Lazy symbolic execution for test data generation

Mengxiang Lin, Yin-li Chen, Kai Yu, Guo-shi Wu. Lazy symbolic execution for test data generation. IEE Proceedings - Software, 5(2):132-141, 2011. [doi]

Abstract

In the context of test data generation, symbolic execution gets more attention as computing power increases continuously. Experiments show that test generation tools based on symbolic execution can get high coverage and find bugs on real applications. However, symbolic execution still has limitations in handling some complex program structures such as pointers, arrays and library functions. To address the problem, this study proposes a technique called lazy symbolic execution, which combines symbolic execution with a lazy evaluation strategy. The authors approach is motivated by the observation that some program structures can be reasoned about symbolically and the others have to be evaluated concretely. Traditional symbolic execution can cope with the former well, whereas lazy symbolic evaluation is used to handle the latter. However, lazy symbolic evaluation introduces intermediate variables into path constraints. To eliminate those variables, concrete values for some input variables are first obtained by constraint solving or searching processes. Then, the given path is executed again using inputs consisting of concrete and symbolic values. The procedure is repeated until all intermediate variables are wiped out. The authors have implemented a prototype tool and performed some experiments. The empirical results show the effectiveness of their approach.