Skeletal Approximation Enumeration for SMT Solver Testing

Peisen Yao, Heqing Huang, Wensheng Tang, Qingkai Shi, Rongxin Wu, Charles Zhang
September, 2021
PDF Cite DOI Paper Link

Abstract

Ensuring the equality of SMT solvers is critical due to its broad spectrum of applications in academia and industry, such as symbolic execution and program verification. Existing approaches to testing SMT solvers are either too costly or find difficulties generalizing to different solvers and theories, due to the test oracle problem. To complement existing approaches and overcome their weaknesses, this paper introduces skeletal approximation enumeration (SAE), a novel lightweight and general testing technique for all first-order theories. To demonstrate its practical utility, we have applied the SAE technique to test Z3 and CVC4, two comprehensively tested, state-of-the-art SMT solvers. By the time of writing, our approach had found 71 confirmed bugs in Z3 and CVC4,55 of which had already been fixed.

Type
Conference paper
Publication
In ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering
SMT solver testing Metamorphic testing Mutation-based-testing
Rongxin Wu
Rongxin Wu
Associate Professor

I am currently an associate professor in the department of computer science and technology at Xiamen University. My research interests include software security, program analysis, and software engineering.