A General Lattice Model for Merging Symbolic Execution Branches

被引：8

作者：

Scheurer, Dominic ^{[1
]}

Haehnle, Reiner ^{[1
]}

Bubel, Richard ^{[1
]}

机构：

[1] Tech Univ Darmstadt, Dept Comp Sci, Darmstadt, Germany

来源：

FORMAL METHODS AND SOFTWARE ENGINEERING, ICFEM 2016 | 2016年 / 10009卷

关键词：

D O I：

10.1007/978-3-319-47846-3_5

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

Symbolic execution is a software analysis technique that has been used with success in the past years in program testing and verification. A main bottleneck of symbolic execution is the path explosion problem: the number of paths in a symbolic execution tree is exponential in the number of static branches of the executed program. Here we put forward an abstraction-based framework for state merging in symbolic execution. We show that it subsumes existing approaches and prove soundness. The method was implemented in the verification system KeY. Our empirical evaluation shows that reductions in proof size of up to 80% are possible by state merging when applied to complex verification problems; new proofs become feasible that were out of reach so far.

引用

页码：57 / 73

页数：17

共 50 条

[1] Efficient State Merging in Symbolic Execution
Kuznetsov, Volodymyr
Kinder, Johannes
Bucur, Stefan
Candea, George
[J]. ACM SIGPLAN NOTICES, 2012, 47 (06) : 193 - 204
[2] State Merging with Quantifiers in Symbolic Execution
Trabish, David
Rinetzky, Noam
Shoham, Sharon
Sharma, Vaibhav
[J]. PROCEEDINGS OF THE 31ST ACM JOINT MEETING EUROPEAN SOFTWARE ENGINEERING CONFERENCE AND SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING, ESEC/FSE 2023, 2023, : 1140 - 1152
[3] A Memory Model for Symbolic Execution
Dai Ziying
Mao Xiaoguang
Ma Xiaodong
Wang Rui
[J]. 2009 INTERNATIONAL FORUM ON COMPUTER SCIENCE-TECHNOLOGY AND APPLICATIONS, VOL 1, PROCEEDINGS, 2009, : 20 - 24
[4] A Bounded Symbolic-Size Model for Symbolic Execution
Trabish, David
Itzhaky, Shachar
Rinetzky, Noam
[J]. PROCEEDINGS OF THE 29TH ACM JOINT MEETING ON EUROPEAN SOFTWARE ENGINEERING CONFERENCE AND SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING (ESEC/FSE '21), 2021, : 1190 - 1201
[5] Symbolic execution and model checking for testing
Pasareanu, Corina S.
Visser, Willem
[J]. HARDWARE AND SOFTWARE: VERIFICATION AND TESTING, 2008, 4899 : 17 - +
[6] A Segmented Memory Model for Symbolic Execution
Kapus, Timotej
Cadar, Cristian
[J]. ESEC/FSE'2019: PROCEEDINGS OF THE 2019 27TH ACM JOINT MEETING ON EUROPEAN SOFTWARE ENGINEERING CONFERENCE AND SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING, 2019, : 774 - 784
[7] Generalized symbolic execution for model checking and testing
Khurshid, S
Pasareanu, CS
Visser, W
[J]. TOOLS AND ALGORITHMS FOR THE CONSTRUCTION AND ANALYSIS OF SYSTEMS, PROCEEDINGS, 2003, 2619 : 553 - 568
[8] Symbolic PathFinder: integrating symbolic execution with model checking for Java bytecode analysis
Corina S. Păsăreanu
Willem Visser
David Bushnell
Jaco Geldenhuys
Peter Mehlitz
Neha Rungta
[J]. Automated Software Engineering, 2013, 20 : 391 - 425
[9] A Formal Model for Detecting Bugs by Symbolic Execution of Programs
Gerasimov, A. Yu.
Kuts, D. O.
Novikov, A. A.
[J]. PROGRAMMING AND COMPUTER SOFTWARE, 2020, 46 (08) : 731 - 736
[10] Deriving a State Model of a Control Program by Symbolic Execution
Praehofer, Herbert
Boehm, Thomas
Pichler, Josef
[J]. 2018 IEEE 16TH INTERNATIONAL CONFERENCE ON INDUSTRIAL INFORMATICS (INDIN), 2018, : 754 - 759

← 1 2 3 4 5 →