dysy-icse08 - DySy: Dynamic Symbolic Execution for...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: DySy: Dynamic Symbolic Execution for Invariant Inference Christoph Csallner College of Computing Georgia Tech Atlanta, GA 30332, USA csallner@cc.gatech.edu Nikolai Tillmann Microsoft Research One Microsoft Way Redmond, WA 98052, USA nikolait@microsoft.com Yannis Smaragdakis Computer Science Dept. University of Oregon Eugene, OR 97403, USA yannis@cs.uoregon.edu ABSTRACT Dynamically discovering likely program invariants from con- crete test executions has emerged as a highly promising software engineering technique. Dynamic invariant infer- ence has the advantage of succinctly summarizing both ex- pectedprogram inputs and the subset of program behaviors that is normal under those inputs. In this paper, we intro- duce a technique that can drastically increase the relevance of inferred invariants, or reduce the size of the test suite required to obtain good invariants. Instead of falsifying in- variants produced by pre-set patterns, we determine likely program invariants by combining the concrete execution of actual test cases with a simultaneous symbolic execution of the same tests. The symbolic execution produces abstract conditions over program variables that the concrete tests satisfy during their execution. In this way, we obtain the benefits of dynamic inference tools like Daikon: the inferred invariants correspond to the observed program behaviors. At the same time, however, our inferred invariants are much more suited to the program at hand than Daikons hard- coded invariant patterns. The symbolic invariants are liter- ally derived from the program text itself, with appropriate value substitutions as dictated by symbolic execution. We implemented our technique in the DySy tool, which utilizes a powerful symbolic execution and simplification en- gine. The results confirm the benefits of our approach. In Daikons prime example benchmark, we infer the majority of the interesting Daikon invariants, while eliminating in- variants that a human user is likely to consider irrelevant. Categories and Subject Descriptors D.2.5 [ Software Engineering ]: Testing and Debugging Symbolic execution ; D.2.4 [ Software Engineering ]: Soft- ware/Program Verification Class invariants General Terms Design,Languages Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. ICSE08, May 1018, 2008, Leipzig, Germany....
View Full Document

Page1 / 10

dysy-icse08 - DySy: Dynamic Symbolic Execution for...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online