skip to main content
10.1145/2950290.2983940acmconferencesArticle/Chapter ViewAbstractPublication PagesfseConference Proceedingsconference-collections
research-article

JBSE: a symbolic executor for Java programs with complex heap inputs

Published: 01 November 2016 Publication History

Abstract

We present the Java Bytecode Symbolic Executor (JBSE), a symbolic executor for Java programs that operates on complex heap inputs. JBSE implements both the novel Heap EXploration Logic (HEX), a symbolic execution approach to deal with heap inputs, and the main state-of-the-art approaches that handle data structure constraints expressed as either executable programs (repOk methods) or declarative specifications. JBSE is the first symbolic executor specifically designed to deal with programs that operate on complex heap inputs, to experiment with the main state-of-the-art approaches, and to combine different decision procedures to explore possible synergies among approaches for handling symbolic data structures.

References

[1]
S. Anand, C. S. Păsăreanu, and W. Visser. JPF-SE: A symbolic execution extension to Java PathFinder. In Proceedings of the International Conference on Tools and Algorithms for Construction and Analysis of Systems, TACAS ’07, pages 134–138. Springer, 2007.
[2]
S. Artzi, A. Kiezun, J. Dolby, F. Tip, D. Dig, A. Paradkar, and M. D. Ernst. Finding bugs in dynamic web applications. In Proceedings of the International Symposium on Software Testing and Analysis, ISSTA ’08, pages 261–272. ACM, 2008.
[3]
A. Baars, M. Harman, Y. Hassoun, K. Lakhotia, P. McMinn, P. Tonella, and T. Vos. Symbolic search-based testing. In Proceedings of the International Conference on Automated Software Engineering, ASE ’11, pages 53–62. IEEE Computer Society, 2011.
[4]
P. Braione, G. Denaro, and M. Pezzè. Enhancing symbolic execution with built-in term rewriting and constrained lazy initialization. In Proceedings of the 9th Joint Meeting on Foundations of Software Engineering, ESEC/FSE 2013, pages 411–421. ACM, 2013.
[5]
P. Braione, G. Denaro, and M. Pezzè. Symbolic execution of programs with heap inputs. In Proceedings of the European Software Engineering Conference held jointly with the ACM SIGSOFT International Symposium on Foundations of Software Engineering, ESEC/FSE ’15, pages 602–613, 2015.
[6]
C. Cadar, D. Dunbar, and D. Engler. Klee: Unassisted and automatic generation of high-coverage tests for complex systems programs. In Proceedings of the Symposium on Operating Systems Design and Implementation, OSDI ’08, pages 209–224. USENIX Association, 2008.
[7]
L. A. Clarke. A program testing system. In Proceedings of the 1976 Annual Conference, ACM ’76, pages 488–491. ACM, 1976.
[8]
L. De Moura and N. Bjørner. Z3: An efficient SMT solver. In Proceedings of the International Conference on Tools and Algorithms for Construction and Analysis of Systems, TACAS/ETAPS ’08, pages 337–340. Springer, 2008.
[9]
X. Deng, J. Lee, and Robby. Bogor/Kiasan: A k-bounded symbolic execution for checking strong heap properties of open systems. In Proceedings of the International Conference on Automated Software Engineering, ASE ’06, pages 157–166. ACM, 2006.
[10]
G. D. Dennis. TSAFE: Building a trusted computing base for air traffic control software. Master’s thesis, Massachusetts Institute of Technology, 2003.
[11]
H. Do, S. Elbaum, and G. Rothermel. Supporting controlled experimentation with testing techniques: An infrastructure and its potential impact. Empirical Software Engineering, 10(4):405–435, 2005.
[12]
C. Enea, V. Saveluc, and M. Sighireanu. Compositional invariant checking for overlaid and nested linked lists. In Proceedings of the European Conference on Programming Languages and Systems, ESOP’13, pages 129–148. Springer-Verlag, 2013.
[13]
J. P. Galeotti, N. Rosner, C. G. López Pombo, and M. F. Frias. Analysis of invariants for efficient bounded verification. In Proceedings of the International Symposium on Software Testing and Analysis, ISSTA ’10, pages 25–36. ACM, 2010.
[14]
P. Godefroid. Compositional dynamic test generation. In Proceedings of the Symposium on Principles of Programming Languages, POPL ’07, pages 256–267. ACM, 2007.
[15]
P. Godefroid, M. Y. Levin, and D. Molnar. Sage: Whitebox fuzzing for security testing. ACM Queue, 10(1):20–27, 2012.
[16]
I. G. Guodong Li and S. Rajan. Klover: a symbolic execution and automatic test generation tool for C++ programs. In Proceedings of the International Conference on Computer Aided Verification, CAV ’11, pages 53–68. Springer, 2011.
[17]
D. Jackson. Software Abstractions: Logic, Language, and Analysis. The MIT Press, 2006.
[18]
R. Just, D. Jalali, and M. D. Ernst. Defects4J: A database of existing faults to enable controlled testing studies for Java programs. In Proceedings of the International Symposium on Software Testing and Analysis, ISSTA ’14, pages 437–440. ACM, 2014.
[19]
S. Khurshid, C. S. Pˇ asˇ areanu, and W. Visser. Generalized symbolic execution for model checking and testing. In Tools and Algorithms for Construction and Analysis of Systems, LNCS 2619. Springer, 2003.
[20]
J. C. King. Symbolic execution and program testing. Communications of the ACM, 19(7):385–394, 1976.
[21]
B. Liskov and J. Guttag. Program Development in Java: Abstraction, Specification, and Object-Oriented Design. Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA, 1st edition, 2000.
[22]
R. Majumdar and K. Sen. Hybrid concolic testing. In Proceedings of the International Conference on Software Engineering, ICSE ’07, pages 416–426. IEEE Computer Society, 2007.
[23]
S. McPeak and G. C. Necula. Data structure specifications via local equality axioms. In Proceedings of the 17th International Conference on Computer Aided Verification, CAV’05. Springer-Verlag, 2005.
[24]
A. Møller and M. I. Schwartzbach. The Pointer Assertion Logic Engine. In Proceedings of the ACM Conference on Programming Language Design and Implementation, PLDI ’01, pages 221–231, 2001.
[25]
Z. Rakamari´ c, R. Bruttomesso, A. J. Hu, and A. Cimatti. Verifying heap-manipulating programs in an SMT framework. In Proceedings of the 5th International Conference on Automated Technology for Verification and Analysis, ATVA’07, pages 237–252. Springer-Verlag, 2007.
[26]
N. Rosner, J. Geldenhuys, N. Aguirre, W. Visser, and M. F. Frias. BLISS: improved symbolic execution by bounded lazy initialization with SAT support. IEEE Transactions on Software Engineering, 41(7):639–660, 2015.
[27]
K. Sen and G. Agha. CUTE and jCUTE: Concolic unit testing and explicit path model-checking tools. In Proceedings of the International Conference on Computer Aided Verification, CAV ’06, pages 419–423. Springer, 2006.
[28]
N. Tillmann and J. de Halleux. Pex: White box test generation for .NET. In Proceedings of the International Conference on Tests and Proofs, TAP ’08, pages 134–153. Springer, 2008.
[29]
W. Visser, C. S. Pˇ asˇ areanu, and S. Khurshid. Test input generation with java pathfinder. In Proceedings of the International Symposium on Software Testing and Analysis, ISSTA ’04, pages 97–107. ACM, 2004.

Cited By

View all
  • (2024)An Empirical Study on Focal Methods in Deep-Learning-Based Approaches for Assertion GenerationProceedings of the ACM on Software Engineering10.1145/36607851:FSE(1750-1771)Online publication date: 12-Jul-2024
  • (2024)An Empirical Study on Automated Test Generation Tools for Java: Effectiveness and ChallengesJournal of Computer Science and Technology10.1007/s11390-023-1935-539:3(715-736)Online publication date: 1-May-2024
  • (2023)Automated Unit Test Generation For Java Programs Using Fuzzing2023 Ivannikov Ispras Open Conference (ISPRAS)10.1109/ISPRAS60948.2023.10508168(157-162)Online publication date: 4-Dec-2023
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
FSE 2016: Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering
November 2016
1156 pages
ISBN:9781450342186
DOI:10.1145/2950290
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 November 2016

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Alloy
  2. Heap Exploration Logic
  3. Heap data structures
  4. Pointer Assertion Logic
  5. RepOk
  6. Symbolic Execution

Qualifiers

  • Research-article

Conference

FSE'16
Sponsor:

Acceptance Rates

Overall Acceptance Rate 17 of 128 submissions, 13%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)15
  • Downloads (Last 6 weeks)0
Reflects downloads up to 17 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)An Empirical Study on Focal Methods in Deep-Learning-Based Approaches for Assertion GenerationProceedings of the ACM on Software Engineering10.1145/36607851:FSE(1750-1771)Online publication date: 12-Jul-2024
  • (2024)An Empirical Study on Automated Test Generation Tools for Java: Effectiveness and ChallengesJournal of Computer Science and Technology10.1007/s11390-023-1935-539:3(715-736)Online publication date: 1-May-2024
  • (2023)Automated Unit Test Generation For Java Programs Using Fuzzing2023 Ivannikov Ispras Open Conference (ISPRAS)10.1109/ISPRAS60948.2023.10508168(157-162)Online publication date: 4-Dec-2023
  • (2023)Automated Test Case Generation for Safety-Critical Software in Scade2023 IEEE/ACM 45th International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP)10.1109/ICSE-SEIP58684.2023.00049(483-494)Online publication date: May-2023
  • (2023)What makes test programs similar in microservices applications?Journal of Systems and Software10.1016/j.jss.2023.111674201:COnline publication date: 1-Jul-2023
  • (2023)Automatically generating test cases for safety-critical software via symbolic executionJournal of Systems and Software10.1016/j.jss.2023.111629199:COnline publication date: 1-May-2023
  • (2022)LISSA: Lazy Initialization with Specialized Solver AidProceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering10.1145/3551349.3556965(1-12)Online publication date: 10-Oct-2022
  • (2022)Automated assertion generation via information retrieval and its integration with deep learningProceedings of the 44th International Conference on Software Engineering10.1145/3510003.3510149(163-174)Online publication date: 21-May-2022
  • (2022)Constraint-logic object-oriented programming for test case generationProceedings of the 37th ACM/SIGAPP Symposium on Applied Computing10.1145/3477314.3507015(1499-1508)Online publication date: 25-Apr-2022
  • (2022)Learning to Prune Infeasible Paths in Generalized Symbolic Execution2022 IEEE 33rd International Symposium on Software Reliability Engineering (ISSRE)10.1109/ISSRE55969.2022.00054(494-504)Online publication date: Oct-2022
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media