research-article

Directed incremental symbolic execution

Authors:

Suzette Person,

Sarfraz KhurshidAuthors Info & Claims

PLDI '11: Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation

Pages 504 - 515

https://doi.org/10.1145/1993498.1993558

Published: 04 June 2011 Publication History

Abstract

The last few years have seen a resurgence of interest in the use of symbolic execution -- a program analysis technique developed more than three decades ago to analyze program execution paths. Scaling symbolic execution and other path-sensitive analysis techniques to large systems remains challenging despite recent algorithmic and technological advances. An alternative to solving the problem of scalability is to reduce the scope of the analysis. One approach that is widely studied in the context of regression analysis is to analyze the differences between two related program versions. While such an approach is intuitive in theory, finding efficient and precise ways to identify program differences, and characterize their effects on how the program executes has proved challenging in practice.

In this paper, we present Directed Incremental Symbolic Execution (DiSE), a novel technique for detecting and characterizing the effects of program changes. The novelty of DiSE is to combine the efficiencies of static analysis techniques to compute program difference information with the precision of symbolic execution to explore program execution paths and generate path conditions affected by the differences. DiSE is a complementary technique to other reduction or bounding techniques developed to improve symbolic execution. Furthermore, DiSE does not require analysis results to be carried forward as the software evolves -- only the source code for two related program versions is required. A case-study of our implementation of DiSE illustrates its effectiveness at detecting and characterizing the effects of program changes.

References

[1]

S. Anand, C. S. Păsăreanu, and W. Visser. Symbolic execution with abstraction. International Journal on Software Tools for Technology Transfer (STTT), 11:53--67, January 2009.

Digital Library

[2]

T. Apiwattanapong, A. Orso, and M. J. Harrold. Jdiff: A differencing technique and tool for object-oriented programs. Automated Software Engineering, 14(1):3--36, 2007.

Digital Library

[3]

W. R. Bush, J. D. Pincus, and D. J. Sielaff. A static analyzer for finding dynamic programming errors. Software: Practice and Experience, 30(7):775--802, 2000.

Digital Library

[4]

C. Cadar and D. R. Engler. Execution generated test cases: How to make systems code crash itself. In SPIN, pages 2--23, 2005.

Digital Library

[5]

W. C. Chang. Improving Dynamic Analysis with Data Flow Analysis. PhD thesis, University of Texas at Austin, 2010.

[6]

Choco. Main-page Choco. http://www.emn.fr/z-info/choco-solver/, 2010.

[7]

L. A. Clarke. A program testing system. In Proceedings of the 1976 annual conference, ACM '76, pages 488--491, 1976.

Digital Library

[8]

C. Csallner, N. Tillmann, and Y. Smaragdakis. Dysy: Dynamic symbolic execution for invariant inference. In ICSE, pages 281--290, 2008.

Digital Library

[9]

L. de Moura and N. Bjørner. Z3: An efficient SMT solver. In TACAS, pages 337--340, 2008.

Digital Library

[10]

X. Deng, Robby, and J. Hatcliff. Kiasan/KUnit: Automatic test case generation and analysis feedback for open object-oriented systems. In TAICPART-MUTATION, pages 3--12, 2007.

Digital Library

[11]

P. Godefroid. Compositional dynamic test generation. In POPL, pages 47--54, 2007.

Digital Library

[12]

P. Godefroid, N. Klarlund, and K. Sen. DART: Directed automated random testing. In PLDI, pages 213--223, 2005.

Digital Library

[13]

P. Godefroid, S. K. Lahiri, and C. Rubio-Gonzalez. Incremental compositional dynamic test generation. Technical Report MSR-TR-2010-11, Microsoft Research, 2010.

[14]

T. L. Graves, M. J. Harrold, J.-M. Kim, A. Porter, and G. Rothermel. An empirical study of regression test selection techniques. ACM Transactions Software Engineering and Methodology, 10(2):184--208, 2001.

Digital Library

[15]

M. J. Harrold, J. A. Jones, T. Li, D. Liang, A. Orso, M. Pennings, S. Sinha, S. A. Spoon, and A. Gujarathi. Regression test selection for java software. In OOPSLA, pages 312--326, 2001.

Digital Library

[16]

D. Jackson. Software Abstractions: Logic, Language, and Analysis. The MIT Press, Cambridge, MA, 2006.

Digital Library

[17]

A. Joshi and M. Heimdahl. Model-Based Safety Analysis of Simulink Models Using SCADE Design Verifier. In SAFECOMP, volume 3688 of LNCS, pages 122--135, September 2005.

Digital Library

[18]

S. Khurshid, I. García, and Y. L. Suen. Repairing structurally complex data. In SPIN, pages 123--138, 2005.

Digital Library

[19]

S. Khurshid, C. S. Păsăreanu, and W. Visser. Generalized symbolic execution for model checking and testing. In TACAS, pages 553--568, 2003.

Digital Library

[20]

S. Khurshid and Y. L. Suen. Generalizing symbolic execution to library classes. In PASTE, pages 103--110, 2005.

Digital Library

[21]

M. Kim, D. Notkin, and D. Grossman. Automatic inference of structural changes for matching across program versions. In ICSE, pages 333--343, 2007.

Digital Library

[22]

J. C. King. Symbolic execution and program testing. Communications of the ACM, 19(7):385--394, 1976.

Digital Library

[23]

S. K. Lahiri, K. Vaswani, and T. Hoare. Differential static analysis: Opportunities, applications, and challenges. In FoSER, pages 201--204, 2010.

Digital Library

[24]

S. Lauterburg, A. Sobeih, D. Marinov, and M. Viswanathan. Incremental state-space exploration for programs with dynamically allocated data. In ICSE, pages 291--300, 2008.

Digital Library

[25]

H. Leung and L. White. Insights into regression testing. In ICSM, pages 60--69, 1989.

[26]

C. Păsăreanu and N. Rungta. Symbolic PathFinder: symbolic execution of Java bytecode. In ASE, pages 179--180, 2010.

Digital Library

[27]

S. Person, M. B. Dwyer, S. Elbaum, and C. S. Păsăreanu. Differential symbolic execution. In FSE, pages 226--237, 2008.

Digital Library

[28]

C. S. Păsăreanu, P. C. Mehlitz, D. H. Bushnell, K. Gundy-Burlet, M. Lowry, S. Person, and M. Pape. Combining unit-level symbolic execution and system-level concrete execution for testing NASA software. In ISSTA, pages 15--25, 2008.

Digital Library

[29]

D. Qi, A. Roychoudhury, and Z. Liang. Test generation to expose changes in evolving programs. In ASE, pages 397--406, 2010.

Digital Library

[30]

SAE-ARP4761. Guidelines and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment. SAE International, December 1996.

[31]

R. Santelices and M. J. Harrold. Exploiting program dependencies for scalable multiple-path symbolic execution. In ISSTA, pages 195--206, 2010.

Digital Library

[32]

K. Sen, D. Marinov, and G. Agha. CUTE: a concolic unit testing engine for c. In ESEC/FSE, pages 263--272, 2005.

Digital Library

[33]

C. Seo, S. Malek, and N. Medvidovic. An energy consumption framework for distributed Java-based software systems. Technical Report USC-CSE-2006-604, University of Southern California, 2006.

[34]

J. Sztipanovits and G. Karsai. Generative programming for embedded systems. In GPCE, pages 32--49, 2002.

Digital Library

[35]

K. Taneja, T. Xie, N. Tillmann, J. de Halleux, and W. Schulte. Guided path exploration for regression test generation. In ICSE, New Ideas and Emerging Results, pages 311--314, 2009.

[36]

W. Visser, K. Havelund, G. P. Brat, S. Park, and F. Lerda. Model checking programs. Automated Software Engineering, 10(2):203--232, 2003.

Digital Library

[37]

Z. Xu, M. B. Cohen, and G. Rothermel. Factors affecting the use of genetic algorithms in test suite augmentation. In GECCO, pages 1365--1372, 2010.

Digital Library

[38]

Z. Xu and G. Rothermel. Directed test suite augmentation. In APSEC, pages 406--413, 2009.

Digital Library

[39]

G. Yang, M. B. Dwyer, and G. Rothermel. Regression model checking. In ICSM, pages 115--124, 2009.

Cited By

Zheng MShi QLiu XXu XYu LLiu CWei GZhang X(2024)ParDiff: Practical Static Differential Analysis of Network Protocol ParsersProceedings of the ACM on Programming Languages10.1145/36498548:OOPSLA1(1208-1234)Online publication date: 29-Apr-2024
https://dl.acm.org/doi/10.1145/3649854
Nougrahiya ANandivada V(2024)Homeostasis: Design and Implementation of a Self-Stabilizing CompilerACM Transactions on Programming Languages and Systems10.1145/364930846:2(1-58)Online publication date: 1-May-2024
https://dl.acm.org/doi/10.1145/3649308
Sun YYang GLv SLi ZSun LRoychoudhury APaiva AAbreu RStorey M(2024)Concrete Constraint Guided Symbolic ExecutionProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3639078(1-12)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3639078
Show More Cited By

Index Terms

Directed incremental symbolic execution

Recommendations

Directed Incremental Symbolic Execution

The last few years have seen a resurgence of interest in the use of symbolic execution—a program analysis technique developed more than three decades ago to analyze program execution paths. Scaling symbolic execution to real systems remains challenging ...
Differential symbolic execution
SIGSOFT '08/FSE-16: Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering

Detecting and characterizing the effects of software changes is a fundamental component of software maintenance. Version differencing information can be used to perform version merging, infer change characteristics, produce program documentation, and ...
Directed incremental symbolic execution
PLDI '11

The last few years have seen a resurgence of interest in the use of symbolic execution -- a program analysis technique developed more than three decades ago to analyze program execution paths. Scaling symbolic execution and other path-sensitive analysis ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

PLDI '11: Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation

June 2011

668 pages

ISBN:9781450306638

DOI:10.1145/1993498

General Chair:
Mary Hall
University of Utah
,
Program Chair:
David Padua
University of Illinois at Urbana-Champaign

ACM SIGPLAN Notices Volume 46, Issue 6
PLDI '11
June 2011
652 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/1993316
Issue’s Table of Contents

Copyright © 2011 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGPLAN: ACM Special Interest Group on Programming Languages

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 June 2011

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

PLDI '11

Sponsor:

SIGPLAN

PLDI '11: ACM SIGPLAN Conference on Programming Language Design and Implementation

June 4 - 8, 2011

California, San Jose, USA

Acceptance Rates

Overall Acceptance Rate 406 of 2,067 submissions, 20%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

193
Total Citations
View Citations
1,624
Total Downloads

Downloads (Last 12 months)69
Downloads (Last 6 weeks)10

Reflects downloads up to 01 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Zheng MShi QLiu XXu XYu LLiu CWei GZhang X(2024)ParDiff: Practical Static Differential Analysis of Network Protocol ParsersProceedings of the ACM on Programming Languages10.1145/36498548:OOPSLA1(1208-1234)Online publication date: 29-Apr-2024
https://dl.acm.org/doi/10.1145/3649854
Nougrahiya ANandivada V(2024)Homeostasis: Design and Implementation of a Self-Stabilizing CompilerACM Transactions on Programming Languages and Systems10.1145/364930846:2(1-58)Online publication date: 1-May-2024
https://dl.acm.org/doi/10.1145/3649308
Sun YYang GLv SLi ZSun LRoychoudhury APaiva AAbreu RStorey M(2024)Concrete Constraint Guided Symbolic ExecutionProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3639078(1-12)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3639078
Kim TChoi JHeo KCha SCalandrino JTroncoso C(2023)DAFLProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620513(4931-4948)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620513
Zhu CZhang MWu XXu XLi Y(2023)Client-Specific Upgrade Compatibility Checking via Knowledge-Guided DiscoveryACM Transactions on Software Engineering and Methodology10.1145/358256932:4(1-31)Online publication date: 26-May-2023
https://dl.acm.org/doi/10.1145/3582569
Wang AFeng NChechik M(2023)Code-Level Functional Equivalence Checking of Annotative Software Product LinesProceedings of the 27th ACM International Systems and Software Product Line Conference - Volume A10.1145/3579027.3608978(64-75)Online publication date: 28-Aug-2023
https://dl.acm.org/doi/10.1145/3579027.3608978
Wen JMahmud TChe MYan YYang G(2023)Intelligent Constraint Classification for Symbolic Execution2023 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)10.1109/SANER56733.2023.00023(144-154)Online publication date: Mar-2023
https://doi.org/10.1109/SANER56733.2023.00023
Jakobs MPollandt T(2023)diffDP: Using Data Dependencies and Properties in Difference Verification with ConditionsiFM 202310.1007/978-3-031-47705-8_3(40-61)Online publication date: 6-Nov-2023
https://doi.org/10.1007/978-3-031-47705-8_3
Shimmi SRahimi MGarrido AWong WDe Angelis GDo HNguyen B(2022)Leveraging code-test co-evolution patterns for automated test case recommendationProceedings of the 3rd ACM/IEEE International Conference on Automation of Software Test10.1145/3524481.3527222(65-76)Online publication date: 17-May-2022
https://dl.acm.org/doi/10.1145/3524481.3527222
Yi QYang G(2022)Feedback-Driven Incremental Symbolic Execution2022 IEEE 33rd International Symposium on Software Reliability Engineering (ISSRE)10.1109/ISSRE55969.2022.00055(505-516)Online publication date: Oct-2022
https://doi.org/10.1109/ISSRE55969.2022.00055
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents