Long H. Pham
Quoc-Sang Phan
ABSTRACT
We present Java StarFinder (JSF), a tool for automated test case generation and error detection for Java programs having inputs in the form of complex heap-manipulating data structures. The core of JSF is a symbolic execution engine that uses separation logic with existential quantifiers and inductively-defined predicates to precisely represent the (unbounded) symbolic heap. The feasibility of a heap configuration is checked by a satisfiability solver for separation logic. At the end of each feasible path, a concrete model of the symbolic heap (returned by the solver) is used to generate a test case, e.g., a linked list or an AVL tree, that exercises that path.
We show the effectiveness of JSF by applying it on non-trivial heap-manipulating programs and evaluated it against JBSE, a state-of-the-art symbolic execution engine for heap-based programs. Experimental results show that our tool significantly reduces the number of invalid test inputs and improves the test coverage.
- JaCoCo Java Code Coverage Library, http://www.eclemma.org/jacoco/.Google Scholar
- Java PathFinder. http://babelfish.arc.nasa.gov/trac/jpf/.Google Scholar
- P. Braione, G. Denaro, and M. Pezzè. JBSE: A Symbolic Executor for Java Programs with Complex Heap Inputs. FSE 2016, pages 1018--1022. ACM, 2016. Google ScholarDigital Library
- X. Deng, J. Lee, and Robby. Bogor/Kiasan: A K-bounded Symbolic Execution for Checking Strong Heap Properties of Open Systems. ASE '06, pages 157--166. Google ScholarDigital Library
- B. Hillery, E. Mercer, N. Rungta, and S. Person. Exact Heap Summaries for Symbolic Execution. VMCAI 2016, pages 206--225, 2016. Google ScholarDigital Library
- S. S. Ishtiaq and P. W. O'Hearn. BI as an assertion language for mutable data structures. POPL '01, pages 14--26. ACM, 2001. Google ScholarDigital Library
- S. Khurshid, C. S. Păsăreanu, and W. Visser. Generalized symbolic execution for model checking and testing. TACAS'03, pages 553--568. Springer-Verlag, 2003. Google ScholarDigital Library
- J. C. King. Symbolic execution and program testing. Commun. ACM, 19(7):385--394, July 1976. Google ScholarDigital Library
- Q. L. Le, J. Sun, and W.-N. Chin. Satisfiability Modulo Heap-Based Programs. In CAV, pages 382--404. Springer International Publishing, 2016.Google Scholar
- Q. L. Le, M. Tatsuta, J. Sun, and W. Chin. A Decidable Fragment in Separation Logic with Inductive Predicates and Arithmetic. In CAV 2017, pages 495--517.Google Scholar
- L. H. Pham, Q. L. Le, Q. Phan, J. Sun, and S. Qin. Enhancing Symbolic Execution of Heap-based Programs with Separation Logic for Test Input Generation. CoRR, abs/1712.06025, 2017.Google Scholar
- J. Reynolds. Separation Logic: A Logic for Shared Mutable Data Structures. In LICS, pages 55--74, 2002. Google ScholarDigital Library
Recommendations
VST-Floyd: A Separation Logic Tool to Verify Correctness of C Programs
The Verified Software Toolchain builds foundational machine-checked proofs of the functional correctness of C programs. Its program logic, Verifiable C, is a shallowly embedded higher-order separation Hoare logic which is proved sound in Coq with ...
Verified heap theorem prover by paramodulation
ICFP '12We present VeriStar, a verified theorem prover for a decidable subset of separation logic. Together with VeriSmall [3], a proved-sound Smallfoot-style program analysis for C minor, VeriStar demonstrates that fully machine-checked static analyses ...
Structuring the verification of heap-manipulating programs
POPL '10Most systems based on separation logic consider only restricted forms of implication or non-separating conjunction, as full support for these connectives requires a non-trivial notion of variable context, inherited from the logic of bunched implications ...
Comments