Abstract
Automatic symbolic techniques to generate test inputs, for example, through concolic execution, suffer from path explosion: the number of paths to be symbolically solved for grows exponentially with the number of inputs. In many applications though, the inputs can be partitioned into “non-interfering” blocks such that symbolically solving for each input block while keeping all other blocks fixed to concrete values can find the same set of assertion violations as symbolically solving for the entire input. This can greatly reduce the number of paths to be solved (in the best case, from exponentially many to linearly many in the number of inputs). We present an algorithm that combines test input generation by concolic execution with dynamic computation and maintenance of information flow between inputs. Our algorithm iteratively constructs a partition of the inputs, starting with the finest (all inputs separate) and merging blocks if a dependency is detected between variables in distinct input blocks during test generation. Instead of exploring all paths of the program, our algorithm separately explores paths for each block (while fixing variables in other blocks to random values). In the end, the algorithm outputs an input partition and a set of test inputs such that (a) inputs in different blocks do not have any dependencies between them, and (b) the set of tests provides equivalent coverage with respect to finding assertion violations as full concolic execution. We have implemented our algorithm in the Splat test generation tool. We demonstrate that our reduction is effective by generating tests for four examples in packet processing and operating system code.
This research was sponsored in part by the NSF grants CCF-0546170, CCF-0702743, and CNS-0720881, and a gift from Intel.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Anand, S., Godefroid, P., Tillmann, N.: Demand-driven compositional symbolic execution. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 367–381. Springer, Heidelberg (2008)
Boonstoppel, P., Cadar, C., Engler, D.: RWset: Attacking path explosion in constraint-based test generation. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 351–366. Springer, Heidelberg (2008)
Cadar, C., Dunbar, D., Engler, D.R.: KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs. In: OSDI (2008)
Cadar, C., Ganesh, V., Pawlowski, P., Dill, D., Engler, D.: Exe: automatically generating inputs of death. In: CCS (2006)
Clause, J., Li, W., Orso, A.: Dytan: A generic dynamic taint analysis framework. In: ISSTA (2007)
Denning, D.E.: A lattice model of secure information flow. Commun. ACM 19(5), 236–243 (1976)
Godefroid, P.: Compositional dynamic test generation. In: POPL. ACM, New York (2007)
Godefroid, P., Klarlund, N., Sen, K.: Dart: directed automated random testing. In: PLDI (2005)
Jhala, R., Majumdar, R.: Path slicing. In: PLDI 2005, ACM, New York (2005)
Korel, B., Laski, J.: Dynamic program slicing. Information Processing Letters 29, 155–163 (1988)
Korel, B., Yalamanchili, S.: Forward computation of dynamic program slices. In: ISSTA (1994)
Masri, W., Podgurski, A., Leon, D.: Detecting and debugging insecure information flows. In: ISSRE (2004)
Muchnick, S.: Advanced Compiler Design and Implementation. Morgan Kaufmann, San Francisco (1997)
Necula, G.C., McPeak, S., Rahul, S.P., Weimer, W.: CIL: Intermediate language and tools for analysis and transformation of C programs. In: Horspool, R.N. (ed.) CC 2002. LNCS, vol. 2304, p. 213. Springer, Heidelberg (2002)
Sen, K., Marinov, D., Agha, G.: Cute: a concolic unit testing engine for c. In: FSE (2005)
Tip, F.: A survey of program slicing techniques. Journel of Programming Languages 3, 121–189 (1995)
Weiser, M.: Program slices: Formal, psychological, and practical investigations of an automatic program abstraction method. Ph.D Thesis (1979)
Xu, R., Godefroid, P., Majumdar, R.: Testing for buffer overflows with length abstraction. In: ISSTA (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Majumdar, R., Xu, RG. (2009). Reducing Test Inputs Using Information Partitions. In: Bouajjani, A., Maler, O. (eds) Computer Aided Verification. CAV 2009. Lecture Notes in Computer Science, vol 5643. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-02658-4_41
Download citation
DOI: https://doi.org/10.1007/978-3-642-02658-4_41
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-02657-7
Online ISBN: 978-3-642-02658-4
eBook Packages: Computer ScienceComputer Science (R0)