Runtime Exception Detection in Java Programs Using Symbolic Execution

Most of the runtime failures of a software system can be revealed during test execution only, which has a very high cost. In Java programs, runtime failures are manifested as unhandled runtime exceptions. In this paper we present an approach and tool for detecting runtime exceptions in Java programs without having to execute tests on the software. We use the symbolic execution technique to implement the approach. By executing the methods of the program symbolically we can determine those execution branches that throw exceptions. Our algorithm is able to generate concrete test inputs also that cause the program to fail in runtime. We used the Symbolic PathFinder extension of the Java PathFinder as the symbolic execution engine. Besides small example codes we evaluated our algorithm on three open source systems: jEdit, ArgoUML, and log4j. We found multiple errors in the log4j system that were also reported as real bugs in its bug tracking system.

[1]  Karl N. Levitt,et al.  SELECT—a formal system for testing and debugging programs by symbolic execution , 1975 .

[2]  Marcelo d'Amorim,et al.  CORAL: Solving Complex Constraints for Symbolic PathFinder , 2011, NASA Formal Methods.

[3]  Xiang Fu,et al.  SAFELI: SQL injection scanner using symbolic execution , 2008, TAV-WEB '08.

[4]  Dawson R. Engler,et al.  EXE: automatically generating inputs of death , 2006, CCS '06.

[5]  James C. King,et al.  Symbolic execution and program testing , 1976, CACM.

[6]  Nikolai Tillmann,et al.  Pex-White Box Test Generation for .NET , 2008, TAP.

[7]  Sarfraz Khurshid,et al.  Generalized Symbolic Execution for Model Checking and Testing , 2003, TACAS.

[8]  Corina S. Pasareanu,et al.  Symbolic PathFinder: symbolic execution of Java bytecode , 2010, ASE.

[9]  Roger S. Pressman,et al.  Software Engineering: A Practitioner's Approach , 1982 .

[10]  P. David Coward Symbolic execution systems-a review , 1988, Softw. Eng. J..

[11]  Markus von Detten,et al.  Towards systematic, comprehensive trace generation for behavioral pattern detection through symbolic execution , 2011, PASTE '11.

[12]  Gregory Tassey,et al.  Prepared for what , 2007 .

[13]  Koushik Sen DART: Directed Automated Random Testing , 2009, Haifa Verification Conference.

[14]  Dimitra Giannakopoulou,et al.  Verification and validation of air traffic systems: Tactical separation assurance , 2009, 2009 IEEE Aerospace conference.

[15]  George C. Necula,et al.  Finding and preventing run-time error handling mistakes , 2004, OOPSLA.

[16]  Peter R. Pietzuch,et al.  Rule-Based Verification of Network Protocol Implementations Using Symbolic Execution , 2011, 2011 Proceedings of 20th International Conference on Computer Communications and Networks (ICCCN).

[17]  Yannis Smaragdakis,et al.  JCrasher: an automatic robustness tester for Java , 2004, Softw. Pract. Exp..

[18]  Petri Ihantola Test data generation for programming exercises with symbolic execution in Java PathFinder , 2006, Baltic Sea '06.

[19]  Koushik Sen,et al.  CUTE and jCUTE: Concolic Unit Testing and Explicit Path Model-Checking Tools , 2006, CAV.

[20]  Gordon Fraser,et al.  Generating Test Suites with Augmented Dynamic Symbolic Execution , 2013, TAP@STAF.

[21]  Shujuan Jiang,et al.  Fault localization and repair for Java runtime exceptions , 2009, ISSTA.

[22]  Michael R. Lowry,et al.  Combining unit-level symbolic execution and system-level concrete execution for testing nasa software , 2008, ISSTA '08.