Symbolic Execution Rules

Symbolic execution is the most advanced generation technique when it comes to automated software testing.

features/symbolicExecution/symbolicExecution.svg

Targeted Values

Symbolic execution computes the necessary inputs for a function to execute all its relevant paths. The test candidates are computed rather than randomly chosen resulting in the highest test coverage possible.

features/symbolicExecution/eachTestCaseAddsValue.svg

Slim Test Suites

Symflower does not report redundant test cases. This means every generated test case adds value, because it executes some new behavior of a function.

Complex Data Types

Symbolic execution is not restricted to primitive data types and simple source code. Also concepts such as complex data types, interfaces and object orientation can be analysed using symbolic execution.

features/symbolicExecution/complexTypes.svg

The Superior Discipline for Test Case Generation

Symbolic Execution equips your production code with test cases that are computed rather than randomly chosen. Requiring no manual effort to reach a high test coverage.

Manual Testing

Writing unit tests manually requires 30% to 50% of your development time, while still facing the risk of missing essential test cases.

Boundary Values

Boundary value analysis does not take the actual code coverage into account, resulting in very low test coverages.

Fuzzing

Fuzzing throws random values at your code, which means you rely on pure luck to find bugs in your software.

Safe Operator Usage

Symflower analyses for each operation, whether there is an input that leads to erroneous behavior. For instance every access to an array is checked for a possible buffer overflow.

Symflower Coverage

The Symflower coverage guiding our symbolic execution targets not only all relevant execution paths, but takes also each problematic operation into account.