Geodesic
Using a bounded model checker for test generation: how to kill two birds with one SMT-solver
Modelirovanie i analiz informacionnyh sistem, Tome 21 (2014) no. 6, pp. 83-93.

Voir la notice de l'article provenant de la source Math-Net.Ru

The automated test generation has received a lot of attention in the last decades as it is one of possible solutions to software testing inherent problems: the need to write tests and providing test coverage in presence of human factor. The most promising technique of generating a test automatically is the dynamic symbolic execution assisted by an automated constraint solver, e. g., an SMT-solver. This process is very similar to the bounded model checking, which also has to deal with generating models from a source code, asserting logic properties in it and process the returned model. This paper describes a prototype unit test generator for C based on a working bounded model checker called Borealis and shows that these two techniques are very similar and can be easily implemented by using the same basic components. The prototype test generator was sampled on a number of examples and showed good results in terms of test coverage and test excessiveness.
Keywords: automated test generation, dynamic symbolic execution, bounded model checking, satisfiability modulo theories, function contracts. 
@article{MAIS_2014_21_6_a7,
     author = {Maxim Petrov and Kirill Gagarski and Mikhail Belyaev and Vladimir Itsykson},
     title = {Using a bounded model checker for test generation: how to kill two birds with one {SMT-solver}},
     journal = {Modelirovanie i analiz informacionnyh sistem},
     pages = {83--93},
     publisher = {mathdoc},
     volume = {21},
     number = {6},
     year = {2014},
     language = {ru},
     url = {http://geodesic.mathdoc.fr/item/MAIS_2014_21_6_a7/}
}
TY  - JOUR
AU  - Maxim Petrov
AU  - Kirill Gagarski
AU  - Mikhail Belyaev
AU  - Vladimir Itsykson
TI  - Using a bounded model checker for test generation: how to kill two birds with one SMT-solver
JO  - Modelirovanie i analiz informacionnyh sistem
PY  - 2014
SP  - 83
EP  - 93
VL  - 21
IS  - 6
PB  - mathdoc
UR  - http://geodesic.mathdoc.fr/item/MAIS_2014_21_6_a7/
LA  - ru
ID  - MAIS_2014_21_6_a7
ER  - 
%0 Journal Article
%A Maxim Petrov
%A Kirill Gagarski
%A Mikhail Belyaev
%A Vladimir Itsykson
%T Using a bounded model checker for test generation: how to kill two birds with one SMT-solver
%J Modelirovanie i analiz informacionnyh sistem
%D 2014
%P 83-93
%V 21
%N 6
%I mathdoc
%U http://geodesic.mathdoc.fr/item/MAIS_2014_21_6_a7/
%G ru
%F MAIS_2014_21_6_a7
Maxim Petrov; Kirill Gagarski; Mikhail Belyaev; Vladimir Itsykson. Using a bounded model checker for test generation: how to kill two birds with one SMT-solver. Modelirovanie i analiz informacionnyh sistem, Tome 21 (2014) no. 6, pp. 83-93. http://geodesic.mathdoc.fr/item/MAIS_2014_21_6_a7/

[1] M. Akhin, M. Belyaev, V. Itsykson, “Yet another defect detection: Combining bounded model checking and code contracts”, PSSV'13 (2013), 1–11

[2] A. Armando, J. Mantovani, L. Platania, “Bounded model checking of software using SMT solvers instead of SAT solvers”, Int. J. Softw. Tools Technol. Transf., 11:1 (2009), 69–83 | DOI | MR

[3] P. Baudin, J. C. Filliâtre, T. Hubert, C. Marché, B. Monate, Y. Moy, V. Prevosto, ACSL: ANSI/ISO C Specification Language. Preliminary Design, version 1.4, preliminary edition, 2008

[4] K. Beck, Test-driven development: by example, Addison-Wesley Professional, 2003

[5] B. Beizer, Software testing techniques, Dreamtech Press, 2003

[6] D. Beyer, “Competition on software verification”, TACAS'12, Springer, 2012, 504–524 | Zbl

[7] A. Biere, A. Cimatti, E. M. Clarke, Y. Zhu, “Symbolic model checking without BDDs”, TACAS'9 (1999), 193–207

[8] E. Clarke, D. Kroening, F. Lerda, “A tool for checking {ANSI-C} programs”, TACAS'04 (2004), 168–176 | Zbl

[9] D. M. Cohen, S. R. Dalal, J. Parelius, G. C. Patton, “The combinatorial design approach to automatic test generation”, IEEE software, 13:5 (1996), 83–88 | DOI

[10] L. Cordeiro, B. Fischer, J. Marques-Silva, “SMT-based bounded model checking for embedded ANSI-C software”, ASE'09 (2009), 137–148

[11] L. De Moura, N. Bjørner, “Z3: An efficient SMT solver”, Tools and Algorithms for the Construction and Analysis of Systems, Lecture Notes in Computer Science, 4963, 2008, 337–340 | DOI

[12] R. A. DeMilli, A. J. Offutt, “Constraint-based automatic test data generation”, IEEE Transactions on Software Engineering, 17:9 (1991), 900–910 | DOI

[13] P. Godefroid, N. Klarlund, K. Sen, “DART: directed automated random testing”, ACM Sigplan Notices, 40 (2005), 213–223 | DOI

[14] R. Hamlet, “Random testing”, Encyclopedia of software Engineering, 1994

[15] F. Ivančić, S. Sankaranarayanan, NECLA static analysis benchmarks

[16] A. Kumar, J. St. Clair, Cunit-a unit testing framework for C, 2005 http://cunit.sourceforge.net/doc/index.html

[17] C. Lattner, “LLVM and Clang: Next generation compiler technology”, The BSD Conference (2008)

[18] C. Lattner, V. Adve, “LLVM: A compilation framework for lifelong program analysis transformation”, CGO'04 (2004), 75–86

[19] F. Merz, S. Falke, C. Sinz, “LLBMC: Bounded model checking of C and C++ programs using a compiler IR”, VSTTE'12 (2012), 146–161

[20] B. Meyer, “Applying ‘design by contract’”, Computer, 25:10 (1992), 40–51 | DOI

[21] G. J. Myers, C. Sandler, T. Badgett, The art of software testing, John Wiley Sons, 2011

[22] C. Nebut, F. Fleurey, Y. L. Traon, J.-M. Jezequel, “Automatic test generation: A use case driven approach”, IEEE Transactions on Software Engineering, 32:3 (2006), 140–155 | DOI

[23] C. Pacheco, Sh. K. Lahiri, M. D. Ernst, Th. Ball, “Feedback-directed random test generation”, 29th International Conference on Software Engineering (ICSE 2007), IEEE, 2007, 75–84

[24] K. Sen, D. Marinov, G. Agha, “CUTE: a concolic unit testing engine for C”, ACM SIGSOFT Software Engineering Notes, 30:5 (2005), 263–272 | DOI

[25] N. Tillmann, J. De Halleux, “Pex—white box test generation for .Net”, Tests and Proofs, Lecture Notes in Computer Science, 4966, Springer, 2008, 134–153 | DOI

[26] T. Xie, N. Tillmann, J. de Halleux, W. Schulte, “Fitness-guided path exploration in dynamic symbolic execution”, Proceedings of DSN (Estoril, Lisbon, Portugal, 2009), IEEE, 2009, 359–368