114 HOE: Hot-Guided Symbolic Execution
-
Published:2012
Download citation file:
Symbolic execution is a powerful technology in ensuring software correctness. However, symbolic execution has the path explosion problem and cannot scale to large programs. In this paper, we present a novel approach, hotness-guided symbolic execution which uses hotness as a strategy to find bugs, and implement it on a bug finding tool HOE. Based on our observation of real world bugs, most bugs are caused by programmers’ careless dealing with unexpected situations. HOE chooses these not-so-often-reached paths to explore in a high priority and ignore hotter paths on demand. We evaluate HOE on an open source C++ library oSIP with 7.9k lines of code and a TTCN-3 distributed testing platform Loong Testing with 94.5k lines of code. The results show that our approach is efficient and can find bugs faster, and thus useful when testing large programs.