Towards a lazier symbolic pathfinder

To explore the state space of programs with complex user-defined data structures, most symbolic execution engines use the lazy initialization algorithm. Symbolic Pathfinder (SPF) is the symbolic execution engine for the Java PathFinder (JPF) model checker; SPF too contains an implementation of the lazy initialization algorithm. A number of extensions to the original lazy initialization algorithm have since been published. One such extension is the lazier# algorithm which demonstrated dramatic performance gains over the other algorithms. There is, however, no open-source implementation of the lazier# algorithm available. This work is an implementation of the the lazier# algorithm within the Symbolic PathFinder framework. In addition, this work describes the implementation of two heap bounding techniques in SPF, namely k-bounding and n-bounding. The purpose of this paper is to discuss the nature of the improvements, implementation details, usage and performance test results.

[1]  Koushik Sen,et al.  CUTE: a concolic unit testing engine for C , 2005, ESEC/FSE-13.

[2]  Dawson R. Engler,et al.  Execution Generated Test Cases: How to Make Systems Code Crash Itself , 2005, SPIN.

[3]  Sarfraz Khurshid,et al.  Generalized Symbolic Execution for Model Checking and Testing , 2003, TACAS.

[4]  James C. King,et al.  Symbolic execution and program testing , 1976, CACM.

[5]  Jooyong Yi,et al.  Bogor/Kiasan: A k-bounded Symbolic Execution for Checking Strong Heap Properties of Open Systems , 2006, 21st IEEE/ACM International Conference on Automated Software Engineering (ASE'06).

[6]  Mark Allen Weiss,et al.  Data structures and algorithm analysis in Ada , 1993 .

[7]  Clifford A. Shaffer Data Structures and Algorithm Analysis in Java , 2011 .

[8]  Corina S. Pasareanu,et al.  Symbolic PathFinder: symbolic execution of Java bytecode , 2010, ASE.

[9]  Nazareno Aguirre,et al.  Bounded Lazy Initialization , 2013, NASA Formal Methods.

[10]  Jooyong Yi,et al.  Efficient and formal generalized symbolic execution , 2012, Automated Software Engineering.

[11]  Lori A. Clarke,et al.  A program testing system , 1976, ACM '76.

[12]  Michael R. Lowry,et al.  Combining unit-level symbolic execution and system-level concrete execution for testing nasa software , 2008, ISSTA '08.

[13]  Koushik Sen DART: Directed Automated Random Testing , 2009, Haifa Verification Conference.

[14]  Yujing He Data Structures and Algorithms in C , 2012 .

[15]  John Hatcliff,et al.  Towards A Case-Optimal Symbolic Execution Algorithm for Analyzing Strong Properties of Object-Oriented Programs , 2007, Fifth IEEE International Conference on Software Engineering and Formal Methods (SEFM 2007).