Article

Generalizing symbolic execution to library classes

Authors:

Sarfraz Khurshid,

Yuk Lai SuenAuthors Info & Claims

PASTE '05: Proceedings of the 6th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering

Pages 103 - 110

https://doi.org/10.1145/1108792.1108817

Published: 05 September 2005 Publication History

Abstract

Forward symbolic execution is a program analysis technique that allows using symbolic inputs to explore program executions. The traditional applications of this technique have focused on programs that manipulate primitive data types, such as integer or boolean. Recent extensions have shown how to handle reference types at their representation level. The extensions have favorably been backed by advances in constraint solving technology, and together they have made symbolic execution applicable, at least in theory, to a large class of programs. In practice, however, the increased potential for applications has created significant issues with scalability of symbolic execution to programs of non-trivial size---the ensuing path conditions rapidly become unfeasibly complex.We present Dianju, a new technique that aims to address the scalability of symbolic execution. The fundamental idea in Dianju is to perform symbolic execution of commonly used library classes (such as strings, sets and maps) at the abstract level rather than the representation level. Dianju defines semantics of operations on symbolic objects of these classes, which allows Dianju to abstract away from the complexity that is normally inherent in library implementations, thus promising scalable analyses based on symbolic execution.

References

[1]

SGLIB---A Simple Generic Library for C. http://xref-tech.com/sglib/main.html.

[2]

T. Andrews, S. Qadeer, S. K. Rajamani, J. Rehof, and Y. Xie. Zing: A model checker for concurrent software. In 16th International Conference on Computer Aided Verification (CAV), Boston, MA, July 2004.

[3]

C. Artho, H. Barringer, A. Goldberg, K. Havelund, S. Khurshid, M. Lowry, C. Pasareanu, G. Rosu, K. Sen, W. Visser, and R. Washington. Combining test case generation and runtime verification. Theoretical Computer Science, 336:209--234, May 2005.

Digital Library

[4]

Clark Barrett and Sergey Berezin. CVC Lite: A new implementation of the cooperating validity checker. In Proceedings of the 16th International Conference On Computer Aided Verification, Boston, MA, July 2004.

[5]

Kent Beck and Erich Gamma. Test infected: Programmers love writing tests. Java Report, 3(7), July 1998.

[6]

Chandrasekhar Boyapati, Sarfraz Khurshid, and Darko Marinov. Korat: Automated testing based on Java predicates. In Proc. International Symposium on Software Testing and Analysis (ISSTA), pages 123--133, July 2002.

Digital Library

[7]

Robert S. Boyer, Bernard Elspas, and Karl N. Levitt. Select---a formal system for testing and debugging programs by symbolic execution. In Proceedings of the International Conference on Reliable Software, pages 234--245, 1975.

Digital Library

[8]

William R. Bush, Jonathan D. Pincus, and David J. Sielaff. A static analyzer for finding dynamic programming errors. Software---Practice and Experience, 30(7):775--802, 2000.

Digital Library

[9]

Cadence. Components of a complete assertion-based verification solution, 2005. http://www.cadence.com/whitepapers/abv_wp.pdf.

[10]

Shigeru Chiba. Javassist---a reflection-based programming wizard for Java. In Proceedings of the ACM OOPSLA '98 Workshop on Reflective Programming in C++ and Java, October 1998.

[11]

Christoph Csallner and Yannis Smaragdakis. Check 'n' crash: Combining static checking and testing. In Proc. 27th International Conference on Software Engineering (ICSE), St. Louis, MO, May 2005.

Digital Library

[12]

Markus Dahm. Byte code engineering library. http://bcel.sourceforge.net/.

[13]

Cormac Flanagan, K. Rustan M. Leino, Mark Lillibridge, Greg Nelson, James B. Saxe, and Raymie Stata. Extended static checking for Java. In Proc. ACM SIGPLAN 2002 Conference on Programming language design and implementation, pages 234--245, 2002.

Digital Library

[14]

Iván García. Enabling symbolic execution of Java programs using bytecode instrumentation. Master's thesis, Department of Electrical and Computer Engineering, The University of Texas at Austin, May 2005.

[15]

Patrice Godefroid. Model checking for programming languages using VeriSoft. In Proc. 24th Annual ACM Symposium on the Principles of Programming Languages (POPL), pages 174--186, Paris, France, January 1997.

Digital Library

[16]

Patrice Godefroid, Nils Klarlund, and Koushik Sen. DART: Directed automated random testing. SIGPLAN Not., 40(6):213--223, 2005.

Digital Library

[17]

Gerald Holzmann. The model checker SPIN. IEEE Transactions on Software Engineering, 23(5), May 1997.

Digital Library

[18]

Daniel Jackson. Micromodels of software: Modelling and analysis with Alloy, 2001.

[19]

Sarfraz Khurshid, Iván García, and Yuk Lai Suen. Repairing structurally complex data. In 12th International SPIN Workshop on Model Checking of Software, San Francisco, CA, August 2005.

Digital Library

[20]

Sarfraz Khurshid, Corina Pasareanu, and Willem Visser. Generalized symbolic execution for model checking and testing. In Proc. 9th International Conference on Tools and Algorithms for Construction and Analysis of Systems (TACAS), Warsaw, Poland, April 2003.

Digital Library

[21]

James C. King. Symbolic execution and program testing. Communications of the ACM, 19(7):385--394, 1976.

Digital Library

[22]

Bogdan Korel. Automated test data generation for programs with procedures. In Proc. International Symposium on Software Testing and Analysis (ISSTA), San Diego, CA, 1996.

Digital Library

[23]

Barbara Liskov and John Guttag. Program Development in Java: Abstraction, Specification, and Object-Oriented Design. Addison-Wesley, 2000.

Digital Library

[24]

Darko Marinov. Automatic Testing of Software with Structurally Complex Inputs. PhD thesis, Massachusetts Institute of Technology, Cambridge, MA, December 2004.

Digital Library

[25]

Darko Marinov, Alexandr Andoni, Dumitru Daniliuc, Sarfraz Khurshid, and Martin Rinard. An evaluation of exhaustive testing for data structures. Technical Report MIT-LCS-TR-921, MIT CSAIL, Cambridge, MA, September 2003.

[26]

Darko Marinov and Sarfraz Khurshid. TestEra: A novel framework for automated testing of Java programs. In Proc. 16th IEEE International Conference on Automated Software Engineering (ASE), San Diego, CA, November 2001.

Digital Library

[27]

Corina S. Pasareanu and Willem Visser. Verification of java programs using symbolic execution and invariant generation. In Proc. 11th International SPIN Workshop on Model Checking of Software, Barcelona, Spain, April 2004.

[28]

William Pugh. The Omega test: A fast and practical integer programming algorithm for dependence analysis. Communications of the ACM, 31(8), August 1992.

Digital Library

[29]

Sanjit Seshia and Randal Bryant. Deciding quantifier-free presburger formulas using parameterized solution bounds. In Nineteenth Annual IEEE Symposium on Logic in Computer Science (LICS), Turku, Finland, July 2004.

Digital Library

[30]

Yuk Lai Suen. Automatically repairing structurally complex data. Master's thesis, Department of Electrical and Computer Engineering, The University of Texas at Austin, May 2005.

[31]

Sun Microsystems. Java 2 Platform, Standard Edition, v1.3.1 API Specification.

[32]

Synopsis. Assertion-based verification, March 2003. http://www.synopsys.com/products/simulation/assertion_based_wp.pdf.

[33]

Margus Veanes, Colin Campbell, Wolfram Schulte, Pushmeet Kohli, N. Tillmann, and W. Grieskamp. On-the-fly testing of reactive systems. (Submitted for publication.).

[34]

Willem Visser, Klaus Havelund, Guillaume Brat, and SeungJoon Park. Model checking programs. In Proc. 15th IEEE International Conference on Automated Software Engineering (ASE), Grenoble, France, 2000.

Digital Library

[35]

Willem Visser, Corina S. Pasareanu, and Sarfraz Khurshid. Test input generation with Java PathFinder. In Proc. 2004 ACM SIGSOFT International Symposium on Software Testing and Analysis, pages 97--107, 2004.

Digital Library

[36]

Srinivas Visvanathan and Neelam Gupta. Generating test data for functions with pointer inputs. Edinburgh, Scotland, September 2002.

[37]

Jesse Whittemore, Joonyoung Kim, and Karem Sakallah. SATIRE: A new incremental satisfiability engine. In Proc. 38th Conference on Design Automation (DAC), Las Vegas, NV, June 2001.

Digital Library

[38]

Tao Xie, Darko Marinov, Wolfram Schulte, and David Notkin. Symstra: A framework for generating object-oriented unit tests using symbolic execution. In Proc. 11th International Conference on Tools and Algorithms for Construction and Analysis of Systems (TACAS), Edinburgh, UK, April 2005.

Digital Library

Cited By

Sun XGupta RZhou HMoreira JMueller FEtsion Y(2021)DSGENProceedings of the 35th ACM International Conference on Supercomputing10.1145/3447818.3460962(75-87)Online publication date: 3-Jun-2021
https://dl.acm.org/doi/10.1145/3447818.3460962
Wang HLiu TGuan XShen CZheng QYang Z(2017)Dependence Guided Symbolic ExecutionIEEE Transactions on Software Engineering10.1109/TSE.2016.258406343:3(252-271)Online publication date: 1-Mar-2017
https://dl.acm.org/doi/10.1109/TSE.2016.2584063
Yang GPerson SRungta NKhurshid S(2014)Directed Incremental Symbolic ExecutionACM Transactions on Software Engineering and Methodology10.1145/262953624:1(1-42)Online publication date: 7-Oct-2014
https://dl.acm.org/doi/10.1145/2629536
Show More Cited By

Index Terms

Generalizing symbolic execution to library classes
1. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Software defect analysis
        Software testing and debugging

Recommendations

Enhancing symbolic execution with veritesting
ICSE 2014: Proceedings of the 36th International Conference on Software Engineering

We present MergePoint, a new binary-only symbolic execution system for large-scale and fully unassisted testing of commodity off-the-shelf (COTS) software. MergePoint introduces veritesting, a new technique that employs static symbolic execution to ...
Generalizing symbolic execution to library classes

Forward symbolic execution is a program analysis technique that allows using symbolic inputs to explore program executions. The traditional applications of this technique have focused on programs that manipulate primitive data types, such as integer or ...
Scaling symbolic execution using staged analysis

Recent advances in constraint solving technology and raw computation power have led to a substantial increase in the effectiveness of techniques based on symbolic execution for systematic bug finding. However, scaling symbolic execution remains a ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

PASTE '05: Proceedings of the 6th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering

September 2005

118 pages

ISBN:1595932399

DOI:10.1145/1108792

Editors:
Michael Ernst
MIT
,
Thomas Jensen
CNRS

ACM SIGSOFT Software Engineering Notes Volume 31, Issue 1
January 2006
203 pages
ISSN:0163-5948
DOI:10.1145/1108768
Issue’s Table of Contents

Copyright © 2005 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 September 2005

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

PASTE05

Sponsor:

PASTE05: PASTE '05 - ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering

September 5 - 6, 2005

Lisbon, Portugal

Acceptance Rates

Overall Acceptance Rate 57 of 159 submissions, 36%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

29
Total Citations
View Citations
452
Total Downloads

Downloads (Last 12 months)13
Downloads (Last 6 weeks)2

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Sun XGupta RZhou HMoreira JMueller FEtsion Y(2021)DSGENProceedings of the 35th ACM International Conference on Supercomputing10.1145/3447818.3460962(75-87)Online publication date: 3-Jun-2021
https://dl.acm.org/doi/10.1145/3447818.3460962
Wang HLiu TGuan XShen CZheng QYang Z(2017)Dependence Guided Symbolic ExecutionIEEE Transactions on Software Engineering10.1109/TSE.2016.258406343:3(252-271)Online publication date: 1-Mar-2017
https://dl.acm.org/doi/10.1109/TSE.2016.2584063
Yang GPerson SRungta NKhurshid S(2014)Directed Incremental Symbolic ExecutionACM Transactions on Software Engineering and Methodology10.1145/262953624:1(1-42)Online publication date: 7-Oct-2014
https://dl.acm.org/doi/10.1145/2629536
Min ZMin F(2014)Automated test generation on path-based symbolic execution2014 IEEE 5th International Conference on Software Engineering and Service Science10.1109/ICSESS.2014.6933698(845-848)Online publication date: Jun-2014
https://doi.org/10.1109/ICSESS.2014.6933698
Parízek PLhoták O(2012)Predicate abstraction of Java programs with collectionsACM SIGPLAN Notices10.1145/2398857.238462347:10(75-94)Online publication date: 19-Oct-2012
https://dl.acm.org/doi/10.1145/2398857.2384623
Anand SNaik MHarrold MYang HTracz WRobillard MBultan T(2012)Automated concolic testing of smartphone appsProceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering10.1145/2393596.2393666(1-11)Online publication date: 11-Nov-2012
https://dl.acm.org/doi/10.1145/2393596.2393666
Parízek PLhoták OLeavens GDwyer M(2012)Predicate abstraction of Java programs with collectionsProceedings of the ACM international conference on Object oriented programming systems languages and applications10.1145/2384616.2384623(75-94)Online publication date: 19-Oct-2012
https://dl.acm.org/doi/10.1145/2384616.2384623
Rupakheti CHou D(2012)Finding errors from reverse-engineered equality models using a constraint solverProceedings of the 2012 IEEE International Conference on Software Maintenance (ICSM)10.1109/ICSM.2012.6405256(77-86)Online publication date: 23-Sep-2012
https://dl.acm.org/doi/10.1109/ICSM.2012.6405256
Person SYang GRungta NKhurshid SHall MPadua D(2011)Directed incremental symbolic executionProceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation10.1145/1993498.1993558(504-515)Online publication date: 4-Jun-2011
https://dl.acm.org/doi/10.1145/1993498.1993558
Person SYang GRungta NKhurshid S(2011)Directed incremental symbolic executionACM SIGPLAN Notices10.1145/1993316.199355846:6(504-515)Online publication date: 4-Jun-2011
https://dl.acm.org/doi/10.1145/1993316.1993558
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents