Abstract
Efficient program path exploration is important for many software engineering activities such as testing, debugging, and verification. However, enumerating all paths of a program is prohibitively expensive. In this article, we develop a partitioning of program paths based on the program output. Two program paths are placed in the same partition if they derive the output similarly, that is, the symbolic expression connecting the output with the inputs is the same in both paths. Our grouping of paths is gradually created by a smart path exploration. Our experiments show the benefits of the proposed path exploration in test-suite construction.
Our path partitioning produces a semantic signature of a program—describing all the different symbolic expressions that the output can assume along different program paths. To reason about changes between program versions, we can therefore analyze their semantic signatures. In particular, we demonstrate the applications of our path partitioning in testing and debugging of software regressions.
- Agrawal, H., Horgan, J. R., Krauser, E. W., and London, S. 1993. Incremental regression testing. In Proceedings of the Conference on Software Maintenance (ICSM'93). IEEE Computer Society, Washington, DC, 348--357. Google ScholarDigital Library
- Boonstoppel, P., Cadar, C., and Engler, D. 2008. RWSET: Attacking path explosion in constraint-based test generation. Tools Algorithms Construct. Anal. Syst. 4963, 351--366. Google ScholarDigital Library
- Csallner, C., Tillmann, N., and Smaragdakis, Y. 2008. DYSY: Dynamic symbolic execution for invariant inference. In Proceedings of the 30th International Conference on Software Engineering (ICSE'08), ACM, New York, NY, USA, 281--290. Google ScholarDigital Library
- CTAS Weather Control Requirements. http://scesm04.upb.de/case-study-2/requirements.pdf.Google Scholar
- De Moura, L. and Bjørner, N. 2008. Z3: An efficient SMT solver. Tools Algor. Construct. Anal. Syst. 4963, 337--340. Google ScholarDigital Library
- Do, H., Elbaum, S., and Rothermel, G. 2005. Supporting controlled experimentation with testing techniques: An infrastructure and its potential impact. Empir. Softw. Eng. 10, 4, 405--435. Google ScholarDigital Library
- Ganesh, V. and Dill, D. L. 2007. A decision procedure for bit-vectors and arrays. In Proceedings of CAV. Springer-Verlag, Berlin. Google ScholarDigital Library
- Godefroid, P. 2007. Compositional dynamic test generation. In Proceedings of the 34th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL'07), ACM, New York, 47--54. Google ScholarDigital Library
- Godefroid, P., Kiezun, A., and Levin, M. Y. 2008. Grammar-based whitebox fuzzing. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'08). ACM, New York, 206--215. Google ScholarDigital Library
- Godefroid, P., Klarlund, N., and Sen, K. 2005. DART: Directed Automated Random Testing. In Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'05). ACM, New York, 213--223. Google ScholarDigital Library
- Gyimóthy, T., Beszédes, A., and Forgács, I. 1999. An efficient relevant slicing method for debugging. In Proceedings of the 7th European Software Engineering Conference Held Jointly with the 7th ACM SIGSOFT International Symposium on Foundations of Software Engineering (ESEC/FSE-7). Springer-Verlag, Berlin, 303--321. Google ScholarDigital Library
- Harrold, M. J., Gupta, R., and Soffa, M. L. 1993. A methodology for controlling the size of a test suite. ACM Trans. Softw. Eng. Methodol. 2, 270--285. Google ScholarDigital Library
- Ma, K., Yit Phang, K., Foster, J., and Hicks, M. 2011. Directed symbolic execution. In Proceedings of the Static Analysis Symposium, 95--111. Google ScholarDigital Library
- McMillan, K. 2010. Lazy annotation for program testing and verification. In Proceedings of the Computer Aided Verification, T. Touili, B. Cook, and P. Jackson, Eds., Lecture Notes in Computer Science Series, vol. 6174, Springer, Berlin, 104--118. Google ScholarDigital Library
- Person, S., Dwyer, M. B., Elbaum, S., and Pǎsǎreanu, C. S. 2008. Differential symbolic execution. In Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of Software Engineering (SIGSOFT'08/FSE-16). ACM, New York, 226--237. Google ScholarDigital Library
- Person, S., Yang, G., Rungta, N., and Khurshid, S. 2011. Directed incremental symbolic execution. In Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'11). ACM, New York, 504--515. Google ScholarDigital Library
- Qi, D., Nguyen, H. D., and Roychoudhury, A. 2011a. Path exploration based on symbolic output. In Proceedings of the 19th ACM SIGSOFT Symposium and the 13th European Conference on Foundations of Software Engineering (ESEC/FSE'11). ACM, New York, 278--288. Google ScholarDigital Library
- Qi, D., Nguyen, H. D. T., and Roychoudhury, A. 2011b. Path exploration based on soymbolic output. Tech. rep., National University of Singapore, http://dl.comp.nus.edu.sg/dspace/handle/1900.100/3347. March.Google Scholar
- Qi, D., Roychoudhury, A., and Liang, Z. 2010. Test generation to expose changes in evolving programs. In Proceedings of the IEEE/ACM International Conference on Automated Software Engineering (ASE'10). ACM, New York, 397--406. Google ScholarDigital Library
- Qi, D., Roychoudhury, A., Liang, Z., and Vaswani, K. 2009. DARWIN: An approach for debugging evolving programs. In Proceedings of the 7th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE'09). ACM, New York, 33--42. Google ScholarDigital Library
- Santelices, R., Chittimalli, P. K., Apiwattanapong, T., Orso, A., and Harrold, M. J. 2008. Test-suite augmentation for evolving software. In Proceedings of the 23rd IEEE/ACM International Conference on Automated Software Engineering (ASE'08). IEEE Computer Society, Los Alamitos, CA, 218--227. Google ScholarDigital Library
- Santelices, R. and Harrold, M. J. 2010. Exploiting program dependencies for scalable multiple-path symbolic execution. In Proceedings of the 19th International Symposium on Software Testing and Analysis (ISSTA'10). ACM, New York, 195--206. Google ScholarDigital Library
- Sen, K., Marinov, D., and Agha, G. 2005. CUTE: A concolic unit testing engine for c. In Proceedings of the 10th European Software Engineering Conference held Jointly with 13th ACM SIGSOFT International Symposium on Foundations of Software Engineering (ESEC/FSE-13). ACM, New York, 263--272. Google ScholarDigital Library
- SQL Power Software. 2012. SQL Power Architect. http://code.google.com/p/power-architect/.Google Scholar
- Song, D., Brumley, D., Yin, H., Caballero, J., Jager, I., Kang, M. G., Liang, Z., Newsome, J., Poosankam, P., and Saxena, P. 2008. BitBlaze: A new approach to computer security via binary analysis. In Proceedings of the 4th International Conference on Information Systems Security. Keynote invited paper. Google ScholarDigital Library
- Wang, T. and Roychoudhury, A. 2008. Dynamic slicing on Java bytecode traces. ACM Trans. Program. Lang. Syst. 30, 10:1--10:49. Google ScholarDigital Library
- Wong, W. E., Horgan, J. R., London, S., and Mathur, A. P. 1995. Effect of test set minimization on fault detection effectiveness. In Proceedings of the 17th International Conference on Software Engineering (ICSE'95). ACM, New York, 41--50. Google ScholarDigital Library
- Xie, Y., Chou, A., and Engler, D. 2003. Archer: using symbolic, path-sensitive analysis to detect memory access errors. In Proceedings of the 9th European Software Engineering Conference held jointly with 11th ACM SIGSOFT International Symposium on Foundations of Software Engineering (ESEC/FSE-11). ACM, New York, 327--336. Google ScholarDigital Library
- Xin, B., Sumner, W. N., and Zhang, X. 2008. Efficient program execution indexing. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'08). ACM, New York, 238--248. Google ScholarDigital Library
- Xu, Z., Kim, Y., Kim, M., Rothermel, G., and Cohen, M. B. 2010. Directed test suite augmentation: techniques and tradeoffs. In Proceedings of the 18th ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE'10). ACM, New York, 257--266. Google ScholarDigital Library
Index Terms
- Path exploration based on symbolic output
Recommendations
Path exploration based on symbolic output
ESEC/FSE '11: Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineeringEfficient program path exploration is important for many software engineering activities such as testing, debugging and verification. However, enumerating all paths of a program is prohibitively expensive. In this paper, we develop a partitioning of ...
Tackling the Path Explosion Problem in Symbolic Execution-Driven Test Generation for Programs
ATS '10: Proceedings of the 2010 19th IEEE Asian Test SymposiumSymbolic techniques have been shown to be very effective in path-based test generation, however, they fail to scale to large programs due to the exponential number of paths to be explored. In this paper, we focus on tackling this path explosion problem ...
Test Case Selection Based on Path Condtions of Symbolic Execution
APSEC '12: Proceedings of the 2012 19th Asia-Pacific Software Engineering Conference - Volume 01Symbolic execution as a test case generation technique has recently become an active research area. However, since symbolic execution generates a large number of test cases, it is impractical to run all the generated test cases in practice. In this ...
Comments