Precise interprocedural dataflow analysis via graph reachability
POPL '95 Proceedings of the 22nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Model checking for programming languages using VeriSoft
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Model checking of hierarchical state machines
SIGSOFT '98/FSE-6 Proceedings of the 6th ACM SIGSOFT international symposium on Foundations of software engineering
A static analyzer for finding dynamic programming errors
Software—Practice & Experience
Symbolic execution and program testing
Communications of the ACM
ESP: path-sensitive program verification in polynomial time
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
A system and language for building system-specific, static analyses
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Art of Software Testing
Korat: automated testing based on Java predicates
ISSTA '02 Proceedings of the 2002 ACM SIGSOFT international symposium on Software testing and analysis
Generating Test Data for Branch Coverage
ASE '00 Proceedings of the 15th IEEE international conference on Automated software engineering
Generating Tests from Counterexamples
Proceedings of the 26th International Conference on Software Engineering
Test input generation with java PathFinder
ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
Check 'n' crash: combining static checking and testing
Proceedings of the 27th international conference on Software engineering
DART: directed automated random testing
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Analysis of recursive state machines
ACM Transactions on Programming Languages and Systems (TOPLAS)
CUTE: a concolic unit testing engine for C
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Automatically Generating Malicious Disks using Symbolic Execution
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Software partitioning for effective automated unit testing
EMSOFT '06 Proceedings of the 6th ACM & IEEE International conference on Embedded software
Symstra: a framework for generating object-oriented unit tests using symbolic execution
TACAS'05 Proceedings of the 11th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Execution generated test cases: how to make systems code crash itself
SPIN'05 Proceedings of the 12th international conference on Model Checking Software
Software model checking: searching for computations in the abstract or the concrete
IFM'05 Proceedings of the 5th international conference on Integrated Formal Methods
Path-Sensitive Inference of Function Precedence Protocols
ICSE '07 Proceedings of the 29th international conference on Software Engineering
Formal Software Analysis Emerging Trends in Software Model Checking
FOSE '07 2007 Future of Software Engineering
Under-constrained execution: making automatic code destruction easy and scalable
Proceedings of the 2007 international symposium on Software testing and analysis
Random testing for security: blackbox vs. whitebox fuzzing
Proceedings of the 2nd international workshop on Random testing: co-located with the 22nd IEEE/ACM International Conference on Automated Software Engineering (ASE 2007)
Bouncer: securing software by blocking bad input
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Directed test generation using symbolic grammars
Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
A genetic approach for random testing of database systems
VLDB '07 Proceedings of the 33rd international conference on Very large data bases
DSD-Crasher: A hybrid analysis tool for bug finding
ACM Transactions on Software Engineering and Methodology (TOSEM)
PHALANX: a graph-theoretic framework for test case prioritization
Proceedings of the 2008 ACM symposium on Applied computing
Grammar-based whitebox fuzzing
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Handling dynamic data structures in search based testing
Proceedings of the 10th annual conference on Genetic and evolutionary computation
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
Testing for buffer overflows with length abstraction
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
Finding bugs in dynamic web applications
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
Protocol Inference Using Static Path Profiles
SAS '08 Proceedings of the 15th international symposium on Static Analysis
Using Dynamic Symbolic Execution to Improve Deductive Verification
SPIN '08 Proceedings of the 15th international workshop on Model Checking Software
EMSOFT '08 Proceedings of the 8th ACM international conference on Embedded software
Differential symbolic execution
Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering
Whispec: white-box testing of libraries using declarative specifications
LCSD '07 Proceedings of the 2007 Symposium on Library-Centric Software Design
Path Feasibility Analysis for String-Manipulating Programs
TACAS '09 Proceedings of the 15th International Conference on Tools and Algorithms for the Construction and Analysis of Systems: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009,
Snugglebug: a powerful approach to weakest preconditions
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Loop-extended symbolic execution on binary programs
Proceedings of the eighteenth international symposium on Software testing and analysis
Reducing Test Inputs Using Information Partitions
CAV '09 Proceedings of the 21st International Conference on Computer Aided Verification
Integration of verification methods for program systems
Programming and Computing Software
Predicting Effectiveness of Automatic Testing Tools
ASE '08 Proceedings of the 2008 23rd IEEE/ACM International Conference on Automated Software Engineering
Full simulation coverage for SystemC transaction-level models of systems-on-a-chip
Formal Methods in System Design
Compositional Verification of Input-Output Conformance via CSP Refinement Checking
ICFEM '09 Proceedings of the 11th International Conference on Formal Engineering Methods: Formal Methods and Software Engineering
Compositional may-must program analysis: unleashing the power of alternation
Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Proceedings of the 2010 ACM Symposium on Applied Computing
RWset: attacking path explosion in constraint-based test generation
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
Demand-driven compositional symbolic execution
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
Pex: white box test generation for .NET
TAP'08 Proceedings of the 2nd international conference on Tests and proofs
Engineering the development of embedded systems
Formal methods and hybrid real-time systems
Mixing type checking and symbolic execution
PLDI '10 Proceedings of the 2010 ACM SIGPLAN conference on Programming language design and implementation
Generation of executable test cases based on behavioral UML system models
Proceedings of the 5th Workshop on Automation of Software Test
Parallel symbolic execution for structural test generation
Proceedings of the 19th international symposium on Software testing and analysis
On test repair using symbolic execution
Proceedings of the 19th international symposium on Software testing and analysis
HotOS'09 Proceedings of the 12th conference on Hot topics in operating systems
KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
How did you specify your test suite
Proceedings of the IEEE/ACM international conference on Automated software engineering
Randomized constraint solvers: a comparative study
Innovations in Systems and Software Engineering
Input generation via decomposition and re-stitching: finding bugs in Malware
Proceedings of the 17th ACM conference on Computer and communications security
An approach for modeling dynamic analysis using ontologies
Proceedings of the Eighth International Workshop on Dynamic Analysis
An empirical investigation into branch coverage for C programs using CUTE and AUSTIN
Journal of Systems and Software
Testing techniques in software engineering
Testing techniques in software engineering
S2E: a platform for in-vivo multi-path analysis of software systems
Proceedings of the sixteenth international conference on Architectural support for programming languages and operating systems
Parallel symbolic execution for automated real-world software testing
Proceedings of the sixth conference on Computer systems
Symbolic crosschecking of floating-point and SIMD code
Proceedings of the sixth conference on Computer systems
Symbolic execution for software testing in practice: preliminary assessment
Proceedings of the 33rd International Conference on Software Engineering
Proceedings of the 33rd International Conference on Software Engineering
An introduction to test specification in FQL
HVC'10 Proceedings of the 6th international conference on Hardware and software: verification and testing
Theoretical aspects of compositional symbolic execution
FASE'11/ETAPS'11 Proceedings of the 14th international conference on Fundamental approaches to software engineering: part of the joint European conferences on theory and practice of software
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Directed incremental symbolic execution
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
eXpress: guided path exploration for efficient regression test generation
Proceedings of the 2011 International Symposium on Software Testing and Analysis
Automatic partial loop summarization in dynamic test generation
Proceedings of the 2011 International Symposium on Software Testing and Analysis
Symbolic execution with mixed concrete-symbolic solving
Proceedings of the 2011 International Symposium on Software Testing and Analysis
Compositional CLP-based test data generation for imperative languages
LOPSTR'10 Proceedings of the 20th international conference on Logic-based program synthesis and transformation
A Parallel Approach to Concolic Testing with Low-cost Synchronization
Electronic Notes in Theoretical Computer Science (ENTCS)
Testing software in age of data privacy: a balancing act
Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering
Path exploration based on symbolic output
Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering
PSO based pseudo dynamic method for automated test case generation using interpreter
ICSI'11 Proceedings of the Second international conference on Advances in swarm intelligence - Volume Part I
Statically validating must summaries for incremental compositional dynamic test generation
SAS'11 Proceedings of the 18th international conference on Static analysis
Practical software model checking via dynamic interface reduction
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
Efficient loop navigation for symbolic execution
ATVA'11 Proceedings of the 9th international conference on Automated technology for verification and analysis
SimFuzz: Test case similarity directed deep fuzzing
Journal of Systems and Software
Symbolic execution of alloy models
ICFEM'11 Proceedings of the 13th international conference on Formal methods and software engineering
The S2E Platform: Design, Implementation, and Applications
ACM Transactions on Computer Systems (TOCS) - Special Issue APLOS 2011
(Quickly) testing the tester via path coverage
WODA '09 Proceedings of the Seventh International Workshop on Dynamic Analysis
Abstract analysis of symbolic executions
CAV'10 Proceedings of the 22nd international conference on Computer Aided Verification
Path-exploration lifting: hi-fi tests for lo-fi emulators
ASPLOS XVII Proceedings of the seventeenth international conference on Architectural Support for Programming Languages and Operating Systems
Formal testing for separation assurance
Annals of Mathematics and Artificial Intelligence
Symbolic execution of UML-RT State Machines
Proceedings of the 27th Annual ACM Symposium on Applied Computing
Proceedings of the 27th Annual ACM Symposium on Applied Computing
Efficient state merging in symbolic execution
Proceedings of the 33rd ACM SIGPLAN conference on Programming Language Design and Implementation
Parallelizing top-down interprocedural analyses
Proceedings of the 33rd ACM SIGPLAN conference on Programming Language Design and Implementation
Integration testing of software product lines using compositional symbolic execution
FASE'12 Proceedings of the 15th international conference on Fundamental Approaches to Software Engineering
Symbolic execution of communicating and hierarchically composed UML-RT state machines
NFM'12 Proceedings of the 4th international conference on NASA Formal Methods
Compositional load test generation for software pipelines
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Build code analysis with symbolic evaluation
Proceedings of the 34th International Conference on Software Engineering
make test-zesti: a symbolic execution solution for improving regression testing
Proceedings of the 34th International Conference on Software Engineering
STING: finding name resolution vulnerabilities in programs
Security'12 Proceedings of the 21st USENIX conference on Security symposium
S2PF: speculative symbolic PathFinder
ACM SIGSOFT Software Engineering Notes
Scaling symbolic execution using ranged analysis
Proceedings of the ACM international conference on Object oriented programming systems languages and applications
Test input generation using dynamic programming
Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering
CarFast: achieving higher statement coverage faster
Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering
Automated concolic testing of smartphone apps
Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering
Interpolation-Based function summaries in bounded model checking
HVC'11 Proceedings of the 7th international Haifa Verification conference on Hardware and Software: verification and testing
Dual analysis for proving safety and finding bugs
Science of Computer Programming
Information reuse for multi-goal reachability analyses
ESOP'13 Proceedings of the 22nd European conference on Programming Languages and Systems
Comparing non-adequate test suites using coverage criteria
Proceedings of the 2013 International Symposium on Software Testing and Analysis
Automated testing with targeted event sequence generation
Proceedings of the 2013 International Symposium on Software Testing and Analysis
Billions and billions of constraints: whitebox fuzz testing in production
Proceedings of the 2013 International Conference on Software Engineering
State of the art: Dynamic symbolic execution for automated test generation
Future Generation Computer Systems
Boosting concolic testing via interpolation
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
Scalable and incremental software bug detection
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
An orchestrated survey of methodologies for automated software test case generation
Journal of Systems and Software
Scaling symbolic execution using staged analysis
Innovations in Systems and Software Engineering
A novel requirement analysis approach for periodic control systems
Frontiers of Computer Science: Selected Publications from Chinese Universities
Input-covering schedules for multithreaded programs
Proceedings of the 2013 ACM SIGPLAN international conference on Object oriented programming systems languages & applications
Steering symbolic execution to less traveled paths
Proceedings of the 2013 ACM SIGPLAN international conference on Object oriented programming systems languages & applications
AppIntent: analyzing sensitive data transmission in android for privacy leakage detection
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Path exploration based on symbolic output
ACM Transactions on Software Engineering and Methodology (TOSEM) - Testing, debugging, and error handling, formal methods, lifecycle concerns, evolution and maintenance
Redundant state detection for dynamic symbolic execution
USENIX ATC'13 Proceedings of the 2013 USENIX conference on Annual Technical Conference
Toward a verifiable software dataplane
Proceedings of the Twelfth ACM Workshop on Hot Topics in Networks
Prototyping symbolic execution engines for interpreted languages
Proceedings of the 19th international conference on Architectural support for programming languages and operating systems
Finding trojan message vulnerabilities in distributed systems
Proceedings of the 19th international conference on Architectural support for programming languages and operating systems
Communications of the ACM
A distributed framework for demand-driven software vulnerability detection
Journal of Systems and Software
Software dataplane verification
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
| Hi-index | 0.02 |
Dynamic test generation is a form of dynamic program analysis that attempts to compute test inputs to drive a program along a specific program path. Directed Automated Random Testing, or DART for short, blends dynamic test generation with model checking techniques with the goal of systematically executing all feasible program paths of a program while detecting various types of errors using run-time checking tools (like Purify, for instance). Unfortunately, systematically executing all feasible program paths does not scale to large, realistic programs.This paper addresses this major limitation and proposes to perform dynamic test generation compositionally, by adapting known techniques for interprocedural static analysis. Specifically, we introduce a new algorithm, dubbed SMART for Systematic Modular Automated Random Testing, that extends DART by testing functions in isolation, encoding test results as function summaries expressed using input preconditions and output postconditions, and then re-using those summaries when testing higher-level functions. We show that, for a fixed reasoning capability, our compositional approach to dynamic test generation (SMART) is both sound and complete compared to monolithic dynamic test generation (DART). In other words, SMART can perform dynamic test generation compositionally without any reduction in program path coverage. We also show that, given a bound on the maximum number of feasible paths in individual program functions, the number of program executions explored by SMART is linear in that bound, while the number of program executions explored by DART can be exponential in that bound. We present examples of C programs and preliminary experimental results that illustrate and validate empirically these properties.