TY - JOUR
T1 - Chopped Symbolic Execution
AU - Trabish, David
AU - Mattavelli, Andrea
AU - Rinetzky, Noam
AU - Cadar, Cristian
N1 - Publisher Copyright:
© 2018 IEEE Computer Society. All rights reserved.
PY - 2018
Y1 - 2018
N2 - Symbolic execution is a powerful program analysis technique that systematically explores multiple program paths. However, despite important technical advances, symbolic execution often struggles to reach deep parts of the code due to the well-known path explosion problem and constraint solving limitations. In this paper, we propose chopped symbolic execution, a novel form of symbolic execution that allows users to specify uninteresting parts of the code to exclude during the analysis, thus only targeting the exploration to paths of importance. However, the excluded parts are not summarily ignored, as this may lead to both false positives and false negatives. Instead, they are executed lazily, when their effect may be observable by code under analysis. Chopped symbolic execution leverages various on-demand static analyses at runtime to automatically exclude code fragments while resolving their side effects, thus avoiding expensive manual annotations and imprecision. Our preliminary results show that the approach can effectively improve the effectiveness of symbolic execution in several different scenarios, including failure reproduction and test suite augmentation.
AB - Symbolic execution is a powerful program analysis technique that systematically explores multiple program paths. However, despite important technical advances, symbolic execution often struggles to reach deep parts of the code due to the well-known path explosion problem and constraint solving limitations. In this paper, we propose chopped symbolic execution, a novel form of symbolic execution that allows users to specify uninteresting parts of the code to exclude during the analysis, thus only targeting the exploration to paths of importance. However, the excluded parts are not summarily ignored, as this may lead to both false positives and false negatives. Instead, they are executed lazily, when their effect may be observable by code under analysis. Chopped symbolic execution leverages various on-demand static analyses at runtime to automatically exclude code fragments while resolving their side effects, thus avoiding expensive manual annotations and imprecision. Our preliminary results show that the approach can effectively improve the effectiveness of symbolic execution in several different scenarios, including failure reproduction and test suite augmentation.
KW - Program slicing
KW - Static analysis
KW - Symbolic execution
UR - http://www.scopus.com/inward/record.url?scp=85098275280&partnerID=8YFLogxK
U2 - 10.1145/3180155.3180251
DO - 10.1145/3180155.3180251
M3 - ???researchoutput.researchoutputtypes.contributiontojournal.conferencearticle???
AN - SCOPUS:85098275280
SN - 0270-5257
VL - 2018-January
SP - 350
EP - 360
JO - Proceedings - International Conference on Software Engineering
JF - Proceedings - International Conference on Software Engineering
T2 - 40th International Conference on Software Engineering, ICSE 2018
Y2 - 27 May 2018 through 3 June 2018
ER -