KIL: An Abstract Intermediate Language for Symbolic Execution and Test Generation of C++ Programs
نویسندگان
چکیده
We present a declarative intermediate language KIL in a symbolic executor for C++ programs and show how to use KIL to control symbolic execution. KIL is an abstract language defined over LLVM bytecode; it provides a higher level model of C++ object operations and functions. KIL enables lazy function evaluation, object-level execution and reasoning, defining built-in efficient solvers, function summary based execution, and so on. Specifically, the symbolic executor first performs KIL level execution to build abstract path constraints, then uses these abstract constraints to guide bytecode level execution and produce concrete test cases. This method is able to avoid exploring many useless or duplicate paths. Experimental results show that KIL can help solve path constraints and produce test cases in much less time without losing source coverage.
منابع مشابه
KLOVER: A Symbolic Execution and Automatic Test Generation Tool for C++ Programs
We present the first symbolic execution and automatic test generation tool for C++ programs. First we describe our effort in extending an existing symbolic execution tool for C programs to handle C++ programs. We then show how we made this tool generic, efficient and usable to handle real-life industrial applications. Novel features include extended symbolic virtual machine, library optimizatio...
متن کاملCreating and Visualizing Test Data from Programming Exercises
Automatic assessment of programming exercises is typically based on testing approach. Most automatic assessment frameworks execute tests and evaluate test results automatically, but the test data generation is not automated. No matter that automatic test data generation techniques and tools are available. We have researched how the Java PathFinder software model checker can be adopted to the sp...
متن کاملTesting Database Programs using Relational Symbolic Execution
Symbolic execution is a technique which allows to automatically generate test inputs (and outputs) exercising a set of execution paths within a program to be tested. If the paths cover a sufficient part of the code under test, the test data offer a representative view of the program’s actual behaviour, allowing to detect failures and correct faults. Relational databases are ubiquitous in softwa...
متن کاملConcolic Execution and Test Case Generation in Prolog
Symbolic execution extends concrete execution by allowing symbolic input data and then exploring all feasible execution paths. It has been defined and used in the context of many different programming languages and paradigms. A symbolic execution engine is at the heart of many program analysis and transformation techniques, like partial evaluation, test case generation or model checking, to nam...
متن کاملOperational Aspects of C/C++ Concurrency
Relaxed memory models define the behavior of concurrent programs, executed on modern multiprocessors. Existing semantics for modelling relaxed concurrency in C/C++ adopt the axiomatic style, defining program executions via orders between read/write events. This representation of executions poses challenges for employing such semantics for testing, debugging and symbolic execution of programs. W...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2012