Abstract
Many methods in data structures contain a loop structure on a collection type. These loops result in a large number of test cases and are one of the main obstacles to systematically test these methods. To deal with the loops in methods, in this paper, we propose a novel loop-extended model checking approach, abbreviated as LEMC, to efficiently test whether methods satisfy their own invariant. Our main idea is to combine dynamic symbolic execution with static analysis techniques. Specifically, a concrete execution of the method under test is initially done to collect dynamic execution information, which is used to statically identify the loop-extended similar paths of the concrete execution path. LEMC statically checks and prunes all the states which follow these loop-extended similar paths. The experiments on several case studies show that LEMC can dramatically reduce as many as 90% of the search space and achieve much better performance, compared with the existing approaches such as the Glass Box model checker and Korat.
This research was supported in part by the Key Project of Chinese Academy of Sciences (No.KGCX2-YW-125) and the National Science and Technology Major Project.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Alur, R., Henzinger, T.A. (eds.): CAV 1996. LNCS, vol. 1102. Springer, Heidelberg (1996)
Ball, T., Majumdar, R., Millstein, T.D., Rajamani, S.K.: Automatic predicate abstraction of c programs. In: PLDI, pp. 203–213 (2001)
Bongartz, I., Conn, A.R., Gould, N.I.M., Toint, P.L.: Cute: Constrained and unconstrained testing environment. ACM Trans. Math. Softw. 21(1), 123–160 (1995)
Boyapati, C., Khurshid, S., Marinov, D.: Korat: automated testing based on java predicates. In: ISSTA, pp. 123–133 (2002)
Chaki, S., Clarke, E.M., Groce, A., Jha, S., Veith, H.: Modular verification of software components in c. In: ICSE, pp. 385–395 (2003)
Dutertre, B., Moura, L.D.: The YICES SMT Solver (2006), http://citeseerx.ist.psu.edu/viewdoc/summary? , do:=10.1.1.85.7567
Clarke, E.M., McMillan, K.L., Campos, S.V.A., Hartonas-Garmhausen, V.: Symbolic Model Checking. In: Alur, R., Henzinger, T.A. (eds.) CAV 1996. LNCS, vol. 1102, pp. 419–427. Springer, Heidelberg (1996)
Corbett, J.C., Dwyer, M.B., Hatcliff, J., Robby: Bandera: a source-level interface for model checking java programs. In: ICSE, pp. 762–765 (2000)
Darga, P.T., Boyapati, C.: Efficient software model checking of data structure properties. In: OOPSLA, pp. 363–382 (2006)
Dwyer, M.B., Hatcliff, J., Hoosier, M., Robby: Building Your Own Software Model Checker using the Bogor Extensible Model Checking Framework. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 148–152. Springer, Heidelberg (2005)
Godefroid, P.: Partial-Order Methods for the Verification of Concurrent Systems. LNCS, vol. 1032. Springer, Heidelberg (1996)
Godefroid, P.: Model checking for programming languages using verisoft. In: POPL, pp. 174–186 (1997)
Godefroid, P., Luchaup, D.: Automatic Partial Loop Summarization in Dynamic Test Generation (2011), http://research.microsoft.com/apps/pubs/?id=144788
Graf, S., Saidi, H.: Construction of Abstract State Graphs with PVS. In: Grumberg, O. (ed.) CAV 1997. LNCS, vol. 1254, pp. 72–83. Springer, Heidelberg (1997)
Henzinger, T.A., Jhala, R., Majumdar, R., Sutre, G.: Lazy abstraction. In: POPL, pp. 58–70 (2002)
Holzmann, G.J.: The model checker spin. IEEE Trans. Software Eng. 23(5), 279–295 (1997)
Jackson, D., Damon, C.: Elements of style: Analyzing a software design feature with a counterexample detector. In: ISSTA, pp. 239–249 (1996)
Kuleshov, E.: Using the ASM Toolkit for Bytecode Manipulation (2004), http://asm.ow2.org/doc/tutorial.html
Khurshid, S., Marinov, D.: Testera: Specification-based testing of java programs using sat. Autom. Softw. Eng. 11(4), 403–434 (2004)
King, J.C.: Symbolic execution and program testing. Commun. ACM 19(7), 385–394 (1976)
Ma, Y.-S., Offutt, J., Kwon, Y.R.: Mujava: an automated class mutation system. Softw. Test., Verif. Reliab. 15(2), 97–133 (2005)
Musuvathi, M., Park, D.Y.W., Chou, A., Engler, D.R., Dill, D.L.: Cmc: A pragmatic approach to model checking real code. In OSDI (2002)
Musuvathi, M., Qadeer, S., Ball, T., Basler, G., Nainar, P.A., Neamtiu, I.: Finding and reproducing heisenbugs in concurrent programs. In: OSDI, pp. 267–280 (2008)
Offutt, A.J., Untch, R.H.: Mutation 2000: uniting the orthogonal. In: Wong, W.E. (ed.), pp. 34–44. Kluwer Academic Publishers (2001)
Roberson, M., Boyapati, C.: Efficient modular glass box software model checking. In: OOPSLA, pp. 4–21 (2010)
Saxena, P., Poosankam, P., McCamant, S., Song, D.: Loop-extended symbolic execution on binary programs. In: ISSTA, pp. 225–236 (2009)
Visser, W., Havelund, K., Brat, G.P., Park, S.: Model checking programs. In: ASE, pp. 3–12 (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yi, Q., Liu, J., Shen, W. (2011). Efficient Loop-Extended Model Checking of Data Structure Methods. In: Kim, Th., et al. Software Engineering, Business Continuity, and Education. ASEA 2011. Communications in Computer and Information Science, vol 257. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27207-3_24
Download citation
DOI: https://doi.org/10.1007/978-3-642-27207-3_24
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-27206-6
Online ISBN: 978-3-642-27207-3
eBook Packages: Computer ScienceComputer Science (R0)