Control flow analysis in scheme
PLDI '88 Proceedings of the ACM SIGPLAN 1988 conference on Programming Language design and Implementation
Data flow analysis is model checking of abstract interpretations
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Program analysis via graph reachability
ILPS '97 Proceedings of the 1997 international symposium on Logic programming
Using static single assignment form to improve flow-insensitive pointer analysis
PLDI '98 Proceedings of the ACM SIGPLAN 1998 conference on Programming language design and implementation
Symbolic execution and program testing
Communications of the ACM
Tool-supported program abstraction for finite-state verification
ICSE '01 Proceedings of the 23rd International Conference on Software Engineering
Soot - a Java bytecode optimization framework
CASCON '99 Proceedings of the 1999 conference of the Centre for Advanced Studies on Collaborative research
Cloning-based context-sensitive pointer alias analysis using binary decision diagrams
Proceedings of the ACM SIGPLAN 2004 conference on Programming language design and implementation
CUTE: a concolic unit testing engine for C
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Generalizing symbolic execution to library classes
PASTE '05 Proceedings of the 6th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Weighted pushdown systems and their application to interprocedural dataflow analysis
Science of Computer Programming - Special issue: Static analysis symposium (SAS 2003)
Bogor/Kiasan: A k-bounded Symbolic Execution for Checking Strong Heap Properties of Open Systems
ASE '06 Proceedings of the 21st IEEE/ACM International Conference on Automated Software Engineering
EXE: automatically generating inputs of death
Proceedings of the 13th ACM conference on Computer and communications security
Finding security vulnerabilities in java applications with static analysis
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
XRT-- Exploring Runtime for .NET Architecture and Applications
Electronic Notes in Theoretical Computer Science (ENTCS)
Precise analysis of string expressions
SAS'03 Proceedings of the 10th international conference on Static analysis
Type-dependence analysis and program transformation for symbolic execution
TACAS'07 Proceedings of the 13th international conference on Tools and algorithms for the construction and analysis of systems
JPF-SE: a symbolic execution extension to Java PathFinder
TACAS'07 Proceedings of the 13th international conference on Tools and algorithms for the construction and analysis of systems
Generalized symbolic execution for model checking and testing
TACAS'03 Proceedings of the 9th international conference on Tools and algorithms for the construction and analysis of systems
Program analysis using weighted pushdown systems
FSTTCS'07 Proceedings of the 27th international conference on Foundations of software technology and theoretical computer science
Heap cloning: Enabling dynamic symbolic execution of java programs
ASE '11 Proceedings of the 2011 26th IEEE/ACM International Conference on Automated Software Engineering
Hi-index | 0.00 |
Symbolic execution is a flexible and powerful, but computationally expensive technique to detect dynamic behaviors of a program. In this paper, we present a context-sensitive relevancy analysis algorithm based on weighted pushdown model checking, which pinpoints memory locations in the program where symbolic values can flow into. This information is then utilized by a code instrumenter to transform only relevant parts of the program with symbolic constructs, to help improve the efficiency of symbolic execution of Java programs. Our technique is evaluated on a generalized symbolic execution engine that is developed upon Java Path Finder with checking safety properties of Java applications. Our experiments indicate that this technique can effectively improve the performance of the symbolic execution engine with respect to the approach that blindly instruments the whole program.