article

Scaling symbolic execution using staged analysis

Authors:

Junaid Haroon Siddiqui,

Sarfraz KhurshidAuthors Info & Claims

Innovations in Systems and Software Engineering, Volume 9, Issue 2

Pages 119 - 131

https://doi.org/10.1007/s11334-013-0196-9

Published: 01 June 2013 Publication History

Abstract

Recent advances in constraint solving technology and raw computation power have led to a substantial increase in the effectiveness of techniques based on symbolic execution for systematic bug finding. However, scaling symbolic execution remains a challenging problem. We present a novel approach to increase the efficiency of symbolic execution for systematic testing of object-oriented programs. Our insight is that we can apply symbolic execution in stages, rather than the traditional approach of applying it all at once, to compute abstract symbolic inputs that can later be shared across different methods to test them systematically. For example, a class invariant can provide the basis of generating abstract symbolic tests that are then used to symbolically execute several methods that require their inputs to satisfy the invariant. We present an experimental evaluation to compare our approach against KLEE, a state-of-the-art implementation of symbolic execution. Results show that our approach enables significant savings in the cost of systematic testing using symbolic execution.

References

[1]

Adve V et al. (2003) LLVA: a low-level virtual instruction set architecture. In: Proceedings of MICRO-36.

[2]

Anand S, Pasareanu CS, Visser W (2007) JPF-SE: a symbolic execution extension to Java PathFinder. In: Proceedings of 13th International Conference on Tools and Algorithms for the Construction and Analysis of Syst. (TACAS), pp 134-138.

[3]

Anand S et al. (2009) Symbolic execution with abstraction. Int J Softw Tools Technol Transf 11:53-67.

Digital Library

[4]

Boyapati C et al (2002) Korat: automated testing based on Java predicates. In: Proceedings of ISSTA.

[5]

Bush WR et al (2000) A static analyzer for finding dynamic programming errors. Softw Pract Exper 30(7): 775-802.

Digital Library

[6]

Cadar C, Engler D (2005) Execution generated test cases: how to make systems code crash itself. In: Proceedings of SPIN.

[7]

CadarCet al (2006) EXE: automatically generating inputs of death. In: Proceedings of CCS.

[8]

Cadar C et al (2008) KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs. In: Proceedings of OSDI.

[9]

Clarke LA (1976) Test data generation and symbolic execution of programs as an aid to program validation. PhD thesis, University of Colorado at Boulder.

[10]

Daniel B et al (2007) Automated testing of refactoring engines. In: Proceedings of ESEC/FSE.

[11]

Do H, Rothermel G (2006) On the use of mutation faults in empirical assessments of test case prioritization techniques. IEEE Trans Softw Eng 32:733-752.

Digital Library

[12]

Galeotti JP et al (2010) Analysis of invariants for efficient bounded verification. In: Proceedings of ISSTA.

[13]

Gligoric M et al (2010) Test generation through programming in UDITA. In: Proceedings of ICSE.

[14]

Godefroid P (2007) Compositional dynamic test generation. In: Proceedings of POPL.

[15]

Godefroid P et al (2005) DART: directed automated random testing. In: Proceedings of PLDI.

[16]

Godefroid P et al (2008) Automated whitebox fuzz testing. In: Proceedings of NDSS.

[17]

Jackson D (2006) Software abstractions: logic, language, and analysis. The MIT Press, Cambridge.

[18]

Khurshid S et al (2003) Generalized symbolic execution for model checking and testing. In: Proceedings of TACAS.

[19]

King JC (1976) Symbolic execution and program testing. Commun ACM 19(7):385-394.

Digital Library

[20]

Marinov D, Khurshid S (2001) TestEra: a novel framework for automated testing of Java programs. In: Proceedings of ASE.

[21]

Offutt J et al (2004) An experimental mutation system for Java. SIGSOFT Softw Eng Notes 29(5):1-4.

Digital Library

[22]

Sen K et al (2005) CUTE: a concolic unit testing engine for C. In: Proceedings of ESEC/FSE.

[23]

Shao D et al (2007) Whispec: white-box testing of libraries using declarative specifications. In: Proceedings of LCSD.

[24]

Siddiqui JH, Khurshid S (2009) An empirical study of structural constraint solving techniques. In: Proceedings of ICFEM.

[25]

Siddiqui JH, Khurshid S (2012a) Scaling symbolic execution using ranged analysis. In: Proceedings of Annual Conference on Object Oriented Programming Systems, Language and Applications (OOPSLA).

[26]

Siddiqui JH, Khurshid S (2012b) Staged symbolic execution. In: Proceedings of ACM Symposium on Applied Computing-Software Verification and Testing Track (SAC-SVT).

[27]

Sullivan K et al (2004) Software assurance by bounded exhaustive testing. In: Proceedings of ISSTA.

[28]

Tillmann N, De Halleux J (2008) Pex: white box test generation for.NET. In: Proceedings of TAP.

[29]

Visser W et al (2003) Model checking programs. Automated Softw Eng J 10(2):203-232.

Cited By

Milewicz RPoulding S(2018)Scalable Parallel Model Checking via Monte-Carlo Tree SearchACM SIGSOFT Software Engineering Notes10.1145/3149485.314949542:4(1-5)Online publication date: 11-Jan-2018
https://dl.acm.org/doi/10.1145/3149485.3149495
Arts TMousavi MKruchten PDajsuren YAltinger HStaron M(2015)Automatic Consequence Analysis of Automotive Standards (AUTO-CAAS)Proceedings of the First International Workshop on Automotive Software Architecture10.1145/2752489.2752495(35-38)Online publication date: 4-May-2015
https://dl.acm.org/doi/10.1145/2752489.2752495

Index Terms

Scaling symbolic execution using staged analysis
1. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Software defect analysis
        Software testing and debugging

Index terms have been assigned to the content through auto-classification.

Recommendations

Staged symbolic execution
SAC '12: Proceedings of the 27th Annual ACM Symposium on Applied Computing

Recent advances in constraint solving technology and raw computation power have led to a substantial increase in the effectiveness of techniques based on symbolic execution for systematic bug finding. However, scaling symbolic execution remains a ...
Scaling symbolic execution using ranged analysis
OOPSLA '12

This paper introduces a novel approach to scale symbolic execution --- a program analysis technique for systematic exploration of bounded execution paths---for test input generation. While the foundations of symbolic execution were developed over three ...
Handling Memory-Intensive Operations in Symbolic Execution
ISEC '22: Proceedings of the 15th Innovations in Software Engineering Conference

Symbolic execution is a popular software testing technique that can help developers identify complex bugs in real-world applications. Unfortunately, symbolic execution may struggle at analyzing programs containing memory-intensive operations, such as ...

Comments

Information & Contributors

Information

Published In

cover image Innovations in Systems and Software Engineering

Innovations in Systems and Software Engineering Volume 9, Issue 2

June 2013

72 pages

ISSN:1614-5046

Issue’s Table of Contents

Copyright © Copyright © 2013 Springer-Verlag London.

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 01 June 2013

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 11 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Milewicz RPoulding S(2018)Scalable Parallel Model Checking via Monte-Carlo Tree SearchACM SIGSOFT Software Engineering Notes10.1145/3149485.314949542:4(1-5)Online publication date: 11-Jan-2018
https://dl.acm.org/doi/10.1145/3149485.3149495
Arts TMousavi MKruchten PDajsuren YAltinger HStaron M(2015)Automatic Consequence Analysis of Automotive Standards (AUTO-CAAS)Proceedings of the First International Workshop on Automotive Software Architecture10.1145/2752489.2752495(35-38)Online publication date: 4-May-2015
https://dl.acm.org/doi/10.1145/2752489.2752495

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents