A Dynamic Symbolic Execution (DSE) engine for JavaScript. ExpoSE is highly scalable, compatible with recent JavaScript standards, and supports symbolic modelling of strings and regular expressions.
MIT License
183
stars
36
forks
source link
Does not find alternative paths when using string.replace #108
I would have expected it to find both paths (one with s = 'x' and one with s = ''), however running expoSE test.js results in:
[!] Nope
[!] expoSE replay '{...}/test.js' '{"_bound":0}'
[!] Stats
[+] General Function Call: 5
[+] Symbolic Values: 1
[+] Symbolic Primitives: 1
[+] Wrapped Constants: 1
[+] Symbolic Field: 1
[+] Modeled Function Call: {"#replace":1}
[!] Done
[+] /home/oaie/hacks/html-parser/src/test.js. Coverage (Term): 81% Coverage (Decisions): 50% Coverage (LOC): 80% Lines Of Code: 7 -*
[+] Total Lines Of Code 7
[+] Total Coverage: 0.8%
[+] EXPOSE_PRINT_COVERAGE=1 for line by line breakdown
[+] ExpoSE Finished. 1 paths, 1 errors
When using the empty string as the default parameter it finds the first one (Has length) but not the second one (Nope). Thus it seems, that using the no-op s.replace('', '') prevents it from searching for further solutions somehow. Without the .replace(...) call it finds both solutions.
I am new to this library, so I'm not sure if this is a bug or I am missing something.
Considering the following test case:
I would have expected it to find both paths (one with
s = 'x'and one withs = ''), however runningexpoSE test.jsresults in:When using the empty string as the default parameter it finds the first one (
Has length) but not the second one (Nope). Thus it seems, that using the no-ops.replace('', '')prevents it from searching for further solutions somehow. Without the.replace(...)call it finds both solutions.