Benjamin Hillery
Abstract
To explore the state space of programs with complex user-defined data structures, most symbolic execution engines use the lazy initialization algorithm. Symbolic Pathfinder (SPF) is the symbolic execution engine for the Java PathFinder (JPF) model checker; SPF too contains an implementation of the lazy initialization algorithm. A number of extensions to the original lazy initialization algorithm have since been published. One such extension is the lazier# algorithm which demonstrated dramatic performance gains over the other algorithms. There is, however, no open-source implementation of the lazier# algorithm available. This work is an implementation of the the lazier# algorithm within the Symbolic PathFinder framework. In addition, this work describes the implementation of two heap bounding techniques in SPF, namely k-bounding and n-bounding. The purpose of this paper is to discuss the nature of the improvements, implementation details, usage and performance test results.
- C. Cadar and D. R. Engler. Execution generated test cases: How to make systems code crash itself. In SPIN, pages 2--23, 2005. Google Scholar
Digital Library
- L. A. Clarke. A program testing system. In Proceedings of the 1976 annual conference, ACM '76, pages 488--491, 1976. Google ScholarDigital Library
- X. Deng, J. Lee, and Robby. Bogor/Kiasan: A k-bounded symbolic execution for checking strong heap properties of open systems. In ASE '06: Proceedings of the 21st IEEE/ACM International Conference on Automated Software Engineering, pages 157--166, Washington, DC, USA, 2006. IEEE Computer Society. Google ScholarDigital Library
- X. Deng, J. Lee, and Robby. Efficient and formal generalized symbolic execution. Autom. Softw. Eng., 19(3):233--301, 2012. Google ScholarDigital Library
- X. Deng, Robby, and J. Hatcliff. Towards a case-optimal symbolic execution algorithm for analyzing strong properties of object-oriented programs. In SEFM '07: Proceedings of the 5th IEEE International Conference on Software Engineering and Formal Methods, pages 273--282, Washington, DC, USA, 2007. IEEE Computer Society. Google ScholarDigital Library
- J. Geldenhuys, N. Aguirre, M. F. Frias, and W. Visser. Bounded lazy initialization. In NASA Formal Methods, pages 229--243. Springer, 2013.Google Scholar
- P. Godefroid, N. Klarlund, and K. Sen. DART: Directed automated random testing. In PLDI, pages 213--223, 2005. Google ScholarDigital Library
- S. Khurshid, C. S. Păsăreanu, and W. Visser. Generalized symbolic execution for model checking and testing. In TACAS, pages 553--568, 2003. Google ScholarDigital Library
- J. C. King. Symbolic execution and program testing. Communications of the ACM, 19(7):385--394, 1976. Google ScholarDigital Library
- C. S. Păsăreanu and N. Rungta. Symbolic Pathfinder: symbolic execution of Java bytecode. In Proceedings of the IEEE/ACM international conference on Automated software engineering, pages 179--180. ACM, 2010. Google ScholarDigital Library
- C. S. Păsăreanu, P. C. Mehlitz, D. H. Bushnell, K. Gundy-Burlet, M. Lowry, S. Person, and M. Pape. Combining unit-level symbolic execution and system-level concrete execution for testing NASA software. In ISSTA, pages 15--25, 2008. Google ScholarDigital Library
- K. Sen, D. Marinov, and G. Agha. CUTE: a concolic unit testing engine for C. In ESEC/FSE, pages 263--272, 2005. Google ScholarDigital Library
- M. A. Weiss. Data Structures and Algorithm Analysis in Java. Addison-Wesley, 1999. Google ScholarDigital Library
Index Terms
- Towards a lazier symbolic pathfinder
Recommendations
Abstract pathfinder
We present Abstract Pathfinder, an extension to the Java Pathfinder (JPF) verification tool-set that supports data abstraction to reduce the large data domains of a Java program to small, finite abstract domains, making the program more amenable to ...
Symbolic PathFinder: symbolic execution of Java bytecode
ASE '10: Proceedings of the 25th IEEE/ACM International Conference on Automated Software EngineeringSymbolic Pathfinder (SPF) combines symbolic execution with model checking and constraint solving for automated test case generation and error detection in Java programs with unspecified inputs. In this tool, programs are executed on symbolic inputs ...
Symbolic PathFinder v7
We describe Symbolic PathFinder v7 in terms of its updated design addressing the changes of Java PathFinder v7 and of its new optimization when computing path conditions. Furthermore, we describe the Symbolic Execution Tree Extension; a newly added ...
Comments