Reducing Test Inputs Using Information Partitions

  • Rupak Majumdar
  • Ru-Gang Xu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5643)


Automatic symbolic techniques to generate test inputs, for example, through concolic execution, suffer from path explosion: the number of paths to be symbolically solved for grows exponentially with the number of inputs. In many applications though, the inputs can be partitioned into “non-interfering” blocks such that symbolically solving for each input block while keeping all other blocks fixed to concrete values can find the same set of assertion violations as symbolically solving for the entire input. This can greatly reduce the number of paths to be solved (in the best case, from exponentially many to linearly many in the number of inputs). We present an algorithm that combines test input generation by concolic execution with dynamic computation and maintenance of information flow between inputs. Our algorithm iteratively constructs a partition of the inputs, starting with the finest (all inputs separate) and merging blocks if a dependency is detected between variables in distinct input blocks during test generation. Instead of exploring all paths of the program, our algorithm separately explores paths for each block (while fixing variables in other blocks to random values). In the end, the algorithm outputs an input partition and a set of test inputs such that (a) inputs in different blocks do not have any dependencies between them, and (b) the set of tests provides equivalent coverage with respect to finding assertion violations as full concolic execution. We have implemented our algorithm in the Splat test generation tool. We demonstrate that our reduction is effective by generating tests for four examples in packet processing and operating system code.


Test Generation Test Input Symbolic Execution Test Case Generation Path Constraint 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Anand, S., Godefroid, P., Tillmann, N.: Demand-driven compositional symbolic execution. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 367–381. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  2. 2.
    Boonstoppel, P., Cadar, C., Engler, D.: RWset: Attacking path explosion in constraint-based test generation. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 351–366. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  3. 3.
    Cadar, C., Dunbar, D., Engler, D.R.: KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs. In: OSDI (2008)Google Scholar
  4. 4.
    Cadar, C., Ganesh, V., Pawlowski, P., Dill, D., Engler, D.: Exe: automatically generating inputs of death. In: CCS (2006)Google Scholar
  5. 5.
    Clause, J., Li, W., Orso, A.: Dytan: A generic dynamic taint analysis framework. In: ISSTA (2007)Google Scholar
  6. 6.
    Denning, D.E.: A lattice model of secure information flow. Commun. ACM 19(5), 236–243 (1976)MathSciNetCrossRefzbMATHGoogle Scholar
  7. 7.
    Godefroid, P.: Compositional dynamic test generation. In: POPL. ACM, New York (2007)Google Scholar
  8. 8.
    Godefroid, P., Klarlund, N., Sen, K.: Dart: directed automated random testing. In: PLDI (2005)Google Scholar
  9. 9.
    Jhala, R., Majumdar, R.: Path slicing. In: PLDI 2005, ACM, New York (2005)Google Scholar
  10. 10.
    Korel, B., Laski, J.: Dynamic program slicing. Information Processing Letters 29, 155–163 (1988)CrossRefzbMATHGoogle Scholar
  11. 11.
    Korel, B., Yalamanchili, S.: Forward computation of dynamic program slices. In: ISSTA (1994)Google Scholar
  12. 12.
    Masri, W., Podgurski, A., Leon, D.: Detecting and debugging insecure information flows. In: ISSRE (2004)Google Scholar
  13. 13.
    Muchnick, S.: Advanced Compiler Design and Implementation. Morgan Kaufmann, San Francisco (1997)Google Scholar
  14. 14.
    Necula, G.C., McPeak, S., Rahul, S.P., Weimer, W.: CIL: Intermediate language and tools for analysis and transformation of C programs. In: Horspool, R.N. (ed.) CC 2002. LNCS, vol. 2304, p. 213. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  15. 15.
    Sen, K., Marinov, D., Agha, G.: Cute: a concolic unit testing engine for c. In: FSE (2005)Google Scholar
  16. 16.
    Tip, F.: A survey of program slicing techniques. Journel of Programming Languages 3, 121–189 (1995)Google Scholar
  17. 17.
    Weiser, M.: Program slices: Formal, psychological, and practical investigations of an automatic program abstraction method. Ph.D Thesis (1979)Google Scholar
  18. 18.
    Xu, R., Godefroid, P., Majumdar, R.: Testing for buffer overflows with length abstraction. In: ISSTA (2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Rupak Majumdar
    • 1
  • Ru-Gang Xu
    • 1
  1. 1.Department of Computer ScienceUniversity of CaliforniaLos Angeles

Personalised recommendations