Enhancing Symbolic Execution of Heap-based Programs with Separation Logic for Test Input Generation

12/16/2017
by   Long H. Pham, et al.
0

Symbolic execution is a well established method for test input generation. By taking inputs as symbolic values and solving constraints encoding path conditions, it helps achieve a better test coverage. Despite of having achieved tremendous success over numeric domains, existing symbolic execution techniques for heap-based programs (e.g., linked lists and trees) are limited due to the lack of a succinct and precise description for symbolic values over unbounded heaps. In this work, we present a new symbolic execution method for heap-based programs using separation logic. The essence of our proposal is the use of existential quantifiers to precisely represent symbolic heaps. Furthermore, we propose a context-sensitive lazy initialization, a novel approach for efficient test input generation.We show that by reasoning about the heap in an existential manner, the proposed lazy initialization is sound and complete. We have implemented our proposal into a prototype tool, called Java StarFinder, and evaluated it on a set of programs with complex heap inputs. The results show that our approach significantly reduces the number of invalid test inputs and improves the test coverage.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
07/12/2019

Concolic Testing Heap-Manipulating Programs

Concolic testing is a test generation technique which works effectively ...
research
02/05/2018

Shadow Symbolic Execution with Java PathFinder

Regression testing ensures that a software system when it evolves still ...
research
10/09/2022

A unit-based symbolic execution method for detecting memory corruption vulnerabilities in executable codes

Memory corruption is a serious class of software vulnerabilities, which ...
research
06/11/2023

Attention, Compilation, and Solver-based Symbolic Analysis are All You Need

In this paper we present a Java-to-Python (J2P) and Python-to-Java (P2J)...
research
09/13/2021

Malware MultiVerse: From Automatic Logic Bomb Identification to Automatic Patching and Tracing

Malware and other suspicious software often hide behaviors and component...
research
09/16/2022

Symbolic Execution for Randomized Programs

We propose a symbolic execution method for programs that can draw random...
research
06/06/2023

Dance Generation by Sound Symbolic Words

This study introduces a novel approach to generate dance motions using o...

Please sign up or login with your details

Forgot password? Click here to reset