This preview shows pages 1–2. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: DySy: Dynamic Symbolic Execution for Invariant Inference Christoph Csallner College of Computing Georgia Tech Atlanta, GA 30332, USA email@example.com Nikolai Tillmann Microsoft Research One Microsoft Way Redmond, WA 98052, USA firstname.lastname@example.org Yannis Smaragdakis Computer Science Dept. University of Oregon Eugene, OR 97403, USA email@example.com ABSTRACT Dynamically discovering likely program invariants from con- crete test executions has emerged as a highly promising software engineering technique. Dynamic invariant infer- ence has the advantage of succinctly summarizing both ex- pectedprogram inputs and the subset of program behaviors that is normal under those inputs. In this paper, we intro- duce a technique that can drastically increase the relevance of inferred invariants, or reduce the size of the test suite required to obtain good invariants. Instead of falsifying in- variants produced by pre-set patterns, we determine likely program invariants by combining the concrete execution of actual test cases with a simultaneous symbolic execution of the same tests. The symbolic execution produces abstract conditions over program variables that the concrete tests satisfy during their execution. In this way, we obtain the benefits of dynamic inference tools like Daikon: the inferred invariants correspond to the observed program behaviors. At the same time, however, our inferred invariants are much more suited to the program at hand than Daikons hard- coded invariant patterns. The symbolic invariants are liter- ally derived from the program text itself, with appropriate value substitutions as dictated by symbolic execution. We implemented our technique in the DySy tool, which utilizes a powerful symbolic execution and simplification en- gine. The results confirm the benefits of our approach. In Daikons prime example benchmark, we infer the majority of the interesting Daikon invariants, while eliminating in- variants that a human user is likely to consider irrelevant. Categories and Subject Descriptors D.2.5 [ Software Engineering ]: Testing and Debugging Symbolic execution ; D.2.4 [ Software Engineering ]: Soft- ware/Program Verification Class invariants General Terms Design,Languages Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. ICSE08, May 1018, 2008, Leipzig, Germany....
View Full Document
- Spring '11
- Computer Science