Tuesday, 20 September 2016

Comprehensively testing software patches with symbolic execution

A large fraction of the costs of maintaining software applications is associated with detecting and fixing errors introduced by patches. Patches are prone to introducing failures and as a result, users are often reluctant to upgrade their software to the most recent version, relying instead on older versions which typically expose a reduced set of features and are frequently susceptible to critical bugs and security vulnerabilities. To properly test a patch, each line of code in the patch, and all the new behaviours introduced by the patch, should be covered by at least one test case. However, the large effort involved in coming up with relevant test cases means that such thorough testing rarely happens in practice.

...  the full blog post can be read in the IEEE Software Blog