Deconstructing Dynamic Symbolic Execution
نویسندگان
چکیده
Dynamic symbolic execution (DSE) is a well-known technique for automatically generating tests to achieve higher levels of coverage in a program. Two keys ideas of DSE are to: (1) seed symbolic execution by executing a program on an initial input; (2) using concrete values from the program execution in place of symbolic expressions whenever symbolic reasoning is hard or not desired. We describe DSE for a simple core language and then present a minimalist implementation of DSE for Python (in Python) that follows this basic recipe. The code is available at https://www.github.com/thomasjball/PyExZ3/ (tagged “v1.0”) and has been designed to make it easy to experiment with and extend.
منابع مشابه
Finding Errors in Python Programs Using Dynamic Symbolic Execution
For statically typed languages, dynamic symbolic execution (also called concolic testing) is a mature approach to automated test generation. However, extending it to dynamic languages presents several challenges. Complex semantics, fragmented and incomplete type information, and calls to foreign functions lacking precise models make symbolic execution difficult. We propose a symbolic execution ...
متن کاملRedundant State Detection for Dynamic Symbolic Execution
Many recent tools use dynamic symbolic execution to perform tasks ranging from automatic test generation, finding security flaws, equivalence verification, and exploit generation. However, while symbolic execution is promising, it perennially struggles with the fact that the number of paths in a program increases roughly exponentially with both code and input size. This paper presents a techniq...
متن کاملPrecise Guidance to Dynamic Test Generation
Dynamic symbolic execution has been shown an effective technique for automated test input generation. However, its scalability is limited due to the combinatorial explosion of the path space. We propose to take advantage of data flow analysis to better perform dynamic symbolic execution in the context of generating test inputs for maximum structural coverage. In particular, we utilize the chain...
متن کاملDynamic Symbolic Execution using Eclipse CDT
Finding software bugs before deployment is essential to achieve software safety and security. The achievable code coverage and input coverage with manual test suite development at reasonable cost is limited. Therefore, complementary automated methods for bug detection are of interest. This paper describes automated context-sensitive detection of software bugs with dynamic symbolic execution. Th...
متن کاملDeconstructing Alice and Bob
We show that, despite the fact that Alice&Bob;–notation does not include explicit control flowconstructs, it is possible to make some of these aspects explicit and thus produce formal protocolmodels without having to resort to more expressive protocol description languages. We introducea notion of incremental symbolic runs to formally handle message forwarding and conditionalabor...
متن کامل