Bibliography‎ > ‎

Symbolic Execution

Surveys (Another Bibliography):
Search-based Testing:
  • Slides on Search Based Test Case Generation by Paolo Tonella (slides 96- are on DSE and its integration with search-based testing)
  • CREST Open Workshop Search Based Software Testing (SBST) and Dynamic Symbolic Execution (DSE)
  • Juan Pablo Galeotti, Gordon Fraser, Andrea Arcuri: Improving search-based test suite generation with dynamic symbolic execution. ISSRE 2013. [pdf]
  • Jan Malburg, Gordon Fraser. Combining search‐based and constraint-­based testing. ASE 2011. [pdf]
  • Arthur I. Baars, Mark Harman, Youssef Hassoun, Kiran Lakhotia, Phil McMinn, Paolo Tonella, Tanja E. J. Vos. Symbolic search-­based testing. ASE 2011. [pdf]
  • Tao Xie, Nikolai Tillmann, Jonathan de Halleux, Wolfram Schulte. Fitness-­guided path exploration in dynamic symbolic execution. DSN 2009. [PDF][Slides]
  • Kobi Inkumsah, Tao Xie. Improving Structural Testing of Object-­‐Oriented Programs via Integrating Evolutionary Testing and Symbolic Execution. ASE 2008.  [PDF][Slides]
    Path Explosion:
    Regression Testing
    Privacy Preserving
    Infeasible Code Detection

    Structured Input Generation:

    Web Applications:
    GUI Testing:
    Method Sequence Generation:
    Dependency and Taint Analysis:
      Parallel Correctness Specification:

      Test Input Generation:

       Paper  Approach      Input      Output  Methodology  Notes
      CUTE: a concolic unit testing engine for C. Koushik Sen and Darko Marinov and Gul Agha. FSE 2005.     source code  test inputs 1. execute program concretely
      2. collect constraints and record the concrete states
      3. for some constraints that cannot be solved, replace with concrete values
      DART: directed automated random testing. Patrice Godefroid and Nils Klarlund and Koushik Sen. PLDI 2005.     source code  test inputs  similar as above  
      Test input generation for red-black trees using abstraction. Willem Visser and Corina S. Pasareanu and Radek Pelanek. ASE 2005.           
      Dynamic test input generation for database applications. Michael Emmi andRupak Majumdar andKoushik Sen. ISSTA 2007.           
      Symbolic Execution and Program Testing.  James C. King. Commun. ACM. 1976.         static symbolic execution for test generation classic paper for symbolic execution in testing
      Test Input Generation for Java Containers using State MatchingWillem Visser, Corina S. Pàsàreanu, Radek Pelánek. ISSTA 2005.   
      Type-Dependence Analysis and Program Transformation for Symbolic Execution. Saswat Anand, Alessandro Orso and Mary Jean Harrold. TACAS 2007.     source code    1. statically compute the flow of symbolic values
      2. find out the places where symbolic values flow into external method calls