Efficient and formal generalized symbolic execution

被引：9

作者：

Deng, Xianghua ^{[1
]}

Lee, Jooyong ^{[2
]}

Robby ^{[3
]}

机构：

[1] Penn State Univ Harrisburg, Middletown, PA 17057 USA

[2] Korea Univ, Seoul, South Korea

[3] Kansas State Univ, Manhattan, KS 66506 USA

来源：

AUTOMATED SOFTWARE ENGINEERING | 2012年 / 19卷 / 03期

基金：

美国国家科学基金会; 新加坡国家研究基金会;

关键词：

Symbolic execution; Operational semantics; JVM; Soundness; Completeness; MODEL CHECKING; VERIFICATION;

D O I：

10.1007/s10515-011-0089-9

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

Programs that manipulate dynamic heap objects are difficult to analyze due to issues like aliasing. Lazy initialization algorithm enables the classical symbolic execution to handle such programs. Despite its successes, there are two unresolved issues: (1) inefficiency; (2) lack of formal study. For the inefficiency issue, we have proposed two improved algorithms that give significant analysis time reduction over the original lazy initialization algorithm. In this article, we formalize the lazy initialization algorithm and the improved algorithms as operational semantics of a core subset of the Java Virtual Machine (JVM) instructions, and prove that all algorithms are relatively sound and complete with respect to the JVM concrete semantics. Finally, we conduct a set of extensive experiments that compare the three algorithms and demonstrate the efficiency of the improved algorithms.

引用

页码：233 / 301

页数：69

共 50 条

[21] Leveraging Abstract Interpretation for Efficient Dynamic Symbolic Execution
Alatawi, Eman
Sondergaard, Harald
Miller, Tim
[J]. PROCEEDINGS OF THE 2017 32ND IEEE/ACM INTERNATIONAL CONFERENCE ON AUTOMATED SOFTWARE ENGINEERING (ASE'17), 2017, : 619 - 624
[22] A Formal Model of a Large Memory that Supports Efficient Execution
Hunt, Warren A., Jr.
Kaufmann, Matt
[J]. PROCEEDINGS OF THE 12TH CONFERENCE ON FORMAL METHODS IN COMPUTER-AIDED DESIGN (FMCAD 2012), 2012, : 60 - 67
[23] TBFV-SE: Testing-Based Formal Verification with Symbolic Execution
Wang, Rong
Liu, Shaoying
[J]. 2018 IEEE INTERNATIONAL CONFERENCE ON SOFTWARE QUALITY, RELIABILITY AND SECURITY (QRS 2018), 2018, : 59 - 66
[24] Context-Sensitive Relevancy Analysis for Efficient Symbolic Execution
Li, Xin
Shannon, Daryl
Ghosh, Indradeep
Ogawa, Mizuhito
Rajan, Sreeranga P.
Khurshid, Sarfraz
[J]. PROGRAMMING LANGUAGES AND SYSTEMS, PROCEEDINGS, 2008, 5356 : 36 - +
[25] Efficient Data-Race Detection with Dynamic Symbolic Execution
Ibing, Andreas
[J]. PROCEEDINGS OF THE 2016 FEDERATED CONFERENCE ON COMPUTER SCIENCE AND INFORMATION SYSTEMS (FEDCSIS), 2016, 8 : 1719 - 1726
[26] Branch Sequence Coverage Criterion for Testing-Based Formal Verification with Symbolic Execution
Wang, Rong
Liu, Shaoying
[J]. 2019 COMPANION OF THE 19TH IEEE INTERNATIONAL CONFERENCE ON SOFTWARE QUALITY, RELIABILITY AND SECURITY (QRS-C 2019), 2019, : 205 - 212
[27] Symbolic Types for Lenient Symbolic Execution
Chang, Stephen
Knauth, Alex
Torlak, Emina
[J]. PROCEEDINGS OF THE ACM ON PROGRAMMING LANGUAGES-PACMPL, 2018, 2
[28] Neuro-Symbolic Execution: Augmenting Symbolic Execution with Neural Constraints
Shiqi, Shen
Shinde, Shweta
Ramesh, Soundarya
Roychoudhury, Abhik
Saxena, Prateek
[J]. 26TH ANNUAL NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM (NDSS 2019), 2019,
[29] LeakageVerif: Efficient and Scalable Formal Verification of Leakage in Symbolic Expressions
Meunier, Quentin L.
Pons, Etienne
Heydemann, Karine
[J]. IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 2023, 49 (06) : 3359 - 3375
[30] Hunting the Haunter - Efficient Relational Symbolic Execution for Spectre with Haunted RelSE
Daniel, Lesly-Ann
Bardin, Sebastien
Rezk, Tamara
[J]. 28TH ANNUAL NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM (NDSS 2021), 2021,

← 1 2 3 4 5 →