research-article

Free access

Symbolic execution for software testing: three decades later

Authors:

Cristian Cadar,

Koushik SenAuthors Info & Claims

Communications of the ACM, Volume 56, Issue 2

Pages 82 - 90

https://doi.org/10.1145/2408776.2408795

Published: 01 February 2013 Publication History

All formats PDF

Abstract

The challenges---and great promise---of modern symbolic execution techniques, and the tools to help implement them.

References

[1]

Anand, S., Păsăreanu, C.S. and Visser, W. JPF-SE: A symbolic execution extension to Java PathFinder. In Proceedings of TACAS'07.

Digital Library

Google Scholar

[2]

Avgerinos, T., Cha, S.K., Hao, B.L.T. and Brumley, D. AEG: Automatic exploit generation. In Proceedings of NDSS'11, (Feb. 2011).

Google Scholar

[3]

Baluda, M., Braione, P., Denaro, G. and Pezzè, M. Structural coverage of feasible code. In Proceedings of AST'10.

Digital Library

Google Scholar

[4]

Bethea, D., Cochran, R. and Reiter, M. Server-side verification of client behavior in online games. In Proceedings of NDSS'10, 2010.

Google Scholar

[5]

Boonstoppel, P., Cadar, C. and Engler, D. RWset: Attacking path explosion in constraint-based test generation. In Proceedings of TACAS'08, (Mar--Apr 2008).

Digital Library

Google Scholar

[6]

Boyer, R.S., Elspas, B. and Levitt, K.N. SELECT---A formal system for testing and debugging programs by symbolic execution. SIGPLAN Not. 10 (1975), 234--245.

Digital Library

Google Scholar

[7]

Burnim, J. and Sen, K. Heuristics for scalable dynamic test generation. In Proceedings of ASE'08, (Sept. 2008).

Digital Library

Google Scholar

[8]

Cadar, C., Dunbar, D. and Engler, D. KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs. In Proceedings of OSDI'08, (Dec 2008).

Digital Library

Google Scholar

[9]

Cadar, C. and Engler, D. Execution generated test cases: How to make systems code crash itself (invited paper). In Proceedings of SPIN'05, (Aug 2005).

Digital Library

Google Scholar

[10]

Cadar, C., Ganesh, V., Pawlowski, P., Dill, D. and Engler, D. EXE: Automatically generating inputs of death. In Proceedings of CCS'06, (Oct--Nov 2006). An extended version appeared in ACM TISSEC 12, 2 (2008).

Digital Library

Google Scholar

[11]

Chipounov, V. and Candea, G. Reverse engineering of binary device drivers with RevNIC. In Proceedings of EuroSys'10, (Apr 2010).

Digital Library

Google Scholar

[12]

Clarke, L.A. A program testing system. In Proceedings of the 1976 Annual Conference, 488--491.

Digital Library

Google Scholar

[13]

Collingbourne, P., Cadar, C. and Kelly, P.H. Symbolic crosschecking of floating-point and SIMD code. In Proceedings of EuroSys'11, (Apr 2011).

Digital Library

Google Scholar

[14]

Cui, H., Wu, J. che Tsai, C. and Yang, J. Stable deterministic multithreading through schedule memoization. In Proceedings of OSDI'10.

Digital Library

Google Scholar

[15]

De Moura, L. and Bjørner, N. Z3: An efficient SMT solver. In Proceedings of TACAS'08, (Mar--Apr 2008).

Digital Library

Google Scholar

[16]

De Moura, L. and Bjørner, N. Satisfiability modulo theories: introduction and applications. Commun. ACM 54, 9 (Sept. 2011), 69--77.

Digital Library

Google Scholar

[17]

Elkarablieh, B., Godefroid, P. and Levin, M.Y. Precise pointer reasoning for dynamic test generation. In Proceedings of ISSTA'09.

Digital Library

Google Scholar

[18]

Ganesh, V. and Dill, D.L. A decision procedure for bit-vectors and arrays. In Proceedings of CAV'07, (July 2007).

Digital Library

Google Scholar

[19]

Godefroid, P., Klarlund, N. and Sen, K. DART: Directed Automated Random Testing. In Proceedings of PLOI'05, (June 2005).

Digital Library

Google Scholar

[20]

Godefroid, P., Levin, M., and Molnar, D. Automated whitebox fuzz testing. In Proceedings of NDSS'08, (Feb. 2008).

Google Scholar

[21]

Hastings, R. and Joyce, B. Purify: Fast detection of memory leaks and access errors. In Proceedings of Winter USENIX Conference, 1992.

Google Scholar

[22]

Kim, Y., Kim, M., and Dang, N. Scalable distributed concolic testing: A case study on a flash storage platform. In Proceedings of ICTAC'10, 199--213.

Digital Library

Google Scholar

[23]

King, J.C. Symbolic execution and program testing. Commun, ACM 19, 7 (July 1976), 385--394.

Digital Library

Google Scholar

[24]

Lattner, C. and Adve, V. LLVM: A compilation framework for lifelong program analysis and transformation. In Proceedings of CGO'04, (Mar 2004).

Digital Library

Google Scholar

[25]

Li, G., Li, P., Sawaga, G, Gopalakrishnan, G., Ghosh, I. and Rajan, S.P. GKLEE: Concolic verification and test generation for GPUs. In Proceedings of PPoPP'12.

Digital Library

Google Scholar

[26]

Majumdar, R. and Sen, K. Hybrid concolic testing. In Proceedings of ICSE'07, (May 2007).

Digital Library

Google Scholar

[27]

Majumdar, R. and Sen, K. Latest: Lazy dynamic test input generation. Technical Report UCB/EECS-2007-36. EECS Department, University of California, Berkeley, Mar. 2007.

Google Scholar

[28]

Nethercote, N. and Seward, J. Valgrind: A program supervision framework. Electronic Notes in Theoretical Computer Science 89, 2 (2003).

Crossref

Google Scholar

[29]

Ruse, M., Sarkar, T. and Basu, S. Analysis & detection of SQL injection vulnerabilities via automatic test case generation of programs. In Proceedings of SAINT'10, (July 2010).

Digital Library

Google Scholar

[30]

Sasnauskas, R., Link, J.A.B., Alizai, M.H., and Wehrle, K. Kleenet: Automatic bug hunting in sensor network applications. In Proceedings of IPSN'10, (Apr 2010).

Google Scholar

[31]

Sen, K. Scalable Automated Methods for Dynamic Program Analysis. Ph.D. thesis. University of Illinois at Urbana-Champaign, June 2006.

Digital Library

Google Scholar

[32]

Sen, K. and Agha, G. Automated systematic testing of open distributed programs. In Proceedings of FASE'06, 2006.

Digital Library

Google Scholar

[33]

Sen, K. and Agha, G. CUTE and jCUTE: Concolic unit testing and explicit path model-checking tools. In Proceedings of CAV'06.

Digital Library

Google Scholar

[34]

Sen, K. and Agha, G. A race-detection and flipping algorithm for automated testing of multi-threaded programs. In Proceedings of HVC, (2006).

Digital Library

Google Scholar

[35]

Sen, K., Marinov, D. and Agha, G. CUTE: A concolic unit testing engine for C. In Proceedings of ESEC/FSE'05, (Sept. 2005).

Digital Library

Google Scholar

[36]

Song, J., Ma, T., Cadar, C. and Pietzuch, P. Rule-based verification of network protocol implementations using symbolic execution. In Proceedings of ICCCN'11, (May 2011).

Crossref

Google Scholar

[37]

Tillmann, N. and de Halleux, J. Pex---White box test generation for .NET. In Proceedings of TAP'08, (Apr. 2008).

Digital Library

Google Scholar

[38]

Xu, Z., Kim, Y., Kim, M., Rothermel, G. and Cohen, M.B. Directed test suite augmentation: Techniques and trade-offs. In Proceedings of FSE'10, (Nov. 2010).

Digital Library

Google Scholar

[39]

Yang, J., Sar, C., Twohey, P., Cadar, C. and Engler, D. Automatically generating malicious disks using symbolic execution. In IEEE Symposium on Security and Privacy, (May 2006).

Digital Library

Google Scholar

[40]

Zamfir, C. and Candea, G. Execution synthesis: A technique for automated software debugging. In Proceedings of EuroSys'10, (Apr 2010).

Digital Library

Google Scholar

Cited By

View all

Wang SHu ALi TLin S(2024)Program Behavior Dynamic Trust Measurement and Evaluation Based on Data AnalysisSymmetry10.3390/sym1602024916:2(249)Online publication date: 17-Feb-2024
https://doi.org/10.3390/sym16020249
Sharma ACadar CMetzman JBöhme MNoller YSzekeres L(2024)Effective Fuzzing within CI/CD Pipelines (Registered Report)Proceedings of the 3rd ACM International Fuzzing Workshop10.1145/3678722.3685534(52-60)Online publication date: 13-Sep-2024
https://dl.acm.org/doi/10.1145/3678722.3685534
Yu JFu MIgnatiev ATantithamthavorn CStuckey P(2024)A Formal Explainer for Just-In-Time Defect PredictionsACM Transactions on Software Engineering and Methodology10.1145/366480933:7(1-31)Online publication date: 26-Aug-2024
https://dl.acm.org/doi/10.1145/3664809
Show More Cited By

Index Terms

Recommendations

Symbolic execution for software testing in practice: preliminary assessment
ICSE '11: Proceedings of the 33rd International Conference on Software Engineering

We present results for the "Impact Project Focus Area" on the topic of symbolic execution as used in software testing. Symbolic execution is a program analysis technique introduced in the 70s that has received renewed interest in recent years, due to ...
Memoized symbolic execution
ISSTA 2012: Proceedings of the 2012 International Symposium on Software Testing and Analysis

This paper introduces memoized symbolic execution (Memoise), a new approach for more efficient application of forward symbolic execution, which is a well-studied technique for systematic exploration of program behaviors based on bounded execution ...
Running symbolic execution forever
ISSTA 2020: Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis

When symbolic execution is used to analyse real-world applications, it often consumes all available memory in a relatively short amount of time, sometimes making it impossible to analyse an application for an extended period. In this paper, we present a ...

Comments

Information & Contributors

Information

Published In

Communications of the ACM Volume 56, Issue 2

February 2013

95 pages

ISSN:0001-0782

EISSN:1557-7317

DOI:10.1145/2408776

Issue’s Table of Contents

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 February 2013

Published in CACM Volume 56, Issue 2

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article
Popular
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

587
Total Citations
View Citations
13,514
Total Downloads

Downloads (Last 12 months)1,058
Downloads (Last 6 weeks)162

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Wang SHu ALi TLin S(2024)Program Behavior Dynamic Trust Measurement and Evaluation Based on Data AnalysisSymmetry10.3390/sym1602024916:2(249)Online publication date: 17-Feb-2024
https://doi.org/10.3390/sym16020249
Sharma ACadar CMetzman JBöhme MNoller YSzekeres L(2024)Effective Fuzzing within CI/CD Pipelines (Registered Report)Proceedings of the 3rd ACM International Fuzzing Workshop10.1145/3678722.3685534(52-60)Online publication date: 13-Sep-2024
https://dl.acm.org/doi/10.1145/3678722.3685534
Yu JFu MIgnatiev ATantithamthavorn CStuckey P(2024)A Formal Explainer for Just-In-Time Defect PredictionsACM Transactions on Software Engineering and Methodology10.1145/366480933:7(1-31)Online publication date: 26-Aug-2024
https://dl.acm.org/doi/10.1145/3664809
Asadian HFiterau-Brostean PJonsson BSagonas K(2024)Monitor-based Testing of Network Protocol Implementations Using Symbolic ExecutionProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3664521(1-12)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3664521
Alshahwan NHarman MMarginean ATal RWang Ed'Amorim M(2024)Observation-Based Unit Test Generation at MetaCompanion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering10.1145/3663529.3663838(173-184)Online publication date: 10-Jul-2024
https://dl.acm.org/doi/10.1145/3663529.3663838
Jain RTihanyi NNdhlovu MFerrag MCordeiro Ld'Amorim M(2024)Rapid Taint Assisted Concolic Execution (TACE)Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering10.1145/3663529.3663812(627-631)Online publication date: 10-Jul-2024
https://dl.acm.org/doi/10.1145/3663529.3663812
Shuai ZChen ZMa KLiu KZhang YSun JWang J(2024)Partial Solution Based Constraint Solving Cache in Symbolic ExecutionProceedings of the ACM on Software Engineering10.1145/36608171:FSE(2493-2514)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3660817
He WDi PMing MZhang CSu TLi SSui Y(2024)Finding and Understanding Defects in Static Analyzers by Constructing Automated OraclesProceedings of the ACM on Software Engineering10.1145/36607811:FSE(1656-1678)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3660781
Fang WYing M(2024)Symbolic Execution for Quantum Error Correction ProgramsProceedings of the ACM on Programming Languages10.1145/36564198:PLDI(1040-1065)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656419
Girol GLacombe GBardin S(2024)Quantitative Robustness for Vulnerability AssessmentProceedings of the ACM on Programming Languages10.1145/36564078:PLDI(741-765)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656407
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Digital Edition

View this article in digital edition.

Digital Edition

Magazine Site

View this article on the magazine site (external)

Magazine Site

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

References

Cited By

Index Terms

Recommendations

Symbolic execution for software testing in practice: preliminary assessment

Memoized symbolic execution

Running symbolic execution forever

Comments

Information

Published In

Publisher

Publication History

Permissions

Check for updates

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

PDF

eReader

Digital Edition

Magazine Site

Get Access

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations