrained lazy initialization
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
An orchestrated survey of methodologies for automated software test case generation
Journal of Systems and Software
User-defined backtracking criteria for symbolic execution
ACM SIGSOFT Software Engineering Notes
Hi-index | 0.01 |
Symbolic execution is a powerful static program analysis technique that has been used for the automated generation of test inputs. Directed Automated Random Testing (DART) is a dynamic variant of symbolic execution that initially uses random values to execute a program and collects symbolic path conditions during the execution. These conditions are then used to produce new inputs to execute the program along different paths. It has been argued that DART can handle situations where classical static symbolic execution fails due to incompleteness in decision procedures and its inability to handle external library calls. We propose here a technique that mitigates these previous limitations of classical symbolic execution. The proposed technique splits the generated path conditions into (a) constraints that can be solved by a decision procedure and (b) complex non-linear constraints with uninterpreted functions to represent external library calls. The solutions generated from the decision procedure are used to simplify the complex constraints and the resulting path conditions are checked again for satisfiability. We also present heuristics that can further improve our technique. We show how our technique can enable classical symbolic execution to cover paths that other dynamic symbolic execution approaches cannot cover. Our method has been implemented within the Symbolic PathFinder tool and has been applied to several examples, including two from the NASA domain.