skip to main content
10.1145/1993498.1993558acmconferencesArticle/Chapter ViewAbstractPublication PagespldiConference Proceedingsconference-collections

Directed incremental symbolic execution

Published: 04 June 2011 Publication History


The last few years have seen a resurgence of interest in the use of symbolic execution -- a program analysis technique developed more than three decades ago to analyze program execution paths. Scaling symbolic execution and other path-sensitive analysis techniques to large systems remains challenging despite recent algorithmic and technological advances. An alternative to solving the problem of scalability is to reduce the scope of the analysis. One approach that is widely studied in the context of regression analysis is to analyze the differences between two related program versions. While such an approach is intuitive in theory, finding efficient and precise ways to identify program differences, and characterize their effects on how the program executes has proved challenging in practice.
In this paper, we present Directed Incremental Symbolic Execution (DiSE), a novel technique for detecting and characterizing the effects of program changes. The novelty of DiSE is to combine the efficiencies of static analysis techniques to compute program difference information with the precision of symbolic execution to explore program execution paths and generate path conditions affected by the differences. DiSE is a complementary technique to other reduction or bounding techniques developed to improve symbolic execution. Furthermore, DiSE does not require analysis results to be carried forward as the software evolves -- only the source code for two related program versions is required. A case-study of our implementation of DiSE illustrates its effectiveness at detecting and characterizing the effects of program changes.


S. Anand, C. S. Păsăreanu, and W. Visser. Symbolic execution with abstraction. International Journal on Software Tools for Technology Transfer (STTT), 11:53--67, January 2009.
T. Apiwattanapong, A. Orso, and M. J. Harrold. Jdiff: A differencing technique and tool for object-oriented programs. Automated Software Engineering, 14(1):3--36, 2007.
W. R. Bush, J. D. Pincus, and D. J. Sielaff. A static analyzer for finding dynamic programming errors. Software: Practice and Experience, 30(7):775--802, 2000.
C. Cadar and D. R. Engler. Execution generated test cases: How to make systems code crash itself. In SPIN, pages 2--23, 2005.
W. C. Chang. Improving Dynamic Analysis with Data Flow Analysis. PhD thesis, University of Texas at Austin, 2010.
Choco. Main-page Choco., 2010.
L. A. Clarke. A program testing system. In Proceedings of the 1976 annual conference, ACM '76, pages 488--491, 1976.
C. Csallner, N. Tillmann, and Y. Smaragdakis. Dysy: Dynamic symbolic execution for invariant inference. In ICSE, pages 281--290, 2008.
L. de Moura and N. Bjørner. Z3: An efficient SMT solver. In TACAS, pages 337--340, 2008.
X. Deng, Robby, and J. Hatcliff. Kiasan/KUnit: Automatic test case generation and analysis feedback for open object-oriented systems. In TAICPART-MUTATION, pages 3--12, 2007.
P. Godefroid. Compositional dynamic test generation. In POPL, pages 47--54, 2007.
P. Godefroid, N. Klarlund, and K. Sen. DART: Directed automated random testing. In PLDI, pages 213--223, 2005.
P. Godefroid, S. K. Lahiri, and C. Rubio-Gonzalez. Incremental compositional dynamic test generation. Technical Report MSR-TR-2010-11, Microsoft Research, 2010.
T. L. Graves, M. J. Harrold, J.-M. Kim, A. Porter, and G. Rothermel. An empirical study of regression test selection techniques. ACM Transactions Software Engineering and Methodology, 10(2):184--208, 2001.
M. J. Harrold, J. A. Jones, T. Li, D. Liang, A. Orso, M. Pennings, S. Sinha, S. A. Spoon, and A. Gujarathi. Regression test selection for java software. In OOPSLA, pages 312--326, 2001.
D. Jackson. Software Abstractions: Logic, Language, and Analysis. The MIT Press, Cambridge, MA, 2006.
A. Joshi and M. Heimdahl. Model-Based Safety Analysis of Simulink Models Using SCADE Design Verifier. In SAFECOMP, volume 3688 of LNCS, pages 122--135, September 2005.
S. Khurshid, I. García, and Y. L. Suen. Repairing structurally complex data. In SPIN, pages 123--138, 2005.
S. Khurshid, C. S. Păsăreanu, and W. Visser. Generalized symbolic execution for model checking and testing. In TACAS, pages 553--568, 2003.
S. Khurshid and Y. L. Suen. Generalizing symbolic execution to library classes. In PASTE, pages 103--110, 2005.
M. Kim, D. Notkin, and D. Grossman. Automatic inference of structural changes for matching across program versions. In ICSE, pages 333--343, 2007.
J. C. King. Symbolic execution and program testing. Communications of the ACM, 19(7):385--394, 1976.
S. K. Lahiri, K. Vaswani, and T. Hoare. Differential static analysis: Opportunities, applications, and challenges. In FoSER, pages 201--204, 2010.
S. Lauterburg, A. Sobeih, D. Marinov, and M. Viswanathan. Incremental state-space exploration for programs with dynamically allocated data. In ICSE, pages 291--300, 2008.
H. Leung and L. White. Insights into regression testing. In ICSM, pages 60--69, 1989.
C. Păsăreanu and N. Rungta. Symbolic PathFinder: symbolic execution of Java bytecode. In ASE, pages 179--180, 2010.
S. Person, M. B. Dwyer, S. Elbaum, and C. S. Păsăreanu. Differential symbolic execution. In FSE, pages 226--237, 2008.
C. S. Păsăreanu, P. C. Mehlitz, D. H. Bushnell, K. Gundy-Burlet, M. Lowry, S. Person, and M. Pape. Combining unit-level symbolic execution and system-level concrete execution for testing NASA software. In ISSTA, pages 15--25, 2008.
D. Qi, A. Roychoudhury, and Z. Liang. Test generation to expose changes in evolving programs. In ASE, pages 397--406, 2010.
SAE-ARP4761. Guidelines and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment. SAE International, December 1996.
R. Santelices and M. J. Harrold. Exploiting program dependencies for scalable multiple-path symbolic execution. In ISSTA, pages 195--206, 2010.
K. Sen, D. Marinov, and G. Agha. CUTE: a concolic unit testing engine for c. In ESEC/FSE, pages 263--272, 2005.
C. Seo, S. Malek, and N. Medvidovic. An energy consumption framework for distributed Java-based software systems. Technical Report USC-CSE-2006-604, University of Southern California, 2006.
J. Sztipanovits and G. Karsai. Generative programming for embedded systems. In GPCE, pages 32--49, 2002.
K. Taneja, T. Xie, N. Tillmann, J. de Halleux, and W. Schulte. Guided path exploration for regression test generation. In ICSE, New Ideas and Emerging Results, pages 311--314, 2009.
W. Visser, K. Havelund, G. P. Brat, S. Park, and F. Lerda. Model checking programs. Automated Software Engineering, 10(2):203--232, 2003.
Z. Xu, M. B. Cohen, and G. Rothermel. Factors affecting the use of genetic algorithms in test suite augmentation. In GECCO, pages 1365--1372, 2010.
Z. Xu and G. Rothermel. Directed test suite augmentation. In APSEC, pages 406--413, 2009.
G. Yang, M. B. Dwyer, and G. Rothermel. Regression model checking. In ICSM, pages 115--124, 2009.

Cited By

View all
  • (2025)Speeding-up fuzzing through directional seedsInternational Journal of Information Security10.1007/s10207-024-00953-624:2Online publication date: 1-Apr-2025
  • (2024)ParDiff: Practical Static Differential Analysis of Network Protocol ParsersProceedings of the ACM on Programming Languages10.1145/36498548:OOPSLA1(1208-1234)Online publication date: 29-Apr-2024
  • (2024)Homeostasis: Design and Implementation of a Self-Stabilizing CompilerACM Transactions on Programming Languages and Systems10.1145/364930846:2(1-58)Online publication date: 1-May-2024
  • Show More Cited By



Information & Contributors


Published In

cover image ACM Conferences
PLDI '11: Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation
June 2011
668 pages
  • General Chair:
  • Mary Hall,
  • Program Chair:
  • David Padua
  • cover image ACM SIGPLAN Notices
    ACM SIGPLAN Notices  Volume 46, Issue 6
    PLDI '11
    June 2011
    652 pages
    Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]



Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 June 2011


Request permissions for this article.

Check for updates

Author Tags

  1. program differencing
  2. software evolution
  3. symbolic execution


  • Research-article


PLDI '11

Acceptance Rates

Overall Acceptance Rate 406 of 2,067 submissions, 20%


Other Metrics

Bibliometrics & Citations


Article Metrics

  • Downloads (Last 12 months)72
  • Downloads (Last 6 weeks)5
Reflects downloads up to 20 Feb 2025

Other Metrics


Cited By

View all
  • (2025)Speeding-up fuzzing through directional seedsInternational Journal of Information Security10.1007/s10207-024-00953-624:2Online publication date: 1-Apr-2025
  • (2024)ParDiff: Practical Static Differential Analysis of Network Protocol ParsersProceedings of the ACM on Programming Languages10.1145/36498548:OOPSLA1(1208-1234)Online publication date: 29-Apr-2024
  • (2024)Homeostasis: Design and Implementation of a Self-Stabilizing CompilerACM Transactions on Programming Languages and Systems10.1145/364930846:2(1-58)Online publication date: 1-May-2024
  • (2024)Concrete Constraint Guided Symbolic ExecutionProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3639078(1-12)Online publication date: 20-May-2024
  • (2023)DAFLProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620513(4931-4948)Online publication date: 9-Aug-2023
  • (2023)Client-Specific Upgrade Compatibility Checking via Knowledge-Guided DiscoveryACM Transactions on Software Engineering and Methodology10.1145/358256932:4(1-31)Online publication date: 26-May-2023
  • (2023)Code-Level Functional Equivalence Checking of Annotative Software Product LinesProceedings of the 27th ACM International Systems and Software Product Line Conference - Volume A10.1145/3579027.3608978(64-75)Online publication date: 28-Aug-2023
  • (2023)Intelligent Constraint Classification for Symbolic Execution2023 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)10.1109/SANER56733.2023.00023(144-154)Online publication date: Mar-2023
  • (2023)diffDP: Using Data Dependencies and Properties in Difference Verification with ConditionsiFM 202310.1007/978-3-031-47705-8_3(40-61)Online publication date: 6-Nov-2023
  • (2022)Leveraging code-test co-evolution patterns for automated test case recommendationProceedings of the 3rd ACM/IEEE International Conference on Automation of Software Test10.1145/3524481.3527222(65-76)Online publication date: 17-May-2022
  • Show More Cited By

View Options

Login options

View options


View or Download as a PDF file.



View online with eReader.







Share this Publication link

Share on social media