SYMAC: Symbolic Execution Augmented with Concurrent Coverage Criteria
Authors: 
Yong Zhou, Li Zhang, Haoyu LiAuthors Info & Claims
Pages 126 - 131
Abstract
Symbolic execution [1] is an effective technique that is commonly used to analyse sequential [2, 3] and concurrent programs. However, when baseline symbolic algorithm is applied to system testing of multithreaded programs [4, 5, 6], the performance is limited by the space explosion problem [7, 8] of thread interleavings. Such a space explosion problem is raised by trying to explore all impossible interleavings that are intra-thread and inter-thread; this is due to the exponentially increment of the number of all possible thread interleavings which is influenced by the increase of the sum of threads. Many techniques have been proposed to address this problem, including the hybrid execution [9, 10, 20], the use of function summaries [11], the dependence analysis [12], partial order reduction [13, 14, 15, 21], and lazy annotation [16]. We present a framework named SYMAC that combined the symbolic algorithm with the hierarchical coverage criteria to reduce the space of thread interleavings. We give a new definition of Hierarchical Coverage Criteria based on History-aware Predecessor Set that is called HaPSet and can be generated from concurrent programs, and implemented an improved Symbolic algorithm based on the HaPSet. We combined the improved Symbolic algorithm with an assertion guided pruning framework that prunes the interleavings which is guaranteed not to raise error by summarizing the reason why previous interleaving cannot leading to an error. We also use precise slicing of concurrent programs to further mitigate the influence of state space explosion. We have implemented the newly method and conducted a series of experiments. Our experiment results show that the new method is crucial in finding satisfactory trade-offs between the cost and performance in concurrent program testing.
References
[1]
D. R. Engler, "Under-constrained symbolic execution: Correctness checking for real code," in 24th USENIX Security Symposium, USENIX Security 15, Washington, USA, 2015: 49--64.
[2]
P. A. Abdulla, K. F. Sagonas. Stateless model checking for TSO and PSO. In International Conference on Tools and Algorithms for Construction and Analysis of Systems, pages 353--367, 2015.
[3]
L. O. Andersen. Program analysis and specialization for the c programming language. Technical report, University of Copenhagen, 1994.
[4]
V. Kuznetsov, G. Candea, "S2E: a platform for in-vivo multi-path analysis of software systems," Architectural Support for Programming Languages and Operating Systems, CA, 2011: 265--278.
[5]
C. Lattner, A. Shukla, and B. Gaeke. LLVM: A low-level virtual instruction set architecture. In ACM/IEEE international symposium on Microarchitecture, San Diego, California, Dec 2003.
[6]
D. Grossman. Symbolic execution of multithreaded programs from arbitrary program contexts. In ACM SIGPLAN Conference on Object Oriented Programming, pages491--506, 2014.
[7]
T. Ball. A theory of predicate-complete test coverage and generation. Third International Symposium, Leiden, The Netherlands, pages 1--22, 2004.
[8]
P. Godefroid, "Compositional dynamic test generation," in ACM SIGACT-SIGPLAN Symposium, 2007: 47--54.
[9]
A. Holzer, H. Veith. Con2colic testing. In ACM SIGSOFT Symposium on Foundations of Software Engineering, 2013:37--47.
[10]
R. Majumdar and K. Sen, "Hybrid Concolic testing," in International Conference on Software Engineering, 2007, pp. 416--426.
[11]
P. Godefroid. Compositional dynamic test generation. Principles of Programming Languages, 2007: 47--54.
[12]
J. Ferrante, K. J. D. Warren. The program dependence graph and its use in optimization. ACM Trans. Program. Lang. Syst., 1987:319--349.
[13]
C. Flanagan and P. Godefroid. Dynamic partial-order reduction for model checking software. Principles of Programming Languages, 2005: 110--121.
[14]
C. Flanagan, P. Godefroid. Dynamic partial-order reduction for model checking software. Principles of Programming Languages, 2005: 110--121.
[15]
P. Godefroid. Partial-Order Methods for the Verification of Concurrent Systems. Springer, 1996.
[16]
K L McMillan. Lazy annotation for program testing and verification. International Conference on Computer Aided Verification, 2010:104--118.
[17]
N. Klarlund. DART: directed automated random testing. In Programming Language Design and Implementation, 2005: 213--223.
[18]
A. V. Nori, S. Tetali. Compositional may-must program analysis: unleashing the power of alternation. Principles of Programming Languages, 2010: 43--56.
[19]
W. B. Ng, A. Roychoudhury, "Hercules: Reproducing crashes in real-world application binaries," Software Engineering, ICSE 2015, Florence, Italy, 2015: 891--901.
[20]
J Jaffar, V Murali, J A Navas. Boosting concolic testing via interpolation. ACM SIGSOFT Symposium on Foundations of Software Engineering, 2013:48--58.
[21]
D Chu, J Jaffar. A framework to synergize partial order reduction with state interpolation. International Haifa Verification Conference, 2014:171--187.
Index Terms
- SYMAC: Symbolic Execution Augmented with Concurrent Coverage Criteria
Recommendations
Assertion guided symbolic execution of multithreaded programs
ESEC/FSE 2015: Proceedings of the 2015 10th Joint Meeting on Foundations of Software EngineeringSymbolic execution is a powerful technique for systematic testing of sequential and multithreaded programs. However, its application is limited by the high cost of covering all feasible intra-thread paths and inter-thread interleavings. We propose a ...
Conc-iSE: incremental symbolic execution of concurrent software
ASE '16: Proceedings of the 31st IEEE/ACM International Conference on Automated Software EngineeringSoftware updates often introduce new bugs to existing code bases. Prior regression testing tools focus mainly on test case selection and prioritization whereas symbolic execution tools only handle code changes in sequential software. In this paper, we ...
Efficient deterministic multithreading through schedule relaxation
SOSP '11: Proceedings of the Twenty-Third ACM Symposium on Operating Systems PrinciplesDeterministic multithreading (DMT) eliminates many pernicious software problems caused by nondeterminism. It works by constraining a program to repeat the same thread interleavings, or schedules, when given same input. Despite much recent research, it ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
May 2019
202 pages
ISBN:9781450371728
DOI:10.1145/3339363
Copyright © 2019 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
In-Cooperation
- Research Center for Science and Technology for Learning, National Central University, Taiwan
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 24 May 2019
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
CSSE 2019
CSSE 2019: 2019 2nd International Conference on Computer Science and Software Engineering
May 24 - 26, 2019
Xi'an, China
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 59Total Downloads
- Downloads (Last 12 months)5
- Downloads (Last 6 weeks)0
Reflects downloads up to 18 Sep 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in