On Delayed Choice Execution for Falsification EPFL IC LARA-REPORT-2008-08

We present an approach for finding errors in programs and specifications. We formulate our approach as an execution mechanism for a non-deterministic guarded-command language. Guarded commands have already proved useful for verification-condition generation but are usually viewed as a non-executable representation. We show how to execute guarded commands using an explicit-state model checker. We illustrate the benefits of this approach in two related domains: boundedexhaustive testing and falsification for Hoare triples. The basis of our approach is the delayed-choice technique for improving the execution of guarded commands. Delayed choice postpones nondeterministic choice of values until they are used. Our approach also supports copy-propagation of symbolic values but avoids the cost of full-blown symbolic execution. We describe an implementation of our approach in Java PathFinder, a popular model checker for Java programs. Our experimental results show that our techniques significantly improve performance compared to the current execution strategy in Java

[1]  Robert J. Simmons,et al.  Proofs from Tests , 2008, IEEE Transactions on Software Engineering.

[2]  Dawson R. Engler,et al.  EXE: automatically generating inputs of death , 2006, CCS '06.

[3]  Michael R. Lowry,et al.  Combining unit-level symbolic execution and system-level concrete execution for testing nasa software , 2008, ISSTA '08.

[4]  Roberto Bruttomesso,et al.  The MathSAT 4SMT Solver , 2008, CAV.

[5]  Viktor Kuncak,et al.  Full functional verification of linked data structures , 2008, PLDI '08.

[6]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[7]  Wolfgang Reif,et al.  Verification of Mondex electronic purses with KIV: from transactions to a security protocol , 2007, Formal Aspects of Computing.

[8]  Sarfraz Khurshid,et al.  Assertion-based repair of complex data structures , 2007, ASE.

[9]  Peter H. Schmitt,et al.  Verifying the Mondex Case Study , 2007, Fifth IEEE International Conference on Software Engineering and Formal Methods (SEFM 2007).

[10]  Sarfraz Khurshid,et al.  Parallel test generation and execution with Korat , 2007, ESEC-FSE '07.

[11]  Darko Marinov,et al.  Automated testing of refactoring engines , 2007, ESEC-FSE '07.

[12]  Sarfraz Khurshid,et al.  Korat: A Tool for Generating Structurally Complex Test Inputs , 2007, 29th International Conference on Software Engineering (ICSE'07).

[13]  Rupak Majumdar,et al.  Hybrid Concolic Testing , 2007, 29th International Conference on Software Engineering (ICSE'07).

[14]  Corina S. Pasareanu,et al.  Predicate Abstraction with Under-approximation Refinement , 2007, Log. Methods Comput. Sci..

[15]  Viktor Kuncak,et al.  Modular data structure verification , 2007 .

[16]  Krzysztof R. Apt,et al.  Constraint logic programming using Eclipse , 2007 .

[17]  Jooyong Yi,et al.  Bogor/Kiasan: A k-bounded Symbolic Execution for Checking Strong Heap Properties of Open Systems , 2006, 21st IEEE/ACM International Conference on Automated Software Engineering (ASE'06).

[18]  Felix Sheng-Ho Chang,et al.  Modular verification of code with SAT , 2006, ISSTA '06.

[19]  Bor-Yuh Evan Chang,et al.  Boogie: A Modular Reusable Verifier for Object-Oriented Programs , 2005, FMCO.

[20]  Koushik Sen,et al.  CUTE: a concolic unit testing engine for C , 2005, ESEC/FSE-13.

[21]  Koushik Sen,et al.  DART: directed automated random testing , 2005, PLDI '05.

[22]  David Notkin,et al.  Symstra: A Framework for Generating Object-Oriented Unit Tests Using Symbolic Execution , 2005, TACAS.

[23]  Darko Marinov,et al.  Automatic testing of software with structurally complex inputs , 2005 .

[24]  Keith Stobie Model Based Testing in Practice at Microsoft , 2005, Electron. Notes Theor. Comput. Sci..

[25]  Sarfraz Khurshid,et al.  TestEra: Specification-Based Testing of Java Programs Using SAT , 2004, Automated Software Engineering.

[26]  K. Rustan M. Leino,et al.  Verification of Object-Oriented Programs with Invariants , 2003, J. Object Technol..

[27]  Sarfraz Khurshid,et al.  Generalized Symbolic Execution for Model Checking and Testing , 2003, TACAS.

[28]  Yoonsik Cheon,et al.  A Runtime Assertion Checker for the Java Modeling Language (JML) , 2003, ICSE 2003.

[29]  Sarfraz Khurshid,et al.  An Evaluation of Exhaustive Testing for Data Structures , 2003 .

[30]  Sarfraz Khurshid,et al.  Korat: automated testing based on Java predicates , 2002, ISSTA '02.

[31]  Greg Nelson,et al.  Extended static checking for Java , 2002, PLDI '02.

[32]  Radu Iosif,et al.  Symmetry Reduction Criteria for Software Model Checking , 2002, SPIN.

[33]  Sarfraz Khurshid,et al.  TestEra: a novel framework for automated testing of Java programs , 2001, Proceedings 16th Annual International Conference on Automated Software Engineering (ASE 2001).

[34]  Ronald L. Rivest,et al.  Introduction to Algorithms, Second Edition , 2001 .

[35]  Daniel Hoffman,et al.  State generation and automated class testing , 2000, Softw. Test. Verification Reliab..

[36]  Simon Peyton Jones,et al.  Implementing Functional Languages: a tutorial , 2000 .

[37]  Manfred Schmidt-Schauß,et al.  A non-deterministic call-by-need lambda calculus , 1998, ICFP '98.

[38]  Simon L. Peyton Jones,et al.  The Implementation of Functional Programming Languages , 1987 .

[39]  James C. King,et al.  Symbolic execution and program testing , 1976, CACM.