JDart: A Dynamic Symbolic Analysis Framework

We describe JDart, a dynamic symbolic analysis framework for Java. A distinguishing feature of JDart is its modular architecture: the main component that performs dynamic exploration communicates with a component that efficiently constructs constraints and that interfaces with constraint solvers. These components can easily be extended or modified to support multiple constraint solvers or different exploration strategies. Moreover, JDart has been engineered for robustness, driven by the need to handle complex NASA software. These characteristics, together with its recent open sourcing, make JDart an ideal platform for research and experimentation. In the current release, JDart supports the CORAL, SMTInterpol, and Z3 solvers, and is able to handle NASA software with constraints containing bit operations, floating point arithmetic, and complex arithmetic operations e.g., trigonometric and nonlinear. We illustrate how JDart has been used to support other analysis techniques, such as automated interface generation and testing of libraries. Finally, we demonstrate the versatility and effectiveness of JDart, and compare it with state-of-the-art dynamic or pure symbolic execution engines through an extensive experimental evaluation.

[1]  Klaus Havelund,et al.  Model checking programs , 2000, Proceedings ASE 2000. Fifteenth IEEE International Conference on Automated Software Engineering.

[2]  Koushik Sen,et al.  TesMa and CATG: Automated Test Generation Tools for Models of Enterprise Applications , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[3]  M. Gario,et al.  PySMT: a Solver-Agnostic Library for Fast Prototyping of SMT-Based Algorithms , 2015 .

[4]  Cesare Tinelli,et al.  A tour of CVC4: How it works, and how to use it , 2014, 2014 Formal Methods in Computer-Aided Design (FMCAD).

[5]  Heinz Erzberger,et al.  Automated Conflict Resolution, Arrival Management and Weather Avoidance for ATM , 2010 .

[6]  Patrice Godefroid,et al.  SAGE: Whitebox Fuzzing for Security Testing , 2012, ACM Queue.

[7]  Michael R. Lowry,et al.  Combining unit-level symbolic execution and system-level concrete execution for testing nasa software , 2008, ISSTA '08.

[8]  Koushik Sen DART: Directed Automated Random Testing , 2009, Haifa Verification Conference.

[9]  Michael D. Ernst,et al.  Feedback-Directed Random Test Generation , 2007, 29th International Conference on Software Engineering (ICSE'07).

[10]  Corina S. Pasareanu,et al.  Parallel symbolic execution for structural test generation , 2010, ISSTA '10.

[11]  Zvonimir Rakamaric,et al.  The Dart, the Psyco, and the Doop: Concolic Execution in Java PathFinder and its Applications , 2015, SOEN.

[12]  Corina S. Pasareanu,et al.  Symbolic execution with mixed concrete-symbolic solving , 2011, ISSTA '11.

[13]  Laurie Hendren,et al.  Soot---a java optimization framework , 1999 .

[14]  Zvonimir Rakamaric,et al.  Taming test inputs for separation assurance , 2014, ASE.

[15]  Koushik Sen,et al.  CUTE and jCUTE: Concolic Unit Testing and Explicit Path Model-Checking Tools , 2006, CAV.

[16]  Adam Kiezun,et al.  jFuzz: A Concolic Whitebox Fuzzer for Java , 2009, NASA Formal Methods.

[17]  Edmund M. Clarke,et al.  dReal: An SMT Solver for Nonlinear Theories over the Reals , 2013, CADE.

[18]  Nikolai Tillmann,et al.  Pex-White Box Test Generation for .NET , 2008, TAP.

[19]  Sarfraz Khurshid,et al.  Generalized Symbolic Execution for Model Checking and Testing , 2003, TACAS.

[20]  Cacm Staff,et al.  BufferBloat , 2011, Communications of the ACM.

[21]  Gul A. Agha,et al.  Solving complex path conditions through heuristic search on induced polytopes , 2014, FSE 2014.

[22]  Zvonimir Rakamaric,et al.  Symbolic Learning of Component Interfaces , 2012, SAS.

[23]  Zvonimir Rakamaric,et al.  Hybrid learning: interface generation through static, dynamic, and symbolic analysis , 2013, ISSTA.

[24]  Gabor Karsai,et al.  Polyglot: modeling and analysis for multiple Statechart formalisms , 2011, ISSTA '11.

[25]  Koushik Sen,et al.  CUTE: a concolic unit testing engine for C , 2005, ESEC/FSE-13.

[26]  Ilkka Niemelä,et al.  LCT: An Open Source Concolic Testing Tool for Java Programs , 2011 .

[27]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[28]  Marcelo d'Amorim,et al.  CORAL: Solving Complex Constraints for Symbolic PathFinder , 2011, NASA Formal Methods.

[29]  Sarfraz Khurshid,et al.  Compositional Symbolic Execution with Memoized Replay , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[30]  Dawson R. Engler,et al.  KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs , 2008, OSDI.

[31]  Jochen Hoenicke,et al.  SMTInterpol: An Interpolating SMT Solver , 2012, SPIN.