2021
DOI: 10.1145/3485529
|View full text |Cite
|
Sign up to set email alerts
|

Generative type-aware mutation for testing SMT solvers

Abstract: We propose Generative Type-Aware Mutation, an effective approach for testing SMT solvers. The key idea is to realize generation through the mutation of expressions rooted with parametric operators from the SMT-LIB specification. Generative Type-Aware Mutation is a hybrid of mutation-based and grammar-based fuzzing and features an infinite mutation space—overcoming a major limitation of OpFuzz, the state-of-the-art fuzzer for SMT solvers. We have realized Generative Type-Aware Mutation in a practical SMT solver… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
16
0

Year Published

2022
2022
2024
2024

Publication Types

Select...
3
3

Relationship

0
6

Authors

Journals

citations
Cited by 19 publications
(16 citation statements)
references
References 30 publications
0
16
0
Order By: Relevance
“…Our experimental evaluation shows that Murxla quickly and effectively finds issues in multiple state-of-the-art SMT solvers-even for logics like QF SLIA which have been the subject of month-long fuzzing campaigns [39,47,51,52] over the last two years. Furthermore, during the past few months, while finalizing and testing Murxla, we found many more issues in these solvers-more than 100 for cvc5 alone, and some of them critical [3,4].…”
Section: Discussionmentioning
confidence: 99%
See 3 more Smart Citations
“…Our experimental evaluation shows that Murxla quickly and effectively finds issues in multiple state-of-the-art SMT solvers-even for logics like QF SLIA which have been the subject of month-long fuzzing campaigns [39,47,51,52] over the last two years. Furthermore, during the past few months, while finalizing and testing Murxla, we found many more issues in these solvers-more than 100 for cvc5 alone, and some of them critical [3,4].…”
Section: Discussionmentioning
confidence: 99%
“…We evaluate the efficacy of Murxla in three experiments, comparing: (1) Murxla and BtorMBT, testing Boolector; (2) Murxla and the current state-of-the-art input fuzzers STORM [39] and TypeFuzz [47]; and (3) Murxla with and without option fuzzing. For this evaluation, we target soundness issues and crashes, and do not consider performance regressions.…”
Section: Discussionmentioning
confidence: 99%
See 2 more Smart Citations
“…To detect bugs in Datalog engines, queryFuzz [14] uses metamorphic transformations based on database theory and performs metamorphic testing. OpFuzz [36] and TypeFuzz [20] leverage different mutation strategies of formula generation to test satisfiability modulo theory (SMT) solvers. Compared with these approaches, GDsmith makes the first attempt to address the challenges during automated test generation for graph database engines (which also belong to critical software systems), and detects 27 previously unknown bugs.…”
Section: Related Workmentioning
confidence: 99%