Type-dependence analysis and program transformation for symbolic execution
Saswat Anand,Alessandro Orso,Mary Jean Harrold +2 more
- pp 117-133
Reads0
Chats0
TLDR
Type-dependence analysis is presented, which performs a context- and field-sensitive interprocedural static analysis to identify program entities that may store symbolic values at run-time and a technique to transform real applications for efficient symbolic execution.Abstract:
Symbolic execution can be problematic when applied to real applications. This paper addresses two of these problems: (1) the constraints generated during symbolic execution may be of a type not handled by the underlying decision procedure, and (2) some parts of the application may be unsuitable for symbolic execution (e.g., third-party libraries). The paper presents type-dependence analysis, which performs a context- and field-sensitive interprocedural static analysis to identify program entities that may store symbolic values at run-time. This information is used to identify the above two problematic cases and assist the user in addressing them. The paper also presents a technique to transform real applications for efficient symbolic execution. Instead of transforming the entire application, which can be inefficient and infeasible (mostly for pragmatic reasons), our technique leverages the results of type-dependence analysis to transform only parts of the program that may interact with symbolic values. Finally, the paper discusses the implementation of our analysis and transformation technique in a tool, stinger, and an empirical evaluation performed on two real applications. The results of the evaluation show the effectiveness of our approach.read more
Citations
More filters
Journal ArticleDOI
An orchestrated survey of methodologies for automated software test case generation
Saswat Anand,Edmund K. Burke,Tsong Yueh Chen,John A. Clark,Myra B. Cohen,Wolfgang Grieskamp,Mark Harman,Mary Jean Harrold,Phil McMinn +8 more
TL;DR: An orchestrated survey of the most prominent techniques for automatic generation of software test cases, reviewed in self-standing sections, aimed at giving an introductory, up-to-date and (relatively) short overview of research in automatic test case generation.
Proceedings ArticleDOI
Combining unit-level symbolic execution and system-level concrete execution for testing nasa software
Corina S. Pǎsǎreanu,Peter Mehlitz,David Bushnell,Karen Gundy-Burlet,Michael Lowry,Suzette Person,Mark Pape +6 more
TL;DR: Symbolic Java PathFinder is developed, a symbolic execution framework that implements a non-standard bytecode interpreter on top of the Java Pathfinder model checking tool that combines unit-level symbolic execution and system-level concrete execution for generating test cases that satisfy user-specified testing criteria.
Journal ArticleDOI
A Survey of Symbolic Execution Techniques
TL;DR: A survey of the main challenges, challenges, and solutions for symbolic execution can be found in this paper, where the authors provide an overview of main ideas, challenges and solutions developed in the area.
Journal ArticleDOI
A survey of new trends in symbolic execution for software testing and analysis
TL;DR: A survey of some of the new research trends in symbolic execution, with particular emphasis on applications to test generation and program analysis, and an approach that handles complex programming constructs such as input recursive data structures, arrays, as well as multithreading.
Proceedings ArticleDOI
Test generation through programming in UDITA
TL;DR: The approach is implemented and incorporated into the official, publicly available repository of Java PathFinder (JPF), a popular tool for verifying Java programs, and shows that test generation using UDITA is faster and leads to test descriptions that are easier to write than in previous frameworks.
References
More filters
Book ChapterDOI
A Temporal Logic of Nested Calls and Returns
TL;DR: This work introduces a temporal logic of calls and returns (CaRet) for specification and algorithmic verification of correctness requirements of structured programs and presents a tableau construction that reduces the model checking problem to the emptiness problem for a Buchi pushdown system.
Journal ArticleDOI
Symbolic execution and program testing
TL;DR: A particular system called EFFIGY which provides symbolic execution for program testing and debugging is described, which interpretively executes programs written in a simple PL/I style programming language.
Journal ArticleDOI
DART: directed automated random testing
TL;DR: DART is a new tool for automatically testing software that combines three main techniques, automated extraction of the interface of a program with its external environment using static source-code parsing, and dynamic analysis of how the program behaves under random testing and automatic generation of new test inputs to direct systematically the execution along alternative program paths.
Proceedings ArticleDOI
CUTE: a concolic unit testing engine for C
TL;DR: In this paper, the authors address the problem of automating unit testing with memory graphs as inputs, and develop a method to represent and track constraints that capture the behavior of a symbolic execution of a unit with memory graph as inputs.
Proceedings ArticleDOI
Extended static checking for Java
TL;DR: The Extended Static Checker for Java (ESC/Java) is introduced, an experimental compile-time program checker that finds common programming errors and provides programmers with a simple annotation language with which programmer design decisions can be expressed formally.