当前位置:
X-MOL 学术
›
arXiv.cs.PL
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Dynamic Symbolic Execution of Higher-Order Functions
arXiv - CS - Programming Languages Pub Date : 2020-06-20 , DOI: arxiv-2006.11639 Shu-Hung You (1), Robert Bruce Findler (1) and Christos Dimoulas (1) ((1) PLT@Northwestern)
arXiv - CS - Programming Languages Pub Date : 2020-06-20 , DOI: arxiv-2006.11639 Shu-Hung You (1), Robert Bruce Findler (1) and Christos Dimoulas (1) ((1) PLT@Northwestern)
The effectiveness of concolic testing deteriorates as the size of programs
increases. A promising way out is to test programs modularly, e.g., on a per
function or class basis. Alas, this idea hits a roadblock in modern programming
languages In modern languages, components expect functions, objects, and even
classes as inputs. The crux of the problem is that existing concolic testing
techniques cannot faithfully capture the complex interactions between a
higher-order program and its inputs in order to distill it in a first-order
formula that an SMT solver can work with. In this paper, we take the first step
towards solving the problem; we offer a design, semantics, and prototype for
concolic testing of higher-order functions. Inspired by work on higher-order
symbolic execution, our model constructs inputs for higher-order functions with
a canonical shape. This enables the concolic tester to keep track of which
pieces of the control-flow path of the higher-order function depend on the
shape of its input and which do not. The concolic tester encodes the pieces
that do not depend on the shape of the input as a first-order formula.
Subsequently, similar to a first-order concolic tester, it leverages an SMT
solver to produce another input with the same shape but that explores a
different control-flow path of the higher-order function. As a separate
dimension, the concolic tester iteratively explores the canonical shapes for
the input and, investigating all the ways a higher-order function can interact
with its input, searching for bugs. To validate our design, we prove that if a
higher-order function has a bug, our concolic tester will eventually construct
an input that triggers the bug. Using our design as a blueprint, we implement a
prototype concolic tester and confirm that it discovers bugs in a variety of
higher-order programs from the literature.
中文翻译:
高阶函数的动态符号执行
concolic 测试的有效性随着程序规模的增加而恶化。一个有希望的出路是模块化测试程序,例如,在每个函数或类的基础上。唉,这个想法在现代编程语言中遇到了障碍 在现代语言中,组件期望函数、对象甚至类作为输入。问题的关键在于,现有的 concolic 测试技术无法忠实地捕获高阶程序与其输入之间的复杂交互,以便将其提炼为 SMT 求解器可以使用的一阶公式。在本文中,我们迈出了解决问题的第一步;我们为高阶函数的混合测试提供了设计、语义和原型。受高阶符号执行工作的启发,我们的模型为具有规范形状的高阶函数构建输入。这使 concolic 测试器能够跟踪高阶函数的哪些控制流路径取决于其输入的形状,哪些不取决于。concolic tester 将不依赖于输入形状的片段编码为一阶公式。随后,类似于一阶 concolic 测试器,它利用 SMT 求解器生成另一个具有相同形状的输入,但探索高阶函数的不同控制流路径。作为一个单独的维度,concolic 测试器迭代地探索输入的规范形状,并研究高阶函数与其输入交互的所有方式,搜索错误。为了验证我们的设计,我们证明如果高阶函数有错误,我们的 concolic 测试人员最终将构建一个触发错误的输入。使用我们的设计作为蓝图,我们实现了一个原型 concolic 测试器,并确认它从文献中发现了各种高阶程序中的错误。
更新日期:2020-06-23
中文翻译:
高阶函数的动态符号执行
concolic 测试的有效性随着程序规模的增加而恶化。一个有希望的出路是模块化测试程序,例如,在每个函数或类的基础上。唉,这个想法在现代编程语言中遇到了障碍 在现代语言中,组件期望函数、对象甚至类作为输入。问题的关键在于,现有的 concolic 测试技术无法忠实地捕获高阶程序与其输入之间的复杂交互,以便将其提炼为 SMT 求解器可以使用的一阶公式。在本文中,我们迈出了解决问题的第一步;我们为高阶函数的混合测试提供了设计、语义和原型。受高阶符号执行工作的启发,我们的模型为具有规范形状的高阶函数构建输入。这使 concolic 测试器能够跟踪高阶函数的哪些控制流路径取决于其输入的形状,哪些不取决于。concolic tester 将不依赖于输入形状的片段编码为一阶公式。随后,类似于一阶 concolic 测试器,它利用 SMT 求解器生成另一个具有相同形状的输入,但探索高阶函数的不同控制流路径。作为一个单独的维度,concolic 测试器迭代地探索输入的规范形状,并研究高阶函数与其输入交互的所有方式,搜索错误。为了验证我们的设计,我们证明如果高阶函数有错误,我们的 concolic 测试人员最终将构建一个触发错误的输入。使用我们的设计作为蓝图,我们实现了一个原型 concolic 测试器,并确认它从文献中发现了各种高阶程序中的错误。
京公网安备 11010802027423号