Concrete Constraint Guided Symbolic Execution
Symbolic execution is a popular program analysis technique. It systematically explores all feasible paths of a program but its scalability is largely limited by the path explosion problem, which causes the number of paths proliferates at runtime. A key idea in existing methods to mitigate this probl...
Gespeichert in:
| Veröffentlicht in: | Proceedings / International Conference on Software Engineering S. 1496 - 1507 |
|---|---|
| Hauptverfasser: | , , , , |
| Format: | Tagungsbericht |
| Sprache: | Englisch |
| Veröffentlicht: |
ACM
14.04.2024
|
| Schlagworte: | |
| ISSN: | 1558-1225 |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Abstract | Symbolic execution is a popular program analysis technique. It systematically explores all feasible paths of a program but its scalability is largely limited by the path explosion problem, which causes the number of paths proliferates at runtime. A key idea in existing methods to mitigate this problem is to guide the selection of states for path exploration, which primarily relies on the features to represent program states. In this paper, we propose concrete constraint guided symbolic execution, which aims to cover more concrete branches and ultimately improve the overall code coverage during symbolic execution. Our key insight is based on the fact that symbolic execution strives to cover all symbolic branches while concrete branches are neglected, and directing symbolic execution toward uncovered concrete branches has a great potential to improve the overall code coverage. The experimental results demonstrate that our approach can improve the ability of KLEE to both increase code coverage and find more security violations on 10 open-source C programs. |
|---|---|
| AbstractList | Symbolic execution is a popular program analysis technique. It systematically explores all feasible paths of a program but its scalability is largely limited by the path explosion problem, which causes the number of paths proliferates at runtime. A key idea in existing methods to mitigate this problem is to guide the selection of states for path exploration, which primarily relies on the features to represent program states. In this paper, we propose concrete constraint guided symbolic execution, which aims to cover more concrete branches and ultimately improve the overall code coverage during symbolic execution. Our key insight is based on the fact that symbolic execution strives to cover all symbolic branches while concrete branches are neglected, and directing symbolic execution toward uncovered concrete branches has a great potential to improve the overall code coverage. The experimental results demonstrate that our approach can improve the ability of KLEE to both increase code coverage and find more security violations on 10 open-source C programs. |
| Author | Sun, Limin Li, Zhi Sun, Yue Lv, Shichao Yang, Guowei |
| Author_xml | – sequence: 1 givenname: Yue surname: Sun fullname: Sun, Yue email: sunyue0205@iie.ac.cn organization: Institute of Information Engineering, CAS; School of Cyber Security, UCAS,China – sequence: 2 givenname: Guowei surname: Yang fullname: Yang, Guowei email: guowei.yang@uq.edu.au organization: The University of Queensland,Australia – sequence: 3 givenname: Shichao surname: Lv fullname: Lv, Shichao email: lvshichao@iie.ac.cn organization: Institute of Information Engineering, CAS; School of Cyber Security, UCAS,China – sequence: 4 givenname: Zhi surname: Li fullname: Li, Zhi email: lizhi@iie.ac.cn organization: Institute of Information Engineering, CAS; School of Cyber Security, UCAS,China – sequence: 5 givenname: Limin surname: Sun fullname: Sun, Limin email: sunlimin@iie.ac.cn organization: Institute of Information Engineering, CAS; School of Cyber Security, UCAS,China |
| BookMark | eNotjsFKw0AQQFdRsNacvXjID6Tuzuzs7B4l1FYoeGg9l81mCgttIkkK9u8t6Om90-M9qruu70SpZ6MXxlh6RQpMGhfoMGj2N6oIHLzVmjUYtrdqZoh8ZQDoQRXjmBtNFomdxZmq6r5Lg0xSXmWchpi7qVydcyttub2cmv6YU7n8kXSect89qftDPI5S_HOuvt6Xu3pdbT5XH_XbpoqA4CsRAmChhDaKhQAtJHNgIt0Y11qJnBIFcuI9Wm0NC6PG4EjIe9dqnKuXv24Wkf33kE9xuOzN9duDCfgLih5DZQ |
| CODEN | IEEPAD |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IH CBEJK ESBDL RIE RIO |
| DOI | 10.1145/3597503.3639078 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Proceedings Order Plan (POP) 1998-present by volume IEEE Xplore All Conference Proceedings IEEE Xplore Open Access Journals IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP) 1998-present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science |
| EISBN | 9798400702174 |
| EISSN | 1558-1225 |
| EndPage | 1507 |
| ExternalDocumentID | 10548219 |
| Genre | orig-research |
| GroupedDBID | -~X .4S .DC 29O 5VS 6IE 6IF 6IH 6IK 6IL 6IM 6IN 8US AAJGR AAWTH ABLEC ADZIZ ALMA_UNASSIGNED_HOLDINGS ARCSS AVWKF BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK CHZPO EDO ESBDL FEDTE I-F IEGSK IJVOP IPLJI M43 OCL RIE RIL RIO |
| ID | FETCH-LOGICAL-a2328-ee5227e5c34ae4292d2c1f7550b16d4ea7cc5956e88340417e7303965e5886d03 |
| IEDL.DBID | RIE |
| IngestDate | Wed Aug 27 02:33:26 EDT 2025 |
| IsDoiOpenAccess | true |
| IsOpenAccess | true |
| IsPeerReviewed | false |
| IsScholarly | true |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-a2328-ee5227e5c34ae4292d2c1f7550b16d4ea7cc5956e88340417e7303965e5886d03 |
| OpenAccessLink | https://ieeexplore.ieee.org/document/10548219 |
| PageCount | 12 |
| ParticipantIDs | ieee_primary_10548219 |
| PublicationCentury | 2000 |
| PublicationDate | 2024-April-14 |
| PublicationDateYYYYMMDD | 2024-04-14 |
| PublicationDate_xml | – month: 04 year: 2024 text: 2024-April-14 day: 14 |
| PublicationDecade | 2020 |
| PublicationTitle | Proceedings / International Conference on Software Engineering |
| PublicationTitleAbbrev | ICSE |
| PublicationYear | 2024 |
| Publisher | ACM |
| Publisher_xml | – name: ACM |
| SSID | ssib054357643 ssib055306466 ssj0006499 |
| Score | 2.2706523 |
| Snippet | Symbolic execution is a popular program analysis technique. It systematically explores all feasible paths of a program but its scalability is largely limited... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 1496 |
| SubjectTerms | Codes Data Dependency Analysis Data mining Explosions Runtime Scalability Security Symbolic Execution |
| Title | Concrete Constraint Guided Symbolic Execution |
| URI | https://ieeexplore.ieee.org/document/10548219 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV25TgMxELUgoqAKRxC3XNA6rNfn1ohAgaJIHEoX-ZiVUpCgsEHw94ydDaShoLMsF7bs8bzxeN4j5IrbQooakVtt6pKl1BnzPpRMRGfBFXV0-Wng5cEMh3Y8rkZtsXquhQGA_PkM-qmZc_lxHpbpqQwtHPF1mUg-t43Rq2Kt9eFR6PfNBrdUksPRMmGV9lrWiO1bbh8u1bVAJK0K0RfooosksrYhrpJ9y6D7z1ntkd5vlR4d_fiffbIFswPSXcs00NZqDwnD8YgNG6BJnTNrQjT0bjmNEOnj16tPzMD09hNCPoM98jy4fbq5Z61KAnOIhiwDQAhlQAUhHSTxqVgGXhuMPDzXUYIzISiMgsBaIQvJDaBRi0orUNbqWIgj0pnNZ3BMaApmoLI47wJk7aX3mnNXOVtLA6WLJ6SXlj95WxFhTNYrP_2j_4zslogBUvKFy3PSaRZLuCA74aOZvi8u8_Z9A0GBl4U |
| linkProvider | IEEE |
| linkToHtml | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1NTwMhECVGTfRUP2r8dg9et8ICC3s2rTXWponV9NawMCQ92Jq6NfrvHehWe_HgjRAOEBjmDcO8R8g101Rwj8jNK5-lIXWWlqXNUu6MBkO9M_Fp4KWn-n09GhWDulg91sIAQPx8Bq3QjLl8N7OL8FSGFo74Ogskn1tSiIwuy7VWx0ei51dr7FJBECcXAa3UF3OO6L5m92FC3nDE0pLyFkcnTYPM2pq8SvQuncY_57VHmr91esngxwPtkw2YHpDGSqghqe32kKQ4HtFhBUnQ54yqEFVyt5g4cMnT12sZuIGT9ifYeAqb5LnTHt5201onITWIh3QKgCBKgbRcGAjyUy6zzCuMPUqWOwFGWSsxDgKtuaCCKUCz5kUuQWqdO8qPyOZ0NoVjkoRwBgqN86YgfCnKMmfMFEZ7oSAz7oQ0w_LHb0sqjPFq5ad_9F-Rne7wsTfu3fcfzshuhoggpGKYOCeb1XwBF2TbflST9_ll3MpvWU6azA |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=Proceedings+%2F+International+Conference+on+Software+Engineering&rft.atitle=Concrete+Constraint+Guided+Symbolic+Execution&rft.au=Sun%2C+Yue&rft.au=Yang%2C+Guowei&rft.au=Lv%2C+Shichao&rft.au=Li%2C+Zhi&rft.date=2024-04-14&rft.pub=ACM&rft.eissn=1558-1225&rft.spage=1496&rft.epage=1507&rft_id=info:doi/10.1145%2F3597503.3639078&rft.externalDocID=10548219 |