Navas is currently a research scientist at nasa ames research center. Prior regression testing tools focus mainly on test case selection and prioritization whereas symbolic execution. We propose a new and complementary method based on interpolation, that greatly mitigates pathexplosion by subsuming paths that can be guaranteed to not hit a bug. Scalable concolic testing for reliable software score. Madhusudan,niloofar razavi,francesco sorrentino,predicting nullpointer dereferences in concurrent programs. This paper presents a concolic testing approach to automatic postsilicon test generation with virtual prototypes.
This cited by count includes citations to the following articles in scholar. Concolic testing generates next inputs by selecting branches f. Automatic concolic test generation with virtual prototypes. A program and its symbolic execution tree boosting concolic testing via interpolation. Software testing is widely used in industry, but its application in the high performance computing area has been scarce. Jonathan salwan software testing and concolic execution.
Concolic testing tools can find runtime errors fully automatically using available type specifications. Boosting concolic testing via interpolation joxan jaffar, vijayaraghavan murali national university of singapore joxan, m. The approach used builds on previous work combining symbolic and concrete execution, and more specifically, using such a combination to generate test inputs to. Automated software analysis techniques for high reliability. Navas is a senior computer scientist in the computer science lab csl at sri international. Feb, 2017 crest is a concolic test generation tool for c. The approach used builds on previous work combining symbolic and concrete execution, and more specifically, using such a combination to generate test inputs to explore all feasible execution paths. After graduation, he held postdoc positions at national university of singapore 20082011 and the university of melbourne 201120. Manuel hermenegildo imdea software institute and technical u. It is implemented on top of crest 37, a scalable opensource concolic testing tool for. Walker,shreya rawal,jonathan sillito,do crosscutting concerns cause modularity problems.
One major problem with concolic testing is that there are in general an exponential number of paths in the program to explore, resulting in the socalled path. They are used to walk through all nodes of a tree in a speci. A methodology for applying concolic testing manuel cherep concolic testing is a technique that combines concrete and symbolic execution in order to generate inputs that explore different execution paths leading to better testing coverage. Boosting concolic testing via interpolation nus computing. Concolic testing 11, 20 is a variant of symbolic execution which has been very successful in generating highcoverage test inputs. Many security and software testing applications require checking whether certain properties of a program hold for any possible usage scenario. Symbolic execution is a systematic technique for checking programs, which forms a basis for various software testing and verification techniques. Three decades later, cacm, 20, cristian cadar and koushik sen. Other works have been proposed to improve concolic testing in different ways. The paper ad dresses the problem of automating unit testing with mem ory graphs as inputs. Scalable concolic testing for reliable software score overview by utilizing distributed computing nodes, score automatically generates a large number of test cases very fast, each of which explores a unique execution path of a target c program. Precise cache timing analysis via symbolic simulation, chu duc hiep, joxan jaffar and rasool maghareh, rtas 2016. Boosting concolic testing via interpolation fse 20 boosting concolic testing via interpolation joxan jaffar, vijayaraghavan murali, and jorge a.
It provides a powerful analysis in principle but remains challenging to scale and generalize symbolic execution in practice. Software updates often introduce new bugs to existing code bases. Boosting concolic testing via interpolation proceedings. Dynamic symbolic execution based test input generation has emerged as a. Concolic testing, that automates testing via generation of inputs, has been highly successful for desktop applications and thus recent work on the compi 29 tool has extended it to mpi programs. Aug 18, 20 read boosting concolic testing via interpolation on deepdyve, the largest online rental service for scholarly research with thousands of academic publications available at your fingertips. A new invariant rule for the analysis of loops with non.
Boosting concolic testing via interpolation deepdyve. Figure 1 from boosting concolic testing via interpolation semantic. Concolic testing koushik sen eecs department, uc berkeley, ca, usa. Navas, boosting concolic testing via interpolation.
Navas the university of melbourne, australia joxan, m. A target c program is statically instrumented with probes, which record symbolic path conditions. Symbolic execution, a standard technique in program analysis, is a particularly successful and popular component in systems for test case generation. Boosting concolic testing via interpolation proceedings of. A key characteristic of concolic testing is that path conditions can be simpli ed using concrete values whenever the decidability of their symbolic constraints goes beyond the capabilities of the underlying constraint solver. A tool framework for concolic testing, selective recordreplay, and dynamic analysis of javascript koushik sen eecs department uc berkeley, ca, usa. Boosting concolic testing via interpolation joxan jaffar, vijayaraghavan murali national university of singapore, singapore joxan, m. It executes the program with some generated inputs. Proceedings of the 20 9th joint meeting on foundations of software. He received a bachelor in computer science from technical university of madrid, spain 2003 anda phd in computer science from the university of new mexico, usa in 2008. After each execution, the next concrete inputs are generated by symbolically.
Identification, characterization and automatic prioritization of test cases in software testing using techniques like control flow analysis, resources usage, etc. A concolic unit testing engine for c, uses that term in its abstract section. Since its inception several ideas have been proposed to attack this problem from various angles. Eliminating path redundancy via postconditioned symbolic execution. We have implemented concolic testing in tools for test ing both c and java programs. Programming languages machine learning software engineering. The java concolic unit testing engine jcute automatically generates unit tests for java programs. Concolic a portmanteau of concrete and symbolic testing is a hybrid testing technique that integrates concrete execution with symbolic execution 9. A tool framework for concolic testing, selective recordreplay, and dynamic analysis of javascript. Select input variables to be handled symbolically 2.
Partitioning strategies to enhance symbolic execution. Boosting concolic testing via interpolation esecfse, aug 1826, st. The en try function may contain pointer arguments, in which case the inputs to the unit are memory graphs. By utilizing distributed computing nodes, score automatically generates a large number of test cases very fast, each of which explores a unique execution path of a target c program. After each execution, the next concrete inputs are generated by symbolically negating one of the. It executes a program both with concrete and symbolic values. About me software testing bugs hunting concolic execution ir and constraints. A new invariant rule for the analysis of loops with nonstandard control flows. Boosting concolic testing via interpolation citeseerx.
The technique aims to increase code coverage as quickly as. Concolic execution combines randomized concrete execution with symbolic execution and automatic constraint solving. Citeseerx boosting concolic testing via interpolation. We discuss new challenges in using interpolation that arise specifically in the context of concolic testing. Software testing and concolic execution shellstorm. Concolic testing a portmanteau of concrete and symbolic is a hybrid software verification technique that performs symbolic execution, a classical technique that treats program variables as symbolic variables, along a concrete execution testing on particular inputs path. Concolic testing has been very successful in automatically generating test inputs for programs. Boosting concolic testing via interpolation request pdf.
Scalable concolic testing for reliable software score sw. One of the contributions of cabfuzz is that it changes the way we think of concolic testingsacrificing completeness in a degreeto make it practical. However, combinatorial explosion of the path space, known as path explosion, and also constrained testing budget, makes achieving high code coverage in concolic testing a challenging task. We have used the tools to nd bugs in several realworld software systems including. Citeseerx document details isaac councill, lee giles, pradeep teregowda. After each execution, the next concrete inputs are generated by symbolically negating one of the executed branches. These kinds of algorithms are often implemented using a visitor pattern 18. However one of its major limitations is pathexplosion that limits the generation of high coverage inputs. Symbolic execution allows jcute to discern inputs that lead down different execution paths. The generated symbolic constraints are solved using yices to generate input that drive the test execution down new, unexplored program paths.
One of the biggest challenges in concolic testing, an automatic test generation technique, is its huge search space. Introduction testing is the most commonly used technique for ensuring the quality of software. Check the encrypted string of this email, put the correct string in the box below and click go to validate the email and claim this profile. Joint meeting of the european software engineering conference and the acm sigsoft symposium on the foundations of software engineering, esecfse, saint petersburg, russian federation, august 1826, 20. Crest works by inserting instrumentation code using cil into a target program to perform symbolic execution concurrently with the concrete execution. Enhancing dynamic symbolic execution by automatically. In concolic testing, what does concrete execution mean. Dec 07, 2015 an example of how to use interpolation to estimate the 90th percentile using interpolation. Boosting concolic testing via interpolation joxan jaffar, vijayaraghavan murali, and jorge a. Paired and unpaired two sample tests about the mean paired ttest, unpaired ttest, welch ttest, and wilcoxon rank sum test with continuity correction. A parallelapproachto concolictestingwith lowcostsynchronization xiao yu, shuai sun, geguang pu and siyuan jiang, zheng wang software engineering institute, east china normal university, shanghai, china abstract this paper presents a practical approach to parallelize the test data generation algorithm by which computing resources can be fully used. Model interpolation and errordriven learning approaches based on a boosting algorithm.
Proceedings of the 20 9th joint meeting of the european software engineering conference and the acm sigsoft symposium on the foundations of software engineering esecfse. Symbolic execution is used in conjunction with an automated theorem prover or constraint solver based on constraint logic. Moreover, increasing usage of third party libraries or plugins where source code is. Such paths can be subsumed if the interpolant is implied as they can be guaranteed to not be buggy. Concolic testing 11,27 is a promising software testing technique popular in both academia and industry 1,5,6,19,20,30, 32, 33. Before, he was a computer scientist in the robust software engineering group at nasa ames research center, a senior research fellow at the university of melbourne, and a research fellow at the national university of singapore working with joxan jaffar. Bivariate and multivariate statistical hypothesis testing ungrouped data. Concolic testing is a promising approach to automate structural test data generation. Boosting concolic testing via interpolation jorge navas. Automatically generating search heuristics for concolic testing. Software engineering, testing and debugging symbolic execution. Symbolic execution, a standard technique in program analysis, is a particularly successful and popular component in systems for testcase generation. The main idea of concolic testing is to execute the program simultaneously with concrete values and symbolic values.
Other forms of symbolic analysis of programs include bounded model checking which tools such as cbmc, escjava use and abstractionbased model checking which tools such as slam, blast use. We present a new tool, named dart, for automatically testing software that combines three main techniques. Contribute to jburnimcrest development by creating an account on github. Boosting concolic testing via interpolation joxan jaffar, vijayaraghavan murali national university of singapore, singapore jorge a. Model adaptation via model interpolation and boosting for web. This paper explores two classes of model adaptation methods for web search ranking. Navas the university of melbourne, australia jorge.
Traditional test input generation techniques use either 1 concrete execution or 2 symbolic execution that builds constraints and is. His work has been published in top conferences such as cav, tacas, sas, fse, and iclp. Boosting concolic testing via interpolation, esecfse 20, proceedings of the. Moreover, our method can also help to achieve a branch coverage target in less number of iterations. Santosa pathsensitive backward slicing sas12, sep 11, deauville, france. A part of unit can be tested by generating inputs for a single entry function. I am funded by the austrian research fund fwf via the erwin schroedinger fellowship j3696n26 systematic testing of concurrent software. The symbolic execution also known as symbolic evaluation technique is a specific type of symbolic analysis of programs. Jorges primary research areas are programming languages, program analysis, software verification and testing. Boost provides barycentric rational interpolation for nonuniform spaced interpolation.
1449 1112 1008 693 109 220 894 52 389 1559 462 489 443 431 838 422 484 1632 63 767 278 906 209 224 1354 379 564 1535 988 1491 1242 1169 1146 813 937 400 1156 1133 621 1232 723 121