Chopped symbolic execution
File(s)chopper-icse-18.pdf (661.28 KB)
Accepted version
Author(s)
Trabish, David
Mattavelli, Andrea
Rinetzky, Noam
Cadar, C
Type
Conference Paper
Abstract
Symbolic execution is a powerful program analysis technique that
systematically explores multiple program paths. However, despite
important technical advances, symbolic execution often struggles to
reach deep parts of the code due to the well-known path explosion
problem and constraint solving limitations.
In this paper, we propose
chopped symbolic execution
, a novel
form of symbolic execution that allows users to specify uninter-
esting parts of the code to exclude during the analysis, thus only
targeting the exploration to paths of importance. However, the
excluded parts are not summarily ignored, as this may lead to
both false positives and false negatives. Instead, they are executed
lazily, when their effect may be observable by code under anal-
ysis. Chopped symbolic execution leverages various on-demand
static analyses at runtime to automatically exclude code fragments
while resolving their side effects, thus avoiding expensive manual
annotations and imprecision.
Our preliminary results show that the approach can effectively
improve the effectiveness of symbolic execution in several different
scenarios, including failure reproduction and test suite augmenta-
tion.
systematically explores multiple program paths. However, despite
important technical advances, symbolic execution often struggles to
reach deep parts of the code due to the well-known path explosion
problem and constraint solving limitations.
In this paper, we propose
chopped symbolic execution
, a novel
form of symbolic execution that allows users to specify uninter-
esting parts of the code to exclude during the analysis, thus only
targeting the exploration to paths of importance. However, the
excluded parts are not summarily ignored, as this may lead to
both false positives and false negatives. Instead, they are executed
lazily, when their effect may be observable by code under anal-
ysis. Chopped symbolic execution leverages various on-demand
static analyses at runtime to automatically exclude code fragments
while resolving their side effects, thus avoiding expensive manual
annotations and imprecision.
Our preliminary results show that the approach can effectively
improve the effectiveness of symbolic execution in several different
scenarios, including failure reproduction and test suite augmenta-
tion.
Date Issued
2018-05-01
Date Acceptance
2017-12-13
Citation
2018, pp.350-360
Publisher
ACM
Start Page
350
End Page
360
Copyright Statement
© 2018 Copyright held by the owner/author(s). Publication rights licensed to the
Association for Computing Machinery.
Association for Computing Machinery.
Sponsor
Engineering & Physical Science Research Council (EPSRC)
Engineering & Physical Science Research Council (EPSRC)
Identifier
https://dl.acm.org/doi/10.1145/3180155.3180251
Grant Number
EP/L002795/1
EP/N007166/1
Source
ICSE '18: Proceedings of the 40th International Conference on Software Engineering
Subjects
Science & Technology
Technology
Computer Science, Software Engineering
Computer Science
Symbolic execution
Static analysis
Program slicing
Publication Status
Published
Start Date
2018-05-27
Finish Date
2018-06-03
Coverage Spatial
Gothenburg, Sweden
Date Publish Online
2018-05-01