Chopped Symbolic Execution

David Trabish, Andrea Mattavelli, Noam Rinetzky, Cristian Cadar

Research output: Contribution to journalConference articlepeer-review

68 Scopus citations

Abstract

Symbolic execution is a powerful program analysis technique that systematically explores multiple program paths. However, despite important technical advances, symbolic execution often struggles to reach deep parts of the code due to the well-known path explosion problem and constraint solving limitations. In this paper, we propose chopped symbolic execution, a novel form of symbolic execution that allows users to specify uninteresting parts of the code to exclude during the analysis, thus only targeting the exploration to paths of importance. However, the excluded parts are not summarily ignored, as this may lead to both false positives and false negatives. Instead, they are executed lazily, when their effect may be observable by code under analysis. Chopped symbolic execution leverages various on-demand static analyses at runtime to automatically exclude code fragments while resolving their side effects, thus avoiding expensive manual annotations and imprecision. Our preliminary results show that the approach can effectively improve the effectiveness of symbolic execution in several different scenarios, including failure reproduction and test suite augmentation.

Original languageEnglish
Pages (from-to)350-360
Number of pages11
JournalProceedings - International Conference on Software Engineering
Volume2018-January
DOIs
StatePublished - 2018
Event40th International Conference on Software Engineering, ICSE 2018 - Gothenburg, Sweden
Duration: 27 May 20183 Jun 2018

Funding

FundersFunder number
Blavat-nik Family Foundation
Engineering and Physical Sciences Research CouncilEP/L002795/1, EP/N007166/1
Tel Aviv University
PAZY Foundation

    Keywords

    • Program slicing
    • Static analysis
    • Symbolic execution

    Fingerprint

    Dive into the research topics of 'Chopped Symbolic Execution'. Together they form a unique fingerprint.

    Cite this