Bounded Lazy Initialization

Tight field bounds have been successfully used in the context of bounded-exhaustive bug finding. They allow one to check the correctness of, or find bugs in, code manipulating data structures whose size made this kind of analyses previously infeasible. In this article we address the question of whether tight field bounds can also contribute to a significant speed-up for symbolic execution when using a system such as Symbolic Pathfinder. Specifically, we propose to change Symbolic Pathfinder’s lazy initialization mechanism to take advantage of tight field bounds. While a straightforward approach that takes into account tight field bounds works well for small scopes, the lack of symmetry-breaking significantly affects its performance. We then introduce a new technique that generates only non-isomorphic structures and consequently is able to consider fewer structures and to execute faster than lazy initialization.

[1]  Sarfraz Khurshid,et al.  Whispec: white-box testing of libraries using declarative specifications , 2007, LCSD '07.

[2]  Jooyong Yi,et al.  Bogor/Kiasan: A k-bounded Symbolic Execution for Checking Strong Heap Properties of Open Systems , 2006, 21st IEEE/ACM International Conference on Automated Software Engineering (ASE'06).

[3]  Sarfraz Khurshid,et al.  Test input generation with java PathFinder , 2004, ISSTA '04.

[4]  Luciano Baresi,et al.  An Introduction to Software Testing , 2006, FoVMT.

[5]  A. Jefferson Offutt,et al.  Introduction to Software Testing , 2008 .

[6]  Marcelo F. Frias,et al.  Analysis of invariants for efficient bounded verification , 2010, ISSTA '10.

[7]  Daniel Jackson,et al.  Checking Properties of Heap-Manipulating Procedures with a Constraint Solver , 2003, TACAS.

[8]  Daniel Jackson,et al.  Finding bugs with a constraint solver , 2000, ISSTA '00.

[9]  Sarfraz Khurshid,et al.  Generalized Symbolic Execution for Model Checking and Testing , 2003, TACAS.

[10]  James C. King,et al.  Symbolic execution and program testing , 1976, CACM.

[11]  Koushik Sen,et al.  DART: directed automated random testing , 2005, PLDI '05.

[12]  Corina S. Pasareanu,et al.  Symbolic PathFinder: symbolic execution of Java bytecode , 2010, ASE.

[13]  Corina S. Pasareanu,et al.  Test input generation for java containers using state matching , 2006, ISSTA '06.

[14]  Daniel Jackson,et al.  Bounded Verification of Voting Software , 2008, VSTTE.

[15]  Stephan Merz,et al.  Model Checking , 2000 .

[16]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.