Towards A Case-Optimal Symbolic Execution Algorithm for Analyzing Strong Properties of Object-Oriented Programs

Recent work has demonstrated that symbolic execution techniques can serve as a basis for formal analysis capable of automatically checking heap-manipulating software components against strong interface specifications. In this paper, we present an enhancement to existing symbolic execution algorithms for object-oriented programs that significantly improves upon the algorithms currently implemented in Bogor/Kiasan and JPF. To motivate and justify the new strategy for handling heap data in our enhanced approach, we present a significant empirical study of the performance of related algorithms and an interesting case counting analysis of the heap shapes that can appear in several widely used Java data structure packages.

[1]  Mark Allen Weiss,et al.  Data structures and algorithm analysis in C , 1991 .

[2]  James C. King,et al.  Symbolic execution and program testing , 1976, CACM.

[3]  Bernhard Beckert,et al.  Verification of Object-Oriented Software. The KeY Approach - Foreword by K. Rustan M. Leino , 2007, The KeY Approach.

[4]  Sarfraz Khurshid,et al.  TestEra: a novel framework for automated testing of Java programs , 2001, Proceedings 16th Annual International Conference on Automated Software Engineering (ASE 2001).

[5]  Yannis Smaragdakis,et al.  Check 'n' crash: combining static checking and testing , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..

[6]  Matthew B. Dwyer,et al.  Checking JML specifications using an extensible software model checking framework , 2006, International Journal on Software Tools for Technology Transfer.

[7]  Jooyong Yi,et al.  Bogor/Kiasan: A k-bounded Symbolic Execution for Checking Strong Heap Properties of Open Systems , 2006, 21st IEEE/ACM International Conference on Automated Software Engineering (ASE'06).

[8]  H. Wilf generatingfunctionology: Third Edition , 1990 .

[9]  Sarfraz Khurshid,et al.  Generalized Symbolic Execution for Model Checking and Testing , 2003, TACAS.

[10]  Mark Lillibridge,et al.  Extended static checking for Java , 2002, PLDI '02.

[11]  Koushik Sen,et al.  CUTE: a concolic unit testing engine for C , 2005, ESEC/FSE-13.

[12]  Robby,et al.  Kiasan/KUnit: Automatic Test Case Generation and Analysis Feedback for Open Object-oriented Systems , 2007, Testing: Academic and Industrial Conference Practice and Research Techniques - MUTATION (TAICPART-MUTATION 2007).

[13]  David R. Cok,et al.  ESC/Java2: Uniting ESC/Java and JML , 2004, CASSIS.

[14]  Sarfraz Khurshid,et al.  Korat: automated testing based on Java predicates , 2002, ISSTA '02.

[15]  簡聰富,et al.  物件導向軟體之架構(Object-Oriented Software Construction)探討 , 1989 .

[16]  Kenneth H. Rosen,et al.  Discrete Mathematics and its applications , 2000 .

[17]  M. Robby,et al.  Bogor : An Extensible and Highly Modular Model Checking Framework , 2003 .

[18]  K. Rustan M. Leino,et al.  The Spec# Programming System: An Overview , 2004, CASSIS.

[19]  Matthew B. Dwyer,et al.  Bogor: an extensible and highly-modular software model checking framework , 2003, ESEC/FSE-11.

[20]  Nikolai Tillmann,et al.  XRT- Exploring Runtime for .NET Architecture and Applications , 2006, Electron. Notes Theor. Comput. Sci..