ABSTRACT
Recent advances in constraint solving technology and raw computation power have led to a substantial increase in the effectiveness of techniques based on symbolic execution for systematic bug finding. However, scaling symbolic execution remains a challenging problem.
We present a novel approach to increase the efficiency of symbolic execution for systematic testing of object-oriented programs. Our insight is that we can apply symbolic execution in stages, rather than the traditional approach of applying it all at once, to compute abstract symbolic inputs that can later be shared across different methods to test them systematically. For example, a class invariant can provide the basis of generating abstract symbolic tests that are then used to symbolically execute several methods that require their inputs to satisfy the invariant. We present an experimental evaluation to compare our approach against KLEE, a state-of-the-art implementation of symbolic execution. Results show that our approach enables significant savings in the cost of systematic testing using symbolic execution.
- V. Adve et al. LLVA: A Low-level Virtual Instruction Set Architecture. In Proc. MICRO-36, 2003. Google ScholarDigital Library
- S. Anand et al. Symbolic Execution with Abstraction. Int. J. Softw. Tools Technol. Transf., 11, 2009. Google ScholarDigital Library
- C. Boyapati et al. Korat: Automated Testing based on Java Predicates. In Proc. ISSTA, 2002. Google ScholarDigital Library
- W. R. Bush et al. A Static Analyzer for Finding Dynamic Programming Errors. Softw. Pract. Exper., 30(7), 2000. Google ScholarDigital Library
- C. Cadar and D. Engler. Execution Generated Test Cases: How to make systems code crash itself. In Proc. SPIN, 2005. Google ScholarDigital Library
- C. Cadar et al. EXE: Automatically Generating Inputs of Death. In Proc. CCS, 2006. Google ScholarDigital Library
- C. Cadar et al. KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs. In Proc. OSDI, 2008. Google ScholarDigital Library
- L. A. Clarke. Test Data Generation and Symbolic Execution of Programs as an aid to Program Validation. PhD thesis, University of Colorado at Boulder, 1976. Google ScholarDigital Library
- B. Daniel et al. Automated Testing of Refactoring Engines. In Proc. ESEC/FSE, 2007. Google ScholarDigital Library
- H. Do and G. Rothermel. On the Use of Mutation Faults in Empirical Assessments of Test Case Prioritization Techniques. IEEE Trans. Softw. Eng., 32, 2006. Google ScholarDigital Library
- J. P. Galeotti et al. Analysis of Invariants for Efficient Bounded Verification. In Proc. ISSTA, 2010. Google ScholarDigital Library
- M. Gligoric et al. Test Generation through Programming in UDITA. In Proc. ICSE, 2010. Google ScholarDigital Library
- P. Godefroid. Compositional Dynamic Test Generation. In Proc. POPL, 2007. Google ScholarDigital Library
- P. Godefroid et al. DART: Directed Automated Random Testing. In Proc. PLDI, 2005. Google ScholarDigital Library
- P. Godefroid et al. Automated Whitebox Fuzz Testing. In Proc. NDSS, 2008.Google Scholar
- D. Jackson. Software Abstractions: Logic, Language, and Analysis. The MIT Press, 2006. Google ScholarDigital Library
- S. Khurshid et al. Generalized Symbolic Execution for Model Checking and Testing. In Proc. TACAS, 2003. Google ScholarDigital Library
- J. C. King. Symbolic Execution and Program Testing. Commun. ACM, 19(7), 1976. Google ScholarDigital Library
- D. Marinov and S. Khurshid. TestEra: A Novel Framework for Automated Testing of Java Programs. In Proc. ASE, 2001. Google ScholarDigital Library
- J. Offutt et al. An Experimental Mutation System for Java. SIGSOFT Softw. Eng. Notes, 29(5), 2004. Google ScholarDigital Library
- K. Sen et al. CUTE: A Concolic Unit Testing Engine for C. In Proc. ESEC/FSE, 2005. Google ScholarDigital Library
- D. Shao et al. Whispec: White-box Testing of Libraries using Declarative Specifications. In Proc. LCSD, 2007. Google ScholarDigital Library
- K. Sullivan et al. Software Assurance by Bounded Exhaustive Testing. In Proc. ISSTA, 2004. Google ScholarDigital Library
- N. Tillmann and J. De Halleux. Pex: White box Test Generation for .NET. In Proc. TAP, 2008. Google ScholarDigital Library
- W. Visser et al. Model Checking Programs. Automated Softw. Eng. J., 10(2), 2003. Google ScholarDigital Library
- Staged symbolic execution
Recommendations
Scaling symbolic execution using staged analysis
Recent advances in constraint solving technology and raw computation power have led to a substantial increase in the effectiveness of techniques based on symbolic execution for systematic bug finding. However, scaling symbolic execution remains a ...
Veritesting Challenges in Symbolic Execution of Java
Scaling symbolic execution to industrial-sized programs is an important open research problem. Veritesting is a promising technique that improves scalability by combining the advantages of static symbolic execution with those of dynamic symbolic ...
Speculative Symbolic Execution
ISSRE '12: Proceedings of the 2012 IEEE 23rd International Symposium on Software Reliability EngineeringSymbolic execution is an effective path oriented and constraint based program analysis technique. Recently, there is a significant development in the research and application of symbolic execution. However, symbolic execution still suffers from the ...
Comments