Abstract
Constraint solving is a major source of cost in Symbolic Execution (SE). This paper presents a study to assess the importance of some sensible options for solving constraints in SE. The main observation is that stack-based approaches to incremental solving is often much faster compared to cache-based approaches, which are more popular. Considering all 96 C programs from the KLEE benchmark that we analyzed, the median speedup obtained with a (non-optimized) stack-based approach was of 5x. Results suggest that tools should take advantage of incremental solving support from modern SMT solvers and researchers should look for ways to combine stack- and cache-based approaches to reduce execution cost even further. Instructions to reproduce results are available online: http://asa.iti.kit.edu/130_392.php
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Alt-Ergo webpage, http://alt-ergo.lri.fr/
Boolector webpage, http://fmv.jku.at/boolector/
CLOC webpage, http://cloc.sourceforge.net/
CVC4 webpage, http://cvc4.cs.nyu.edu/web/
KLEE webpage, http://klee.github.io/klee/
MathSAT5 webpage, http://mathsat.fbk.eu/
RUGRAT webpage, http://www.rugrat.ws/
STP webpage, https://sites.google.com/site/stpfastprover/
Yices webpage, http://yices.csl.sri.com/
Z3 webpage, http://z3.codeplex.com/
Audemard, G., Lagniez, J.-M., Simon, L.: Improving Glucose for Incremental SAT Solving with Assumptions: Application to MUS Extraction. In: Järvisalo, M., Van Gelder, A. (eds.) SAT 2013. LNCS, vol. 7962, pp. 309–317. Springer, Heidelberg (2013)
Bankovic, M.: Argosmtexpression: an smt-lib 2.0 compliant expression library. In: Workshop of the SAT (June 2012)
Borges, M., Filieri, A., d’Amorim, M., Păsăreanu, C.S., Visser, W.: Compositional solution space quantification for probabilistic software analysis. In: PLDI, pp. 123–132 (2014)
Boyer, R.S., Elspas, B., Levitt, K.N.: SELECT - A Formal System for Testing and Debugging Programs by Symbolic Execution. In: International Conference on Reliable Software, pp. 234–245 (1975)
Burnim, J., Sen, K.: Heuristics for scalable dynamic test generation. In: ASE 2008, pp. 443–446 (2008)
Cadar, C., Dunbar, D., Engler, D.: Klee: unassisted and automatic generation of high-coverage tests for complex systems programs. In: OSDI, pp. 209–224 (2008)
Cadar, C., Godefroid, P., Khurshid, S., Pasareanu, C.S., Sen, K., Tillmann, N., Visser, W.: Symbolic execution for software testing in practice: preliminary assessment. In: ICSE, pp. 1066–1071 (2011)
Clarke, L.A.: A Program Testing System. In: ACM Annual Conference, pp. 488–491 (1976)
Howden, W.E.: Symbolic Testing and the DISSECT Symbolic Evaluation System. IEEE TSE 3(4), 266–278 (1977)
Hussain, I., Csallner, C., Grechanik, M., Fu, C., Xie, Q., Park, S., Taneja, K., Hossain, B.M.M.: Evaluating program analysis and testing tools with the RUGRAT random benchmark application generator. In: WODA, pp. 1–6 (2012)
Jung webpage, http://jung.sourceforge.net/
King, J.C.: Symbolic execution and program testing. Communications of ACM 19(7), 385–394 (1976)
Li, Y., Albarghouthi, A., Kincaid, Z., Gurfinkel, A., Chechik, M.: Symbolic optimization with smt solvers. SIGPLAN Not. 49(1), 607–618 (2014)
Liu, T., Nagel, M., Taghdiri, M.: Bounded program verification using an smt solver: A case study. In: ICST, pp. 101–110 (2012)
Pasareanu, C.S., Visser, W.: A survey of new trends in symbolic execution for software testing and analysis. STTT 11(4), 339–353 (2009)
Păsăreanu, C.S., Rungta, N.: Symbolic PathFinder: symbolic execution of Java bytecode. In: ASE, pp. 179–180 (2010)
Ramamoorthy, C., Ho, S., Chert, W.: On the automated generation of program test data. IEEE TSE 2(4), 293–300 (1976)
Schwartz, E.J., Avgerinos, T., Brumley, D.: All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In: SP, pp. 317–331 (2010)
SMT-LIB webpage, http://www.smtlib.org/
Soot webpage, http://www.sable.mcgill.ca/soot/
Steiner, W.: An evaluation of smt-based schedule synthesis for time-triggered multi-hop networks. In: RTSS, pp. 375–384 (2010)
Tillmann, N., de Halleux, J.: Pex–white box test generation for.NET. In: Beckert, B., Hähnle, R. (eds.) TAP 2008. LNCS, vol. 4966, pp. 134–153. Springer, Heidelberg (2008)
Visser, W., Geldenhuys, J., Dwyer, M.B.: Green: Reducing, reusing and recycling constraints in program analysis. In: FSE, pp. 1–11 (2012)
Visser, W., Geldenhuys, J., Dwyer, M.B.: Green: Reducing, reusing and recycling constraints in program analysis. In: Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering, FSE 2012, pp. 58:1–58:11. ACM, New York (2012)
Yang, G., Khurshid, S., Pasareanu, C.S.: Memoise: A tool for memoized symbolic execution. In: ICSE, pp. 1343–1346 (May 2013)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Liu, T., Araújo, M., d’Amorim, M., Taghdiri, M. (2014). A Comparative Study of Incremental Constraint Solving Approaches in Symbolic Execution. In: Yahav, E. (eds) Hardware and Software: Verification and Testing. HVC 2014. Lecture Notes in Computer Science, vol 8855. Springer, Cham. https://doi.org/10.1007/978-3-319-13338-6_21
Download citation
DOI: https://doi.org/10.1007/978-3-319-13338-6_21
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-13337-9
Online ISBN: 978-3-319-13338-6
eBook Packages: Computer ScienceComputer Science (R0)