Introduction to algorithms
A static analyzer for finding dynamic programming errors
Software—Practice & Experience
Symbolic execution and program testing
Communications of the ACM
Test data generation and symbolic execution of programs as an aid to program validation.
Test data generation and symbolic execution of programs as an aid to program validation.
TestEra: Specification-Based Testing of Java Programs Using SAT
Automated Software Engineering
DART: directed automated random testing
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
CUTE: a concolic unit testing engine for C
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Software Abstractions: Logic, Language, and Analysis
Software Abstractions: Logic, Language, and Analysis
EXE: automatically generating inputs of death
Proceedings of the 13th ACM conference on Computer and communications security
Compositional dynamic test generation
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Kodkod: a relational model finder
TACAS'07 Proceedings of the 13th international conference on Tools and algorithms for the construction and analysis of systems
Generalized symbolic execution for model checking and testing
TACAS'03 Proceedings of the 9th international conference on Tools and algorithms for the construction and analysis of systems
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
Symbolic execution for software testing in practice: preliminary assessment
Proceedings of the 33rd International Conference on Software Engineering
Execution generated test cases: how to make systems code crash itself
SPIN'05 Proceedings of the 12th international conference on Model Checking Software
Growing solver-aided languages with rosette
Proceedings of the 2013 ACM international symposium on New ideas, new paradigms, and reflections on programming & software
| Hi-index | 0.00 |
Symbolic execution is a technique for systematic exploration of program behaviors using symbolic inputs, which characterize classes of concrete inputs. Symbolic execution is traditionally performed on imperative programs, such as those in C/C++ or Java. This paper presents a novel approach to symbolic execution for declarative programs, specifically those written in Alloy - a first-order, declarative language based on relations. Unlike imperative programs that describe how to perform computation to conform to desired behavioral properties, declarative programs describe what the desired properties are, without enforcing a specific method for computation. Thus, symbolic execution does not directly apply to declarative programs the way it applies to imperative programs. Our insight is that we can leverage the fully automatic, SAT-based analysis of the Alloy Analyzer to enable symbolic execution of Alloy models - the analyzer generates instances, i.e., valuations for the relations in the model, that satisfy the given properties and thus provides an execution engine for declarative programs. We define symbolic types and operations, which allow the existing Alloy tool-set to perform symbolic execution for the supported types and operations. We demonstrate the efficacy of our approach using a suite of models that represent structurally complex properties. Our approach opens promising avenues for new forms of more efficient and effective analyses of Alloy models.