Heuristics for Scalable Dynamic Test Generation

Burnim, Jacob; Sen, Koushik

doi:10.1109/ase.2008.69

Cited by 312 publications

(276 citation statements)

References 24 publications

(28 reference statements)

Supporting

Mentioning

274

Contrasting

Unclassified

Order By: Relevance

“…Despite the overhead in memory and time consumption related to caching (to store, lookup, and combine solutions), it has been observed that this optimization is beneficial. Popular symbolic execution tools, such as CREST [15], KLEE [16], PEX [32] and SPF [26], use similar features.…”

Section: Incremental Constraint Solving Approachesmentioning

confidence: 99%

A Comparative Study of Incremental Constraint Solving Approaches in Symbolic Execution

Liu

Araújo

d’Amorim

et al. 2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Constraint solving is a major source of cost in Symbolic Execution (SE). This paper presents a study to assess the importance of some sensible options for solving constraints in SE. The main observation is that stack-based approaches to incremental solving is often much faster compared to cache-based approaches, which are more popular. Considering all 96 C programs from the KLEE benchmark that we analyzed, the median speedup obtained with a (non-optimized) stack-based approach was of 5x. Results suggest that tools should take advantage of incremental solving support from modern SMT solvers and researchers should look for ways to combine stack-and cache-based approaches to reduce execution cost even further. Instructions to reproduce results are available online: http://asa.iti.kit.edu/130_392.php

show abstract

Section: Incremental Constraint Solving Approachesmentioning

confidence: 99%

A Comparative Study of Incremental Constraint Solving Approaches in Symbolic Execution

Liu

Araújo

d’Amorim

et al. 2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…The Pex tool is not open-source but provides an extension interface. To the best of our knowledge, available open-source constraint-based testing tools are KLEE [14] (used as a core component of the S2E platform [63]) and CREST [64] (for C code) as well as Symbolic Path Finder [17] (for Java byte-code).…”

Section: Future Workmentioning

confidence: 99%

Relational symbolic execution of SQL code for unit testing of database programs

Marcozzi

Vanhoof

Hainaut

2015

Science of Computer Programming

View full text Add to dashboard Cite

Symbolic execution is a technique enabling the automatic generation of test inputs that exercise a set of execution paths within a code unit to be tested. If the paths cover a sufficient part of the code under test, the test data offer a representative view of the actual behaviour of this code. This notably enables detecting errors and correcting faults. Relational databases are ubiquitous in software, but symbolic execution of code units that manipulate them remains a non-trivial problem, particularly because of the complex structure of such databases and the complex behaviour of SQL statements. Finding errors in such code units is yet critical, as it can avoid corrupting important data. In this work, we define a symbolic execution translating database manipulation code directly into constraints and integrate it with a more traditional symbolic execution of normal program code. The database tables are represented by relational symbols and the SQL statements by relational constraints over these symbols. An algorithm based on these principles is presented for the symbolic execution of simple Java methods that implement transactional use cases by reading and writing in a relational database, the latter subject to data integrity constraints. The algorithm is integrated in a test generation tool and experimented over sample code. The target language for the constraints produced by the tool is the SMT-Lib standard and the used solver is Microsoft Z3. The results show that the proposed approach enables generating meaningful test data, including valid database content, in reasonable time. In particular, the Z3 solver is shown to be more scalable than the Alloy solver, used in our previous work, for solving relational constraints.

show abstract

“…Symbolic [9,10,13], and the related concolic [8,17], execution are techniques for systematically exploring the code paths of a given system. The approaches in this space [9,8] use a constraint solver to force code executions to go down a particular branch.…”

Section: Related Workmentioning

confidence: 99%

“…The approaches in this space [9,8] use a constraint solver to force code executions to go down a particular branch. As such, these approaches typically do not require a testing harness when finding bugs in single machine code.…”

Section: Related Workmentioning

confidence: 99%

Fault prediction in distributed systems gone wild

Canini

Novaković

Jovanović

et al. 2010

Proceedings of the 4th International Workshop on Large Scale Distributed Systems and Middleware

View full text Add to dashboard Cite

We consider the problem of predicting faults in deployed, largescale distributed systems that are heterogeneous and federated. Motivated by the importance of ensuring reliability of the services these systems provide, we argue that the key step in making these systems reliable is the need to automatically predict faults. For example, doing so is vital for avoiding Internet-wide outages that occur due to programming errors or misconfigurations.

show abstract

Heuristics for Scalable Dynamic Test Generation

Cited by 312 publications

References 24 publications

A Comparative Study of Incremental Constraint Solving Approaches in Symbolic Execution

A Comparative Study of Incremental Constraint Solving Approaches in Symbolic Execution

Relational symbolic execution of SQL code for unit testing of database programs

Fault prediction in distributed systems gone wild

Contact Info

Product

Resources

About