Affiliation:
1. Nanjing University, Nanjing, China
2. University of California, Davis, Davis, CA, USA
Abstract
Symbolic execution is a promising testing and analysis methodology. It systematically explores a program's execution space and can generate test cases with high coverage. One significant practical challenge for symbolic execution is how to effectively explore the enormous number of program paths in real-world programs. Various heuristics have been proposed for guiding symbolic execution, but they are generally inefficient and ad-hoc. In this paper, we introduce a novel, unified strategy to guide symbolic execution to less explored parts of a program. Our key idea is to exploit a specific type of path spectra, namely the
length-n subpath program spectra
, to systematically approximate full path information for guiding path exploration. In particular, we use frequency distributions of explored length-
n
subpaths to prioritize "less traveled" parts of the program to improve test coverage and error detection. We have implemented our general strategy in KLEE, a state-of-the-art symbolic execution engine. Evaluation results on the GNU Coreutils programs show that (1) varying the length
n
captures program-specific information and exhibits different degrees of effectiveness, and (2) our general approach outperforms traditional strategies in both coverage and error detection.
Publisher
Association for Computing Machinery (ACM)
Subject
Computer Graphics and Computer-Aided Design,Software
Cited by
24 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. BDGSE: A Symbolic Execution Technique for High MC/DC;2023 IEEE 23rd International Conference on Software Quality, Reliability, and Security (QRS);2023-10-22
2. Eunomia: Enabling User-Specified Fine-Grained Search in Symbolically Executing WebAssembly Binaries;Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis;2023-07-12
3. Boosting Symbolic Execution for Heap-based Vulnerability Detection and Exploit Generation;2023 IEEE/ACM 45th International Conference on Software Engineering: Companion Proceedings (ICSE-Companion);2023-05
4. Evaluating and Improving Hybrid Fuzzing;2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE);2023-05
5. Guiding Symbolic Execution with A-Star;Software Engineering and Formal Methods;2023