Multiplex Symbolic Execution: Exploring Multiple Paths by Solving Once

  title={Multiplex Symbolic Execution: Exploring Multiple Paths by Solving Once},
  author={Yufeng Zhang and Zhenbang Chen and Ziqi Shuai and Tian-qi Zhang and Kenqin Li and Ji Wang},
  journal={2020 35th IEEE/ACM International Conference on Automated Software Engineering (ASE)},
  • Yufeng Zhang, Zhenbang Chen, +3 authors Ji Wang
  • Published 1 September 2020
  • Computer Science
  • 2020 35th IEEE/ACM International Conference on Automated Software Engineering (ASE)
Path explosion and constraint solving are two challenges to symbolic execution's scalability. Symbolic execution explores the program's path space with a searching strategy and invokes the underlying constraint solver in a black-box manner to check the feasibility of a path. Inside the constraint solver, another searching procedure is employed to prove or disprove the feasibility. Hence, there exists the problem of double searchings in symbolic execution. In this paper, we propose to unify the… Expand
Learning to Explore Paths for Symbolic Execution
This work proposes a novel learning-based strategy, called Learch, able to effectively select promising states for symbolic execution to tackle the path explosion problem and evaluates Learch on a diverse set of programs, showing that Learch is practically effective. Expand
Efficient Multiplex Symbolic Execution with Adaptive Search Strategy
This work uses a light-weight check to reduce redundant partial solutions for avoiding the redundant executions having the same results and introduces online learning to devise an adaptive search strategy for the target programs. Expand
Synthesize solving strategy for symbolic execution
Novel synthesis algorithms that combine offline trained deep learning models and online tuning to synthesize a solving strategy for a program to fit the program's symbolic execution best are proposed. Expand
Type and interval aware array constraint solving for symbolic execution
This work proposes a lightweight method for pre-checking the unsatisfiability of array constraints based on integer linear programming and proposes type and interval aware axiom generation to synergize symbolic execution and array constraint solving. Expand


Speculative Symbolic Execution
This paper proposes a new fashion of symbolic execution, named Speculative Symbolic Execution (SSE), to speed up symbolic execution by reducing the invocation times of constraint solver and presents a key optimization technique that enhances SSE greatly. Expand
Steering symbolic execution to less traveled paths
A novel, unified strategy to guide symbolic execution to less explored parts of a program, using frequency distributions of explored length-n subpaths to prioritize "less traveled" parts of the program to improve test coverage and error detection. Expand
Directed Symbolic Execution
This paper proposes two new directed symbolic execution strategies that aim to solve the problem of automatically finding program executions that reach a particular target line, and proposes a hybrid strategy, Mix-CCBSE, which alternates CCBSE with another (forward) search strategy. Expand
Efficient state merging in symbolic execution
A way to automatically choose when and how to merge states such that the performance of symbolic execution is significantly increased and query count estimation, a method for statically estimating the impact that each symbolic variable has on solver queries that follow a potential merge point, is presented. Expand
Regular Property Guided Dynamic Symbolic Execution
This work proposes a novel method of dynamic symbolic execution (DSE) to automatically find a path of a program satisfying a regular property when exploring the path space, guided by the synergy of static analysis and dynamic analysis to find a target path as soon as possible. Expand
Towards Optimal Concolic Testing
A greedy algorithm is designed for approximating the optimal concolic testing strategy based on the probability of program paths and the cost of constraint solving and the results show that existing heuristics have much room to improve and the greedy algorithm often outperforms existingHeuristics. Expand
Symbolic execution and program testing
A particular system called EFFIGY which provides symbolic execution for program testing and debugging is described, which interpretively executes programs written in a simple PL/I style programming language. Expand
CUTE: a concolic unit testing engine for C
A method to represent and track constraints that capture the behavior of a symbolic execution of a unit with memory graphs as inputs is developed and an efficient constraint solver is proposed to facilitate incremental generation of such test inputs. Expand
Checking Properties Described by State Machines: On Synergy of Instrumentation, Slicing, and Symbolic Execution
A novel technique for checking properties described by finite state machines based on a synergy of three well-known methods: instrumentation, program slicing, and symbolic execution that can be applied as a stand-alone bug finding technique, or to weed out some false positives from an output of another bug-finding tool. Expand
Heuristics for Scalable Dynamic Test Generation
  • Jacob Burnim, Koushik Sen
  • Computer Science
  • 2008 23rd IEEE/ACM International Conference on Automated Software Engineering
  • 2008
Several heuristic search strategies are presented, including a novel strategy guided by the control flow graph of the program under test, which achieves significantly greater branch coverage on the same testing budget than concolic testing with a traditional depth-first search strategy. Expand