Efficient solving of structural constraints

Structural constraint solving is being increasingly used for software reliability tasks such as systematic testing or error recovery. For example, the Korat algorithm provides constraint-based test generation: given a Java predicate that describes desired input constraints and a bound on the input size, Korat systematically searches the bounded input space of the predicate to generate all inputs that satisfy the constraints. As another example, the STARC tool uses a constraint-based search to repair broken data structures. A key issue for these approaches is the efficiency of search. This paper presents a novel approach that significantly improves the efficiency of structural constraint solvers. Specifically, most existing approaches use backtracking through code re-execution to explore their search space. In contrast, our approach performs checkpoint-based backtracking by storing partial program states and performing abstract undo operations. The heart of our approach is a light-weight search that is performed purely through code instrumentation. The experimental results on Korat and STARC for generating and repairing a set of complex data structures show an order to two orders of magnitude speed-up over the traditionally used searches.

[1]  Sarfraz Khurshid,et al.  Starc: static analysis for efficient repair of complex data , 2007, OOPSLA.

[2]  Willem Visser,et al.  Addressing dynamic issues of program model checking , 2001, SPIN '01.

[3]  Darko Marinov,et al.  Automatic testing of software with structurally complex inputs , 2005 .

[4]  Corina S. Pasareanu,et al.  Test input generation for java containers using state matching , 2006, ISSTA '06.

[5]  Stephan Merz,et al.  Model Checking , 2000 .

[6]  Barbara Liskov,et al.  Program Development in Java - Abstraction, Specification, and Object-Oriented Design , 1986 .

[7]  Matthew B. Dwyer,et al.  Bogor: an extensible and highly-modular software model checking framework , 2003, ESEC/FSE-11.

[8]  Sarfraz Khurshid,et al.  Assertion-based repair of complex data structures , 2007, ASE.

[9]  C Haythornwaite,et al.  Gamma, E., Helm, R., Johnson, R. & Vlissides, J. Design Patterns: Elements of Reusable Object Oriented Software. New York: Addison-Wesley, 1995. , 2002 .

[10]  Sarfraz Khurshid,et al.  Generalizing symbolic execution to library classes , 2005, PASTE '05.

[11]  Ralph Johnson,et al.  design patterns elements of reusable object oriented software , 2019 .

[12]  Sarfraz Khurshid,et al.  Test input generation with java PathFinder , 2004, ISSTA '04.

[13]  Sarfraz Khurshid,et al.  TestEra: a novel framework for automated testing of Java programs , 2001, Proceedings 16th Annual International Conference on Automated Software Engineering (ASE 2001).

[14]  Sarfraz Khurshid,et al.  Repairing Structurally Complex Data , 2005, SPIN.

[15]  Klaus Havelund,et al.  Model checking programs , 2000, Proceedings ASE 2000. Fifteenth IEEE International Conference on Automated Software Engineering.

[16]  Lori A. Clarke,et al.  A System to Generate Test Data and Symbolically Execute Programs , 1976, IEEE Transactions on Software Engineering.

[17]  Yan Tang,et al.  Efficient checkpointing of java software using context-sensitive capture and replay , 2007, ESEC-FSE '07.

[18]  Patrice Godefroid,et al.  Model checking for programming languages using VeriSoft , 1997, POPL '97.

[19]  Sarfraz Khurshid,et al.  Korat: automated testing based on Java predicates , 2002, ISSTA '02.

[20]  Koushik Sen,et al.  CUTE: a concolic unit testing engine for C , 2005, ESEC/FSE-13.

[21]  R. K. Shyamasundar,et al.  Introduction to algorithms , 1996 .

[22]  Martin Rinard,et al.  Automatic detection and repair of errors in data structures , 2003, OOPSLA 2003.

[23]  Sarfraz Khurshid,et al.  Generalized Symbolic Execution for Model Checking and Testing , 2003, TACAS.

[24]  Sarfraz Khurshid,et al.  Software assurance by bounded exhaustive testing , 2004, IEEE Transactions on Software Engineering.

[25]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[26]  Koushik Sen DART: Directed Automated Random Testing , 2009, Haifa Verification Conference.

[27]  Dawson R. Engler,et al.  Execution Generated Test Cases: How to Make Systems Code Crash Itself , 2005, SPIN.

[28]  Corina S. Pasareanu,et al.  Test input generation for red-black trees using abstraction , 2005, ASE.

[29]  James C. King,et al.  Symbolic execution and program testing , 1976, CACM.

[30]  Junguk L. Kim,et al.  An Efficient Protocol for Checkpointing Recovery in Distributed Systems , 1993, IEEE Trans. Parallel Distributed Syst..

[31]  Sarfraz Khurshid,et al.  Parallel test generation and execution with Korat , 2007, ESEC-FSE '07.