Differential symbolic execution

Detecting and characterizing the effects of software changes is a fundamental component of software maintenance. Version differencing information can be used to perform version merging, infer change characteristics, produce program documentation, and guide program re-validation. Existing techniques for characterizing code changes, however, are imprecise leading to unnecessary maintenance efforts. In this paper, we introduce a novel extension and application of symbolic execution techniques that computes a precise behavioral characterization of a program change. This technique, which we call differential symbolic execution (DSE), exploits the fact that program versions are largely similar to reduce cost and improve the quality of analysis results. We define the foundational concepts of DSE, describe cost-effective tool support for DSE, and illustrate its potential benefit through an exploratory study that considers version histories of two Java code bases.

[1]  Andrew P. Black,et al.  How we refactor, and how we know it , 2009, 2009 IEEE 31st International Conference on Software Engineering.

[2]  Daniel Kroening,et al.  Decision Procedures - An Algorithmic Point of View , 2008, Texts in Theoretical Computer Science. An EATCS Series.

[3]  Wei-Tek Tsai,et al.  Regression testing in an industrial environment , 1998, CACM.

[4]  Jose Meseguer,et al.  Formal Specification and Verification of Java Refactorings , 2006, 2006 Sixth IEEE International Workshop on Source Code Analysis and Manipulation.

[5]  Stephen F. Siegel,et al.  Analyzing BlobFlow: A Case Study Using Model Checking to Verify Parallel Scientific Software , 2008, PVM/MPI.

[6]  Koushik Sen,et al.  DART: directed automated random testing , 2005, PLDI '05.

[7]  Mary Jean Harrold,et al.  Test-suite reduction and prioritization for modified condition/decision coverage , 2001, Proceedings IEEE International Conference on Software Maintenance. ICSM 2001.

[8]  Lori A. Clarke,et al.  A System to Generate Test Data and Symbolically Execute Programs , 1976, IEEE Transactions on Software Engineering.

[9]  Sarfraz Khurshid,et al.  Generalized Symbolic Execution for Model Checking and Testing , 2003, TACAS.

[10]  Joe D. Warren,et al.  The program dependence graph and its use in optimization , 1987, TOPL.

[11]  Susan Horwitz,et al.  Identifying the semantic and textual differences between two versions of a program , 1990, PLDI '90.

[12]  Andrew P. Black,et al.  Seven habits of a highly effective smell detector , 2008, RSSE '08.

[13]  Rupak Majumdar,et al.  Hybrid Concolic Testing , 2007, 29th International Conference on Software Engineering (ICSE'07).

[14]  Andrew P. Black,et al.  Breaking the barriers to successful refactoring: observations and tools for extract method , 2008, ICSE.

[15]  Robby,et al.  Kiasan/KUnit: Automatic Test Case Generation and Analysis Feedback for Open Object-oriented Systems , 2007, Testing: Academic and Industrial Conference Practice and Research Techniques - MUTATION (TAICPART-MUTATION 2007).

[16]  Gregg Rothermel,et al.  Whole program path-based dynamic impact analysis , 2003, 25th International Conference on Software Engineering, 2003. Proceedings..

[17]  Koushik Sen,et al.  CUTE: a concolic unit testing engine for C , 2005, ESEC/FSE-13.

[18]  Alessandro Orso,et al.  A differencing algorithm for object-oriented programs , 2004, Proceedings. 19th International Conference on Automated Software Engineering, 2004..

[19]  Alessandro Orso,et al.  MATRIX: Maintenance-Oriented Testing Requirements Identifier and Examiner , 2006, Testing: Academic & Industrial Conference - Practice And Research Techniques (TAIC PART'06).

[20]  Gregg Rothermel,et al.  A safe, efficient regression test selection technique , 1997, TSEM.

[21]  John Hatcliff,et al.  Slicing concurrent Java programs using Indus and Kaveri , 2007, International Journal on Software Tools for Technology Transfer.

[22]  John Hatcliff,et al.  Towards A Case-Optimal Symbolic Execution Algorithm for Analyzing Strong Properties of Object-Oriented Programs , 2007, Fifth IEEE International Conference on Software Engineering and Formal Methods (SEFM 2007).

[23]  David Binkley,et al.  Using semantic differencing to reduce the cost of regression testing , 1992, Proceedings Conference on Software Maintenance 1992.

[24]  Barbara G. Ryder,et al.  Interprocedural modification side effect analysis with pointer aliasing , 1993, PLDI '93.

[25]  Frank Tip,et al.  Finding bugs in dynamic web applications , 2008, ISSTA '08.

[26]  Patrice Godefroid,et al.  Compositional dynamic test generation , 2007, POPL '07.

[27]  Darko Marinov,et al.  Automated testing of refactoring engines , 2007, ESEC-FSE '07.

[28]  Alessandro Orso,et al.  JDiff: A differencing technique and tool for object-oriented programs , 2006, Automated Software Engineering.

[29]  Rupak Majumdar,et al.  Dynamic test input generation for database applications , 2007, ISSTA '07.

[30]  Stephen F. Siegel,et al.  A Case Study in the Use of Model Checking to Verify Parallel Scientific Software , 2007 .

[31]  Koushik Sen,et al.  CUTE and jCUTE: Concolic Unit Testing and Explicit Path Model-Checking Tools , 2006, CAV.

[32]  Shawn A. Bohner,et al.  Impact analysis in the software change process: a year 2000 perspective , 1996, 1996 Proceedings of International Conference on Software Maintenance.

[33]  Gregg Rothermel,et al.  Prioritizing test cases for regression testing , 2000, ISSTA '00.

[34]  Frank Tip,et al.  Chianti: a tool for change impact analysis of java programs , 2004, OOPSLA.

[35]  Alan J. Hu,et al.  Embedded Software Verification Using Symbolic Execution and Uninterpreted Functions , 2006, International Journal of Parallel Programming.

[36]  Marie-Claude Gaudel,et al.  Software testing based on formal specifications: a theory and a tool , 1991, Softw. Eng. J..

[37]  David Evans,et al.  Towards Differential Program Analysis , 2022 .

[38]  S RosenblumDavid,et al.  Design and evaluation of a wide-area event notification service , 2001 .

[39]  Katsuhisa Maruyama,et al.  Automated method-extraction refactoring by using block-based slicing , 2001, SSR '01.

[40]  Corina S. Pasareanu,et al.  Test input generation for java containers using state matching , 2006, ISSTA '06.

[41]  Diomidis Spinellis,et al.  Refactoring--Does It Improve Software Quality? , 2007, Fifth International Workshop on Software Quality (WoSQ'07: ICSE Workshops 2007).

[42]  Amer Diwan,et al.  Type-based alias analysis , 1998, PLDI.

[43]  Alessandro Orso,et al.  Regression test selection for Java software , 2001, OOPSLA '01.

[44]  Matthew B. Dwyer,et al.  Generalized Abstract Symbolic Summaries , 2009 .

[45]  Alessandro Orso,et al.  BERT: BEhavioral Regression Testing , 2008, WODA '08.

[46]  George S. Avrunin,et al.  Using model checking with symbolic execution to verify parallel numerical programs , 2006, ISSTA '06.

[47]  Jeffrey M. Voas,et al.  PIE: A Dynamic Failure-Based Technique , 1992, IEEE Trans. Software Eng..

[48]  Tom Mens,et al.  A State-of-the-Art Survey on Software Merging , 2002, IEEE Trans. Software Eng..

[49]  Daniel Jackson,et al.  Semantic Diff: a tool for summarizing the effects of modifications , 1994, Proceedings 1994 International Conference on Software Maintenance.

[50]  Xiaoxia Ren,et al.  Chianti: a change impact analysis tool for Java programs , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..

[51]  Thomas Fahringer,et al.  Symbolic evaluation for parallelizing compilers , 1997, ICS '97.

[52]  David Notkin Longitudinal program analysis , 2002, PASTE '02.

[53]  Jeffrey S. Foster,et al.  Understanding source code evolution using abstract syntax tree matching , 2005, MSR.

[54]  Randal E. Bryant,et al.  Processor verification using efficient reductions of the logic of uninterpreted functions to propositional logic , 1999, TOCL.

[55]  Alessandro Orso,et al.  Test-Suite Augmentation for Evolving Software , 2008, 2008 23rd IEEE/ACM International Conference on Automated Software Engineering.

[56]  Michael D. Ernst,et al.  Refactoring sequential Java code for concurrency via concurrent libraries , 2009, 2009 IEEE 31st International Conference on Software Engineering.

[57]  Michael R. Lowry,et al.  Combining unit-level symbolic execution and system-level concrete execution for testing nasa software , 2008, ISSTA '08.

[58]  Nikolai Tillmann,et al.  Guided path exploration for regression test generation , 2009, 2009 31st International Conference on Software Engineering - Companion Volume.

[59]  David Leon,et al.  Dex: a semantic-graph differencing tool for studying changes in large code bases , 2004, 20th IEEE International Conference on Software Maintenance, 2004. Proceedings..

[60]  Jooyong Yi,et al.  Bogor/Kiasan: A k-bounded Symbolic Execution for Checking Strong Heap Properties of Open Systems , 2006, 21st IEEE/ACM International Conference on Automated Software Engineering (ASE'06).

[61]  Sarfraz Khurshid,et al.  Test input generation with java PathFinder , 2004, ISSTA '04.

[62]  Harald C. Gall,et al.  Change Distilling:Tree Differencing for Fine-Grained Source Code Change Extraction , 2007, IEEE Transactions on Software Engineering.

[63]  David Notkin,et al.  Symstra: A Framework for Generating Object-Oriented Unit Tests Using Symbolic Execution , 2005, TACAS.

[64]  Rupak Majumdar,et al.  Directed test generation using symbolic grammars , 2007, ESEC-FSE '07.

[65]  Nikolai Tillmann,et al.  Demand-Driven Compositional Symbolic Execution , 2008, TACAS.

[66]  James C. King,et al.  Symbolic execution and program testing , 1976, CACM.