• Documents
  • Authors
  • Tables
  • Other Seers ▼
    RefSeer AckSeer CollabSeer SeerSeer
  • Log in
  • Sign up
  • MetaCart

CiteSeerX logo

Advanced Search Include Citations
Advanced Search Include Citations | Disambiguate

KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs

Cached

  • Download as a PDF

Download Links

  • [www.stanford.edu]
  • [www.stanford.edu]
  • [pdos.csail.mit.edu]
  • [www.doc.ic.ac.uk]
  • [www.cs.ucla.edu]
  • [www.stanford.edu]
  • [www.stanford.edu]
  • [www.usenix.org]
  • [minormatter.com]
  • [hci.stanford.edu]

  • Save to List
  • Add to Collection
  • Correct Errors
  • Monitor Changes
by Cristian Cadar , Daniel Dunbar , Dawson Engler
Citations:103 - 4 self
  • Summary
  • Active Bibliography
  • Co-citation
  • Clustered Documents
  • Version History

BibTeX

@MISC{Cadar_klee:unassisted,
    author = {Cristian Cadar and Daniel Dunbar and Dawson Engler},
    title = {KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs},
    year = {}
}

Bookmark

citeulike Connotea Bibsonomy Del.icio.us Digg Reddit

OpenURL

 

Abstract

We present a new symbolic execution tool, KLEE, capable of automatically generating tests that achieve high coverage on a diverse set of complex and environmentally-intensive programs. We used KLEE to thoroughly check all 89 stand-alone programs in the GNU COREUTILS utility suite, which form the core user-level environment installed on millions of Unix systems, and arguably are the single most heavily tested set of open-source programs in existence. KLEE-generated tests achieve high line coverage — on average over 90% per tool (median: over 94%) — and significantly beat the coverage of the developers ’ own hand-written test suite. When we did the same for 75 equivalent tools in the BUSYBOX embedded system suite, results were even better, including 100 % coverage on 31 of them. We also used KLEE as a bug finding tool, applying it to 452 applications (over 430K total lines of code), where it found 56 serious bugs, including three in COREUTILS that had been missed for over 15 years. Finally, we used KLEE to crosscheck purportedly identical BUSYBOX and COREUTILS utilities, finding functional correctness errors and a myriad of inconsistencies. 1

Citations

1130 The model checker SPIN - Holzmann - 1997
514 Bandera: Extracting finite-state models from Java source code - Corbett, Dwyer, et al. - 2000
355 DART: directed automated random testing - GODEFROID, KLARLUND, et al. - 2005
348 Automatically validating temporal safety properties of interfaces - Ball, Rajamani - 2001
324 Model Checking for Programming Languages using VeriSoft - Godefroid - 1997
229 LLVM: A compilation framework for lifelong program analysis & transformation - Lattner, Adve
212 Cute: a concolic unit testing engine for c - Sen, Marinov, et al. - 2005
206 Vigilante: end-to-end containment of internet worms - Costa, Crowcroft, et al. - 2005
154 EXE: Automatically Generating Inputs of Death - Cadar, Ganesh, et al. - 2006
146 W.: Generalized symbolic execution for model checking and testing - Khurshid, Pasareanu, et al. - 2003
139 A tool for checking ANSI-C programs - Clarke, Kroening, et al. - 2004
111 Test input generation with java pathfinder - Visser, Pǎsǎreanu, et al. - 2004
102 Towards automatic generation of vulnerability-based signatures. InIEEESymposium onSecurity andPrivacy - Brumley, Song, et al. - 2006
102 Automated Whitebox Fuzz Testing - Godefroid, Levin, et al. - 2008
102 Making information flow explicit in histar - Zeldovich, Boyd-Wickizer, et al. - 2006
83 Compositional dynamic test generation - GODEFROID
78 Fuzz revisited: A re-examination of the reliability of unix utilities and services - Miller, Koski, et al. - 1995
75 A decision procedure for bit-vectors and arrays - GANESH, DILL - 2007
70 Execution generated test cases: How to make systems code crash itself - Cadar, Engler - 2005
56 Hybrid concolic testing - Majumdar, Sen - 2007
47 Behavior consistency of C and Verilog programs using bounded model checking - Clarke, Kroening - 2003
44 Bouncer: securing software by blocking bad input - COSTA, CASTRO, et al. - 2007
43 Model checking programs - Brat, Havelund, et al.
35 EXPLODE: A Lightweight, General System for Finding Serious Storage System Errors - Yang, Sar, et al.
34 Dynamic test input generation for database applications - Emmi, Majumdar, et al. - 2007
31 Towards automatic discovery of deviations in binary implementations with applications to error detection and fingerprint generation - Brumley, Caballero, et al. - 2007
27 Demand-driven compositional symbolic execution - Anand, Godefroid, et al. - 2008
24 Finding bugs in dynamic web applications - Artzi, Kiezun, et al. - 2008
23 Hardware verification using ANSI-C programs as a reference - Clarke, Kroening - 2003
23 From code to models - HOLZMANN
21 Rwset: Attacking path explosion in constraint-based test generation. Tools and Algorithms for the Construction and Analysis of Systems 4963 - BOONSTOPPEL, CADAR, et al. - 2008
15 A Tool for Checking ANSI-C Programs”. In: Tools and Algorithms for the Construction and Analysis of Systems. Volume 2988 - Clarke, Kroening, et al.
8 A new method to index and query sets - Hoffmann, Koehler
3 Demand-driven compositional symbolic execution - Anand, Godefroid, et al. - 2008
1 2008. 15 United States National Vulnerability Database, nvd.nist. gov - org
The National Science Foundation
  • About CiteSeerX
  • Submit Documents
  • Privacy Policy
  • Help
  • Data
  • Source
  • Contact Us

Developed at and hosted by The College of Information Sciences and Technology

© 2007-2010 The Pennsylvania State University