TY - GEN
T1 - Experience report
T2 - 24th International Symposium on Software Testing and Analysis, ISSTA 2015
AU - Wang, Xiaoyin
AU - Zhang, Lingming
AU - Tanofsky, Philip
N1 - Publisher Copyright:
© 2015 ACM.
PY - 2015/7/13
Y1 - 2015/7/13
N2 - Software testing has been the major approach to software quality assurance for decades, but it typically involves intensive manual efforts. To reduce manual efforts, researchers have proposed numerous approaches to automate test-case generation, which is one of the most time-consuming tasks in software testing. One most recent achievement in the area is Dynamic Symbolic Execution (DSE), and tools based on DSE, such as KLEE, have been reported to generate test suites achieving higher code coverage than manually developed test suites. However, besides the competitive code coverage, there have been few studies to compare DSE-based test suites with manually developed test suites more thoroughly on various metrics to understand the detailed differences between the two testing methodologies. In this paper, we revisit the experimental study on the KLEE tool and GNU CoreUtils programs, and compare KLEE-based test suites with manually developed test suites on various aspects. We further carried out a qualitative study to investigates the reasons behind the differences in statistical results. The results of our studies show that while KLEE-based test suites are able to generate test cases with higher code coverage, they are relatively less effective on covering hard-to-cover code and killing mutants. Furthermore, our qualitative study reveals that KLEEbased test suites have advantages in exploring error-handling code and exhausting options, but are less effective on generating valid string inputs and exploring meaningful program behaviors.
AB - Software testing has been the major approach to software quality assurance for decades, but it typically involves intensive manual efforts. To reduce manual efforts, researchers have proposed numerous approaches to automate test-case generation, which is one of the most time-consuming tasks in software testing. One most recent achievement in the area is Dynamic Symbolic Execution (DSE), and tools based on DSE, such as KLEE, have been reported to generate test suites achieving higher code coverage than manually developed test suites. However, besides the competitive code coverage, there have been few studies to compare DSE-based test suites with manually developed test suites more thoroughly on various metrics to understand the detailed differences between the two testing methodologies. In this paper, we revisit the experimental study on the KLEE tool and GNU CoreUtils programs, and compare KLEE-based test suites with manually developed test suites on various aspects. We further carried out a qualitative study to investigates the reasons behind the differences in statistical results. The results of our studies show that while KLEE-based test suites are able to generate test cases with higher code coverage, they are relatively less effective on covering hard-to-cover code and killing mutants. Furthermore, our qualitative study reveals that KLEEbased test suites have advantages in exploring error-handling code and exhausting options, but are less effective on generating valid string inputs and exploring meaningful program behaviors.
KW - Dynamic symbolic execution
KW - Empirical study
KW - Manual testing
UR - http://www.scopus.com/inward/record.url?scp=84975770132&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84975770132&partnerID=8YFLogxK
U2 - 10.1145/2771783.2771818
DO - 10.1145/2771783.2771818
M3 - Conference contribution
AN - SCOPUS:84975770132
T3 - 2015 International Symposium on Software Testing and Analysis, ISSTA 2015 - Proceedings
SP - 199
EP - 210
BT - 2015 International Symposium on Software Testing and Analysis, ISSTA 2015 - Proceedings
PB - Association for Computing Machinery
Y2 - 13 July 2015 through 17 July 2015
ER -