The optimization of a symbolic execution engine for detecting runtime errors

Kádár István: The optimization of a symbolic execution engine for detecting runtime errors. In: Acta cybernetica, (23) 2. pp. 573-597. (2017)

[thumbnail of actacyb_23_2_2017_9.pdf]
Cikk, tanulmány, mű

Download (921kB) | Preview


In a software system, most of the runtime failures may come to light only during test execution, and this may have a very high cost. To help address this problem, a symbolic execution engine called RTEHunter, which has been developed at the Department of Software Engineering at the University of Szeged, is able to detect runtime errors (such as null pointer dereference, bad array indexing, division by zero) in Java programs without actually running the program in a real-life environment. Applying the theory of symbolic execution, RTEHunter builds a tree, called a symbolic execution tree, composed of all the possible execution paths of the program. RTEHunter detects runtime issues by traversing the symbolic execution tree and if a certain condition is fulfilled the engine reports an issue. However, as the number of execution paths increases exponentially with the number of branching points, the exploration of the whole symbolic execution tree becomes impossible in practice. To overcome this problem, different kinds of constraints can be set up over the tree. E.g. the number of symbolic states, the depth of the execution tree, or the time consumption could be restricted. Our goal in this study is to find the optimal parametrization of RTEHunter in terms of the maximum number of states, maximum depth of the symbolic execution tree and search strategy in order to find more runtime issues in a shorter time. Results on three open-source Java systems demonstrate that more runtime issues can be detected in the 0 to 60 basic block-depth levels than in deeper ones within the same time frame. We also developed two novel search strategies for traversing the tree based on the number of null pointer references in the program and on linear regression that performs better than the default depth-first search strategy.

Item Type: Article
Journal or Publication Title: Acta cybernetica
Date: 2017
Volume: 23
Number: 2
ISSN: 0324-721X
Page Range: pp. 573-597
Language: English
Place of Publication: Szeged
Related URLs:
DOI: 10.14232/actacyb.23.2.2017.9
Uncontrolled Keywords: Informatika, Számítástechnika, Kibernetika, Programozás, Algoritmus
Additional Information: Bibliogr.: p. 594-597. ; ill. ; összefoglalás angol nyelven
Subjects: 01. Natural sciences
01. Natural sciences > 01.01. Mathematics
01. Natural sciences > 01.02. Computer and information sciences
Date Deposited: 2018. Feb. 13. 09:53
Last Modified: 2022. Jun. 20. 15:23

Actions (login required)

View Item View Item