Symbolic execution and program testing
Communications of the ACM
Automatically validating temporal safety properties of interfaces
SPIN '01 Proceedings of the 8th international SPIN workshop on Model checking of software
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Korat: automated testing based on Java predicates
ISSTA '02 Proceedings of the 2002 ACM SIGSOFT international symposium on Software testing and analysis
TestEra: A Novel Framework for Automated Testing of Java Programs
Proceedings of the 16th IEEE international conference on Automated software engineering
Test input generation with java PathFinder
ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
DART: directed automated random testing
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
CUTE: a concolic unit testing engine for C
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Empirical Software Engineering
Software Abstractions: Logic, Language, and Analysis
Software Abstractions: Logic, Language, and Analysis
Bogor/Kiasan: A k-bounded Symbolic Execution for Checking Strong Heap Properties of Open Systems
ASE '06 Proceedings of the 21st IEEE/ACM International Conference on Automated Software Engineering
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
New results on rewrite-based satisfiability procedures
ACM Transactions on Computational Logic (TOCL)
Symbolic program analysis using term rewriting and generalization
Proceedings of the 2008 International Conference on Formal Methods in Computer-Aided Design
Beaver: Engineering an Efficient SMT Solver for Bit-Vector Arithmetic
CAV '09 Proceedings of the 21st International Conference on Computer Aided Verification
Proceedings of the the 7th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
JPF-SE: a symbolic execution extension to Java PathFinder
TACAS'07 Proceedings of the 13th international conference on Tools and algorithms for the construction and analysis of systems
Generalized symbolic execution for model checking and testing
TACAS'03 Proceedings of the 9th international conference on Tools and algorithms for the construction and analysis of systems
An empirical study of optimizations in YOGI
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 1
KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Satisfiability of non-linear (Ir)rational arithmetic
LPAR'10 Proceedings of the 16th international conference on Logic for programming, artificial intelligence, and reasoning
CORAL: solving complex constraints for symbolic pathfinder
NFM'11 Proceedings of the Third international conference on NASA Formal methods
Symbolic execution with mixed concrete-symbolic solving
Proceedings of the 2011 International Symposium on Software Testing and Analysis
SAT Modulo Linear Arithmetic for Solving Polynomial Constraints
Journal of Automated Reasoning
Formal testing for separation assurance
Annals of Mathematics and Artificial Intelligence
TestEra: A tool for testing Java programs using alloy specifications
ASE '11 Proceedings of the 2011 26th IEEE/ACM International Conference on Automated Software Engineering
Proceedings of the 27th Annual ACM Symposium on Applied Computing
Hi-index | 0.00 |
Symbolic execution suffers from problems when analyzing programs that handle complex data structures as their inputs and take decisions over non-linear expressions. For these programs, symbolic execution may incur invalid inputs or unidentified infeasible traces, and may raise large amounts of false alarms. Some symbolic executors tackle these problems by introducing executable preconditions to exclude invalid inputs, and some solvers exploit rewrite rules to address non linear problems. In this paper, we discuss the core limitations of executable preconditions, and address these limitations by proposing invariants specifically designed to harmonize with the lazy initialization algorithm. We exploit rewrite rules applied within the symbolic executor, to address simplifications of inverse relationships fostered from either program-specific calculations or the logic of the verification tasks. We present a symbolic executor that integrates the two techniques, and validate our approach against the verification of a relevant set of properties of the Tactical Separation Assisted Flight Environment. The empirical data show that the integrated approach can improve the effectiveness of symbolic execution.