A Path Exploration based on Symbolic Output
نویسندگان
چکیده
Efficient program path exploration is important for many software engineering activities such as testing, debugging and verification. However, enumerating all paths of a program is prohibitively expensive. In this paper, we develop a partitioning of program paths based on the program output. Two program paths are placed in the same partition if they derive the output similarly, that is, the symbolic expression connecting the output with the inputs is the same in both paths. Our grouping of paths is gradually created by a smart path exploration. Our experiments show the benefits of the proposed path exploration in test-suite construction. Our path partitioning produces a semantic signature of a program — describing all the different symbolic expressions that the output can assume along different program paths. To reason about changes between program versions, we can therefore analyze their semantic signatures. In particular, we demonstrate the applications of our path partitioning in testing and debugging of software regressions.
منابع مشابه
An Empirical Study of Path Feasibility Queries
In this paper we present a comparative study of path feasibility queries generated during path exploration based software engineering methods. Symbolic execution based methods are gaining importance in different aspects of software engineering e.g. proving properties about programs, test case generation, comparing different executions of programs. These methods use SMT solvers to check the sati...
متن کاملDeepFuzz: Triggering Vulnerabilities Deeply Hidden in Binaries
We introduce a new method for triggering vulnerabilities in deep layers of binary executables and facilitate their exploitation. In our approach we combine dynamic symbolic execution with fuzzing techniques. To maximize both the execution path depth and the degree of freedom in input parameters for exploitation, we define a novel method to assign probabilities to program paths. Based on this pr...
متن کاملThe Auspicious Couple: Symbolic Execution and WCET Analysis
We have recently shown that symbolic execution together with the implicit path enumeration technique can successfully be applied in the Worst-Case Execution Time (WCET) analysis of programs. Symbolic execution offers a precise framework for program analysis and tracks complex program properties by analyzing single program paths in isolation. This path-wise program exploration of symbolic execut...
متن کاملAn Exploratory Survey of Hybrid Testing Techniques Involving Symbolic Execution and Fuzzing
Recent efforts in practical symbolic execution have successfully mitigated the path-explosion problem to some extent with search-based heuristics and compositional approaches. Similarly, due to an increase in the performance of cheap multi-core commodity computers, fuzzing as a viable method of random mutation-based testing has also seen promise. However, the possibility of combining symbolic e...
متن کاملStrategic Technology Planning in Science-Based Subsectors of Petroleum Industry: The Case Study of R&D Roadmapping for Geochemical Exploration Technologies
Strategic planning of technology in Iran's oil industry has a long history, however, the knowledge-based sectors of the oil industry, despite their different characteristics, have been less exposed to such experiences, and hence the study of the experience in one of the key sub-sectors of this industry, namely the exploration geochemical sector, can be innovative. This article seeks to answer t...
متن کامل