2016
DOI: 10.1007/978-3-319-48989-6_28
|View full text |Cite
|
Sign up to set email alerts
|

Towards Concolic Testing for Hybrid Systems

Abstract: Abstract. Hybrid systems exhibit both continuous and discrete behavior. Analyzing hybrid systems is known to be hard. Inspired by the idea of concolic testing (of programs), we investigate whether we can combine random sampling and symbolic execution in order to effectively verify hybrid systems. We identify a sufficient condition under which such a combination is more effective than random sampling. Furthermore, we analyze different strategies of combining random sampling and symbolic execution and propose an… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
4
1

Citation Types

0
9
0

Year Published

2016
2016
2023
2023

Publication Types

Select...
5
3

Relationship

6
2

Authors

Journals

citations
Cited by 11 publications
(9 citation statements)
references
References 35 publications
0
9
0
Order By: Relevance
“…Castellanos et al [20], McLaughlin et al [64], and Zhang et al [85] perform formal analyses based on models extracted from the PLC programs, whereas Etigowni et al [31] analyse information flow using symbolic execution. If a CPS can be modelled as a hybrid system, then a number of formal techniques may be applied, including model checking [34,80], SMT solving [36], reachability analysis [54], non-standard analysis [47], process calculi [59], concolic testing [57], and theorem proving [70]. Defining a formal model that accurately characterises enough of the CPS, however, is the hardest part, especially for techniques such as active fuzzing that operate directly at the level of packet payloads.…”
Section: Related Workmentioning
confidence: 99%
“…Castellanos et al [20], McLaughlin et al [64], and Zhang et al [85] perform formal analyses based on models extracted from the PLC programs, whereas Etigowni et al [31] analyse information flow using symbolic execution. If a CPS can be modelled as a hybrid system, then a number of formal techniques may be applied, including model checking [34,80], SMT solving [36], reachability analysis [54], non-standard analysis [47], process calculi [59], concolic testing [57], and theorem proving [70]. Defining a formal model that accurately characterises enough of the CPS, however, is the hardest part, especially for techniques such as active fuzzing that operate directly at the level of packet payloads.…”
Section: Related Workmentioning
confidence: 99%
“…Etigowni et al [60] define a CPS control solution for securing power grids, focusing on information flow analyses based on (potentially verifiable) policy logic and symbolic execution. Beyond these examples, if a CPS can be modelled as a hybrid system, there are several formal methods that can be applied to it, including model checking [61], [62], SMT solving [63], non-standard analysis [64], process calculi [65], concolic testing [66], and theorem proving [67]. Defining a formal model that accurately characterises enough of the physical process and its interactions with the PLCs is, however, the hardest part.…”
Section: Related Workmentioning
confidence: 99%
“…With these, the CPS can be modelled as a hybrid system and a variety of established techniques can be applied (e.g. model checking [40], SMT solving [41], non-standard analysis [42], concolic testing [43], runtime model validation [44], or theorem proving [45,46]). With discretised models of the physical part, classical modelling and verification techniques can also be applied, e.g.…”
Section: Related Workmentioning
confidence: 99%