Guiding Dynamic Symbolic Execution toward Unverified Program Executions
Most techniques to detect program errors, such as testing, code reviews, and static program analysis, do not fully verify all possible executions of a program. They leave executions unverified when they do not check certain properties, fail to verify properties, or check properties under certain uns...
Uloženo v:
| Vydáno v: | Proceedings / International Conference on Software Engineering s. 144 - 155 |
|---|---|
| Hlavní autoři: | , , |
| Médium: | Konferenční příspěvek |
| Jazyk: | angličtina |
| Vydáno: |
ACM
14.05.2016
|
| Témata: | |
| ISSN: | 1558-1225 |
| On-line přístup: | Získat plný text |
| Tagy: |
Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
|
| Abstract | Most techniques to detect program errors, such as testing, code reviews, and static program analysis, do not fully verify all possible executions of a program. They leave executions unverified when they do not check certain properties, fail to verify properties, or check properties under certain unsound assumptions such as the absence of arithmetic overflow. In this paper, we present a technique to complement partial verification results by automatic test case generation. In contrast to existing work, our technique supports the common case that the verification results are based on unsound assumptions. We annotate programs to reflect which executions have been verified, and under which assumptions. These annotations are then used to guide dynamic symbolic execution toward unverified program executions. Our main technical contribution is a code instrumentation that causes dynamic symbolic execution to abort tests that lead to verified executions, to prune parts of the search space, and to prioritize tests that cover more properties that are not fully verified. We have implemented our technique for the .NET static analyzer Clousot and the dynamic symbolic execution tool Pex. It produces smaller test suites (by up to 19.2%), covers more unverified executions (by up to 7.1%), and reduces testing time (by up to 52.4%) compared to combining Clousot and Pex without our technique. |
|---|---|
| AbstractList | Most techniques to detect program errors, such as testing, code reviews, and static program analysis, do not fully verify all possible executions of a program. They leave executions unverified when they do not check certain properties, fail to verify properties, or check properties under certain unsound assumptions such as the absence of arithmetic overflow. In this paper, we present a technique to complement partial verification results by automatic test case generation. In contrast to existing work, our technique supports the common case that the verification results are based on unsound assumptions. We annotate programs to reflect which executions have been verified, and under which assumptions. These annotations are then used to guide dynamic symbolic execution toward unverified program executions. Our main technical contribution is a code instrumentation that causes dynamic symbolic execution to abort tests that lead to verified executions, to prune parts of the search space, and to prioritize tests that cover more properties that are not fully verified. We have implemented our technique for the .NET static analyzer Clousot and the dynamic symbolic execution tool Pex. It produces smaller test suites (by up to 19.2%), covers more unverified executions (by up to 7.1%), and reduces testing time (by up to 52.4%) compared to combining Clousot and Pex without our technique. |
| Author | Christakis, Maria Wustholz, Valentin Muller, Peter |
| Author_xml | – sequence: 1 givenname: Maria surname: Christakis fullname: Christakis, Maria email: maria.christakis@inf.ethz.ch organization: Dept. of Comput. Sci., ETH Zurich, Zurich, Switzerland – sequence: 2 givenname: Peter surname: Muller fullname: Muller, Peter email: peter.mueller@inf.ethz.ch organization: Dept. of Comput. Sci., ETH Zurich, Zurich, Switzerland – sequence: 3 givenname: Valentin surname: Wustholz fullname: Wustholz, Valentin email: valentin.wuestholz@inf.ethz.ch organization: Dept. of Comput. Sci., ETH Zurich, Zurich, Switzerland |
| BookMark | eNpFjFFLwzAURqMouM09--BL_0DnvU3S5D7KnFUYKOieR9IkI7K2knZq_70TBZ_Od-DjTNlZ27WesSuEBaKQN4XWQmlc_FALfsLmdFQhgXMCwFM2QSl1jkUhL9i0798AoBREE1ZVh-hiu8vuxtY0sc5exsZ2--NYffn6MMSuzYbu0ySXbdoPn2KI3mXPqdsl0_x_-kt2Hsy-9_M_ztjmfvW6fMjXT9Xj8nadGy7FkNvaOiTSXikbsIRQgHHCegFK1kjKojRKITgrSLmCggwiGEVUEvggFZ-x699u9N5v31NsTBq3SutSE_FvwBxNuA |
| CODEN | IEEPAD |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IH CBEJK RIE RIO |
| DOI | 10.1145/2884781.2884843 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Proceedings Order Plan (POP) 1998-present by volume IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP) 1998-present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science |
| EISBN | 9781450339001 145033900X |
| EISSN | 1558-1225 |
| EndPage | 155 |
| ExternalDocumentID | 7886899 |
| Genre | orig-research |
| GroupedDBID | -~X .4S .DC 123 23M 29O 5VS 6IE 6IF 6IH 6IK 6IL 6IM 6IN 8US AAJGR AAWTH ABLEC ADZIZ AFFNX ALMA_UNASSIGNED_HOLDINGS APO ARCSS AVWKF BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK CHZPO EDO FEDTE I-F I07 IEGSK IJVOP IPLJI M43 OCL RIE RIL RIO RNS XOL |
| ID | FETCH-LOGICAL-a354t-bcbd1998e77bf160f20ad4be4075c197b15a7710db497d29f5f4fa799690ef573 |
| IEDL.DBID | RIE |
| ISICitedReferencesCount | 68 |
| ISICitedReferencesURI | http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000406138600015&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| IngestDate | Wed Aug 27 02:07:20 EDT 2025 |
| IsDoiOpenAccess | false |
| IsOpenAccess | true |
| IsPeerReviewed | false |
| IsScholarly | true |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-a354t-bcbd1998e77bf160f20ad4be4075c197b15a7710db497d29f5f4fa799690ef573 |
| OpenAccessLink | http://hdl.handle.net/20.500.11850/101609 |
| PageCount | 12 |
| ParticipantIDs | ieee_primary_7886899 |
| PublicationCentury | 2000 |
| PublicationDate | 2016-05-14 |
| PublicationDateYYYYMMDD | 2016-05-14 |
| PublicationDate_xml | – month: 05 year: 2016 text: 2016-05-14 day: 14 |
| PublicationDecade | 2010 |
| PublicationTitle | Proceedings / International Conference on Software Engineering |
| PublicationTitleAbbrev | ICSE |
| PublicationYear | 2016 |
| Publisher | ACM |
| Publisher_xml | – name: ACM |
| SSID | ssj0006499 |
| Score | 2.3354182 |
| Snippet | Most techniques to detect program errors, such as testing, code reviews, and static program analysis, do not fully verify all possible executions of a program.... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 144 |
| SubjectTerms | Aerospace electronics Conferences dynamic symbolic execution Instruments partial verification Performance analysis program verification Redundancy Software engineering static analysis Testing |
| Title | Guiding Dynamic Symbolic Execution toward Unverified Program Executions |
| URI | https://ieeexplore.ieee.org/document/7886899 |
| WOSCitedRecordID | wos000406138600015&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1NT8JAEJ0A8eAJFYzf2YNHF9rS7sdZAQ-GkCgJN9LtziYcLAYK0X_vbFvBgxdPbZpJm2x3O-91570BuDdhqp1MI24cKh6bSHNCrZZb72odZVaLyiTpRU4maj7X0wY87LUwiFgWn2HPn5Z7-XaVbf2vsj7RNUH8oAlNKWWl1dp_dQVB99q6J4yTfqSUF1H2_FF5Sc6v3ill6hi1__fQE-geNHhsus8up9DA_AzaP00YWL0mOzAeb5c-gj1VveXZ69e78Wa_bPiJWTmtWFHWxrJZTvN26Qh0-jv7sqxDzKYLs9Hw7fGZ190ReDpI4oKbzFgvkEMpjQtF4KIgtbFBYmhJFmppwiSVhB-sibW0kXaJi10qid_oAF0iB-fQylc5XgAzSghFMYF0lOApZoBIC9MSddZGaXMJHT8ui4_KAGNRD8nV35ev4ZhQhfBb7GF8A61ivcVbOMp2xXKzvivf2jcxlJpS |
| linkProvider | IEEE |
| linkToHtml | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3PT8IwFH5BNNETKhh_24NHB9to1_as_DAiIRESbmRd24QDw8Aw-t_7uk3w4MXTluVlS7p27_vW930P4F4FsbQ8Dj1ljfCoCqWHqFV72rlah4mWUWGSNODDoZhO5agCD1stjDEmLz4zTXea7-XrZbJxv8paSNci5Ad7sM8oDYNCrbX97kYI3kvznoCyViiEk1E23VE4Uc6v7il58ujW_vfYY2jsVHhktM0vJ1Ax6SnUftowkHJV1qHX28xdBHkqusuTt6-Fcna_pPNpknxikSyvjiWTFGfu3CLsdHd2hVm7mHUDJt3O-LHvlf0RvLjNaOapRGknkTOcKxtEvg39WFNlkKOxJJBcBSzmiCC0opLrUFpmqY05MhzpG8t4-wyq6TI150CUiCKBMT63mOIxpm0MLk2N5FkqIdUF1N24zN4LC4xZOSSXf1--g8P--HUwGzwPX67gCDFG5DbcA3oN1Wy1MTdwkHxk8_XqNn-D32emnZk |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=Proceedings+%2F+International+Conference+on+Software+Engineering&rft.atitle=Guiding+Dynamic+Symbolic+Execution+toward+Unverified+Program+Executions&rft.au=Christakis%2C+Maria&rft.au=Muller%2C+Peter&rft.au=Wustholz%2C+Valentin&rft.date=2016-05-14&rft.pub=ACM&rft.eissn=1558-1225&rft.spage=144&rft.epage=155&rft_id=info:doi/10.1145%2F2884781.2884843&rft.externalDocID=7886899 |