The optimization of a symbolic execution engine for detecting runtime errors

Kádár István: The optimization of a symbolic execution engine for detecting runtime errors. In: Acta cybernetica, (23) 2. pp. 573-597. (2017)

[thumbnail of actacyb_23_2_2017_9.pdf]
Előnézet
Cikk, tanulmány, mű
actacyb_23_2_2017_9.pdf

Letöltés (921kB) | Előnézet

Absztrakt (kivonat)

In a software system, most of the runtime failures may come to light only during test execution, and this may have a very high cost. To help address this problem, a symbolic execution engine called RTEHunter, which has been developed at the Department of Software Engineering at the University of Szeged, is able to detect runtime errors (such as null pointer dereference, bad array indexing, division by zero) in Java programs without actually running the program in a real-life environment. Applying the theory of symbolic execution, RTEHunter builds a tree, called a symbolic execution tree, composed of all the possible execution paths of the program. RTEHunter detects runtime issues by traversing the symbolic execution tree and if a certain condition is fulfilled the engine reports an issue. However, as the number of execution paths increases exponentially with the number of branching points, the exploration of the whole symbolic execution tree becomes impossible in practice. To overcome this problem, different kinds of constraints can be set up over the tree. E.g. the number of symbolic states, the depth of the execution tree, or the time consumption could be restricted. Our goal in this study is to find the optimal parametrization of RTEHunter in terms of the maximum number of states, maximum depth of the symbolic execution tree and search strategy in order to find more runtime issues in a shorter time. Results on three open-source Java systems demonstrate that more runtime issues can be detected in the 0 to 60 basic block-depth levels than in deeper ones within the same time frame. We also developed two novel search strategies for traversing the tree based on the number of null pointer references in the program and on linear regression that performs better than the default depth-first search strategy.

Mű típusa: Cikk, tanulmány, mű
Befoglaló folyóirat/kiadvány címe: Acta cybernetica
Dátum: 2017
Kötet: 23
Szám: 2
ISSN: 0324-721X
Oldalak: pp. 573-597
Nyelv: angol
Kiadás helye: Szeged
Befoglaló mű URL: http://acta.bibl.u-szeged.hu/50022/
DOI: 10.14232/actacyb.23.2.2017.9
Kulcsszavak: Informatika, Számítástechnika, Kibernetika, Programozás, Algoritmus
Megjegyzések: Bibliogr.: p. 594-597. ; ill. ; összefoglalás angol nyelven
Szakterület: 01. Természettudományok
01. Természettudományok > 01.01. Matematika
01. Természettudományok > 01.02. Számítás- és információtudomány
Feltöltés dátuma: 2018. feb. 13. 09:53
Utolsó módosítás: 2022. jún. 20. 15:23
URI: http://acta.bibl.u-szeged.hu/id/eprint/50089
Bővebben:
Tétel nézet Tétel nézet