Enhancing symbolic execution with built-in term rewriting and constrained lazy initialization

Authors:
Pietro Braione;Giovanni Denaro;Mauro Pezzè
Affiliations:
University of Milano-Bicocca, Italy;University of Milano-Bicocca, Italy;University of Milano-Bicocca, Italy / University of Lugano, Switzerland
Venue:
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
Year:
2013

Citing 27
Cited 0

Symbolic execution and program testing

Communications of the ACM
Automatically validating temporal safety properties of interfaces

SPIN '01 Proceedings of the 8th international SPIN workshop on Model checking of software
Lazy abstraction

POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Korat: automated testing based on Java predicates

ISSTA '02 Proceedings of the 2002 ACM SIGSOFT international symposium on Software testing and analysis
TestEra: A Novel Framework for Automated Testing of Java Programs

Proceedings of the 16th IEEE international conference on Automated software engineering
Test input generation with java PathFinder

ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
DART: directed automated random testing

Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
CUTE: a concolic unit testing engine for C

Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Supporting Controlled Experimentation with Testing Techniques: An Infrastructure and its Potential Impact

Empirical Software Engineering
Software Abstractions: Logic, Language, and Analysis

Software Abstractions: Logic, Language, and Analysis
Bogor/Kiasan: A k-bounded Symbolic Execution for Checking Strong Heap Properties of Open Systems

ASE '06 Proceedings of the 21st IEEE/ACM International Conference on Automated Software Engineering
Combining unit-level symbolic execution and system-level concrete execution for testing nasa software

ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
New results on rewrite-based satisfiability procedures

ACM Transactions on Computational Logic (TOCL)
Symbolic program analysis using term rewriting and generalization

Proceedings of the 2008 International Conference on Formal Methods in Computer-Aided Design
Beaver: Engineering an Efficient SMT Solver for Bit-Vector Arithmetic

CAV '09 Proceedings of the 21st International Conference on Computer Aided Verification
Sireum/Topi LDP: a lightweight semi-decision procedure for optimizing symbolic execution-based analyses

Proceedings of the the 7th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
JPF-SE: a symbolic execution extension to Java PathFinder

TACAS'07 Proceedings of the 13th international conference on Tools and algorithms for the construction and analysis of systems
Generalized symbolic execution for model checking and testing

TACAS'03 Proceedings of the 9th international conference on Tools and algorithms for the construction and analysis of systems
An empirical study of optimizations in YOGI

Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 1
KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs

OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Satisfiability of non-linear (Ir)rational arithmetic

LPAR'10 Proceedings of the 16th international conference on Logic for programming, artificial intelligence, and reasoning
CORAL: solving complex constraints for symbolic pathfinder

NFM'11 Proceedings of the Third international conference on NASA Formal methods
Symbolic execution with mixed concrete-symbolic solving

Proceedings of the 2011 International Symposium on Software Testing and Analysis
SAT Modulo Linear Arithmetic for Solving Polynomial Constraints

Journal of Automated Reasoning
Formal testing for separation assurance

Annals of Mathematics and Artificial Intelligence
TestEra: A tool for testing Java programs using alloy specifications

ASE '11 Proceedings of the 2011 26th IEEE/ACM International Conference on Automated Software Engineering
Staged symbolic execution

Proceedings of the 27th Annual ACM Symposium on Applied Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

Symbolic execution suffers from problems when analyzing programs that handle complex data structures as their inputs and take decisions over non-linear expressions. For these programs, symbolic execution may incur invalid inputs or unidentified infeasible traces, and may raise large amounts of false alarms. Some symbolic executors tackle these problems by introducing executable preconditions to exclude invalid inputs, and some solvers exploit rewrite rules to address non linear problems. In this paper, we discuss the core limitations of executable preconditions, and address these limitations by proposing invariants specifically designed to harmonize with the lazy initialization algorithm. We exploit rewrite rules applied within the symbolic executor, to address simplifications of inverse relationships fostered from either program-specific calculations or the logic of the verification tasks. We present a symbolic executor that integrates the two techniques, and validate our approach against the verification of a relevant set of properties of the Tactical Separation Assisted Flight Environment. The empirical data show that the integrated approach can improve the effectiveness of symbolic execution.