Constraints in dynamic symbolic execution: bitvectors or integers?
File(s)intbv-tap-19.pdf (439.14 KB)
Accepted version
Author(s)
Kapus, Timotej
Nowack, Martin
Cadar, Cristian
Type
Conference Paper
Abstract
Dynamic symbolic execution is a technique that analyses programs by gathering mathematical constraints along execution paths. To achieve bit-level precision, one must use the theory of bitvectors. However, other theories might achieve higher performance, justifying in some cases the possible loss of precision.
In this paper, we explore the impact of using the theory of integers on the precision and performance of dynamic symbolic execution of C programs. In particular, we compare an implementation of the symbolic executor KLEE using a partial solver based on the theory of integers, with a standard implementation of KLEE using a solver based on the theory of bitvectors, both employing the popular SMT solver Z3. To our surprise, our evaluation on a synthetic sort benchmark, the ECA set of Test-Comp 2019 benchmarks, and GNU Coreutils revealed that for most applications the integer solver did not lead to any loss of precision, but the overall performance difference was rarely significant.
In this paper, we explore the impact of using the theory of integers on the precision and performance of dynamic symbolic execution of C programs. In particular, we compare an implementation of the symbolic executor KLEE using a partial solver based on the theory of integers, with a standard implementation of KLEE using a solver based on the theory of bitvectors, both employing the popular SMT solver Z3. To our surprise, our evaluation on a synthetic sort benchmark, the ECA set of Test-Comp 2019 benchmarks, and GNU Coreutils revealed that for most applications the integer solver did not lead to any loss of precision, but the overall performance difference was rarely significant.
Date Issued
2019-09-23
Date Acceptance
2019-09-01
Citation
2019, pp.41-54
ISBN
9783030311568
ISSN
0302-9743
Publisher
Springer International Publishing
Start Page
41
End Page
54
Copyright Statement
© Springer Nature Switzerland AG 2019. The final publication is available at Springer via https://doi.org/10.1007/978-3-030-31157-5_3
Sponsor
Engineering & Physical Science Research Council (EPSRC)
Identifier
https://link.springer.com/chapter/10.1007%2F978-3-030-31157-5_3
Grant Number
EP/N007166/1
Source
International Conference on Tests and Proofs
Subjects
Artificial Intelligence & Image Processing
Publication Status
Published
Start Date
2019-09-01
Finish Date
2019-10-11
Coverage Spatial
Porto, Portugal
Date Publish Online
2019-09-23