Symbolic execution with mixed concrete-symbolic solving

Date
2011
Authors
Pasareanu C.S.
Rungta N.
Visser W.
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Symbolic execution is a powerful static program analysis technique that has been used for the automated generation of test inputs. Directed Automated Random Testing (DART) is a dynamic variant of symbolic execution that initially uses random values to execute a program and collects symbolic path conditions during the execution. These conditions are then used to produce new inputs to execute the program along different paths. It has been argued that DART can handle situations where classical static symbolic execution fails due to incompleteness in decision procedures and its inability to handle external library calls. We propose here a technique that mitigates these previous limitations of classical symbolic execution. The proposed technique splits the generated path conditions into (a) constraints that can be solved by a decision procedure and (b) complex non-linear constraints with uninterpreted functions to represent external library calls. The solutions generated from the decision procedure are used to simplify the complex constraints and the resulting path conditions are checked again for satisfiability. We also present heuristics that can further improve our technique. We show how our technique can enable classical symbolic execution to cover paths that other dynamic symbolic execution approaches cannot cover. Our method has been implemented within the Symbolic PathFinder tool and has been applied to several examples, including two from the NASA domain. © 2011 ACM.
Description
Keywords
Citation
2011 International Symposium on Software Testing and Analysis, ISSTA 2011 - Proceedings
http://www.scopus.com/inward/record.url?eid=2-s2.0-80051919125&partnerID=40&md5=4f5d1f93a6ebe3c861106348d36aaeb9
URI
http://hdl.handle.net/10019.1/17135
Collections
Stellenbosch University - Scopus Publications