Dynamic Symbolic Execution with Interpolation Based Path Merging
نویسنده
چکیده
This paper presents a dynamic symbolic execution engine for automated bug detection in C code. It uses path merging based on interpolation with unsatisfiable cores to mitigate the exponential path explosion problem. Code coverage can be scaled by varying the interpolation. An algorithm for error and branch coverage is described. The implementation extends Eclipse CDT. It is evaluated on buffer overflow test cases from the Juliet test suite in terms of speed-up through merging, reduction of the number of analyzed program paths and proportion of merged paths. Keywords–Symbolic execution, interpolation, branch coverage, error coverage.
منابع مشابه
Scalable Path-Sensitive Program Analysis via Dynamic Programming
Path-sensitivity improves program analysis by excluding infeasible paths and avoiding the merging of paths into a single abstraction if they exhibit different behavior. The main challenge however is that path-sensitive analysis is not scalable. In this paper, we present a symbolic execution-based framework which uses dynamic programming (DP) in order to reuse analyses arising from symbolic exec...
متن کاملPrecise Cache Timing Analysis via Symbolic Simulation
Worst-Case Execution Time (WCET) is a reliable guarantee for the temporal correctness of hard real-time systems. In this paper, we propose a novel integrated method for WCET analysis where micro-architectural modeling – with emphasis on caches – and systematic path-sensitivity, are synergized. This would give us very high precision for WCET analysis, but at the same time, it is a huge challenge...
متن کاملA General Lattice Model for Merging Symbolic Execution Branches
Symbolic execution is a software analysis technique that has been used with success in the past years in program testing and verification. A main bottleneck of symbolic execution is the path explosion problem: the number of paths in a symbolic execution tree is exponential in the number of static branches of the executed program. Here we put forward an abstraction-based framework for state merg...
متن کاملLazy Symbolic Execution for Enhanced Learning
Symbolic execution with interpolation has emerged as a powerful technique for software verification. Its performance heavily relies heavily on the quality of the computed “interpolants”, formulas which succinctly describe a generalization of the symbolic states proved so far. Symbolic execution by default is eager, that is, execution along a symbolic path stops the moment when infeasibility is ...
متن کاملNATIONAL UNIVERSITY OF SINGAPORE School of Computing PH.D DEFENCE - PUBLIC SEMINAR
This thesis aims to address a number of program reasoning problems faced every day by programmers, using the technique of symbolic execution. Symbolic execution has the advantage of avoiding "infeasible" paths in the program (paths that cannot be exercised for any input), exploring which could provide spurious information about the program and mislead the programmer. However, as symbolic execut...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2016