PROJECT SUMMARY
Dynamic Symbolic Execution (DSE) is a state-ofthe- art test-generation approach that systematically explores program paths to generate high-covering tests. In DSE, the presence of loops (especially unbound loops) can cause an enormous or even infinite number of paths to be explored. There exist techniques (such as bounded iteration, heuristics, and summarization) that assist DSE in addressing loop problems. However, there exists no literature-survey or empirical work that shows the pervasiveness of loop problems or identifies challenges faced by these techniques on real-world open-source applications. To fill this gap, we provide comprehensive characteristic studies to guide future research on addressing loop problems for DSE. Our proposed study methodology starts with conducting a literature-survey study to investigate how technical problems such as loop problems compromise automated software-engineering tasks such as test generation, and which existing techniques are proposed to deal with such technical problems. Then the study methodology continues with conducting an empirical study of applying the existing techniques on realworld software applications sampled based on the literaturesurvey results and major open-source project hostings. This empirical study investigates the pervasiveness of the technical problems and how well existing techniques can address such problems among real-world software applications. Based on such study methodology, our two-phase characteristic studies identify that bounded iteration and heuristics are effective in addressing loop problems when used properly. Our studies further identify challenges faced by these techniques and provide guidelines for effectively addressing these challenges.
PEOPLE
Faculty
Students
Collaborators
Nikolai Tillmann (Microsoft Research)
PUBLICATIONS
LITARATURE-SURVEY STUDY
In our literature-survey study, we survey the literature from a comprehensive bibliography of papers on symbolic execution and tasks assisted by symbolic execution. The articles are published in a wide range of venues, including conferences in software engineering (e.g., ICSE, FSE, ISSTA), systems (e.g., ASPLOS, OSDI), security (e.g., CCS, Oakland, USENIX Security), software verification (e.g., CAV, TACAS, VMCAI), programming languages (e.g., POPL, PLDI, SAS, CC), and database (e.g., SIGMOD). Since the bibliography includes only a few articles published in 2012, we manually collect more articles in 2012 for study.
EMPIRICAL STUDY
In our empirical study, we choose certain representative techniques (found from our literature-survey study) to apply on real-world applications. We sample subject applications from certain categories (data structures and parsers) that are found to typically have loop problems from the surveyed articles, and select subject applications randomly from major open-source project hostings including CodePlex and GitHub.
MAJOR FINDINGS AND IMPLICATIONS