- Conference Paper
Rights / licenseIn Copyright - Non-Commercial Use Permitted
SMT solvers are at the basis of many applications, such as program verification, program synthesis, and test case generation. For all these applications to provide reliable results, SMT solvers must answer queries correctly. However, since they are complex, highly-optimized software systems, ensuring their correctness is challenging. In particular, state-of-the-art testing techniques do not reliably detect when an SMT solver is unsound. In this paper, we present an automatic approach for generating test cases that reveal soundness errors in the implementations of string solvers, as well as potential completeness and performance issues. We synthesize input formulas that are satisfiable or unsatisfiable by construction and use this ground truth as test oracle. We automatically apply satisfiability-preserving transformations to generate increasingly-complex formulas, which allows us to detect many errors with simple inputs and, thus, facilitates debugging. The experimental evaluation shows that our technique effectively reveals bugs in the implementation of widely-used SMT solvers and applies also to other types of solvers, such as automata-based solvers. We focus on strings here, but our approach carries over to other theories and their combinations. © 2020 Association for Computing Machinery. Show more
Book titleProceedings of the ACM/IEEE 42nd International Conference on Software Engineering
Pages / Article No.
PublisherAssociation for Computing Machinery
SubjectAutomatic testing; Soundness testing; String solvers; SMT solvers
Organisational unit03653 - Müller, Peter / Müller, Peter
Related publications and datasets
Is new version of: https://doi.org/10.3929/ethz-b-000375243
NotesConference lecture held on July 10, 2020. Due to the Corona virus (COVID-19) the conference will be conducted virtually.
MoreShow all metadata