Concolic testing koushik sen eecs department, uc berkeley, ca, usa. A parallelapproachto concolictestingwith lowcostsynchronization xiao yu, shuai sun, geguang pu and siyuan jiang, zheng wang software engineering institute, east china normal university, shanghai, china abstract this paper presents a practical approach to parallelize the test data generation algorithm by which computing resources can be fully used. Contribute to jburnimcrest development by creating an account on github. It executes a program both with concrete and symbolic values. Scalable concolic testing for reliable software score. Crest works by inserting instrumentation code using cil into a target program to perform symbolic execution concurrently with the concrete execution. This cited by count includes citations to the following articles in scholar. Identification, characterization and automatic prioritization of test cases in software testing using techniques like control flow analysis, resources usage, etc. Check the encrypted string of this email, put the correct string in the box below and click go to validate the email and claim this profile. Concolic testing 11,27 is a promising software testing technique popular in both academia and industry 1,5,6,19,20,30, 32, 33. Boosting concolic testing via interpolation fse 20 boosting concolic testing via interpolation joxan jaffar, vijayaraghavan murali, and jorge a.
Santosa pathsensitive backward slicing sas12, sep 11, deauville, france. Bivariate and multivariate statistical hypothesis testing ungrouped data. His work has been published in top conferences such as cav, tacas, sas, fse, and iclp. A methodology for applying concolic testing manuel cherep concolic testing is a technique that combines concrete and symbolic execution in order to generate inputs that explore different execution paths leading to better testing coverage. A program and its symbolic execution tree boosting concolic testing via interpolation. The paper ad dresses the problem of automating unit testing with mem ory graphs as inputs. Navas is currently a research scientist at nasa ames research center. Symbolic execution is a systematic technique for checking programs, which forms a basis for various software testing and verification techniques. A part of unit can be tested by generating inputs for a single entry function. It is implemented on top of crest 37, a scalable opensource concolic testing tool for. Before, he was a computer scientist in the robust software engineering group at nasa ames research center, a senior research fellow at the university of melbourne, and a research fellow at the national university of singapore working with joxan jaffar. After each execution, the next concrete inputs are generated by symbolically negating one of the executed branches. The generated symbolic constraints are solved using yices to generate input that drive the test execution down new, unexplored program paths. Symbolic execution is used in conjunction with an automated theorem prover or constraint solver based on constraint logic.
Programming languages machine learning software engineering. In concolic testing, what does concrete execution mean. Boosting concolic testing via interpolation, esecfse 20, proceedings of the. A tool framework for concolic testing, selective recordreplay, and dynamic analysis of javascript koushik sen eecs department uc berkeley, ca, usa. Boosting concolic testing via interpolation nus computing. Jorges primary research areas are programming languages, program analysis, software verification and testing. Concolic testing tools can find runtime errors fully automatically using available type specifications. Navas is a senior computer scientist in the computer science lab csl at sri international. Introduction testing is the most commonly used technique for ensuring the quality of software. Citeseerx document details isaac councill, lee giles, pradeep teregowda. Concolic a portmanteau of concrete and symbolic testing is a hybrid testing technique that integrates concrete execution with symbolic execution 9. We propose a new and complementary method based on interpolation, that greatly mitigates pathexplosion by subsuming paths that can be guaranteed to not hit a bug. Select input variables to be handled symbolically 2. The main idea of concolic testing is to execute the program simultaneously with concrete values and symbolic values.
Model adaptation via model interpolation and boosting for web. He received a bachelor in computer science from technical university of madrid, spain 2003 anda phd in computer science from the university of new mexico, usa in 2008. The results show that model interpolation, though simple, achieves the best results on all the open test sets where the test data is very different from the training data. Aug 18, 20 read boosting concolic testing via interpolation on deepdyve, the largest online rental service for scholarly research with thousands of academic publications available at your fingertips. Navas, boosting concolic testing via interpolation. Concolic testing has been very successful in automatically generating test inputs for programs. Navas the university of melbourne, australia joxan, m. Software testing is widely used in industry, but its application in the high performance computing area has been scarce. However, combinatorial explosion of the path space, known as path explosion, and also constrained testing budget, makes achieving high code coverage in concolic testing a challenging task.
Software engineering, testing and debugging symbolic execution. After each execution, the next concrete inputs are generated by symbolically negating one of the. Microsoft invests huge engineering efforts and computational re. Boosting concolic testing via interpolation proceedings. Since its inception several ideas have been proposed to attack this problem from various angles. About me software testing bugs hunting concolic execution ir and constraints. Citeseerx boosting concolic testing via interpolation. Concolic testing 11, 20 is a variant of symbolic execution which has been very successful in generating highcoverage test inputs. Moreover, increasing usage of third party libraries or plugins where source code is.
I am funded by the austrian research fund fwf via the erwin schroedinger fellowship j3696n26 systematic testing of concurrent software. These kinds of algorithms are often implemented using a visitor pattern 18. The main idea is to improve the coverage obtained by feedbackdirected random test generation methods, by utilizing concolic execution on the generated test drivers. The approach used builds on previous work combining symbolic and concrete execution, and more specifically, using such a combination to generate test inputs to. Boosting concolic testing via interpolation esecfse, aug 1826, st. Manuel hermenegildo imdea software institute and technical u.
Navas the university of melbourne, australia jorge. The java concolic unit testing engine jcute automatically generates unit tests for java programs. The score framework employs a distributed concolic testing algorithm that can utilize a large number of computing nodes in a scalable manner to achieve 1 a linear increase in the speed of test case. Concolic testing a portmanteau of concrete and symbolic is a hybrid software verification technique that performs symbolic execution, a classical technique that treats program variables as symbolic variables, along a concrete execution testing on particular inputs path. Boosting concolic testing via interpolation proceedings of. Boosting concolic testing via interpolation jorge navas. One of the contributions of cabfuzz is that it changes the way we think of concolic testingsacrificing completeness in a degreeto make it practical. Concolic testing, that automates testing via generation of inputs, has been highly successful for desktop applications and thus recent work on the compi 29 tool has extended it to mpi programs. Boosting concolic testing via interpolation deepdyve. Other works have been proposed to improve concolic testing in different ways. Scalable concolic testing for reliable software score overview by utilizing distributed computing nodes, score automatically generates a large number of test cases very fast, each of which explores a unique execution path of a target c program. This paper presents a concolic testing approach to automatic postsilicon test generation with virtual prototypes.
Automatically generating search heuristics for concolic testing. Proceedings of the 20 9th joint meeting on foundations of software. A target c program is statically instrumented with probes, which record symbolic path conditions. Symbolic execution, a standard technique in program analysis, is a particularly successful and popular component in systems for test case generation. Automated software analysis techniques for high reliability. Boosting concolic testing via interpolation citeseerx. Concolic testing 11, 20 is a variant of symbolic exe. By utilizing distributed computing nodes, score automatically generates a large number of test cases very fast, each of which explores a unique execution path of a target c program. It provides a powerful analysis in principle but remains challenging to scale and generalize symbolic execution in practice. A tool framework for concolic testing, selective recordreplay, and dynamic analysis of javascript. Boost provides barycentric rational interpolation for nonuniform spaced interpolation. Jonathan salwan software testing and concolic execution. Partitioning strategies to enhance symbolic execution.
Software testing and concolic execution shellstorm. Boosting concolic testing via interpolation joxan jaffar, vijayaraghavan murali, and jorge a. Figure 1 from boosting concolic testing via interpolation semantic. Many security and software testing applications require checking whether certain properties of a program hold for any possible usage scenario. This paper explores two classes of model adaptation methods for web search ranking. Model interpolation and errordriven learning approaches based on a boosting algorithm. The en try function may contain pointer arguments, in which case the inputs to the unit are memory graphs.
Paired and unpaired two sample tests about the mean paired ttest, unpaired ttest, welch ttest, and wilcoxon rank sum test with continuity correction. Symbolic execution, a standard technique in program analysis, is a particularly successful and popular component in systems for testcase generation. Software updates often introduce new bugs to existing code bases. Automatic concolic test generation with virtual prototypes. A concolic unit testing engine for c, uses that term in its abstract section. Scalable concolic testing for reliable software score sw.
We have implemented concolic testing in tools for test ing both c and java programs. Traditional test input generation techniques use either 1 concrete execution or 2 symbolic execution that builds constraints and is. The symbolic execution also known as symbolic evaluation technique is a specific type of symbolic analysis of programs. Feb, 2017 crest is a concolic test generation tool for c. Dynamic symbolic execution based test input generation has emerged as a. A new invariant rule for the analysis of loops with non. Concolic testing is a promising approach to automate structural test data generation. Proceedings of the 20 9th joint meeting of the european software engineering conference and the acm sigsoft symposium on the foundations of software engineering esecfse. Andreas holzer contact software activities publications cv i am a postdoc in the group of prof. The approach used builds on previous work combining symbolic and concrete execution, and more specifically, using such a combination to generate test inputs to explore all feasible execution paths. Walker,shreya rawal,jonathan sillito,do crosscutting concerns cause modularity problems. After each execution, the next concrete inputs are generated by symbolically. A key characteristic of concolic testing is that path conditions can be simpli ed using concrete values whenever the decidability of their symbolic constraints goes beyond the capabilities of the underlying constraint solver. We present a new tool, named dart, for automatically testing software that combines three main techniques.
In proceedings of the 36th inter national conference on software engineering icse 14. Madhusudan,niloofar razavi,francesco sorrentino,predicting nullpointer dereferences in concurrent programs. Boosting concolic testing via interpolation joxan jaffar, vijayaraghavan murali national university of singapore joxan, m. Symbolic execution allows jcute to discern inputs that lead down different execution paths. However one of its major limitations is pathexplosion that limits the generation of high coverage inputs.
Boosting concolic testing via interpolation joxan jaffar, vijayaraghavan murali national university of singapore, singapore joxan, m. Eliminating path redundancy via postconditioned symbolic execution. They are used to walk through all nodes of a tree in a speci. It executes the program with some generated inputs. Boosting concolic testing via interpolation request pdf. We discuss new challenges in using interpolation that arise specifically in the context of concolic testing. Concolic execution combines randomized concrete execution with symbolic execution and automatic constraint solving. Boosting concolic testing via interpolation joxan jaffar, vijayaraghavan murali national university of singapore, singapore jorge a. One major problem with concolic testing is that there are in general an exponential number of paths in the program to explore, resulting in the socalled path. One of the biggest challenges in concolic testing, an automatic test generation technique, is its huge search space. After graduation, he held postdoc positions at national university of singapore 20082011 and the university of melbourne 201120. Enhancing dynamic symbolic execution by automatically. Such paths can be subsumed if the interpolant is implied as they can be guaranteed to not be buggy.
Joint meeting of the european software engineering conference and the acm sigsoft symposium on the foundations of software engineering, esecfse, saint petersburg, russian federation, august 1826, 20. Precise cache timing analysis via symbolic simulation, chu duc hiep, joxan jaffar and rasool maghareh, rtas 2016. We have used the tools to nd bugs in several realworld software systems including. A new invariant rule for the analysis of loops with nonstandard control flows. The technique aims to increase code coverage as quickly as. Three decades later, cacm, 20, cristian cadar and koushik sen.
Moreover, our method can also help to achieve a branch coverage target in less number of iterations. Concolic testing generates next inputs by selecting branches f. Other forms of symbolic analysis of programs include bounded model checking which tools such as cbmc, escjava use and abstractionbased model checking which tools such as slam, blast use. Dec 07, 2015 an example of how to use interpolation to estimate the 90th percentile using interpolation. Compi to address the above issues, this paper presents compi a practical concolic testing tool to automate the testing of mpi applications. This work is inspired by recent advances in concolic testing 7, 8.