Abstract
The last few years have seen a resurgence of interest in the use of symbolic execution -- a program analysis technique developed more than three decades ago to analyze program execution paths. Scaling symbolic execution and other path-sensitive analysis techniques to large systems remains challenging despite recent algorithmic and technological advances. An alternative to solving the problem of scalability is to reduce the scope of the analysis. One approach that is widely studied in the context of regression analysis is to analyze the differences between two related program versions. While such an approach is intuitive in theory, finding efficient and precise ways to identify program differences, and characterize their effects on how the program executes has proved challenging in practice.
In this paper, we present Directed Incremental Symbolic Execution (DiSE), a novel technique for detecting and characterizing the effects of program changes. The novelty of DiSE is to combine the efficiencies of static analysis techniques to compute program difference information with the precision of symbolic execution to explore program execution paths and generate path conditions affected by the differences. DiSE is a complementary technique to other reduction or bounding techniques developed to improve symbolic execution. Furthermore, DiSE does not require analysis results to be carried forward as the software evolves -- only the source code for two related program versions is required. A case-study of our implementation of DiSE illustrates its effectiveness at detecting and characterizing the effects of program changes.
- S. Anand, C. S. Păsăreanu, and W. Visser. Symbolic execution with abstraction. International Journal on Software Tools for Technology Transfer (STTT), 11:53--67, January 2009. Google Scholar
Digital Library
- T. Apiwattanapong, A. Orso, and M. J. Harrold. Jdiff: A differencing technique and tool for object-oriented programs. Automated Software Engineering, 14(1):3--36, 2007. Google Scholar
Digital Library
- W. R. Bush, J. D. Pincus, and D. J. Sielaff. A static analyzer for finding dynamic programming errors. Software: Practice and Experience, 30(7):775--802, 2000. Google Scholar
Digital Library
- C. Cadar and D. R. Engler. Execution generated test cases: How to make systems code crash itself. In SPIN, pages 2--23, 2005. Google Scholar
Digital Library
- W. C. Chang. Improving Dynamic Analysis with Data Flow Analysis. PhD thesis, University of Texas at Austin, 2010.Google Scholar
- Choco. Main-page Choco. http://www.emn.fr/z-info/choco-solver/, 2010.Google Scholar
- L. A. Clarke. A program testing system. In Proceedings of the 1976 annual conference, ACM '76, pages 488--491, 1976. Google Scholar
Digital Library
- C. Csallner, N. Tillmann, and Y. Smaragdakis. Dysy: Dynamic symbolic execution for invariant inference. In ICSE, pages 281--290, 2008. Google Scholar
Digital Library
- L. de Moura and N. Bjørner. Z3: An efficient SMT solver. In TACAS, pages 337--340, 2008. Google Scholar
Digital Library
- X. Deng, Robby, and J. Hatcliff. Kiasan/KUnit: Automatic test case generation and analysis feedback for open object-oriented systems. In TAICPART-MUTATION, pages 3--12, 2007. Google Scholar
Digital Library
- P. Godefroid. Compositional dynamic test generation. In POPL, pages 47--54, 2007. Google Scholar
Digital Library
- P. Godefroid, N. Klarlund, and K. Sen. DART: Directed automated random testing. In PLDI, pages 213--223, 2005. Google Scholar
Digital Library
- P. Godefroid, S. K. Lahiri, and C. Rubio-Gonzalez. Incremental compositional dynamic test generation. Technical Report MSR-TR-2010-11, Microsoft Research, 2010.Google Scholar
- T. L. Graves, M. J. Harrold, J.-M. Kim, A. Porter, and G. Rothermel. An empirical study of regression test selection techniques. ACM Transactions Software Engineering and Methodology, 10(2):184--208, 2001. Google Scholar
Digital Library
- M. J. Harrold, J. A. Jones, T. Li, D. Liang, A. Orso, M. Pennings, S. Sinha, S. A. Spoon, and A. Gujarathi. Regression test selection for java software. In OOPSLA, pages 312--326, 2001. Google Scholar
Digital Library
- D. Jackson. Software Abstractions: Logic, Language, and Analysis. The MIT Press, Cambridge, MA, 2006. Google Scholar
Digital Library
- A. Joshi and M. Heimdahl. Model-Based Safety Analysis of Simulink Models Using SCADE Design Verifier. In SAFECOMP, volume 3688 of LNCS, pages 122--135, September 2005. Google Scholar
- S. Khurshid, I. García, and Y. L. Suen. Repairing structurally complex data. In SPIN, pages 123--138, 2005. Google Scholar
Digital Library
- S. Khurshid, C. S. Păsăreanu, and W. Visser. Generalized symbolic execution for model checking and testing. In TACAS, pages 553--568, 2003. Google Scholar
Digital Library
- S. Khurshid and Y. L. Suen. Generalizing symbolic execution to library classes. In PASTE, pages 103--110, 2005. Google Scholar
Digital Library
- M. Kim, D. Notkin, and D. Grossman. Automatic inference of structural changes for matching across program versions. In ICSE, pages 333--343, 2007. Google Scholar
Digital Library
- J. C. King. Symbolic execution and program testing. Communications of the ACM, 19(7):385--394, 1976. Google Scholar
Digital Library
- S. K. Lahiri, K. Vaswani, and T. Hoare. Differential static analysis: Opportunities, applications, and challenges. In FoSER, pages 201--204, 2010. Google Scholar
Digital Library
- S. Lauterburg, A. Sobeih, D. Marinov, and M. Viswanathan. Incremental state-space exploration for programs with dynamically allocated data. In ICSE, pages 291--300, 2008. Google Scholar
Digital Library
- H. Leung and L. White. Insights into regression testing. In ICSM, pages 60--69, 1989.Google Scholar
- C. Păsăreanu and N. Rungta. Symbolic PathFinder: symbolic execution of Java bytecode. In ASE, pages 179--180, 2010. Google Scholar
Digital Library
- S. Person, M. B. Dwyer, S. Elbaum, and C. S. Păsăreanu. Differential symbolic execution. In FSE, pages 226--237, 2008. Google Scholar
Digital Library
- C. S. Păsăreanu, P. C. Mehlitz, D. H. Bushnell, K. Gundy-Burlet, M. Lowry, S. Person, and M. Pape. Combining unit-level symbolic execution and system-level concrete execution for testing NASA software. In ISSTA, pages 15--25, 2008. Google Scholar
Digital Library
- D. Qi, A. Roychoudhury, and Z. Liang. Test generation to expose changes in evolving programs. In ASE, pages 397--406, 2010. Google Scholar
Digital Library
- SAE-ARP4761. Guidelines and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment. SAE International, December 1996.Google Scholar
- R. Santelices and M. J. Harrold. Exploiting program dependencies for scalable multiple-path symbolic execution. In ISSTA, pages 195--206, 2010. Google Scholar
Digital Library
- K. Sen, D. Marinov, and G. Agha. CUTE: a concolic unit testing engine for c. In ESEC/FSE, pages 263--272, 2005. Google Scholar
Digital Library
- C. Seo, S. Malek, and N. Medvidovic. An energy consumption framework for distributed Java-based software systems. Technical Report USC-CSE-2006-604, University of Southern California, 2006.Google Scholar
- J. Sztipanovits and G. Karsai. Generative programming for embedded systems. In GPCE, pages 32--49, 2002. Google Scholar
Digital Library
- K. Taneja, T. Xie, N. Tillmann, J. de Halleux, and W. Schulte. Guided path exploration for regression test generation. In ICSE, New Ideas and Emerging Results, pages 311--314, 2009.Google Scholar
- W. Visser, K. Havelund, G. P. Brat, S. Park, and F. Lerda. Model checking programs. Automated Software Engineering, 10(2):203--232, 2003. Google Scholar
Digital Library
- Z. Xu, M. B. Cohen, and G. Rothermel. Factors affecting the use of genetic algorithms in test suite augmentation. In GECCO, pages 1365--1372, 2010. Google Scholar
Digital Library
- Z. Xu and G. Rothermel. Directed test suite augmentation. In APSEC, pages 406--413, 2009. Google Scholar
Digital Library
- G. Yang, M. B. Dwyer, and G. Rothermel. Regression model checking. In ICSM, pages 115--124, 2009.Google Scholar
Index Terms
Directed incremental symbolic execution
Recommendations
Directed Incremental Symbolic Execution
The last few years have seen a resurgence of interest in the use of symbolic execution—a program analysis technique developed more than three decades ago to analyze program execution paths. Scaling symbolic execution to real systems remains challenging ...
Differential symbolic execution
SIGSOFT '08/FSE-16: Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineeringDetecting and characterizing the effects of software changes is a fundamental component of software maintenance. Version differencing information can be used to perform version merging, infer change characteristics, produce program documentation, and ...
Directed incremental symbolic execution
PLDI '11: Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and ImplementationThe last few years have seen a resurgence of interest in the use of symbolic execution -- a program analysis technique developed more than three decades ago to analyze program execution paths. Scaling symbolic execution and other path-sensitive analysis ...







Comments