research-article

Path exploration based on symbolic output

Authors:

Hoang D. T. Nguyen,

Abhik RoychoudhuryAuthors Info & Claims

ACM Transactions on Software Engineering and Methodology (TOSEM), Volume 22, Issue 4

Article No.: 32, Pages 1 - 41

https://doi.org/10.1145/2522920.2522925

Published: 22 October 2013 Publication History

Abstract

Efficient program path exploration is important for many software engineering activities such as testing, debugging, and verification. However, enumerating all paths of a program is prohibitively expensive. In this article, we develop a partitioning of program paths based on the program output. Two program paths are placed in the same partition if they derive the output similarly, that is, the symbolic expression connecting the output with the inputs is the same in both paths. Our grouping of paths is gradually created by a smart path exploration. Our experiments show the benefits of the proposed path exploration in test-suite construction.

Our path partitioning produces a semantic signature of a program—describing all the different symbolic expressions that the output can assume along different program paths. To reason about changes between program versions, we can therefore analyze their semantic signatures. In particular, we demonstrate the applications of our path partitioning in testing and debugging of software regressions.

References

[1]

Agrawal, H., Horgan, J. R., Krauser, E. W., and London, S. 1993. Incremental regression testing. In Proceedings of the Conference on Software Maintenance (ICSM'93). IEEE Computer Society, Washington, DC, 348--357.

Digital Library

[2]

Boonstoppel, P., Cadar, C., and Engler, D. 2008. RWSET: Attacking path explosion in constraint-based test generation. Tools Algorithms Construct. Anal. Syst. 4963, 351--366.

Digital Library

[3]

Csallner, C., Tillmann, N., and Smaragdakis, Y. 2008. DYSY: Dynamic symbolic execution for invariant inference. In Proceedings of the 30th International Conference on Software Engineering (ICSE'08), ACM, New York, NY, USA, 281--290.

Digital Library

[4]

CTAS Weather Control Requirements. http://scesm04.upb.de/case-study-2/requirements.pdf.

[5]

De Moura, L. and Bjørner, N. 2008. Z3: An efficient SMT solver. Tools Algor. Construct. Anal. Syst. 4963, 337--340.

Digital Library

[6]

Do, H., Elbaum, S., and Rothermel, G. 2005. Supporting controlled experimentation with testing techniques: An infrastructure and its potential impact. Empir. Softw. Eng. 10, 4, 405--435.

Digital Library

[7]

Ganesh, V. and Dill, D. L. 2007. A decision procedure for bit-vectors and arrays. In Proceedings of CAV. Springer-Verlag, Berlin.

Digital Library

[8]

Godefroid, P. 2007. Compositional dynamic test generation. In Proceedings of the 34th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL'07), ACM, New York, 47--54.

Digital Library

[9]

Godefroid, P., Kiezun, A., and Levin, M. Y. 2008. Grammar-based whitebox fuzzing. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'08). ACM, New York, 206--215.

Digital Library

[10]

Godefroid, P., Klarlund, N., and Sen, K. 2005. DART: Directed Automated Random Testing. In Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'05). ACM, New York, 213--223.

Digital Library

[11]

Gyimóthy, T., Beszédes, A., and Forgács, I. 1999. An efficient relevant slicing method for debugging. In Proceedings of the 7th European Software Engineering Conference Held Jointly with the 7th ACM SIGSOFT International Symposium on Foundations of Software Engineering (ESEC/FSE-7). Springer-Verlag, Berlin, 303--321.

Digital Library

[12]

Harrold, M. J., Gupta, R., and Soffa, M. L. 1993. A methodology for controlling the size of a test suite. ACM Trans. Softw. Eng. Methodol. 2, 270--285.

Digital Library

[13]

Ma, K., Yit Phang, K., Foster, J., and Hicks, M. 2011. Directed symbolic execution. In Proceedings of the Static Analysis Symposium, 95--111.

Digital Library

[14]

McMillan, K. 2010. Lazy annotation for program testing and verification. In Proceedings of the Computer Aided Verification, T. Touili, B. Cook, and P. Jackson, Eds., Lecture Notes in Computer Science Series, vol. 6174, Springer, Berlin, 104--118.

Digital Library

[15]

Person, S., Dwyer, M. B., Elbaum, S., and Pǎsǎreanu, C. S. 2008. Differential symbolic execution. In Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of Software Engineering (SIGSOFT'08/FSE-16). ACM, New York, 226--237.

Digital Library

[16]

Person, S., Yang, G., Rungta, N., and Khurshid, S. 2011. Directed incremental symbolic execution. In Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'11). ACM, New York, 504--515.

Digital Library

[17]

Qi, D., Nguyen, H. D., and Roychoudhury, A. 2011a. Path exploration based on symbolic output. In Proceedings of the 19th ACM SIGSOFT Symposium and the 13th European Conference on Foundations of Software Engineering (ESEC/FSE'11). ACM, New York, 278--288.

Digital Library

[18]

Qi, D., Nguyen, H. D. T., and Roychoudhury, A. 2011b. Path exploration based on soymbolic output. Tech. rep., National University of Singapore, http://dl.comp.nus.edu.sg/dspace/handle/1900.100/3347. March.

[19]

Qi, D., Roychoudhury, A., and Liang, Z. 2010. Test generation to expose changes in evolving programs. In Proceedings of the IEEE/ACM International Conference on Automated Software Engineering (ASE'10). ACM, New York, 397--406.

Digital Library

[20]

Qi, D., Roychoudhury, A., Liang, Z., and Vaswani, K. 2009. DARWIN: An approach for debugging evolving programs. In Proceedings of the 7th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE'09). ACM, New York, 33--42.

Digital Library

[21]

Santelices, R., Chittimalli, P. K., Apiwattanapong, T., Orso, A., and Harrold, M. J. 2008. Test-suite augmentation for evolving software. In Proceedings of the 23rd IEEE/ACM International Conference on Automated Software Engineering (ASE'08). IEEE Computer Society, Los Alamitos, CA, 218--227.

Digital Library

[22]

Santelices, R. and Harrold, M. J. 2010. Exploiting program dependencies for scalable multiple-path symbolic execution. In Proceedings of the 19th International Symposium on Software Testing and Analysis (ISSTA'10). ACM, New York, 195--206.

Digital Library

[23]

Sen, K., Marinov, D., and Agha, G. 2005. CUTE: A concolic unit testing engine for c. In Proceedings of the 10th European Software Engineering Conference held Jointly with 13th ACM SIGSOFT International Symposium on Foundations of Software Engineering (ESEC/FSE-13). ACM, New York, 263--272.

Digital Library

[24]

SQL Power Software. 2012. SQL Power Architect. http://code.google.com/p/power-architect/.

[25]

Song, D., Brumley, D., Yin, H., Caballero, J., Jager, I., Kang, M. G., Liang, Z., Newsome, J., Poosankam, P., and Saxena, P. 2008. BitBlaze: A new approach to computer security via binary analysis. In Proceedings of the 4th International Conference on Information Systems Security. Keynote invited paper.

Digital Library

[26]

Wang, T. and Roychoudhury, A. 2008. Dynamic slicing on Java bytecode traces. ACM Trans. Program. Lang. Syst. 30, 10:1--10:49.

Digital Library

[27]

Wong, W. E., Horgan, J. R., London, S., and Mathur, A. P. 1995. Effect of test set minimization on fault detection effectiveness. In Proceedings of the 17th International Conference on Software Engineering (ICSE'95). ACM, New York, 41--50.

Digital Library

[28]

Xie, Y., Chou, A., and Engler, D. 2003. Archer: using symbolic, path-sensitive analysis to detect memory access errors. In Proceedings of the 9th European Software Engineering Conference held jointly with 11th ACM SIGSOFT International Symposium on Foundations of Software Engineering (ESEC/FSE-11). ACM, New York, 327--336.

Digital Library

[29]

Xin, B., Sumner, W. N., and Zhang, X. 2008. Efficient program execution indexing. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'08). ACM, New York, 238--248.

Digital Library

[30]

Xu, Z., Kim, Y., Kim, M., Rothermel, G., and Cohen, M. B. 2010. Directed test suite augmentation: techniques and tradeoffs. In Proceedings of the 18th ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE'10). ACM, New York, 257--266.

Digital Library

Cited By

Yi QYu YYang G(2024)Compatible Branch Coverage Driven Symbolic Execution for Efficient Bug FindingProceedings of the ACM on Programming Languages10.1145/36564438:PLDI(1633-1655)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656443
Cai HZhang ZJian YLi DHuang Z(2023)BDGSE: A Symbolic Execution Technique for High MC/DC2023 IEEE 23rd International Conference on Software Quality, Reliability, and Security (QRS)10.1109/QRS60937.2023.00039(313-324)Online publication date: 22-Oct-2023
https://doi.org/10.1109/QRS60937.2023.00039
Shi YZhang YLuo TMao XYang M(2022)Precise (Un)Affected Version Analysis for Web VulnerabilitiesProceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering10.1145/3551349.3556933(1-13)Online publication date: 10-Oct-2022
https://dl.acm.org/doi/10.1145/3551349.3556933
Show More Cited By

Index Terms

Path exploration based on symbolic output

Recommendations

Path exploration based on symbolic output
ESEC/FSE '11: Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering

Efficient program path exploration is important for many software engineering activities such as testing, debugging and verification. However, enumerating all paths of a program is prohibitively expensive. In this paper, we develop a partitioning of ...
Tackling the Path Explosion Problem in Symbolic Execution-Driven Test Generation for Programs
ATS '10: Proceedings of the 2010 19th IEEE Asian Test Symposium

Symbolic techniques have been shown to be very effective in path-based test generation, however, they fail to scale to large programs due to the exponential number of paths to be explored. In this paper, we focus on tackling this path explosion problem ...
Test Case Selection Based on Path Condtions of Symbolic Execution
APSEC '12: Proceedings of the 2012 19th Asia-Pacific Software Engineering Conference - Volume 01

Symbolic execution as a test case generation technique has recently become an active research area. However, since symbolic execution generates a large number of test cases, it is impractical to run all the generated test cases in practice. In this ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Software Engineering and Methodology

ACM Transactions on Software Engineering and Methodology Volume 22, Issue 4

Testing, debugging, and error handling, formal methods, lifecycle concerns, evolution and maintenance

October 2013

387 pages

ISSN:1049-331X

EISSN:1557-7392

DOI:10.1145/2522920

Issue’s Table of Contents

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 October 2013

Accepted: 01 December 2012

Revised: 01 July 2012

Received: 01 January 2012

Published in TOSEM Volume 22, Issue 4

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

Ministry of Education - Singapore

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

15
Total Citations
View Citations
486
Total Downloads

Downloads (Last 12 months)9
Downloads (Last 6 weeks)0

Reflects downloads up to 11 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Yi QYu YYang G(2024)Compatible Branch Coverage Driven Symbolic Execution for Efficient Bug FindingProceedings of the ACM on Programming Languages10.1145/36564438:PLDI(1633-1655)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656443
Cai HZhang ZJian YLi DHuang Z(2023)BDGSE: A Symbolic Execution Technique for High MC/DC2023 IEEE 23rd International Conference on Software Quality, Reliability, and Security (QRS)10.1109/QRS60937.2023.00039(313-324)Online publication date: 22-Oct-2023
https://doi.org/10.1109/QRS60937.2023.00039
Shi YZhang YLuo TMao XYang M(2022)Precise (Un)Affected Version Analysis for Web VulnerabilitiesProceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering10.1145/3551349.3556933(1-13)Online publication date: 10-Oct-2022
https://dl.acm.org/doi/10.1145/3551349.3556933
Chen LCai QMa ZWang YHu HShen MLiu YGuo SDuan HJiang KXue ZYin HStavrou ACremers CShi E(2022)SFuzzProceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security10.1145/3548606.3559367(485-498)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3548606.3559367
Soremekun EKirschner LBöhme MZeller A(2021)Locating faults with program slicing: an empirical analysisEmpirical Software Engineering10.1007/s10664-020-09931-726:3Online publication date: 1-Apr-2021
https://dl.acm.org/doi/10.1007/s10664-020-09931-7
Thome JShar LBianculli DBriand L(2020)An Integrated Approach for Effective Injection Vulnerability Analysis of Web Applications Through Security Slicing and Hybrid Constraint SolvingIEEE Transactions on Software Engineering10.1109/TSE.2018.284434346:2(163-195)Online publication date: 1-Feb-2020
https://doi.org/10.1109/TSE.2018.2844343
Sabbaghi AKeyvanpour M(2020)A Systematic Review of Search Strategies in Dynamic Symbolic ExecutionComputer Standards & Interfaces10.1016/j.csi.2020.103444(103444)Online publication date: May-2020
https://doi.org/10.1016/j.csi.2020.103444
Fowze FTian DHernandez GButler KYavuz T(2019)ProXray: Protocol Model Learning and Guided Firmware AnalysisIEEE Transactions on Software Engineering10.1109/TSE.2019.2939526(1-1)Online publication date: 2019
https://doi.org/10.1109/TSE.2019.2939526
Ma XYan JYan JZhang J(2019)Reorganizing and Optimizing Post-Inspection on Suspicious Bug Reports in Path-Sensitive Analysis2019 IEEE 19th International Conference on Software Quality, Reliability and Security (QRS)10.1109/QRS.2019.00042(260-271)Online publication date: Jul-2019
https://doi.org/10.1109/QRS.2019.00042
Sabbaghi ARashidy Kanan HKeyvanpour M(2019)FSCT: A new fuzzy search strategy in concolic testingInformation and Software Technology10.1016/j.infsof.2018.11.006107(137-158)Online publication date: Mar-2019
https://doi.org/10.1016/j.infsof.2018.11.006
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents