Using symbolic execution for verification of Ada tasking programs
ACM Transactions on Programming Languages and Systems (TOPLAS)
An experimental evaluation of a symbolic execution system
Software Engineering Journal
Automated test data generation for programs with procedures
ISSTA '96 Proceedings of the 1996 ACM SIGSOFT international symposium on Software testing and analysis
Symbolic execution and program testing
Communications of the ACM
Java Virtual Machine Specification
Java Virtual Machine Specification
Soot - a Java bytecode optimization framework
CASCON '99 Proceedings of the 1999 conference of the Centre for Advanced Studies on Collaborative research
SELECT—a formal system for testing and debugging programs by symbolic execution
Proceedings of the international conference on Reliable software
Symbolic Execution of Program Paths Involving Pointer and Structure Variables
QSIC '04 Proceedings of the Quality Software, Fourth International Conference
Java(TM) Language Specification, The (3rd Edition) (Java (Addison-Wesley))
Java(TM) Language Specification, The (3rd Edition) (Java (Addison-Wesley))
JCrasher: an automatic robustness tester for Java
Software—Practice & Experience
Check 'n' crash: combining static checking and testing
Proceedings of the 27th international conference on Software engineering
Variably interprocedural program analysis for runtime error detection
Proceedings of the 2007 international symposium on Software testing and analysis
DSD-Crasher: A hybrid analysis tool for bug finding
ACM Transactions on Software Engineering and Methodology (TOSEM)
EXE: Automatically Generating Inputs of Death
ACM Transactions on Information and System Security (TISSEC)
CAV'07 Proceedings of the 19th international conference on Computer aided verification
Pex: white box test generation for .NET
TAP'08 Proceedings of the 2nd international conference on Tests and proofs
KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Symbolic PathFinder: symbolic execution of Java bytecode
Proceedings of the IEEE/ACM international conference on Automated software engineering
FITE: future integrated testing environment
Proceedings of the FSE/SDP workshop on Future of software engineering research
| Hi-index | 0.00 |
In this paper we present Artemis, a tool to analyse Java bytecode and discover run-time errors. Artemis uses the method of symbolic execution to perform path-sensitive analysis on compiled Java classes, in the process building up constraints under which errors like null pointer dereferences and division-by-zero errors can occur. During the analysis, many warnings for possible errors may occur, but not all paths leading to these warnings are feasible. Artemis uses an external decision procedure---a constraint solver---to decide the feasibility of paths, and only if a path is feasible does it generate a JUnit test case for that path. It signals the possibility of a real error only if a test case manages to detect an expected exception during an actual run by the JUnit core. Artemis allows control of the analysis in two important ways: (1) The depth to which method calls descend can be bounded, and (2) so can the number of times branch statements are executed over symbolic values. We performed an evaluation of a small set of non-trivial benchmarking tests, averaging 450 lines of code, and we concluded that using a call depth of one and branch bound of two is optimal for the discovery of bugs. Although Artemis was written as a Java-only solution, it was constructed so that the various components connect via interfaces. Therefore it is easy to extend, and we plan to explore, amongst others, different constraint solvers in the future.