Using symbolic execution to guide test generation: Research Articles

Authors:
Gareth Lee;John Morris;Kris Parker;Gary A. Bundell;Peng Lam
Affiliations:
Department of Computer Science and Software Engineering, The University of Western Australia, Crawley, WA 6009, Australia;Department of Electrical Eng., The Univ. of Auckland, Private Bag 92019, Auckland, New Zealand and Dept. of Electrical and Electronics Eng., Chung-Ang Univ., Huksuk-dong 221, Dongjak-gu, Seoul 156 ...;Division of Science and Engineering, Murdoch University, South Street, Murdoch, WA 6150, Australia;Department of Electrical and Electronic Engineering, The University of Western Australia, Crawley, WA 6009, Australia;School of Computer and Information Science, Edith Cowan University, Joondalup, WA 6027, Australia
Venue:
Software Testing, Verification & Reliability
Year:
2005

Citing 0
Cited 7

Software Testing Research: Achievements, Challenges, Dreams

FOSE '07 2007 Future of Software Engineering
Concolic testing

Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
Universal symbolic execution and its application to likely data structure invariant generation

ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
The dependence condition graph: Precise conditions for dependence between program points

Computer Languages, Systems and Structures
A Parallel Approach to Concolic Testing with Low-cost Synchronization

Electronic Notes in Theoretical Computer Science (ENTCS)
Linear obfuscation to combat symbolic execution

ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Implementing conformiq Qtronic

TestCom'07/FATES'07 Proceedings of the 19th IFIP TC6/WG6.1 international conference, and 7th international conference on Testing of Software and Communicating Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Although a number of weaknesses of symbolic execution, when used for software testing, have been highlighted in the literature, the recent resurgence of strongly-typed languages has created opportunities for re-examining symbolic execution to determine whether these shortfalls can be overcome. This paper discusses symbolic execution in general and makes two contributions: (a) overcoming one of the key problems, analysing programs with indexed arrays; and (b) describing the incorporation of a symbolic execution module for test case generation into an integrated testing tool. For methods which index arrays, a new approach determines all the possible values of each array index, allowing the generation of equivalence classes for every possible combination of array element aliases. An incremental simplification approach, which converts path expressions to canonical forms in order to identify infeasible paths at the earliest opportunity and thus reduce the analysis time, is also described. Symbolic execution is most effective when included in an integrated test and analysis environment: a component test bench was built with a symbolic execution module integrated into it, providing a toolbox of software component test and code analysis methods aimed at programmers at all levels. Copyright © 2000 John Wiley & Sons, Ltd.