Using symbolic execution for verification of Ada tasking programs
ACM Transactions on Programming Languages and Systems (TOPLAS)
An experimental evaluation of a symbolic execution system
Software Engineering Journal
Automated test data generation for programs with procedures
ISSTA '96 Proceedings of the 1996 ACM SIGSOFT international symposium on Software testing and analysis
Quickly detecting relevant program invariants
Proceedings of the 22nd international conference on Software engineering
Symbolic execution and program testing
Communications of the ACM
Extended static checking for Java
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Automated Software Engineering
SELECT—a formal system for testing and debugging programs by symbolic execution
Proceedings of the international conference on Reliable software
Bogor: an extensible and highly-modular software model checking framework
Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
Symbolic Execution of Program Paths Involving Pointer and Structure Variables
QSIC '04 Proceedings of the Quality Software, Fourth International Conference
OOPSLA '04 Companion to the 19th annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications
JCrasher: an automatic robustness tester for Java
Software—Practice & Experience
Check 'n' crash: combining static checking and testing
Proceedings of the 27th international conference on Software engineering
DART: directed automated random testing
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
CUTE: a concolic unit testing engine for C
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Automatically Generating Malicious Disks using Symbolic Execution
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
DSD-Crasher: a hybrid analysis tool for bug finding
Proceedings of the 2006 international symposium on Software testing and analysis
Statically detecting likely buffer overflow vulnerabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Generalized symbolic execution for model checking and testing
TACAS'03 Proceedings of the 9th international conference on Tools and algorithms for the construction and analysis of systems
Symstra: a framework for generating object-oriented unit tests using symbolic execution
TACAS'05 Proceedings of the 11th international conference on Tools and Algorithms for the Construction and Analysis of Systems
ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
Execution generated test cases: how to make systems code crash itself
SPIN'05 Proceedings of the 12th international conference on Model Checking Software
DSD-Crasher: A hybrid analysis tool for bug finding
ACM Transactions on Software Engineering and Methodology (TOSEM)
Combining symbolic execution with model checking to verify parallel numerical programs
ACM Transactions on Software Engineering and Methodology (TOSEM)
Verifying dereference safety via expanding-scope analysis
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
ReCrash: Making Software Failures Reproducible by Preserving Object States
ECOOP '08 Proceedings of the 22nd European conference on Object-Oriented Programming
Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering
Blended analysis for improving the quality of framework-intensive applications
Proceedings of the 2008 Foundations of Software Engineering Doctoral Symposium
Accurate Interprocedural Null-Dereference Analysis for Java
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Fault localization and repair for Java runtime exceptions
Proceedings of the eighteenth international symposium on Software testing and analysis
Efficient Testing of Concurrent Programs with Abstraction-Guided Symbolic Execution
Proceedings of the 16th International SPIN Workshop on Model Checking Software
On test repair using symbolic execution
Proceedings of the 19th international symposium on Software testing and analysis
Impendulo: debugging the programmer
Proceedings of the IEEE/ACM international conference on Automated software engineering
Symbolic execution with mixed concrete-symbolic solving
Proceedings of the 2011 International Symposium on Software Testing and Analysis
A symbolic analysis framework for static analysis of imperative programming languages
Journal of Systems and Software
Heap cloning: Enabling dynamic symbolic execution of java programs
ASE '11 Proceedings of the 2011 26th IEEE/ACM International Conference on Automated Software Engineering
Symbolic execution of UML-RT State Machines
Proceedings of the 27th Annual ACM Symposium on Applied Computing
Symbolic execution of communicating and hierarchically composed UML-RT state machines
NFM'12 Proceedings of the 4th international conference on NASA Formal Methods
Residual investigation: predictive and precise bug detection
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Test-case generation and bug-finding through symbolic execution
Proceedings of the South African Institute for Computer Scientists and Information Technologists Conference
Automated coverage calculation and test case generation
Proceedings of the South African Institute for Computer Scientists and Information Technologists Conference
An orchestrated survey of methodologies for automated software test case generation
Journal of Systems and Software
| Hi-index | 0.00 |
This paper describes an analysis approach based on a of static and dynamic techniques to ?nd run-time errors in Java code. It uses symbolic execution to ?nd constraints under which an error (e.g. a null pointer dereference, array out of bounds access, or assertion violation) may occur and then solves these constraints to ?nd test inputs that may expose the error. It only alerts the user to the possibility of a real error when it detects the expected exception during a program run. The analysis is customizable in two important ways. First, we can adjust how deeply to follow calls from each top-level method. Second, we can adjust the path termination tion for the symbolic execution engine to be either a bound on the path condition length or a bound on the number of times each instruction can be revisited. We evaluated the tool on a set of benchmarks from the literature as well as a number of real-world systems that range in size from a few thousand to 50,000 lines of code. The tool discovered all known errors in the benchmarks (as well as some not previously known) and reported on average 8 errors per 1000 lines of code for the industrial examples. In both cases the interprocedural call depth played little role in the error detection. That is, an intraprocedural analysis seems adequate for the class of errors we detect.