TY - GEN
T1 - Solving complex path conditions through heuristic search on induced polytopes
AU - Dinges, Peter
AU - Agha, Gul
N1 - Funding Information:
The authors would like to thank Mohsen Vakilian and Tao Xie for insightful comments on early drafts of this paper. This publication was made possible in part by sponsorship from the Army Research Office under award W911NF-09-1-0273, and from the Air Force Research Laboratory and the Air Force Office of Scientific Research under agreement FA8750-11-2-0084. The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright notation thereon. The first author was also supported by a fellowship from the Graduate College at the University of Illinois at Urbana-Champaign.
PY - 2014/11/16
Y1 - 2014/11/16
N2 - Test input generators using symbolic and concolic execution must solve path conditions to systematically explore a program and generate high coverage tests. However, path conditions may contain complicated arithmetic constraints that are infeasible to solve: a solver may be unavailable, solving may be computationally intractable, or the constraints may be undecidable. Existing test generators either simplify such constraints with concrete values to make them decidable, or rely on strong but incomplete constraint solvers. Unfortunately, simplification yields coarse approximations whose solutions rarely satisfy the original constraint. Moreover, constraint solvers cannot handle calls to native library methods. We show how a simple combination of linear constraint solving and heuristic search can overcome these limitations. We call this technique Concolic Walk. On a corpus of 11 programs, an instance of our Concolic Walk algorithm using tabu search generates tests with two- to three-times higher coverage than simplification-based tools while being up to five-times as efficient. Furthermore, our algorithm improves the coverage of two state-of-the-art test generators by 21% and 32%. Other concolic and symbolic testing tools could integrate our algorithm to solve complex path conditions without having to sacrifice any of their own capabilities, leading to higher overall coverage.
AB - Test input generators using symbolic and concolic execution must solve path conditions to systematically explore a program and generate high coverage tests. However, path conditions may contain complicated arithmetic constraints that are infeasible to solve: a solver may be unavailable, solving may be computationally intractable, or the constraints may be undecidable. Existing test generators either simplify such constraints with concrete values to make them decidable, or rely on strong but incomplete constraint solvers. Unfortunately, simplification yields coarse approximations whose solutions rarely satisfy the original constraint. Moreover, constraint solvers cannot handle calls to native library methods. We show how a simple combination of linear constraint solving and heuristic search can overcome these limitations. We call this technique Concolic Walk. On a corpus of 11 programs, an instance of our Concolic Walk algorithm using tabu search generates tests with two- to three-times higher coverage than simplification-based tools while being up to five-times as efficient. Furthermore, our algorithm improves the coverage of two state-of-the-art test generators by 21% and 32%. Other concolic and symbolic testing tools could integrate our algorithm to solve complex path conditions without having to sacrifice any of their own capabilities, leading to higher overall coverage.
KW - Concolic testing
KW - Local search
KW - Non-linear constraints
UR - http://www.scopus.com/inward/record.url?scp=84986879655&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84986879655&partnerID=8YFLogxK
U2 - 10.1145/2635868.2635889
DO - 10.1145/2635868.2635889
M3 - Conference contribution
AN - SCOPUS:84986879655
T3 - Proceedings of the ACM SIGSOFT Symposium on the Foundations of Software Engineering
SP - 425
EP - 436
BT - 22nd ACM SIGSOFT International Symposium on the Foundations of Software Engineering, FSE 2014 - Proceedings
PB - Association for Computing Machinery
T2 - 22nd ACM SIGSOFT International Symposium on the Foundations of Software Engineering, FSE 2014
Y2 - 16 November 2014 through 21 November 2014
ER -