Compositional Symbolic Execution through Program Specialization
نویسندگان
چکیده
Scalability is a major challenge in symbolic execution. The large number of paths that need to be explored and the large size of the constraints that must be carried often compromise the effectiveness of symbolic execution for software testing in practice. Compositional symbolic execution aims to alleviate these scalability issues by executing the methods of a program separately, stowing their results in method summaries and using such summaries to incrementally execute the complete program. We present a novel compositional approach that leverages partial evaluation, a well-established technique that aims at automatically specializing a program with respect to some of its input. We report on its design and implementation in Symbolic PathFinder and on preliminary promising evaluation results.
منابع مشابه
Precise and Progressing Compositional Symbolic Execution
Given a program and an assertion in that program, determining if the assertion can fail is one of the key applications of program analysis. Symbolic execution is a well-known technique for finding such assertion violations. It enjoys the following two interesting properties. First, symbolic execution is precise: if it reports that an assertion can fail, then there is an execution of the program...
متن کاملDemand-Driven Compositional Symbolic Execution
We discuss how to perform symbolic execution of large programs in a manner that is both compositional (hence more scalable) and demand-driven. Compositional symbolic execution means finding feasible interprocedural program paths by composing symbolic executions of feasible intraprocedural paths. By demand-driven, we mean that as few intraprocedural paths as possible are symbolically executed in...
متن کاملA New Perspective on Partial Evaluation and Use Analysis
Partial evaluators are compile time optimizers achieving performance improvements through a program modi cation technique called specialization. Partial evaluators produce one or more copies, or specializations, of each procedure in a source program in the output program. Specializations are distinguished by being optimized for invocation from call sites with di erent characteristics, for examp...
متن کاملInterleaving Symbolic Execution and Partial Evaluation
Partial evaluation is a program specialization technique that allows to optimize programs for which partial input is known. We show that partial evaluation can be used with advantage to speed up as well symbolic execution of programs. Interestingly, the input required for partial evaluation comes from symbolic execution itself which makes it natural to interleave partial evaluation and symbolic...
متن کاملCompositional CLP-Based Test Data Generation for Imperative Languages
Glass-box test data generation (TDG) is the process of automatically generating test input data for a program by considering its internal structure. This is generally accomplished by performing symbolic execution of the program where the contents of variables are expressions rather than concrete values. The main idea in CLP-based TDG is to translate imperative programs into equivalent CLP ones ...
متن کامل