Your search keyword '"Braione, A"' showing total 2 results

1. Path-optimal symbolic execution of heap-manipulating programs

Author

Braione, Pietro and Denaro, Giovanni

Subjects

Computer Science - Software Engineering, Computer Science - Logic in Computer Science, D.2.4, D.2.5

Abstract

Symbolic execution is at the core of many techniques for program analysis and test generation. Traditional symbolic execution of programs with numeric inputs enjoys the property of forking as many analysis traces as the number of analyzed program paths, a property that in this paper we refer to as path optimality. On the contrary, current approaches for symbolic execution of heap-manipulating programs fail to satisfy this property, thereby incurring heavy path explosion effects that crucially penalize the efficiency of the analysis. This paper introduces POSE, path-optimal symbolic execution, a symbolic execution algorithm that originally accomplishes path optimality against heap-manipulating programs. We formalize the POSE algorithm for a tiny, but representative object-oriented programming language, and implement the formalization into a prototype symbolic executor to experiment the algorithm against a benchmark of sample programs that take data structures as inputs. Our experiments provide initial empirical evidence of the potential of POSE for improving on the state of the art of symbolic execution of heap-manipulating programs., Comment: 16 pages, 12 figures

Published

2024

2. Automatically Generating Test Cases for Safety-Critical Software via Symbolic Execution

Author

Kurian, Elson, Briola, Daniela, Braione, Pietro, and Denaro, Giovanni

Subjects

Computer Science - Software Engineering, D.2.4, F.3.1

Abstract

Automated test generation based on symbolic execution can be beneficial for systematically testing safety-critical software, to facilitate test engineers to pursue the strict testing requirements mandated by the certification standards, while controlling at the same time the costs of the testing process. At the same time, the development of safety-critical software is often constrained with programming languages or coding conventions that ban linguistic features which are believed to downgrade the safety of the programs, e.g., they do not allow dynamic memory allocation and variable-length arrays, limit the way in which loops are used, forbid recursion, and bound the complexity of control conditions. As a matter of facts, these linguistic features are also the main efficiency-blockers for the test generation approaches based on symbolic execution at the state of the art. This paper contributes new evidence of the effectiveness of generating test cases with symbolic execution for a significant class of industrial safety critical-systems. We specifically focus on Scade, a largely adopted model-based development language for safety-critical embedded software, and we report on a case study in which we exploited symbolic execution to automatically generate test cases for a set of safety-critical programs developed in Scade. To this end, we introduce a novel test generator that we developed in a recent industrial project on testing safety-critical railway software written in Scade, and we report on our experience of using this test generator for testing a set of Scade programs that belong to the development of an on-board signaling unit for high-speed rail. The results provide empirically evidence that symbolic execution is indeed a viable approach for generating high-quality test suites for the safety-critical programs considered in our case study.

Published

2022