Abstract
Symbolic execution is a powerful program analysis technique that systematically explores multiple program paths. However, despite important technical advances, symbolic execution often struggles to reach deep parts of the code due to the well-known path explosion problem and constraint solving limitations. In this paper, we propose chopped symbolic execution, a novel form of symbolic execution that allows users to specify uninteresting parts of the code to exclude during the analysis, thus only targeting the exploration to paths of importance. However, the excluded parts are not summarily ignored, as this may lead to both false positives and false negatives. Instead, they are executed lazily, when their effect may be observable by code under analysis. Chopped symbolic execution leverages various on-demand static analyses at runtime to automatically exclude code fragments while resolving their side effects, thus avoiding expensive manual annotations and imprecision. Our preliminary results show that the approach can effectively improve the effectiveness of symbolic execution in several different scenarios, including failure reproduction and test suite augmentation.
Original language | English |
---|---|
Pages (from-to) | 350-360 |
Number of pages | 11 |
Journal | Proceedings - International Conference on Software Engineering |
Volume | 2018-January |
DOIs | |
State | Published - 2018 |
Event | 40th International Conference on Software Engineering, ICSE 2018 - Gothenburg, Sweden Duration: 27 May 2018 → 3 Jun 2018 |
Funding
Funders | Funder number |
---|---|
Blavat-nik Family Foundation | |
Engineering and Physical Sciences Research Council | EP/L002795/1, EP/N007166/1 |
Tel Aviv University | |
PAZY Foundation |
Keywords
- Program slicing
- Static analysis
- Symbolic execution