Combining Model Checking and Symbolic Execution for Software Testing

  • Corina S. Păsăreanu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7305)


Techniques for checking complex software range from model checking and static analysis to testing. Over the years, we have developed a tool, Symbolic PathFinder (SPF), that aims to leverage the power of systematic analysis techniques, such as model checking and symbolic execution, for thorough testing of complex software. Symbolic PathFinder analyzes Java programs by systematically exploring a symbolic representation of the programs’ behaviors and it generates test cases that are guaranteed to cover the explored paths. The tool also analyzes different thread inter-leavings and it checks properties of the code during test generation. Furthermore, SPF uses off-the-shelf decision procedures to solve mixed integer-real constraints and uses “lazy initialization” to handle complex input data structures. Recently, SPF has been extended with “mixed concrete-symbolic” constraint solving capabilities, to handle external library calls and to address decision procedures’ incompleteness. The tool is part of the Java PathFinder open-source tool-set and has been applied in many projects at NASA, in industry and in academia. We review the tool and its applications and we discuss how it compares with related, “dynamic” symbolic execution approaches.


Mathematical Logic Model Check Software Engineer Decision Procedure Formal Language 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Corina S. Păsăreanu
    • 1
  1. 1.Carnegie Mellon Silicon ValleyNASA AmesMoffett FieldUSA

Personalised recommendations