Abstract
Higher-order functions have become a staple of modern programming languages. However, such values stymie concolic testers, as the SMT solvers at their hearts are inherently first-order.
This paper lays a formal foundations for concolic testing higher-order functional programs. Three ideas enable our results: (i) our tester considers only program inputs in a canonical form; (ii) it collects novel constraints from the evaluation of the canonical inputs to search the space of inputs with partial help from an SMT solver and (iii) it collects constraints from canonical inputs even when they are arguments to concretized calls. We prove that (i) concolic evaluation is sound with respect to concrete evaluation; (ii) modulo concretization and SMT solver incompleteness, the search for a counter-example succeeds if a user program has a bug and (iii) this search amounts to directed evolution of inputs targeting hard-to-reach corners of the program.
Chapter PDF
Similar content being viewed by others
References
Harold Abelson, Gerald Jay Sussman, and Julie Sussman. Structure and Interpretation of Computer Programs. MIT Press, 1985.
Saswat Anand, Patrice Godefroid, and Nikolai Tillmann. Demand-driven Compositional Symbolic Execution. In Proc. International Conference on Tools and Algorithms for the Construction and Analysis of Systems, pp. 367–3831, 2008.
Saswat Anand, Mayur Naik, Mary Jean Harrold, and Hongseok Yang. Automated Concolic Testing of Smartphone Apps. In Proc. International Symposium on on the Foundations of Software Engineering, pp. 59:1–59:11, 2012.
Joe Armstrong, Robert Virding, Claes Wikström, and Mike Williams. Programming Erlang: Software for a Concurrent World. Prentice Hall, 2007.
Roberto Baldoni, Emilio Coppa, Daniele Cono D’Elia, Camil Demetrescu, and Irene Finocchi. A Survey of Symbolic Execution Techniques. ACM Comput. Surv. 51(3), 2018.
Jacob Burnim and Koushik Sen. Heuristics for Scalable Dynamic Test Generation. In Proc. ACM/IEEE International Conference on Automated Software Engineering, pp. 443–446, 2008.
Cristian Cadar, Daniel Dunbar, and Dawson Engler. KLEE: Unassisted and Automatic Generation of High-coverage Tests for Complex Systems Programs. In Proc. USENIX Symposium on Operating Systems Design and Implementation, pp. 209–224, 2008.
Cristian Cadar and Dawson Engler. Execution Generated Test Cases: How to Make Systems Code Crash Itself. In Proc. International SPINConference on Model Cheching Software, pp. 2–23, 2005.
Cristian Cadar and Koushik Sen. Symbolic Execution for Software Testing: Three Decades Later. Communications of the ACM, pp. 82–90, 2013.
Robert Cartwright and Mike Fagan. Soft Typing. In Proc. ACM Conference on Programming Language Design and Implementation, pp. 278–292, 1991.
Koen Claessen and John Hughes. QuickCheck: A Lightweight Tool for Random Testing of Haskell Programs. In Proc. ACM International Conference on Functional Programming, pp. 268–279, 2000.
Marko Dimjašević, Dimitra Giannakopoulou, Falk Howar, Falk Howar, Falk Howar, and Falk Howar. The Dart, the Psyco, and the Doop: Concolic Execution in Java. ACM SIGSOFT Software Engineering Notes 40(1), pp. 1–5, 2015.
Christos Dimoulas, Sam Tobin-Hochstadt, and Matthias Felleisen. Complete Monitors for Behavioral Contracts. In Proc. European Symposium on on Programming, pp. 214–233, 2012.
Michael Emmi, Rupak Majumdar, and Koushik Sen. Dynamic Test Input Generation for Database Applications. In Proc. International Symposium on Software Testing and Analysis, pp. 151–162, 2007.
Azadeh Farzan, Andreas Holzer, Niloofar Razavi, and Helmut Veith. Con2Colic Testing. In Proc. International Symposium on on the Foundations of Software Engineering, pp. 37–47, 2013.
Robert B. Findler and Matthias Felleisen. Contracts for Higher-Order Functions. In Proc. ACM International Conference on Functional Programming, pp. 48–59, 2002.
Aggelos Giantsios, Nikolaos Papaspyrou, and Konstantinos Sagonas. Concolic Testing for Functional Languages. In Proc. ACM International Conference on Principles and Practice of Declarative Programming, pp. 137–148, 2015.
Aggelos Giantsios, Nikolaos Papaspyrou, and Konstantinos Sagonas. Concolic Testing for Functional Languages. Science of Computer Programming, pp. 109–134, 2017.
Patrice Godefroid. Compositional Dynamic Test Generation. In Proc. ACM Symposium on Principles of Programming Languages, pp. 47–54, 2007.
Patrice Godefroid, Nils Klarlund, and Koushik Sen. DART: Directed Automated Random Testing. In Proc. ACM Conference on Programming Language Design and Implementation, pp. 213–223, 2005.
Patrice Godefroid, Michael Y. Levin, and David Molnar. Automated Whitebox Fuzz Testing. In Proc. Network and Distributed System Security Symposium, 2008.
Patrice Godefroid, Michael Y. Levin, and David Molnar. SAGE: Whitebox Fuzzing for Security Testing. ACM Queue 10(1), pp. 20:20–20:27, 2012.
Li Guodong, Esben Andreasen, and Indradeep Ghosh. SymJS: Automatic Symbolic Testing of JavaScript Web Applications. In Proc. International Symposium on on the Foundations of Software Engineering, pp. 449–459, 2014.
Yunho Kim, Shin Hong, and Moonzo Kim. Target-Driven Compositional Concolic Testing with Function Summary Refinement for Effective Bug Detection. In Proc. International Symposium on on the Foundations of Software Engineering, pp. 16–26, 2019.
Yunho Kim and Moonzoo Kim. SCORE: A Scalable Concolic Testing Tool for Reliable Embedded Software. In Proc. International Symposium on on the Foundations of Software Engineering, pp. 420–423, 2011.
Casey Klein, Matthew Flatt, and Robert Bruce Findler. Random Testing for Higher-order, Stateful Programs. In Proc. ACM Conference on Object-Oriented Programming, Systems, Languages and Applications, pp. 555–566, 2010.
Naoki Kobayashi, Ryosuke Sato, and Hiroshi Unno. Predicate Abstraction and CEGAR for Higher-Order Model Checking. In Proc. ACM Conference on Programming Language Design and Implementation, pp. 222–233, 2011.
Pieter Koopman and Rinus Plasmeijer. Automatic Testing of Higher Order Functions. In Proc. Asian Symposium on Programming Languages and Systems, pp. 148–164, 2006.
Guodong Li, Indradeep Ghosh, and Sreeranga P. Rajan. KLOVER: A Symbolic Execution and Automatic Test Generation Tool for C++ Programs. In Proc. International Conference on Computer Aided Verification, pp. 609–615, 2011.
Guodong Li, Peng Li, Geof Sawaya, Ganesh Gopalakrishnan, Indradeep Ghosh, and Sreeranga P. Rajan. GKLEE: Concolic Verification and Test Generation for GPUs. In Proc. Symposium on Principles and Practice of Parallel Programming, pp. 215–224, 2012.
Lian Li, Yi Lu, and Jingling Xue. Dynamic Symbolic Execution for Polymorphism. In Proc. International Conference on Compiler Construction, pp. 120–130, 2017.
Phúc Nguy\(\tilde{\hat{{\rm e}}}\)n, Sam Tobin-Hochstadt, and David Van Horn. Relatively complete counterexamples for higher-order programs. In Proc. ACM Conference on Programming Language Design and Implementation, pp. 446–456, 2015.
Phúc Nguy\(\tilde{\hat{{\rm e}}}\)n, Sam Tobin-Hochstadt, and David Van Horn. Higher order symbolic execution for contract verification and refutation. Journal of Functional Programming(27), pp. e3:1–e3:54, 2017.
Adrián Palacios and Germán Vidal. Concolic Execution in Functional Programming by Program Instrumentation. In Proc. International Symposium on Logic-Based Program Synthesis and TRansformation, pp. 277–292, 2015.
Niloofar Razavi, Franjo Ivančić, Vineet Kahlon, and Aarti Gupta. Concurrent Test Generation Using Concolic Multi-trace Analysis. In Proc. Asian Symposium on Programming Languages and Systems, pp. 239–255, 2012.
Marija Selakovic, Michael Pradel, Rezwana Karim, and Frank Tip. Test Generation for Higher-order Functions in Dynamic Languages. Proceedings of the ACM on Programming Languages (OOPSLA) 2, pp. 161:1–161:27, 2018.
Koushik Sen and Gul Agha. CUTE and jCUTE: Concolic Unit Testing and Explicit Path Model-checking Tools. In Proc. International Conference on Computer Aided Verification, pp. 419–423, 2006.
Koushik Sen, Swaroop Kalasapur, Brutch Tasneem, and Simon Gibbs. Jalangi: A Selective Record-replay and Dynamic Analysis Framework for JavaScript. In Proc. International Symposium on on the Foundations of Software Engineering, pp. 488–498, 2013.
Koushik Sen, Darko Marinov, and Gul Agha. CUTE: A Concolic Unit Testing Engine for C. In Proc. International Symposium on on the Foundations of Software Engineering, pp. 263–272, 2005.
T. Stephen Strickland, Sam Tobin-Hochstadt, Robert B. Findler, and Matthew Flatt. Chaperones and Impersonators: Run-time Support for Reasonable Interposition. In Proc. ACM Conference on Object-Oriented Programming, Systems, Languages and Applications, pp. 943–962, 2012.
Youcheng Sun, Min Wu, Wenjie Ruan, Xiaowei Huang, Marta Kwiatkowska, and Daniel Kroening. Concolic Testing for Deep Neural Networks. In Proc. ACM/IEEE International Conference on Automated Software Engineering, pp. 109–119, 2018.
Tachio Terauchi. Dependent Types from Counterexamples. In Proc. ACM Symposium on Principles of Programming Languages, pp. 119–130, 2010.
Nikolai Tillmann and Jonathan de Halleux. Pex: White Box Test Generation for. NET. In Proc. International Conference on Tests and Proofs, pp. 134–153, 2008.
Sam Tobin-Hochstadt and Matthias Felleisen. Logical Types for Untyped Languages. In Proc. ACM International Conference on Functional Programming, pp. 117–128, 2010.
Sam Tobin-Hochstadt and David Van Horn. Higher-Order Symbolic Execution via Contracts. In Proc. ACM Conference on Object-Oriented Programming, Systems, Languages and Applications, pp. 537–554, 2012.
Andrew K. Wright and Robert Cartwright. A Practical Soft Type System for Scheme. ACM Transactions on Programming Languages and Systems 19(1), pp. 87–152, 1997.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
This chapter is published under an open access license. Please check the 'Copyright Information' section either on this page or in the PDF for details of this license and what re-use is permitted. If your intended use exceeds what is permitted by the license or if you are unable to locate the licence and re-use information, please contact the Rights and Permissions team.
Copyright information
© 2021 The Author(s)
About this paper
Cite this paper
You, SH., Findler, R.B., Dimoulas, C. (2021). Sound and Complete Concolic Testing for Higher-order Functions. In: Yoshida, N. (eds) Programming Languages and Systems. ESOP 2021. Lecture Notes in Computer Science(), vol 12648. Springer, Cham. https://doi.org/10.1007/978-3-030-72019-3_23
Download citation
DOI: https://doi.org/10.1007/978-3-030-72019-3_23
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-72018-6
Online ISBN: 978-3-030-72019-3
eBook Packages: Computer ScienceComputer Science (R0)
