research-article

Accelerating array constraints in symbolic execution

Authors:

David M. Perry,

Andrea Mattavelli,

Cristian CadarAuthors Info & Claims

ISSTA 2017: Proceedings of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis

Pages 68 - 78

https://doi.org/10.1145/3092703.3092728

Published: 10 July 2017 Publication History

Abstract

Despite significant recent advances, the effectiveness of symbolic execution is limited when used to test complex, real-world software. One of the main scalability challenges is related to constraint solving: large applications and long exploration paths lead to complex constraints, often involving big arrays indexed by symbolic expressions. In this paper, we propose a set of semantics-preserving transformations for array operations that take advantage of contextual information collected during symbolic execution. Our transformations lead to simpler encodings and hence better performance in constraint solving. The results we obtain are encouraging: we show, through an extensive experimental analysis, that our transformations help to significantly improve the performance of symbolic execution in the presence of arrays. We also show that our transformations enable the analysis of new code, which would be otherwise out of reach for symbolic execution.

References

[1]

A. Aquino, F. A. Bianchi, C. Meixian, G. Denaro, and M. Pezzè. Reusing constraint proofs in program analysis. In Proc. of the International Symposium on Software Testing and Analysis (ISSTA’15), July 2015.

Digital Library

[2]

Bandicoot. http://bandilab.org, May 2017.

[3]

R. E. Bryant, S. K. Lahiri, and S. A. Seshia. Modeling and verifying systems using a logic of counter arithmetic with lambda expressions and uninterpreted functions. In Proc. of the 14th International Conference on Computer-Aided Verification (CAV’02), July 2002.

Digital Library

[4]

Bzip2. http://www.bzip.org, May 2017.

[5]

C. Cadar. Targeted program transformations for symbolic execution. In Proc. of the joint meeting of the European Software Engineering Conference and the ACM Symposium on the Foundations of Software Engineering, New Ideas Track (ESEC/FSE NI’15), Aug.-Sept. 2015.

Digital Library

[6]

C. Cadar, D. Dunbar, and D. Engler. KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs. In Proc. of the 8th USENIX Symposium on Operating Systems Design and Implementation (OSDI’08), Dec. 2008.

Digital Library

[7]

C. Cadar, V. Ganesh, P. Pawlowski, D. Dill, and D. Engler. EXE: Automatically Generating Inputs of Death. In Proc. of the 13th ACM Conference on Computer and Communications Security (CCS’06), Oct.-Nov. 2006.

Digital Library

[8]

C. Cadar, P. Godefroid, S. Khurshid, C. Pasareanu, K. Sen, N. Tillmann, and W. Visser. Symbolic Execution for Software Testing in Practice—Preliminary Assessment. In Proc. of the 33rd International Conference on Software Engineering, Impact Track (ICSE Impact’11), May 2011.

Digital Library

[9]

C. Cadar and K. Sen. Symbolic Execution for Software Testing: Three Decades Later. Communications of the Association for Computing Machinery (CACM), 56(2):82–90, 2013.

Digital Library

[10]

V. Chipounov and G. Candea. Reverse engineering of binary device drivers with revnic. In Proc. of the 5th European Conference on Computer Systems (EuroSys’10), Apr. 2010.

Digital Library

[11]

CLOC - count lines of code. http://cloc.sourceforge.net/, May 2017.

[12]

L. De Moura and N. Bjørner. Satisfiability modulo theories: introduction and applications. Communications of the Association for Computing Machinery (CACM), 54(9):69–77, Sept. 2011.

Digital Library

[13]

S. Dong, O. Olivo, L. Zhang, and S. Khurshid. Studying the influence of standard compiler optimizations on symbolic execution. In Proc. of the 26th International Symposium on Software Reliability Engineering (ISSRE’15), Nov. 2015.

Digital Library

[14]

I. Erete and A. Orso. Optimizing constraint solving to better support symbolic execution. In Proc. of the Workshop on Constraints in Software Testing, Verification, and Analysis (CSTVA’11), Mar. 2011.

Digital Library

[15]

V. Ganesh and D. L. Dill. A decision procedure for bit-vectors and arrays. In Proc. of the 19th International Conference on Computer-Aided Verification (CAV’07), July 2007.

Digital Library

[16]

GNU BC. https://www.gnu.org/software/bc, May 2017.

[17]

GNU Binutils. https://www.gnu.org/software/binutils, May 2017.

[18]

GNU Coreutils. www.gnu.org/software/coreutils, May 2017.

[19]

P. Godefroid, N. Klarlund, and K. Sen. DART: Directed automated random testing. In Proc. of the Conference on Programing Language Design and Implementation (PLDI’05), June 2005.

Digital Library

[20]

X. Jia, C. Ghezzi, and S. Ying. Enhancing reuse of constraint solutions to improve symbolic execution. In Proc. of the International Symposium on Software Testing and Analysis (ISSTA’15), July 2015.

Digital Library

[21]

S. Khurshid, C. S. Pasareanu, and W. Visser. Generalized symbolic execution for model checking and testing. In Proc. of the 9th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS’03), Apr. 2003.

Digital Library

[22]

C. Lattner and V. Adve. LLVM: A compilation framework for lifelong program analysis & transformation. In Proc. of the 2nd International Symposium on Code Generation and Optimization (CGO’04), Mar. 2004.

Digital Library

[23]

T. Liu, M. Araújo, M. d’Amorim, and M. Taghdiri. A comparative study of incremental constraint solving approaches in symbolic execution. In Proc. of the Haifa Verification Conference (HVC’14), Nov. 2014.

[24]

H. D. T. Nguyen, D. Qi, A. Roychoudhury, and S. Chandra. SemFix: Program repair via semantic analysis. In Proc. of the 35th International Conference on Software Engineering (ICSE’13), May 2013.

Digital Library

[25]

H. Palikareva and C. Cadar. Multi-solver support in symbolic execution. In Proc. of the 25th International Conference on Computer-Aided Verification (CAV’13), July 2013.

[26]

K. Sen, D. Marinov, and G. Agha. CUTE: A concolic unit testing engine for C. In Proc. of the joint meeting of the European Software Engineering Conference and the ACM Symposium on the Foundations of Software Engineering (ESEC/FSE’05), Sept. 2005.

[27]

A. Stump, C. W. Barrett, D. L. Dill, and J. R. Levitt. A decision procedure for an extensional theory of arrays. In Proc. of the 16th IEEE Symposium on Logic in Computer Science (LICS’01), June 2001.

Digital Library

[28]

W. Visser, J. Geldenhuys, and M. B. Dwyer. Green: reducing, reusing and recycling constraints in program analysis. In Proc. of the ACM SIGSOFT Symposium on the Foundations of Software Engineering (FSE’12), Nov. 2012.

Digital Library

[29]

J. Wagner, V. Kuznetsov, and G. Candea. -Overify: Optimizing programs for fast verification. In Proc. of the 14th (HotOS’13), May 2012.

Digital Library

[30]

G. Yang, C. S. Păsăreanu, and S. Khurshid. Memoized symbolic execution. In Proc. of the International Symposium on Software Testing and Analysis (ISSTA’12), July 2012.

Digital Library

Cited By

Shuai ZChen ZMa KLiu KZhang YSun JWang J(2024)Partial Solution Based Constraint Solving Cache in Symbolic ExecutionProceedings of the ACM on Software Engineering10.1145/36608171:FSE(2493-2514)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3660817
Guo YYao PZhang CChristakis MPradel M(2024)Precise Compositional Buffer Overflow Detection via Heap DisjointnessProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3652110(63-75)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3652110
Jacquot VDonnet B(2024)Chaussette: A Symbolic Verification of Bitcoin ScriptsComputer Security. ESORICS 2023 International Workshops10.1007/978-3-031-54204-6_22(359-375)Online publication date: 1-Mar-2024
https://doi.org/10.1007/978-3-031-54204-6_22
Show More Cited By

Index Terms

Accelerating array constraints in symbolic execution
1. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Software defect analysis
        Software testing and debugging

Recommendations

Type and interval aware array constraint solving for symbolic execution
ISSTA 2021: Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis

Array constraints are prevalent in analyzing a program with symbolic execution. Solving array constraints is challenging due to the complexity of the precise encoding for arrays. In this work, we propose to synergize symbolic execution and array ...
User-defined backtracking criteria for symbolic execution

Symbolic execution is a path-sensitive program analysis technique that aids users with program verification. To avoid exploring infeasible paths, symbolic execution checks the prefix of a current path for feasibility by adding a branch constraint to the ...
Multiplex symbolic execution: exploring multiple paths by solving once
ASE '20: Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering

Path explosion and constraint solving are two challenges to symbolic execution's scalability. Symbolic execution explores the program's path space with a searching strategy and invokes the underlying constraint solver in a black-box manner to check the ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ISSTA 2017: Proceedings of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis

July 2017

447 pages

ISBN:9781450350761

DOI:10.1145/3092703

General Chair:
Tevfik Bultan
University of California at Santa Barbara, USA
,
Program Chair:
Koushik Sen
University of California at Berkeley, USA

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSOFT: ACM Special Interest Group on Software Engineering

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 10 July 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Badges

Artifacts Evaluated & Functional

Author Tags

Qualifiers

Research-article

Funding Sources

Engineering and Physical Sciences Research Council

Conference

ISSTA '17

Sponsor:

SIGSOFT

ISSTA '17: International Symposium on Software Testing and Analysis

July 10 - 14, 2017

CA, Santa Barbara, USA

Acceptance Rates

Overall Acceptance Rate 58 of 213 submissions, 27%

Upcoming Conference

ISSTA '25

Sponsor:
sigsoft

34th ACM SIGSOFT International Symposium on Software Testing and Analysis

June 25 - 28, 2025

Trondheim , Norway

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

31
Total Citations
View Citations
357
Total Downloads

Downloads (Last 12 months)35
Downloads (Last 6 weeks)0

Reflects downloads up to 22 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Shuai ZChen ZMa KLiu KZhang YSun JWang J(2024)Partial Solution Based Constraint Solving Cache in Symbolic ExecutionProceedings of the ACM on Software Engineering10.1145/36608171:FSE(2493-2514)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3660817
Guo YYao PZhang CChristakis MPradel M(2024)Precise Compositional Buffer Overflow Detection via Heap DisjointnessProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3652110(63-75)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3652110
Jacquot VDonnet B(2024)Chaussette: A Symbolic Verification of Bitcoin ScriptsComputer Security. ESORICS 2023 International Workshops10.1007/978-3-031-54204-6_22(359-375)Online publication date: 1-Mar-2024
https://doi.org/10.1007/978-3-031-54204-6_22
Wang CWang WYao PShi QZhou JXiao XZhang C(2023) Anchor: Fast and Precise Value-flow Analysis for Containers via Memory OrientationACM Transactions on Software Engineering and Methodology10.1145/356580032:3(1-39)Online publication date: 26-Apr-2023
https://dl.acm.org/doi/10.1145/3565800
Wang CFan GYao PPan FZhang CGrundy JPollock LPenta M(2023)Verifying Data Constraint Equivalence in FinTech SystemsProceedings of the 45th International Conference on Software Engineering10.1109/ICSE48619.2023.00117(1329-1341)Online publication date: 14-May-2023
https://dl.acm.org/doi/10.1109/ICSE48619.2023.00117
Shuai ZChen ZZhang YYu HWang J(2023)Unsatisfiable Core Based Constraint Solving Cache in Symbolic Execution2023 30th Asia-Pacific Software Engineering Conference (APSEC)10.1109/APSEC60848.2023.00098(661-662)Online publication date: 4-Dec-2023
https://doi.org/10.1109/APSEC60848.2023.00098
Chen ZZhang GChen ZShuai ZPan WZhang YWang J(2023)Adaptive solving strategy synthesis for symbolic executionJournal of Software: Evolution and Process10.1002/smr.2568Online publication date: 11-May-2023
https://doi.org/10.1002/smr.2568
Liu XYou WZhang ZZhang XRyu SSmaragdakis Y(2022)TensileFuzz: facilitating seed input generation in fuzzing via string constraint solvingProceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3533767.3534403(391-403)Online publication date: 18-Jul-2022
https://dl.acm.org/doi/10.1145/3533767.3534403
Cha SLee MLee SOh HDwyer MDamian DZeller A(2022)SymTunerProceedings of the 44th International Conference on Software Engineering10.1145/3510003.3510185(2068-2079)Online publication date: 21-May-2022
https://dl.acm.org/doi/10.1145/3510003.3510185
Cha SHong SBak JKim JLee JOh H(2022)Enhancing Dynamic Symbolic Execution by Automatically Learning Search HeuristicsIEEE Transactions on Software Engineering10.1109/TSE.2021.310187048:9(3640-3663)Online publication date: 1-Sep-2022
https://doi.org/10.1109/TSE.2021.3101870
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents