Affiliation:
1. The University of Texas at Austin, Austin, TX, USA
Abstract
This paper introduces a novel approach to scale symbolic execution --- a program analysis technique for systematic exploration of bounded execution paths---for test input generation. While the foundations of symbolic execution were developed over three decades ago, recent years have seen a real resurgence of the technique, specifically for systematic bug finding. However, scaling symbolic execution remains a primary technical challenge due to the inherent complexity of the path-based exploration that lies at core of the technique.
Our key insight is that the state of the analysis can be represented highly compactly: a test input is all that is needed to effectively encode the state of a symbolic execution run. We present ranged symbolic execution, which embodies this insight and uses two test inputs to define a range, i.e., the beginning and end, for a symbolic execution run. As an application of our approach, we show how it enables scalability by distributing the path exploration---both in a sequential setting with a single worker node and in a parallel setting with multiple workers. As an enabling technology, we leverage the open-source, state-of-the-art symbolic execution tool KLEE. Experimental results using 71 programs chosen from the widely deployed GNU Coreutils set of Unix utilities show that our approach provides a significant speedup over KLEE. For example, using 10 worker cores, we achieve an average speed-up of 6.6X for the 71 programs.
Publisher
Association for Computing Machinery (ACM)
Subject
Computer Graphics and Computer-Aided Design,Software
Cited by
19 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Parallel program analysis on path ranges;Science of Computer Programming;2024-12
2. Compatible Branch Coverage Driven Symbolic Execution for Efficient Bug Finding;Proceedings of the ACM on Programming Languages;2024-06-20
3. Precise Data-Driven Approximation for Program Analysis via Fuzzing;2023 38th IEEE/ACM International Conference on Automated Software Engineering (ASE);2023-09-11
4. Intelligent Constraint Classification for Symbolic Execution;2023 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER);2023-03
5. Parallel Program Analysis via Range Splitting;Fundamental Approaches to Software Engineering;2023