A Randomized Parallel Backtracking Algorithm
IEEE Transactions on Computers
Randomized parallel algorithms for backtrack search and branch-and-bound computation
Journal of the ACM (JACM)
IEEE Transactions on Software Engineering - Special issue on formal methods in software practice
A static analyzer for finding dynamic programming errors
Software—Practice & Experience
Symbolic execution and program testing
Communications of the ACM
Addressing dynamic issues of program model checking
SPIN '01 Proceedings of the 8th international SPIN workshop on Model checking of software
MPI-The Complete Reference, Volume 1: The MPI Core
MPI-The Complete Reference, Volume 1: The MPI Core
Korat: automated testing based on Java predicates
ISSTA '02 Proceedings of the 2002 ACM SIGSOFT international symposium on Software testing and analysis
State of the Art in Parallel Search Techniques for Discrete Optimization Problems
IEEE Transactions on Knowledge and Data Engineering
Automated Software Engineering
Distributed-Memory Model Checking with SPIN
Proceedings of the 5th and 6th International SPIN Workshops on Theoretical and Practical Aspects of SPIN Model Checking
A Distributed Partial Order Reduction Algorithm
FORTE '02 Proceedings of the 22nd IFIP WG 6.1 International Conference Houston on Formal Techniques for Networked and Distributed Systems
Parallelizing the Murphi Verifier
CAV '97 Proceedings of the 9th International Conference on Computer Aided Verification
Test data generation and symbolic execution of programs as an aid to program validation.
Test data generation and symbolic execution of programs as an aid to program validation.
LLVA: A Low-level Virtual Instruction Set Architecture
Proceedings of the 36th annual IEEE/ACM International Symposium on Microarchitecture
Parallel search for LTL violations
International Journal on Software Tools for Technology Transfer (STTT) - Special section on parallel and distributed model checking
DART: directed automated random testing
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
CUTE: a concolic unit testing engine for C
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
EXE: automatically generating inputs of death
Proceedings of the 13th ACM conference on Computer and communications security
Compositional dynamic test generation
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Parallel Randomized State-Space Search
ICSE '07 Proceedings of the 29th international conference on Software Engineering
ICSE '07 Proceedings of the 29th international conference on Software Engineering
Parallel test generation and execution with Korat
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
A System to Generate Test Data and Symbolically Execute Programs
IEEE Transactions on Software Engineering
Assertion-based repair of complex data structures
Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
Component-Level Energy Consumption Estimation for Distributed Java-Based Software Systems
CBSE '08 Proceedings of the 11th International Symposium on Component-Based Software Engineering
PKorat: Parallel Generation of Structurally Complex Test Inputs
ICST '09 Proceedings of the 2009 International Conference on Software Testing Verification and Validation
JPF-SE: a symbolic execution extension to Java PathFinder
TACAS'07 Proceedings of the 13th international conference on Tools and algorithms for the construction and analysis of systems
Generalized symbolic execution for model checking and testing
TACAS'03 Proceedings of the 9th international conference on Tools and algorithms for the construction and analysis of systems
CAV'07 Proceedings of the 19th international conference on Computer aided verification
KleeNet: discovering insidious interaction bugs in wireless sensor networks before deployment
Proceedings of the 9th ACM/IEEE International Conference on Information Processing in Sensor Networks
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
Parallel symbolic execution for structural test generation
Proceedings of the 19th international symposium on Software testing and analysis
KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Directed incremental symbolic execution
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Practical, low-effort equivalence verification of real code
CAV'11 Proceedings of the 23rd international conference on Computer aided verification
Execution generated test cases: how to make systems code crash itself
SPIN'05 Proceedings of the 12th international conference on Model Checking Software
Proceedings of the 27th Annual ACM Symposium on Applied Computing
Proceedings of the 2012 International Symposium on Software Testing and Analysis
ACM SIGSOFT Software Engineering Notes
Scaling symbolic execution using staged analysis
Innovations in Systems and Software Engineering
Hi-index | 0.00 |
This paper introduces a novel approach to scale symbolic execution --- a program analysis technique for systematic exploration of bounded execution paths---for test input generation. While the foundations of symbolic execution were developed over three decades ago, recent years have seen a real resurgence of the technique, specifically for systematic bug finding. However, scaling symbolic execution remains a primary technical challenge due to the inherent complexity of the path-based exploration that lies at core of the technique. Our key insight is that the state of the analysis can be represented highly compactly: a test input is all that is needed to effectively encode the state of a symbolic execution run. We present ranged symbolic execution, which embodies this insight and uses two test inputs to define a range, i.e., the beginning and end, for a symbolic execution run. As an application of our approach, we show how it enables scalability by distributing the path exploration---both in a sequential setting with a single worker node and in a parallel setting with multiple workers. As an enabling technology, we leverage the open-source, state-of-the-art symbolic execution tool KLEE. Experimental results using 71 programs chosen from the widely deployed GNU Coreutils set of Unix utilities show that our approach provides a significant speedup over KLEE. For example, using 10 worker cores, we achieve an average speed-up of 6.6X for the 71 programs.