Title

Using Symbolic Execution to Guide Test Generation

Document Type

Journal Article

Publisher

John Wiley & Sons, Ltd.

Faculty

Computing, Health and Science

School

Computer and Security Science

RAS ID

2648

Comments

This article was originally published as: Lee, G., Morris, J., Parker, K., Bundell, G. A., & Lam, C. P. (2005). Using symbolic execution to guide test generation. Software Testing, Verification and Reliability, 15(1), 41-61. Original article available here

Abstract

Although a number of weaknesses of symbolic execution, when used for software testing, have been highlighted in the literature, the recent resurgence of strongly-typed languages has created opportunities for re-examining symbolic execution to determine whether these shortfalls can be overcome. This paper discusses symbolic execution in general and makes two contributions: (a) overcoming one of the key problems, analysing programs with indexed arrays; and (b) describing the incorporation of a symbolic execution module for test case generation into an integrated testing tool. For methods which index arrays, a new approach determines all the possible values of each array index, allowing the generation of equivalence classes for every possible combination of array element aliases. An incremental simplification approach, which converts path expressions to canonical forms in order to identify infeasible paths at the earliest opportunity and thus reduce the analysis time, is also described. Symbolic execution is most effective when included in an integrated test and analysis environment: a component test bench was built with a symbolic execution module integrated into it, providing a toolbox of software component test and code analysis methods aimed at programmers at all levels.

DOI

10.1002/stvr.309

 

Link to publisher version (DOI)

10.1002/stvr.309