Skip to main content
SpringerLink
Log in

Generating Test Suites with Augmented Dynamic Symbolic Execution

  • Conference paper
Book cover Tests and Proofs (TAP 2013)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 7942))

Included in the following conference series:

Abstract

Unit test generation tools typically aim at one of two objectives: to explore the program behavior in order to exercise automated oracles, or to produce a representative test set that can be used to manually add oracles or to use as a regression test set. Dynamic symbolic execution (DSE) can efficiently explore all simple paths through a program, exercising automated oracles such as assertions or code contracts. However, its original intention was not to produce representative test sets. Although DSE tools like Pex can retain subsets of the tests seen during the exploration, customer feedback revealed that users expect different values than those produced by Pex, and sometimes also more than one value for a given condition or program path. This threatens the applicability of DSE in a scenario without automated oracles. Indeed, even though all paths might be covered by DSE, the resulting tests are usually not sensitive enough to make a good regression test suite. In this paper, we present augmented dynamic symbolic execution, which aims to produce representative test sets with DSE by augmenting path conditions with additional conditions that enforce target criteria such as boundary or mutation adequacy, or logical coverage criteria. Experiments with our Apex prototype demonstrate that the resulting test cases can detect up to 30% more seeded defects than those produced with Pex.

A preliminary version of this paper was published as a short paper discussing the idea for mutation and boundary analysis without evaluation in [15].

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 72.00
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ammann, P., Offutt, J.: Introduction to Software Testing, 1st edn. Cambridge University Press (2008)

    Google Scholar 

  2. Anand, S., Păsăreanu, C.S., Visser, W.: JPF-SE: a symbolic execution extension to Java PathFinder. In: Grumberg, O., Huth, M. (eds.) TACAS 2007. LNCS, vol. 4424, pp. 134–138. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  3. Andrews, J.H., Briand, L.C., Labiche, Y.: Is mutation an appropriate tool for testing experiments? In: Proc. ICSE 2005, pp. 402–411. ACM (2005)

    Google Scholar 

  4. Bhattacharya, N., Sakti, A., Antoniol, G., Guéhéneuc, Y.-G., Pesant, G.: Divide-by-zero exception raising via branch coverage. In: Cohen, M.B., Ó Cinnéide, M. (eds.) SSBSE 2011. LNCS, vol. 6956, pp. 204–218. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  5. Cadar, C., Sen, K.: Symbolic execution for software testing: three decades later. Commun. ACM 56(2), 82–90 (2013)

    Article  Google Scholar 

  6. Chilenski, J.J., Miller, S.P.: Applicability of modified condition/decision coverage to software testing. Software Engineering Journal, 193–200 (1994)

    Google Scholar 

  7. DeMillo, R.A., Lipton, R.J., Sayward, F.: Hints on test data selection: Help for the practicing programmer. Computer 11(4), 34–41 (1978)

    Article  Google Scholar 

  8. Fraser, G., Wotawa, F., Ammann, P.E.: Testing with model checkers: a survey. Softw. Test. Verif. Reliab. 19, 215–261 (2009)

    Article  Google Scholar 

  9. Ghani, K., Clark, J.A.: Strengthening inferred specifications using search based testing. In: Proc. SBST, pp. 187–194. IEEE Computer Society Press (2008)

    Google Scholar 

  10. Godefroid, P., Klarlund, N., Sen, K.: Dart: directed automated random testing. In: Proc. PLDI, pp. 213–223 (2005)

    Google Scholar 

  11. Godefroid, P., Levin, M.Y., Molnar, D.A.: Active property checking. In: Proc. EMSOFT 2008, pp. 207–216. ACM (2008)

    Google Scholar 

  12. Godefroid, P., Levin, M.Y., Molnar, D.A.: Sage: Whitebox fuzzing for security testing. ACM Queue 10(1), 20 (2012)

    Article  Google Scholar 

  13. Godefroid, P., Luchaup, D.: Automatic partial loop summarization in dynamic test generation. In: Proc. ISSTA 2011, pp. 23–33. ACM (2011)

    Google Scholar 

  14. Howden, W.E.: Weak mutation testing and completeness of test sets. IEEE TSE 8(4), 371–379 (1982)

    Google Scholar 

  15. Jamrozik, K., Fraser, G., Tillmann, N., De Halleux, J.: Augmented dynamic symbolic execution. In: Proc. ASE 2012, pp. 254–257. ACM (2012)

    Google Scholar 

  16. Joebstl, E., Weiglhofer, M., Aichernig, B.K., Wotawa, F.: When bdds fail: Conformance testing with symbolic execution and smt solving. In: Proc. ICST 2010, pp. 479–488. IEEE Computer Society (2010)

    Google Scholar 

  17. Kosmatov, N., Legeard, B., Peureux, F., Utting, M.: Boundary coverage criteria for test generation from formal models. In: Proc. ISSRE, pp. 139–150. IEEE Computer Society (2004)

    Google Scholar 

  18. Pandita, R., Xie, T., Tillmann, N., de Halleux, J.: Guided test generation for coverage criteria. In: Proc. ICSM 2010, pp. 1–10. IEEE Computer Society (2010)

    Google Scholar 

  19. Romano, D., Di Penta, M., Antoniol, G.: An approach for search based testing of null pointer exceptions. In: Proc. ICST 2011, pp. 160–169. IEEE (2011)

    Google Scholar 

  20. Rothermel, G., Harrold, M.J., Ostrin, J., Hong, C.: An empirical study of the effects of minimization on the fault detection capabilities of test suites. In: Proc. ICSM 1998, pp. 34–43. IEEE Computer Society Press (1998)

    Google Scholar 

  21. Sen, K., Marinov, D., Agha, G.: CUTE: a concolic unit testing engine for C. In: Proc. ESEC/FSE-13, pp. 263–272. ACM (2005)

    Google Scholar 

  22. Staats, M., Pǎsǎreanu, C.: Parallel symbolic execution for structural test generation. In: Proc. ISSTA 2010, pp. 183–194. ACM (2010)

    Google Scholar 

  23. Tillmann, N., de Halleux, J.: Pex–white box test generation for.NET. In: Beckert, B., Hähnle, R. (eds.) TAP 2008. LNCS, vol. 4966, pp. 134–153. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  24. Vilkomir, S.A., Bowen, J.P.: Reinforced condition/decision coverage (rc/dc): A new criterion for software testing. In: Bert, D., Bowen, J.P., Henson, M.C., Robinson, K. (eds.) ZB 2002. LNCS, vol. 2272, pp. 291–308. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  25. White, L.J., Cohen, E.I.: A domain strategy for computer program testing. IEEE Trans. Softw. Eng. 6, 247–257 (1980)

    Article  MATH  Google Scholar 

  26. Zhang, L., Xie, T., Zhang, L., Tillmann, N., de Halleux, J., Mei, H.: Test generation via dynamic symbolic execution for mutation testing. In: Proc. ICSM 2010, pp. 1–10. IEEE Computer Society (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Saarland University, Saarbruecken, 66123, Germany

    Konrad Jamrozik

  2. University of Sheffield, UK

    Gordon Fraser

  3. Microsoft Research, WA, USA

    Nikolai Tillman & Jonathan de Halleux

Authors
  1. Konrad Jamrozik
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gordon Fraser
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nikolai Tillman
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jonathan de Halleux
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Microsoft Research, 98052-5321, Redmond, WA, USA

    Margus Veanes

  2. Università di Verona, 37134, Verona, Italy

    Luca Viganò

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Jamrozik, K., Fraser, G., Tillman, N., de Halleux, J. (2013). Generating Test Suites with Augmented Dynamic Symbolic Execution. In: Veanes, M., Viganò, L. (eds) Tests and Proofs. TAP 2013. Lecture Notes in Computer Science, vol 7942. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38916-0_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-38916-0_9

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-38915-3

  • Online ISBN: 978-3-642-38916-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation