Deconstructing Dynamic Symbolic Execution

MSR-TR-2015-95 |

Proceedings of the Sixth Conference on Uncertainty in Artificial Intelligence, Boston, MA

Dynamic symbolic execution (DSE) is a well-known technique for automatically generating tests to achieve higher levels of coverage in a program. Two keys ideas of DSE are to: (1) seed symbolic execution by executing a program on an initial input; (2) using concrete values from the program execution in place of symbolic expressions whenever symbolic reasoning is hard or not desired. We describe DSE for a simple core language and then present a minimalist implementation of DSE for Python (in Python) that follows this basic recipe. The code is available at (tagged v1.0) and has been designed to make it easy to experiment with and extend.