Efficient Loop Navigation for Symbolic Execution

Obdržálek, Jan; Trtík, Marek

doi:10.1007/978-3-642-24372-1_34

Jan Obdržálek¹⁸ &
Marek Trtík¹⁸

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 6996))

Included in the following conference series:

International Symposium on Automated Technology for Verification and Analysis

1147 Accesses
8 Citations

Abstract

Symbolic execution is a successful technique used in software verification and testing. A key limitation of symbolic execution is in dealing with code containing loops. We introduce a technique which, given a start location above some loops and a target location anywhere below these loops, returns a feasible path between these two locations, if such a path exists. The technique infers a collection of constraint systems from the program and uses them to steer the symbolic execution towards the target. On reaching a loop it iteratively solves the appropriate constraint system to find out which path through this loop to take, or, alternatively, whether to continue below the loop. To construct the constraint systems we express the values of variables modified in a loop as functions of the number of times a given path through the loop was executed.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Anand, S., Godefroid, P., Tillmann, N.: Demand-driven compositional symbolic execution. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 367–381. Springer, Heidelberg (2008)
Chapter Google Scholar
Boonstoppel, P., Cadar, C., Engler, D.: RWset: Attacking path explosion in constraint-based test generation. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 351–366. Springer, Heidelberg (2008)
Chapter Google Scholar
Cadar, C., Dunbar, D., Engler, D.: KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs. In: OSDI 2008, pp. 209–224. USENIX Association (2008)
Google Scholar
Cousot, P., Halbwachs, N.: Automatic discovery of linear restraints among variables of a program. In: POPL 1978, pp. 84–96. ACM, New York (1978)
Google Scholar
Godefroid, P.: Compositional dynamic test generation. In: POPL 2007, pp. 47–54. ACM, New York (2007)
Google Scholar
Godefroid, P., Klarlund, N., Sen, K.: DART: directed automated random testing. In: PLDI 2005, pp. 213–223. ACM, New York (2005)
Google Scholar
Godefroid, P., Levin, M.Y., Molnar, D.A.: Automated whitebox fuzz testing. In: Network Distributed Security Symposium (NDSS), pp. 151–166 (2008)
Google Scholar
Godefroid, P., Nori, A.V., Rajamani, S.K., Tetali, S.D.: Compositional must program analysis: unleashing the power of alternation. In: POPL 2010, pp. 43–56. ACM, New York (2010)
Google Scholar
Gulavani, B.S., Henzinger, T.A., Kannan, Y., Nori, A.V., Rajamani, S.K.: SYNERGY: a new algorithm for property checking. In: SIGSOFT 2006/FSE-14, pp. 117–127. ACM, New York (2006)
Chapter Google Scholar
Gulwani, S., Srivastava, S., Venkatesan, R.: Program analysis as constraint solving. In: PLDI 2008, pp. 281–292. ACM, New York (2008)
Google Scholar
Karr, M.: Affine relationships among variables of a program. Acta Informatica 6, 133–151 (1976)
Article MathSciNet MATH Google Scholar
Nori, A.V., Rajamani, S.K., Tetali, S., Thakur, A.V.: The Yogi project: Software property checking via static analysis and testing. In: Kowalewski, S., Philippou, A. (eds.) TACAS 2009. LNCS, vol. 5505, pp. 178–181. Springer, Heidelberg (2009)
Chapter Google Scholar
Obdržálek, J., Trtík, M.: Efficient loop navigation for symbolic execution. arXiv:1107.1398v1 [cs.PL] (2011)
Google Scholar
Saxena, P., Poosankam, P., McCamant, S., Song, D.: Loop-extended symbolic execution on binary programs. In: ISSTA 2009, pp. 225–236. ACM, New York (2009)
Google Scholar
Sen, K., Marinov, D., Agha, G.: CUTE: a concolic unit testing engine for C. In: ESEC/FSE-13, pp. 263–272. ACM, New York (2005)
Chapter Google Scholar
Tillmann, N., de Halleux, J.: Pex – white box test generation for .NET. In: Beckert, B., Hähnle, R. (eds.) TAP 2008. LNCS, vol. 4966, pp. 134–153. Springer, Heidelberg (2008)
Chapter Google Scholar

Download references

Author information

Authors and Affiliations

Masaryk University, Brno, Czech Republic
Jan Obdržálek & Marek Trtík

Authors

Jan Obdržálek
View author publications
You can also search for this author in PubMed Google Scholar
Marek Trtík
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

University of California, Santa Barbara, CA, USA
Tevfik Bultan
Department of Computer Science and Information Engineering, National Chung Cheng University, 168 University Road, Min-Hsiung, 62102, Chiayi, Taiwan, ROC
Pao-Ann Hsiung

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Obdržálek, J., Trtík, M. (2011). Efficient Loop Navigation for Symbolic Execution. In: Bultan, T., Hsiung, PA. (eds) Automated Technology for Verification and Analysis. ATVA 2011. Lecture Notes in Computer Science, vol 6996. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-24372-1_34

Download citation

DOI: https://doi.org/10.1007/978-3-642-24372-1_34
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-24371-4
Online ISBN: 978-3-642-24372-1
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics