KLOVER: A Symbolic Execution and Automatic Test Generation Tool for C++ Programs

Li, Guodong; Ghosh, Indradeep; Sunitha, R

doi:10.1007/978-3-642-22110-1_49

Cited by 66 publications

(45 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…SymJS interprets them symbolically, and optimizes the calls so as to reduce the overhead in symbolic execution. Some optimizations are similar to those described in [14]. The processed libraries include Number, String, Array, Global, String, Math, and Regular Expression.…”

Section: Symbolic Execution Enginementioning

confidence: 99%

SymJS: automatic symbolic testing of JavaScript web applications

Andreasen

Ghosh

2014

Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering

Self Cite

View full text Add to dashboard Cite

We present SymJS, a comprehensive framework for automatic testing of client-side JavaScript Web applications. The tool contains a symbolic execution engine for JavaScript, and an automatic event explorer for Web pages. Without any user intervention, SymJS can automatically discover and explore Web events, symbolically execute the associated JavaScript code, refine the execution based on dynamic feedbacks, and produce test cases with high coverage. The symbolic engine contains a symbolic virtual machine, a string-numeric solver, and a symbolic executable DOM model. SymJS's innovations include a novel symbolic virtual machine for JavaScript Web, symbolic+dynamic feedback directed event space exploration, and dynamic taint analysis for enhancing event sequence construction. We illustrate the effectiveness of SymJS on standard JavaScript benchmarks and various real-life Web applications. On average SymJS achieves over 90% line coverage for the benchmark programs, significantly outperforming existing methods.

show abstract

Section: Symbolic Execution Enginementioning

confidence: 99%

SymJS: automatic symbolic testing of JavaScript web applications

Andreasen

Ghosh

2014

Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering

Self Cite

View full text Add to dashboard Cite

show abstract

“…Recently, the technique has found renewed interest in the formal-methods community due to new algorithmic developments and progress in decision procedures. Current applications of symbolic execution are diverse and include automated test input generation [13], [29], invariant detection [19], model checking [11], and proving program correctness [28,7]. We believe there is a need for a formal and generic approach to symbolic execution, on top of which language-independent program analysis tools can be developed.…”

Section: Introductionmentioning

confidence: 99%

A Generic Framework for Symbolic Execution

Arusoaie

Lucanu

Rusu

2013

Software Language Engineering

View full text Add to dashboard Cite

Abstract:We propose a language-independent symbolic execution framework for languages endowed with a formal operational semantics based on term rewriting. Starting from a given definition of a language, a new language definition is automatically generated, which has the same syntax as the original one but whose semantics extends data domains with symbolic values and adapts semantical rules to deal with these values. Then, the symbolic execution of concrete programs is the execution of programs with the new symbolic semantics, on symbolic input data. We prove that the symbolic execution thus defined has the properties naturally expected from it. A prototype implementation of our approach was developed in the K Framework. We demonstrate the genericity of our tool by instantiating it on several languages, and show how it can be used for the symbolic execution and model checking of several programs.Key-words: Symbolic Execution, Term Rewriting, K framework. * University of Iasi, Romania † University of Iasi, Romania ‡ Inria Lille Nord Europe Un cadre général pour l'exécution symbolique Résumé : Nous proposons un cadre général pour l'exécution symbolique de programmes écrits dans des langages munis de sémantiques formelles définies par réécriture de termes. Partant de la définition d'un langage, on construit automatiquement la définition d'un nouveau langage qui a la même syntaxe que l'original, mais dont les types de données sont étendus avec des valeurs symboliques, et dont les règles sémantiques sont transformées afin de traiter les valeurs symboliques. L'exécution symbolique des programmes du langage d'origine est alors définie comme l'exécution habituelle des programmes du langage transformé. Nous démontrons que l'exécution symbolique possède les propriétés attendues par rapport à l'exécution concrète. Nous avons implémenté notre approche dans un outil prototype dans la K framework. L'aspect générique de l'outil est mis en évidence par son instanciation sur plusieurs langages. Nous montrons enfin comment l'outil permet l'exécution symbolique et le model checking de programmes.Mots-clés : Exécution symbolique, réécriture de termes, K framework. A Generic Framework for Symbolic Execution 3 IntroductionSymbolic execution is a well-known program analysis technique introduced in 1976 by James C. King [12]. Since then, it has proved its usefulness for testing, verifying, and debugging programs. Symbolic execution consists in executing programs with symbolic inputs, instead of concrete ones, and it involves the processing of expressions involving symbolic values [20]. The main advantage of symbolic execution is that it allows reasoning about multiple concrete executions of a program, and its main disadvantage is the state-space explosion determined by decision statements and loops. Recently, the technique has found renewed interest in the formal-methods community due to new algorithmic developments and progress in decision procedures. Current applications of symbolic execution are diverse and include automated test inp...

show abstract

“…There are also three more typical requirements: (1) strings are converted into numeric values for back-end computations; (2) string values are constrained through regular expressions; and (3) unsatisfiable hybrid constraints should be identified quickly. This poses unique challenges to many symbolic execution tools [5,12,13,17] which usually handle only numeric constraints well.…”

Section: Introductionmentioning

confidence: 99%

PASS: String Solving with Parameterized Array and Interval Automaton

Ghosh

2013

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. The problem of solving string constraints together with numeric constraints has received increasing interest recently. Existing methods use either bit-vectors or automata (or their combination) to model strings, and reduce string constraints to bit-vector constraints or automaton operations, which are then solved in the respective domain. Unfortunately, they often fail to achieve a good balance between efficiency, accuracy, and comprehensiveness. In this paper we illustrate a new technique that uses parameterized arrays as the main data structure to model strings, and converts string constraints into quantified expressions that are solved through quantifier elimination. We present an efficient and sound quantifier elimination algorithm. In addition, we use an automaton model to handle regular expressions and reason about string values faster. Our method does not need to enumerate string lengths (as bit-vector based methods do), or concrete string values (as automaton based methods do). Hence, it can achieve much better accuracy and efficiency. In particular, it can identify unsatisfiable cases quickly. Our solver (named PASS) supports most of the popular string operations, including string comparisons, string-numeric conversions, and regular expressions. Experimental results demonstrate the advantages of our method.

show abstract

KLOVER: A Symbolic Execution and Automatic Test Generation Tool for C++ Programs

Cited by 66 publications

References 5 publications

SymJS: automatic symbolic testing of JavaScript web applications

SymJS: automatic symbolic testing of JavaScript web applications

A Generic Framework for Symbolic Execution

PASS: String Solving with Parameterized Array and Interval Automaton

Contact Info

Product

Resources

About