Context-Sensitive Relevancy Analysis for Efficient Symbolic Execution

Authors:
Xin Li;Daryl Shannon;Indradeep Ghosh;Mizuhito Ogawa;Sreeranga P. Rajan;Sarfraz Khurshid
Affiliations:
School of Information Science, Japan Advanced Institute of Science and Technology, Nomi, Japan;Department of Electrical and Computer Engineering, University of Texas at Austin, Austin, USA;Trusted Systems Innovation Group, Fujitsu laboratory of America, Sunnyvale, USA;School of Information Science, Japan Advanced Institute of Science and Technology, Nomi, Japan;Trusted Systems Innovation Group, Fujitsu laboratory of America, Sunnyvale, USA;Department of Electrical and Computer Engineering, University of Texas at Austin, Austin, USA
Venue:
APLAS '08 Proceedings of the 6th Asian Symposium on Programming Languages and Systems
Year:
2008

Citing 20
Cited 1

Control flow analysis in scheme

PLDI '88 Proceedings of the ACM SIGPLAN 1988 conference on Programming Language design and Implementation
Data flow analysis is model checking of abstract interpretations

POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Program analysis via graph reachability

ILPS '97 Proceedings of the 1997 international symposium on Logic programming
Using static single assignment form to improve flow-insensitive pointer analysis

PLDI '98 Proceedings of the ACM SIGPLAN 1998 conference on Programming language design and implementation
Symbolic execution and program testing

Communications of the ACM
Tool-supported program abstraction for finite-state verification

ICSE '01 Proceedings of the 23rd International Conference on Software Engineering
Soot - a Java bytecode optimization framework

CASCON '99 Proceedings of the 1999 conference of the Centre for Advanced Studies on Collaborative research
Cloning-based context-sensitive pointer alias analysis using binary decision diagrams

Proceedings of the ACM SIGPLAN 2004 conference on Programming language design and implementation
CUTE: a concolic unit testing engine for C

Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Generalizing symbolic execution to library classes

PASTE '05 Proceedings of the 6th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Weighted pushdown systems and their application to interprocedural dataflow analysis

Science of Computer Programming - Special issue: Static analysis symposium (SAS 2003)
Bogor/Kiasan: A k-bounded Symbolic Execution for Checking Strong Heap Properties of Open Systems

ASE '06 Proceedings of the 21st IEEE/ACM International Conference on Automated Software Engineering
EXE: automatically generating inputs of death

Proceedings of the 13th ACM conference on Computer and communications security
Finding security vulnerabilities in java applications with static analysis

SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
XRT-- Exploring Runtime for .NET Architecture and Applications

Electronic Notes in Theoretical Computer Science (ENTCS)
Precise analysis of string expressions

SAS'03 Proceedings of the 10th international conference on Static analysis
Type-dependence analysis and program transformation for symbolic execution

TACAS'07 Proceedings of the 13th international conference on Tools and algorithms for the construction and analysis of systems
JPF-SE: a symbolic execution extension to Java PathFinder

TACAS'07 Proceedings of the 13th international conference on Tools and algorithms for the construction and analysis of systems
Generalized symbolic execution for model checking and testing

TACAS'03 Proceedings of the 9th international conference on Tools and algorithms for the construction and analysis of systems
Program analysis using weighted pushdown systems

FSTTCS'07 Proceedings of the 27th international conference on Foundations of software technology and theoretical computer science

Heap cloning: Enabling dynamic symbolic execution of java programs

ASE '11 Proceedings of the 2011 26th IEEE/ACM International Conference on Automated Software Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

Symbolic execution is a flexible and powerful, but computationally expensive technique to detect dynamic behaviors of a program. In this paper, we present a context-sensitive relevancy analysis algorithm based on weighted pushdown model checking, which pinpoints memory locations in the program where symbolic values can flow into. This information is then utilized by a code instrumenter to transform only relevant parts of the program with symbolic constructs, to help improve the efficiency of symbolic execution of Java programs. Our technique is evaluated on a generalized symbolic execution engine that is developed upon Java Path Finder with checking safety properties of Java applications. Our experiments indicate that this technique can effectively improve the performance of the symbolic execution engine with respect to the approach that blindly instruments the whole program.