SMT solvers are at the basis of many applications, such as program verification, program synthesis, and test case generation. For all these applications to provide reliable results, SMT solvers must answer queries correctly. However, since they are complex, highly-optimized software systems, ensuring their correctness is challenging. In particular, state-of-the-art testing techniques do not reliably detect when an SMT solver is unsound.
In this paper, we present an automatic approach for generating test cases that reveal soundness errors in the implementations of string solvers, as well as potential completeness and performance issues. We synthesize input formulas that are satisfiable or unsatisfiable by construction and use this ground truth as test oracle. We automatically apply satisfiability-preserving transformations to generate increasingly-complex formulas, which allows us to detect many errors with simple inputs and, thus, facilitates debugging.
The experimental evaluation shows that our technique effectively reveals bugs in the implementation of widely-used SMT solvers and applies also to other types of solvers, such as automata-based solvers. We focus on strings here, but our approach carries over to other theories and their combinations.
Fri 10 JulDisplayed time zone: (UTC) Coordinated Universal Time change
07:00 - 08:00 | I19-Code Generation and VerificationTechnical Papers / Software Engineering in Practice / New Ideas and Emerging Results at Baekje Chair(s): Raffi Khatchadourian City University of New York (CUNY) Hunter College | ||
07:00 6mTalk | Using Hypersafety Verification for Proving Correctness of Programming AssignmentsNIER New Ideas and Emerging Results Jude Anil TCS Research, Sumanth Prabhu TCS Research, Kumar Madhukar TCS Innovation Labs (TRDDC), R Venkatesh | ||
07:06 12mTalk | Automatically Testing String Solvers Technical Papers Pre-print | ||
07:18 6mTalk | On the Power of Abstraction: a Model-Driven Co-evolution Approach of Software CodeNIER New Ideas and Emerging Results Djamel Eddine Khelladi CNRS, France, Benoit Combemale University of Toulouse and Inria, Mathieu Acher (Univ Rennes, Inria, IRISA), Olivier Barais (Univ Rennes, Inria, IRISA) | ||
07:24 12mTalk | Co-Evolving Code with Evolving MetamodelsTechnical Technical Papers Djamel Eddine Khelladi CNRS, France, Benoit Combemale University of Toulouse and Inria, Mathieu Acher (Univ Rennes, Inria, IRISA), Olivier Barais (Univ Rennes, Inria, IRISA), Jean-Marc Jézéquel Univ Rennes - IRISA | ||
07:36 12mTalk | Rule-based Code Generation in Industrial Automation: Four Large-scale Case Studies applying the CAYENNE MethodSEIP Software Engineering in Practice Heiko Koziolek ABB Corporate Research, Andreas Burger ABB Corporate Research, Marie Platenius-Mohr ABB Corporate Research, Julius Rückert ABB Corporate Research, Hadil Abukwaik ABB Corporate Research, Raoul Jetley ABB, Abdulla PP ABB Corporate Research Pre-print | ||
07:48 12mTalk | Understanding and Handling Alert Storm for Online Service SystemsSEIP Software Engineering in Practice Nengwen Zhao Tsinghua University, Junjie Chen Tianjin University, Xiao Peng China EverBright Bank, Honglin Wang BizSeer, Xinya Wu BizSeer, Yuanzong Zhang BizSeer, Zikai Chen Tsinghua University, Xiangzhong Zheng BizSeer, Xiaohui Nie Tsinghua University, Gang Wang China EverBright Bank, Yong Wu China EverBright Bank, Fang Zhou China EverBright Bank, Wenchi Zhang BizSeer, Kaixin Sui BizSeer, Dan Pei Tsinghua University | ||