Symbolic execution for software testing in practice

Cadar, Cristian; Godefroid, Patrice; Khurshid, Sarfraz; Păsăreanu, Corina S.; Sen, Koushik; Tillmann, Nikolai; Visser, Willem

doi:10.1145/1985793.1985995

Cited by 261 publications

(166 citation statements)

References 69 publications

Supporting

Mentioning

165

Contrasting

Unclassified

Order By: Relevance

“…Symbolic execution is a technique that has received much attention in recent years in the context of software testing [10] due to its ability to automatically explore multiple program paths and reason about the program's behaviour along each of them. Tools such as KLEE [9], SAGE [17], JPF-SE [1], BitBlaze [33] and Pex [37] are just some of the symbolic execution engines currently used successfully in academia and in industry.…”

Section: Background and Related Workmentioning

confidence: 99%

make test-zesti: A symbolic execution solution for improving regression testing

Marinescu¹,

Cadar²

2012

2012 34th International Conference on Software Engineering (ICSE)

Self Cite

View full text Add to dashboard Cite

Abstract-Software testing is an expensive and time consuming process, often involving the manual creation of comprehensive regression test suites. However, current testing methodologies do not take full advantage of these tests. In this paper, we present a technique for amplifying the effect of existing test suites using a lightweight symbolic execution mechanism, which thoroughly checks all sensitive operations (e.g., pointer dereferences) executed by the test suite for errors, and explores additional paths around sensitive operations. We implemented this technique in a prototype system called ZESTI (Zero-Effort Symbolic Test Improvement), and applied it to three open-source code bases-GNU Coreutils, libdwarf and readelf-where it found 52 previously unknown bugs, many of which are out of reach of standard symbolic execution. Our technique works transparently to the tester, requiring no additional human effort or changes to source code or tests.

show abstract

Section: Background and Related Workmentioning

confidence: 99%

make test-zesti: A symbolic execution solution for improving regression testing

Marinescu¹,

Cadar²

2012

2012 34th International Conference on Software Engineering (ICSE)

Self Cite

View full text Add to dashboard Cite

show abstract

“…In particular, we explore innovative techniques to improve automated test input generation approaches [29], [121] to strengthen structural coverage testing, which has long been advocated by the software industry to assess test adequacy [20], [56], [117], [132] but is still limited, even with the recent development of advanced techniques [105], [128], [138], [142]. We then enhance security vulnerability detection techniques [64], [93] by integrating static and dynamic program analysis techniques to actively search for security vulnerability defects.…”

Section: Motivationmentioning

confidence: 99%

Goal-oriented dynamic test generation

Khoo

Fong

et al. 2015

Information and Software Technology

View full text Add to dashboard Cite

“…While different approaches exist towards the automatic generation of test data, symbolic execution [5] has been recognised as a state-of-art technique for so-called white-box structural test data generation [6,7,8,9,10]. In such an approach, the idea is to generate test data that in some way cover a sufficiently large part of the control-flow graph of the code unit under test [4].…”

Section: Introductionmentioning

confidence: 99%

“…This test generation process is repeated until test data have been generated for a sufficiently large and diverse number of paths through the control-flow graph, according to some coverage criterion [4]. Test data generation based on symbolic execution is now at the core of various popular open-source and commercial testing tools, some being used in an industrial context, notably at Microsoft and NASA [9].…”

Section: Introductionmentioning

confidence: 99%

Relational symbolic execution of SQL code for unit testing of database programs

Marcozzi

Vanhoof

Hainaut

2015

Science of Computer Programming

View full text Add to dashboard Cite

Symbolic execution is a technique enabling the automatic generation of test inputs that exercise a set of execution paths within a code unit to be tested. If the paths cover a sufficient part of the code under test, the test data offer a representative view of the actual behaviour of this code. This notably enables detecting errors and correcting faults. Relational databases are ubiquitous in software, but symbolic execution of code units that manipulate them remains a non-trivial problem, particularly because of the complex structure of such databases and the complex behaviour of SQL statements. Finding errors in such code units is yet critical, as it can avoid corrupting important data. In this work, we define a symbolic execution translating database manipulation code directly into constraints and integrate it with a more traditional symbolic execution of normal program code. The database tables are represented by relational symbols and the SQL statements by relational constraints over these symbols. An algorithm based on these principles is presented for the symbolic execution of simple Java methods that implement transactional use cases by reading and writing in a relational database, the latter subject to data integrity constraints. The algorithm is integrated in a test generation tool and experimented over sample code. The target language for the constraints produced by the tool is the SMT-Lib standard and the used solver is Microsoft Z3. The results show that the proposed approach enables generating meaningful test data, including valid database content, in reasonable time. In particular, the Z3 solver is shown to be more scalable than the Alloy solver, used in our previous work, for solving relational constraints.

show abstract

Symbolic execution for software testing in practice

Cited by 261 publications

References 69 publications

make test-zesti: A symbolic execution solution for improving regression testing

make test-zesti: A symbolic execution solution for improving regression testing

Goal-oriented dynamic test generation

Relational symbolic execution of SQL code for unit testing of database programs

Contact Info

Product

Resources

About