Dynamic Symbolic Execution for Testing Distributed Objects
This paper extends dynamic symbolic execution to distributed and concurrent systems. Dynamic symbolic execution can be used in software testing to systematically identify equivalence classes of input values and has been shown to scale well to large systems. Although mainly applied to sequential programs, this scalability makes it interesting to consider the technique in the distributed and concurrent setting as well. In order to extend the technique to concurrent systems, it is necessary to obtain sufficient control over the scheduling of concurrent activities to avoid race conditions. Creol, a modeling language for distributed concurrent objects, solves this problem by abstracting from a particular scheduling policy but explicitly defining scheduling points. This provides sufficient control to apply the technique of dynamic symbolic execution for model based testing of interleaved processes. The technique has been formalized in rewriting logic, executes in Maude, and applied to non-trivial examples, including an industrial case study.
Unable to display preview. Download preview PDF.
- 1.Aichernig, B., Griesmayer, A., Schlatte, R., Stam, A.: Modeling and testing multi-threaded asynchronous systems with Creol. In: Proceedings of the 2nd International Workshop on Harnessing Theories for Tool Support in Software (TTSS 2008). ENTCS. Elsevier, Amsterdam (to appear, 2009)Google Scholar
- 3.Chen, F., Hills, M., Roşu, G.: A Rewrite Logic Approach to Semantic Definition, Design and Analysis of Object-Oriented Languages. Technical Report UIUCDCS-R-2006-2702, Department of Computer Science, University of Illinois at Urbana-Champaign (2006)Google Scholar
- 13.Kirner, R.: Towards preserving model coverage and structural code coverage. EURASIP Journal on Embedded Systems (2009)Google Scholar
- 14.Long, B., Hoffman, D., Strooper, P.A.: Tool Support for Testing Concurrent Java Components. IEEE Trans. on Software Engineering, 555–566 (2003)Google Scholar
- 16.Musuvathi, M., Qadeer, S., Ball, T., Basler, G.: Finding and reproducing heisenbugs in concurrent programs. In: Proceedings of the 8th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2008 (2008)Google Scholar
- 17.Pretschner, A., Prenninger, W., Wagner, S., Kühnel, C., Baumgartner, M., Sostawa, B., Zölch, R., Stauner, T.: One evaluation of model-based testing and its automation. In: ICSE 2005: Proceedings of the 27th international conference on Software engineering, pp. 392–401. ACM, New York (2005)Google Scholar
- 20.Tretmans, J., Brinksma, H.: Torx: Automated model based testing. In: Proceedings of the 1st European Conference on Model-Driven Engineering (2003)Google Scholar
- 21.Visser, W., Havelund, K., Brat, G., Park, S.: Java PathFinder - second generation of a Java model checker. In: Proc. of Post-CAV Workshop on Advances in Verification, Chicago (July 2000)Google Scholar
- 22.Visser, W., Pasareanu, C., Khurshid, S.: Test input generation with Java PathFinder. In: Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis, pp. 97–107. ACM, New York (2004)Google Scholar
- 24.Xie, Y., Chou, A., Engler, D.: Archer: using symbolic, path-sensitive analysis to detect memory access errors. In: ESEC/FSE-11: Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering, pp. 327–336. ACM, New York (2003)CrossRefGoogle Scholar