Dynamic Symbolic Execution for Testing Distributed Objects

  • Andreas Griesmayer
  • Bernhard Aichernig
  • Einar Broch Johnsen
  • Rudolf Schlatte
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5668)


This paper extends dynamic symbolic execution to distributed and concurrent systems. Dynamic symbolic execution can be used in software testing to systematically identify equivalence classes of input values and has been shown to scale well to large systems. Although mainly applied to sequential programs, this scalability makes it interesting to consider the technique in the distributed and concurrent setting as well. In order to extend the technique to concurrent systems, it is necessary to obtain sufficient control over the scheduling of concurrent activities to avoid race conditions. Creol, a modeling language for distributed concurrent objects, solves this problem by abstracting from a particular scheduling policy but explicitly defining scheduling points. This provides sufficient control to apply the technique of dynamic symbolic execution for model based testing of interleaved processes. The technique has been formalized in rewriting logic, executes in Maude, and applied to non-trivial examples, including an industrial case study.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aichernig, B., Griesmayer, A., Schlatte, R., Stam, A.: Modeling and testing multi-threaded asynchronous systems with Creol. In: Proceedings of the 2nd International Workshop on Harnessing Theories for Tool Support in Software (TTSS 2008). ENTCS. Elsevier, Amsterdam (to appear, 2009)Google Scholar
  2. 2.
    Boyer, R.S., Elspas, B., Levitt, K.N.: Select-A formal system for testing and debugging programs by symbolic execution. SIGPLAN Not. 10(6), 234–245 (1975)CrossRefGoogle Scholar
  3. 3.
    Chen, F., Hills, M., Roşu, G.: A Rewrite Logic Approach to Semantic Definition, Design and Analysis of Object-Oriented Languages. Technical Report UIUCDCS-R-2006-2702, Department of Computer Science, University of Illinois at Urbana-Champaign (2006)Google Scholar
  4. 4.
    Clavel, M., Durán, F., Eker, S., Lincoln, P., Martí-Oliet, N., Meseguer, J., Quesada, J.F.: Maude: Specification and programming in rewriting logic. Theoretical Computer Science 285, 187–243 (2002)MathSciNetCrossRefMATHGoogle Scholar
  5. 5.
    de Boer, F.S., Clarke, D., Johnsen, E.B.: A complete guide to the future. In: De Nicola, R. (ed.) ESOP 2007. LNCS, vol. 4421, pp. 316–330. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  6. 6.
    Edelstein, O., Farchi, E., Goldin, E., Nir, Y., Ratsaby, G., Ur, S.: Framework for testing multi-threaded Java programs. Concurrency and Computation: Practice & Experience 15(3), 485–499 (2003)CrossRefMATHGoogle Scholar
  7. 7.
    Gargantini, A., Heitmeyer, C.: Using model checking to generate tests from requirements specifications. In: Nierstrasz, O., Lemoine, M. (eds.) ESEC 1999 and ESEC-FSE 1999. LNCS, vol. 1687, pp. 146–162. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  8. 8.
    Godefroid, P., Klarlund, N., Sen, K.: DART: directed automated random testing. In: PLDI 2005: Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation, pp. 213–223. ACM, New York (2005)CrossRefGoogle Scholar
  9. 9.
    Hong, H., Lee, I., Sokolsky, O., Ural, H.: A temporal logic based theory of test coverage and generation. In: Katoen, J.-P., Stevens, P. (eds.) TACAS 2002. LNCS, vol. 2280, pp. 327–341. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  10. 10.
    Johnsen, E.B., Owe, O.: An asynchronous communication model for distributed concurrent objects. Software and Systems Modeling 6(1), 35–58 (2007)CrossRefGoogle Scholar
  11. 11.
    Khurshid, S., Pasareanu, C., Visser, W.: Generalized Symbolic Execution for Model Checking and Testing. In: Garavel, H., Hatcliff, J. (eds.) TACAS 2003. LNCS, vol. 2619, pp. 553–568. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  12. 12.
    King, J.: Symbolic execution and program testing. Communications of the ACM 19(7), 385–394 (1976)MathSciNetCrossRefMATHGoogle Scholar
  13. 13.
    Kirner, R.: Towards preserving model coverage and structural code coverage. EURASIP Journal on Embedded Systems (2009)Google Scholar
  14. 14.
    Long, B., Hoffman, D., Strooper, P.A.: Tool Support for Testing Concurrent Java Components. IEEE Trans. on Software Engineering, 555–566 (2003)Google Scholar
  15. 15.
    Meseguer, J.: Conditional rewriting logic as a unified model of concurrency. Theoretical Computer Science 96, 73–155 (1992)MathSciNetCrossRefMATHGoogle Scholar
  16. 16.
    Musuvathi, M., Qadeer, S., Ball, T., Basler, G.: Finding and reproducing heisenbugs in concurrent programs. In: Proceedings of the 8th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2008 (2008)Google Scholar
  17. 17.
    Pretschner, A., Prenninger, W., Wagner, S., Kühnel, C., Baumgartner, M., Sostawa, B., Zölch, R., Stauner, T.: One evaluation of model-based testing and its automation. In: ICSE 2005: Proceedings of the 27th international conference on Software engineering, pp. 392–401. ACM, New York (2005)Google Scholar
  18. 18.
    Sen, K., Agha, G.: CUTE and jCUTE: Concolic unit testing and explicit path model-checking tools. In: Ball, T., Jones, R.B. (eds.) CAV 2006. LNCS, vol. 4144, pp. 419–423. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  19. 19.
    Tillmann, N., de Halleux, J.: Pex - white box test generation for .NET. In: Beckert, B., Hähnle, R. (eds.) TAP 2008. LNCS, vol. 4966, pp. 134–153. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  20. 20.
    Tretmans, J., Brinksma, H.: Torx: Automated model based testing. In: Proceedings of the 1st European Conference on Model-Driven Engineering (2003)Google Scholar
  21. 21.
    Visser, W., Havelund, K., Brat, G., Park, S.: Java PathFinder - second generation of a Java model checker. In: Proc. of Post-CAV Workshop on Advances in Verification, Chicago (July 2000)Google Scholar
  22. 22.
    Visser, W., Pasareanu, C., Khurshid, S.: Test input generation with Java PathFinder. In: Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis, pp. 97–107. ACM, New York (2004)Google Scholar
  23. 23.
    Xie, T., Marinov, D., Schulte, W., Notkin, D.: Symstra: A framework for generating object-oriented unit tests using symbolic execution. In: Halbwachs, N., Zuck, L.D. (eds.) TACAS 2005. LNCS, vol. 3440, pp. 365–381. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  24. 24.
    Xie, Y., Chou, A., Engler, D.: Archer: using symbolic, path-sensitive analysis to detect memory access errors. In: ESEC/FSE-11: Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering, pp. 327–336. ACM, New York (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Andreas Griesmayer
    • 1
  • Bernhard Aichernig
    • 1
    • 2
  • Einar Broch Johnsen
    • 3
  • Rudolf Schlatte
    • 1
    • 2
  1. 1.International Institute for Software TechnologyUnited Nations University (UNU-IIST)Macao S.A.R.China
  2. 2.Institute for Software TechnologyGraz University of TechnologyAustria
  3. 3.Department of InformaticsUniversity of OsloNorway

Personalised recommendations