|
 ABSTRACT
Dynamically discovering likely program invariants from concrete test executions has emerged as a highly promising software engineering technique. Dynamic invariant inference has the advantage of succinctly summarizing both "expected" program inputs and the subset of program behaviors that is normal under those inputs. In this paper, we introduce a technique that can drastically increase the relevance of inferred invariants, or reduce the size of the test suite required to obtain good invariants. Instead of falsifying invariants produced by pre-set patterns, we determine likely program invariants by combining the concrete execution of actual test cases with a simultaneous symbolic execution of the same tests. The symbolic execution produces abstract conditions over program variables that the concrete tests satisfy during their execution. In this way, we obtain the benefits of dynamic inference tools like Daikon: the inferred invariants correspond to the observed program behaviors. At the same time, however, our inferred invariants are much more suited to the program at hand than Daikon's hard-coded invariant patterns. The symbolic invariants are literally derived from the program text itself, with appropriate value substitutions as dictated by symbolic execution. We implemented our technique in the DySy tool, which utilizes a powerful symbolic execution and simplification engine. The results confirm the benefits of our approach. In Daikon's prime example benchmark, we infer the majority of the interesting Daikon invariants, while eliminating invariants that a human user is likely to consider irrelevant.
REFERENCES
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.
 |
1
|
|
| |
2
|
|
| |
3
|
Karl S. Brace , Richard L. Rudell , Randal E. Bryant, Efficient implementation of a BDD package, Proceedings of the 27th ACM/IEEE conference on Design automation, p.40-45, June 24-27, 1990, Orlando, Florida, United States
[doi> 10.1145/123186.123222]
|
| |
4
|
M. Colón, S. Sankaranarayanan, and H. Sipma. Linear invariant generation using non-linear constraint solving. In Proc. 15th International Conference on Computer-Aided Verification (CAV), pages 420--432. Springer, July 2003.
|
| |
5
|
|
| |
6
|
|
| |
7
|
|
| |
8
|
Michael D. Ernst , Jake Cockrell , William G. Griswold , David Notkin, Dynamically discovering likely program invariants to support program evolution, Proceedings of the 21st international conference on Software engineering, p.213-224, May 16-22, 1999, Los Angeles, California, United States
[doi> 10.1145/302405.302467]
|
| |
9
|
|
| |
10
|
Michael D. Ernst , Jeff H. Perkins , Philip J. Guo , Stephen McCamant , Carlos Pacheco , Matthew S. Tschantz , Chen Xiao, The Daikon system for dynamic detection of likely invariants, Science of Computer Programming, v.69 n.1-3, p.35-45, December, 2007
[doi> 10.1016/j.scico.2007.01.015]
|
| |
11
|
|
| |
12
|
|
| |
13
|
Cormac Flanagan , K. Rustan M. Leino , Mark Lillibridge , Greg Nelson , James B. Saxe , Raymie Stata, Extended static checking for Java, Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation, June 17-19, 2002, Berlin, Germany
|
| |
14
|
|
| |
15
|
|
| |
16
|
|
| |
17
|
|
| |
18
|
|
| |
19
|
J. Henkel and A. Diwan. Discovering algebraic specifications from Java classes. In Proc. 17th European Conference on Object-Oriented Programming (ECOOP), pages 431--456. Springer, July 2003.
|
| |
20
|
|
| |
21
|
A. K. Kolawa. Method and system for generating a computer program test suite using dynamic symbolic execution of Java programs. United States Patent 5784553, July 1998.
|
| |
22
|
|
| |
23
|
G. T. Leavens, A. L. Baker, and C. Ruby. Preliminary design of JML: A behavioral interface specification language for Java. Technical Report TR98-06y, Department of Computer Science, Iowa State University, June 1998.
|
| |
24
|
|
| |
25
|
Ben Liblit , Mayur Naik , Alice X. Zheng , Alex Aiken , Michael I. Jordan, Scalable statistical bug isolation, Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation, June 12-15, 2005, Chicago, IL, USA
|
| |
26
|
F. Logozzo. Modular Static Analysis of Object-Oriented Languages. PhD thesis, Ecole Polytechnique, June 2004.
|
| |
27
|
|
| |
28
|
C. S. Pasareanu and W. Visser. Verification of Java programs using symbolic execution and invariant generation. In Proc. 11th International SPIN Workshop, pages 164--181. Springer, Apr. 2004.
|
| |
29
|
|
| |
30
|
|
| |
31
|
|
| |
32
|
N. Tillmann, F. Chen, and W. Schulte. Discovering likely method specifications. In Proc. 8th International Conference on Formal Engineering Methods (ICFEM'06), LNCS. Springer-Verlag, 2006.
|
| |
33
|
N. Tillmann and J. de Halleux. Pex - white box test generation for .NET. In Proc. Second International Conference on Tests and Proofs (TAP). Springer, Apr. 2008. To appear.
|
| |
34
|
|
| |
35
|
|
| |
36
|
|
| |
37
|
|
CITED BY 5
|
|
Sriram Sankaranarayanan , Swarat Chaudhuri , Franjo Ivančić , Aarti Gupta, Dynamic inference of likely data preconditions over predicates by tree learning, Proceedings of the 2008 international symposium on Software testing and analysis, July 20-24, 2008, Seattle, WA, USA
|
|
|
|
|
|
Shay Artzi , Adam Kiezun , Julian Dolby , Frank Tip , Danny Dig , Amit Paradkar , Michael D. Ernst, Finding bugs in dynamic web applications, Proceedings of the 2008 international symposium on Software testing and analysis, July 20-24, 2008, Seattle, WA, USA
|
|
|
|
|
|
|
|
Adobe Acrobat
QuickTime
Windows Media Player
Real Player
Pdf
D.2