research-article

Dependence Guided Symbolic Execution

Authors:

Zijiang YangAuthors Info & Claims

IEEE Transactions on Software Engineering, Volume 43, Issue 3

Pages 252 - 271

https://doi.org/10.1109/TSE.2016.2584063

Published: 01 March 2017 Publication History

Abstract

Symbolic execution is a powerful technique for systematically exploring the paths of a program and generating the corresponding test inputs. However, its practical usage is often limited by the path explosion problem, that is, the number of explored paths usually grows exponentially with the increase of program size. In this paper, we argue that for the purpose of fault detection it is not necessary to systematically explore the paths, and propose a new symbolic execution approach to mitigate the path explosion problem by predicting and eliminating the redundant paths based on symbolic value. Our approach can achieve the equivalent fault detection capability as traditional symbolic execution without exhaustive path exploration. In addition, we develop a practical implementation called Dependence Guided Symbolic Execution (DGSE) to soundly approximate our approach. Through exploiting program dependence, DGSE can predict and eliminate the redundant paths at a reasonable computational cost. Our empirical study shows that the redundant paths are abundant and widespread in a program. Compared with traditional symbolic execution, DGSE only explores 6.96 to 96.57 percent of the paths and achieves a speedup of 1.02 $\times$ to 49.56 $\times$ . We have released our tool and the benchmarks used to evaluate DGSE $^\ast$ .

References

[1]

L. A. Clarke, “A program testing system,” in Proc. Annu. Conf., 1976, pp. 488–491.

Digital Library

Google Scholar

[2]

J. C. King, “Symbolic execution and program testing,” Commun. ACM, vol. Volume 19, no. Issue 7, pp. 385–394, 1976.

Digital Library

Google Scholar

[3]

K. Sen, D. Marinov, and G. Agha, “Cute: A concolic unit testing engine for C,” in Proc. 10th Eur. Softw. Eng. Conf. Held Jointly 13th ACM SIGSOFT Int. Symp. Found. Softw. Eng., 2005, pp. 263–272.

Digital Library

Google Scholar

[4]

P. Godefroid, N. Klarlund, and K. Sen, “DART: Directed automated random testing,” ACM SIGPLAN Not., vol. Volume 40, no. Issue 6, pp. 213–223, 2005.

Digital Library

Google Scholar

[5]

C. Cadar, D. Dunbar, and D. R. Engler, “KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs,” in Proc. 8th USENIX Symp. Oper. Syst. Des. Implementation, vol. Volume 8, 2008, pp. 209–224.

Digital Library

Google Scholar

[6]

C. S. Păsăreanu and N. Rungta, “Symbolic pathfinder: Symbolic execution of Java bytecode,” in Proc. IEEE/ACM Int. Conf. Autom. Softw. Eng., 2010, pp. 179–180.

Digital Library

Google Scholar

[7]

C. S. Păsăreanu and W. Visser, “A survey of new trends in symbolic execution for software testing and analysis,” Int. J. Softw. Tools Technol. Transfer, vol. Volume 11, no. Issue 4, pp. 339–353, 2009.

Crossref

Google Scholar

[8]

C. Cadar, et al., “Symbolic execution for software testing in practice: Preliminary assessment,” in Proc. 33rd Int. Conf. Softw. Eng., 2011, pp. 1066–1071.

Digital Library

Google Scholar

[9]

D. Qi, H. D. T. Nguyen, and A. Roychoudhury, “Path exploration based on symbolic output,” ACM Trans. Softw. Eng. Methodol., vol. Volume 22, no. Issue 4, pp. 32:1–32:41, 2013.

Digital Library

Google Scholar

[10]

M. Hutchins, H. Foster, T. Goradia, and T. Ostrand, “Experiments of the effectiveness of dataflow-and controlflow-based test adequacy criteria,” in Proc. 16th Int. Conf. Softw. Eng., 1994, pp. 191–200.

Digital Library

Google Scholar

[11]

H. Wang, et al., “Reducing test cases with causality partitions,” in Proc. 26th Int. Conf. Softw. Eng. Knowl. Eng., 2014, pp. 223–228.

Google Scholar

[12]

S. Anand, C. S. Păsăreanu, and W. Visser, “Symbolic execution with abstraction,” Int. J. Softw. Tools Technol. Transfer, vol. Volume 11, no. Issue 1, pp. 53–67, 2009.

Crossref

Google Scholar

[13]

P. Godefroid, “Compositional dynamic test generation,” in Proc. 34th Annu. ACM SIGPLAN-SIGACT Symp. Princ. Programm. Lang., 2007, pp. 47–54.

Digital Library

Google Scholar

[14]

S. Anand, P. Godefroid, and N. Tillmann, “Demand-driven compositional symbolic execution,” in Proc. Theory Practice Softw. 14th Int. Conf. Tools Algorithms Constr. Anal. Syst., 2008, pp. 367–381.

Digital Library

Google Scholar

[15]

G. Yang, S. Person, N. Rungta, and S. Khurshid, “Directed incremental symbolic execution,” ACM Trans. Softw. Eng. Methodol., vol. Volume 24, no. Issue 1, pp. 3:1–3:42, 2014.

Digital Library

Google Scholar

[16]

R. Santelices and M. J. Harrold, “Exploiting program dependencies for scalable multiple-path symbolic execution,” in Proc. 19th Int. Symp. Softw. Testing Anal., 2010, pp. 195–206.

Digital Library

Google Scholar

[17]

M. Staats and C. Pӑsӑreanu, “Parallel symbolic execution for structural test generation,” in Proc. 19th Int. Symp. Softw. Testing Anal., 2010, pp. 183–194.

Digital Library

Google Scholar

[18]

J. H. Siddiqui and S. Khurshid, “Scaling symbolic execution using ranged analysis,” in Proc. ACM Int. Conf. Object Oriented Programm. Syst. Lang. Appl., 2012, pp. 523–536.

Digital Library

Google Scholar

[19]

P. Boonstoppel, C. Cadar, and D. Engler, “RWset: Attacking path explosion in constraint-based test generation,” in Proc. 14th Int. Conf. Tools Algorithms Constr. Anal. Syst., 2008, pp. 351–366.

Digital Library

Google Scholar

[20]

Z. Xu, Y. Kim, M. Kim, G. Rothermel, and M. B. Cohen, “Directed test suite augmentation: Techniques and tradeoffs,” in Proc. 18th ACM SIGSOFT Int. Symp. Found. Softw. Eng., 2010, pp. 257–266.

Digital Library

Google Scholar

[21]

K. Sen, G. Necula, L. Gong, and W. Choi, “MultiSE: Multi-path symbolic execution using value summaries,” in Proc. 10th Joint Meeting Found. Softw. Eng., 2015, pp. 842–853.

Digital Library

Google Scholar

[22]

K. Taneja, T. Xie, N. Tillmann, and J. De Halleux, “EXpress: Guided path exploration for efficient regression test generation,” in Proc. Int. Symp. Softw. Testing Anal., 2011, pp. 1–11.

Digital Library

Google Scholar

[23]

M. Böhme, B. C. D. S. Oliveira, and A. Roychoudhury, “Regression tests to expose change interaction errors,” in Proc. 9th Joint Meeting Found. Softw. Eng., 2013, pp. 334–344.

Digital Library

Google Scholar

[24]

G. Yang, S. Khurshid, S. Person, and N. Rungta, “Property differencing for incremental checking,” in Proc. 36th Int. Conf. Softw. Eng., 2014, pp. 1059–1070.

Digital Library

Google Scholar

[25]

S. Guo, M. Kusano, C. Wang, Z. Yang, and A. Gupta, “Assertion guided symbolic execution of multithreaded programs,” in Proc. 10th Joint Meeting Found. Softw. Eng., 2015, pp. 854–865.

Digital Library

Google Scholar

[26]

D. Schwartz-Narbonne, M. Schäf, D. Jovanović, P. Rümmer, and T. Wies, “Conflict-directed graph coverage,” in Proc. 7th Int. Symp. NASA Formal Methods, 2015, pp. 327–342.

Crossref

Google Scholar

[27]

C. S. Păsăreanu, N. Rungta, and W. Visser, “Symbolic execution with mixed concrete-symbolic solving,” in Proc. Int. Symp. Softw. Testing Anal., 2011, pp. 34–44.

Digital Library

Google Scholar

[28]

Y. Zheng, X. Zhang, and V. Ganesh, “Z3-str: A z3-based string solver for web application analysis,” in Proc. 9th Joint Meeting Found. Softw. Eng., 2013, pp. 114–124.

Digital Library

Google Scholar

[29]

S. Khurshid and Y. L. Suen, “Generalizing symbolic execution to library classes,” in Proc. 6th ACM SIGPLAN-SIGSOFT Workshop Program Anal. Softw. Tools Eng., 2005, pp. 103–110.

Digital Library

Google Scholar

[30]

I. Ghosh, N. Shafiei, G. Li, and W.-F. Chiang, “JST: An automatic test generation tool for industrial Java applications with strings,” in Proc. Int. Conf. Softw. Eng., 2013, pp. 992–1001.

Digital Library

Google Scholar

[31]

M. Souza, M. Borges, M. d'Amorim, and C. S. Pasareanu, “CORAL: Solving complex constraints for symbolic path finder,” in NASA Formal Methods, M. Bobaru, K. Havelund, G. J. Holzmann, R. Joshi, eds.Berlin, Germany: Springer, 2011, pp. 359–374.

Digital Library

Google Scholar

[32]

P. Dinges and G. Agha, “Solving complex path conditions through heuristic search on induced polytopes,” in Proc. 22nd ACM SIGSOFT Int. Symp. Found. Softw. Eng., 2014, pp. 425–436.

Digital Library

Google Scholar

[33]

H. Seo and S. Kim, “How we get there: A context-guided search strategy in concolic testing,” in Proc. 22nd ACM SIGSOFT Int. Symp. Found. Softw. Eng., 2014, pp. 413–424.

Digital Library

Google Scholar

[34]

P. Dinges and G. Agha, “Targeted test input generation using symbolic-concrete backward execution,” in Proc. 29th ACM/IEEE Int. Conf. Autom. Softw. Eng., 2014, pp. 31–36.

Digital Library

Google Scholar

[35]

M. Böhme, B. C. D. S. Oliveira, and A. Roychoudhury, “Partition-based regression verification,” in Proc. Int. Conf. Softw. Eng., 2013, pp. 302–311.

Digital Library

Google Scholar

[36]

D. Felsing, S. Grebing, V. Klebanov, P. Rümmer, and M. Ulbrich, “Automating regression verification,” in Proc. 29th ACM/IEEE Int. Conf. Autom. Softw. Eng., 2014, pp. 349–360.

Digital Library

Google Scholar

[37]

D. Qi, A. Roychoudhury, Z. Liang, and K. Vaswani, “DARWIN: An approach to debugging evolving programs,” ACM Trans. Softw. Eng. Methodol., vol. Volume 21, no. Issue 3, pp. 19:1–19:29, 2012.

Digital Library

Google Scholar

[38]

B. Daniel, T. Gvero, and D. Marinov, “On test repair using symbolic execution,” in Proc. 19th Int. Symp. Softw. Testing Anal., 2010, pp. 207–218.

Digital Library

Google Scholar

[39]

S. Artzi, J. Dolby, F. Tip, and M. Pistoia, “Directed test generation for effective fault localization,” in Proc. 19th Int. Symp. Softw. Testing Anal., 2010, pp. 49–60.

Digital Library

Google Scholar

[40]

C. Csallner, N. Tillmann, and Y. Smaragdakis, “DySy: Dynamic symbolic execution for invariant inference,” in Proc. 30th Int. Conf. Softw. Eng., 2008, pp. 281–290.

Digital Library

Google Scholar

[41]

L. Zhang, G. Yang, N. Rungta, S. Person, and S. Khurshid, “Feedback-driven dynamic invariant discovery,” in Proc. Int. Symp. Softw. Testing Anal., 2014, pp. 362–372.

Digital Library

Google Scholar

[42]

A. Banerjee, A. Roychoudhury, J. A. Harlie, and Z. Liang, “Golden implementation driven software debugging,” in Proc. 18th ACM SIGSOFT Int. Symp. Found. Softw. Eng., 2010, pp. 177–186.

Digital Library

Google Scholar

[43]

Q. Yi, Z. Yang, J. Liu, C. Zhao, and C. Wang, “A synergistic analysis method for explaining failed regression tests,” in Proc. 37th Int. Conf. Softw. Eng., 2015, pp. 257–267.

Digital Library

Google Scholar

[44]

Y. Zhang, Z. Clien, J. Wang, W. Dong, and Z. Liu, “Regular property guided dynamic symbolic execution,” in Proc. 37th Int. Conf. Softw. Eng., 2015, pp. 643–653.

Digital Library

Google Scholar

[45]

P. Braione, G. Denaro, and M. Pezzè, “Symbolic execution of programs with heap inputs,” in Proc. 10th Joint Meeting Found. Softw. Eng., 2015, pp. 602–613.

Digital Library

Google Scholar

[46]

X. Ge, K. Taneja, T. Xie, and N. Tillmann, “DyTa: Dynamic symbolic execution guided with static verification results,” in Proc. 33rd Int. Conf. Softw. Eng., 2011, pp. 992–994.

Digital Library

Google Scholar

[47]

M. Li, Y. Chen, L. Wang, and G. Xu, “Dynamically validating static memory leak warnings,” in Proc. Int. Symp. Softw. Testing Anal., 2013, pp. 112–122.

Digital Library

Google Scholar

[48]

M. D. Ernst, “The Daikon system for dynamic detection of likely invariants,” Sci. Comput. Programm., vol. Volume 69, no. Issue 1, pp. 35–45, 2007.

Digital Library

Google Scholar

[49]

T. Gyimóthy, A. Beszédes, and I. Forgács, “An efficient relevant slicing method for debugging,” in Proc. 7th Eur. Softw. Eng. Conf. Held Jointly 7th ACM SIGSOFT Int. Symp. Found. Softw. Eng., 1999, pp. 303–321.

Digital Library

Google Scholar

[50]

V. P. Ranganath, T. Amtoft, A. Banerjee, J. Hatcliff, and M. B. Dwyer, “A new foundation for control dependence and slicing for modern program structures,” ACM Trans. Program. Lang. Syst., vol. Volume 29, no. Issue 5, 2007, Art. no. 27.

Digital Library

Google Scholar

[51]

N. Rungta, S. Person, and J. Branchaud, “A change impact analysis to characterize evolving program behaviors,” in Proc. 28th IEEE Int. Conf. Softw. Maintenance, 2012, pp. 109–118.

Digital Library

Google Scholar

[52]

J.-F. Collard and M. Griebl, “A precise fixpoint reaching definition analysis for arrays,” in Proc. 12th Int. Workshop Lang. Compilers Parallel Comput., 2000, pp. 286–302.

Digital Library

Google Scholar

[53]

T. Reps, S. Horwitz, and M. Sagiv, “Precise interprocedural dataflow analysis via graph reachability,” in Proc. 22nd ACM SIGPLAN-SIGACT Symp. Princ. Programm. Lang., 1995, pp. 49–61.

Digital Library

Google Scholar

[54]

R. Vallée-Rai, P. Co, E. Gagnon, L. Hendren, P. Lam, and V. Sundaresan, “Soot—A Java bytecode optimization framework,” in Proc. Conf. Centre Adv. Studies Collaborat. Res., 1999, Art. no. 13.

Digital Library

Google Scholar

[55]

R. Santelices and M. J. Harrold, “Demand-driven propagation-based strategies for testing changes,” Softw. Testing Verif. Reliab., vol. Volume 23, no. Issue 6, pp. 499–528, 2013.

Google Scholar

[56]

2014. {Online}. Available: http://commons.apache.org/proper/commons-cli/usage.html

Google Scholar

[57]

L. De Moura andN. Bjørner, “Z3: An efficient SMT solver,” in Proc. Theory Practice Softw. 14th Int. Conf. Tools Algorithms Constr. Anal. Syst., 2008, pp. 337–340.

Digital Library

Google Scholar

[58]

A. Arcuri and L. Briand, “A Hitchhiker's guide to statistical tests for assessing randomized algorithms in software engineering,” Softw. Verif. Reliab., vol. Volume 24, no. Issue 3, pp. 219–250, 2014.

Digital Library

Google Scholar

[59]

P. Godefroid, M. Y. Levin, D. A. Molnar, “Automated whitebox fuzz testing,” in Proc. Netw. Distrib. Syst. Secur. Symp., vol. Volume 8, 2008, pp. 151–166.

Google Scholar

[60]

R. Santelices, P. K. Chittimalli, T. Apiwattanapong, A. Orso, and M. J. Harrold, “Test-suite augmentation for evolving software,” in Proc. 23rd IEEE/ACM Int. Conf. Autom. Softwa. Eng., 2008, pp. 218–227.

Digital Library

Google Scholar

[61]

Q. Yi, Z. Yang, S. Guo, C. Wang, J. Liu, and C. Zhao, “Postconditioned symbolic execution,” in Proc. 8th IEEE Int. Conf. Softw. Testing Verif. Validation, 2015, pp. 1–10.

Crossref

Google Scholar

[62]

Y.-S. Ma, J. Offutt, and Y. R. Kwon, “MuJava: An automated class mutation system,” Softw. Testing Verif. Reliab., vol. Volume 15, no. Issue 2, pp. 97–133, 2005.

Digital Library

Google Scholar

[63]

J. H. Andrews, L. C. Briand, and Y. Labiche, “Is mutation an appropriate tool for testing experiments?” in Proc. 27th Int. Conf. Softw. Eng., 2005, pp. 402–411.

Digital Library

Google Scholar

[64]

J. M. Voas, “PIE: A dynamic failure-based technique,” IEEE Trans. Softw. Eng., vol. Volume 18, no. Issue 8, pp. 717–727, 1992.

Digital Library

Google Scholar

[65]

M. E. Delamaro, J. Offutt, and P. Ammann, “Designing deletion mutation operators,” in Proc. IEEE 7th Int. Conf. Softw. Testing Verif. Validation, 2014, pp. 11–20.

Digital Library

Google Scholar

Cited By

View all

Yi QYu YYang G(2024)Compatible Branch Coverage Driven Symbolic Execution for Efficient Bug FindingProceedings of the ACM on Programming Languages10.1145/36564438:PLDI(1633-1655)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656443
Sun YYang GLv SLi ZSun LRoychoudhury APaiva AAbreu RStorey M(2024)Concrete Constraint Guided Symbolic ExecutionProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3639078(1-12)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3639078
Nguyen Tung LBinh Duong NLe KHung P(2024)Automated test data generation and stubbing method for C/C++ embedded projectsAutomated Software Engineering10.1007/s10515-024-00449-631:2Online publication date: 1-Nov-2024
https://dl.acm.org/doi/10.1007/s10515-024-00449-6
Show More Cited By

Index Terms

Dependence Guided Symbolic Execution

Recommendations

Concrete Constraint Guided Symbolic Execution
ICSE '24: Proceedings of the IEEE/ACM 46th International Conference on Software Engineering

Symbolic execution is a popular program analysis technique. It systematically explores all feasible paths of a program but its scalability is largely limited by the path explosion problem, which causes the number of paths proliferates at runtime. A key ...
Verifying systems rules using rule-directed symbolic execution
ASPLOS '13

Systems code must obey many rules, such as "opened files must be closed." One approach to verifying rules is static analysis, but this technique cannot infer precise runtime effects of code, often emitting many false positives. An alternative is ...
Veritesting Challenges in Symbolic Execution of Java

Scaling symbolic execution to industrial-sized programs is an important open research problem. Veritesting is a promising technique that improves scalability by combining the advantages of static symbolic execution with those of dynamic symbolic ...

Reviews

Reviewer: Massimiliano Masi

To make the developer's life easier, many tools have been created for analyzing source code. Such analysis can be used, for example, to detect bugs, to check the coverage of a set of tests, or even to generalize testing by using symbolic variables in execution. This latter point, symbolic execution, explores all the paths of a given code snippet and generates the test inputs. Symbolic execution is a technique that helps evaluate whether certain formulas and properties defined in the code are satisfiable; for example, is this code reachable Such properties are usually given using logics. However, programs are complex. The practical usage of symbolic execution is jeopardized by the problem of path explosion, that is, "the number of explored paths usually grows exponentially with the increase of program size." Even a program of medium size (around 4,000 lines of code) becomes very hard to handle. The authors' intuition is that some paths are not necessarily useful to be explored, since their behavior can be assimilated by other paths, effectively creating a path dependency. Their approach is to exploit such dependencies to "guide path exploration so that the redundant paths can be predicted and eliminated." The authors also prove that their approach has the same fault detection capabilities as traditional symbolic execution techniques, assuming a code style is defined. The paper contains a very useful part on related works, which readers who are less familiar with the technique may use to get further links to research papers and tools. The authors provide the source code of the experiments and their implementation has been executed with a suite, widely used as input for software testing and fault localization tasks. Online Computing Reviews Service

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Information & Contributors

Information

Published In

cover image IEEE Transactions on Software Engineering

IEEE Transactions on Software Engineering Volume 43, Issue 3

March 2017

93 pages

ISSN:0098-5589

Issue’s Table of Contents

Publisher

IEEE Press

Publication History

Published: 01 March 2017

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

15
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 11 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Yi QYu YYang G(2024)Compatible Branch Coverage Driven Symbolic Execution for Efficient Bug FindingProceedings of the ACM on Programming Languages10.1145/36564438:PLDI(1633-1655)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656443
Sun YYang GLv SLi ZSun LRoychoudhury APaiva AAbreu RStorey M(2024)Concrete Constraint Guided Symbolic ExecutionProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3639078(1-12)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3639078
Nguyen Tung LBinh Duong NLe KHung P(2024)Automated test data generation and stubbing method for C/C++ embedded projectsAutomated Software Engineering10.1007/s10515-024-00449-631:2Online publication date: 1-Nov-2024
https://dl.acm.org/doi/10.1007/s10515-024-00449-6
Jin WZhong DCai YKazman RLiu T(2023)Evaluating the Impact of Possible Dependencies on Architecture-Level MaintainabilityIEEE Transactions on Software Engineering10.1109/TSE.2022.317128849:3(1064-1085)Online publication date: 1-Mar-2023
https://dl.acm.org/doi/10.1109/TSE.2022.3171288
Mi XRawat SGiuffrida CBos HBilge LDumitras T(2021)LeanSym: Efficient Hybrid Fuzzing Through Conservative Constraint DebloatingProceedings of the 24th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3471621.3471852(62-77)Online publication date: 6-Oct-2021
https://dl.acm.org/doi/10.1145/3471621.3471852
Chalupa MStrejček J(2021)Backward Symbolic Execution with Loop FoldingStatic Analysis10.1007/978-3-030-88806-0_3(49-76)Online publication date: 17-Oct-2021
https://dl.acm.org/doi/10.1007/978-3-030-88806-0_3
Wen CWang HLi YQin SLiu YXu ZChen HXie XPu GLiu TRothermel GBae D(2020)MemLockProceedings of the ACM/IEEE 42nd International Conference on Software Engineering10.1145/3377811.3380396(765-777)Online publication date: 27-Jun-2020
https://dl.acm.org/doi/10.1145/3377811.3380396
Wang HXie XLi YWen CLi YLiu YQin SChen HSui YRothermel GBae D(2020)Typestate-guided fuzzer for discovering use-after-free vulnerabilitiesProceedings of the ACM/IEEE 42nd International Conference on Software Engineering10.1145/3377811.3380386(999-1010)Online publication date: 27-Jun-2020
https://dl.acm.org/doi/10.1145/3377811.3380386
Sharma VHussein SWhalen MMcCamant SVisser WDevanbu PCohen MZimmermann T(2020)Java Ranger: statically summarizing regions for efficient symbolic execution of JavaProceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3368089.3409734(123-134)Online publication date: 8-Nov-2020
https://dl.acm.org/doi/10.1145/3368089.3409734
Wang HXie XLin SLin YLi YQin SLiu YLiu TDumas MPfahl DApel SRusso A(2019)Locating vulnerabilities in binaries via memory layout recoveringProceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3338906.3338966(718-728)Online publication date: 12-Aug-2019
https://dl.acm.org/doi/10.1145/3338906.3338966
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

References

Cited By

Index Terms

Recommendations

Concrete Constraint Guided Symbolic Execution

Verifying systems rules using rule-directed symbolic execution

Veritesting Challenges in Symbolic Execution of Java

Reviews

Access critical reviews of Computing literature here

Comments

Information

Published In

Publisher

Publication History

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Get Access

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations