Abstract
Constraint solving is a major source of cost in Symbolic Execution (SE). This paper presents a study to assess the importance of some sensible options for solving constraints in SE. The main observation is that stack-based approaches to incremental solving is often much faster compared to cache-based approaches, which are more popular. Considering all 96 C programs from the KLEE benchmark that we analyzed, the median speedup obtained with a (non-optimized) stack-based approach was of 5x. Results suggest that tools should take advantage of incremental solving support from modern SMT solvers and researchers should look for ways to combine stack- and cache-based approaches to reduce execution cost even further. Instructions to reproduce results are available online: http://asa.iti.kit.edu/130_392.php
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Alt-Ergo webpage, http://alt-ergo.lri.fr/
Boolector webpage, http://fmv.jku.at/boolector/
CLOC webpage, http://cloc.sourceforge.net/
CVC4 webpage, http://cvc4.cs.nyu.edu/web/
KLEE webpage, http://klee.github.io/klee/
MathSAT5 webpage, http://mathsat.fbk.eu/
RUGRAT webpage, http://www.rugrat.ws/
STP webpage, https://sites.google.com/site/stpfastprover/
Yices webpage, http://yices.csl.sri.com/
Z3 webpage, http://z3.codeplex.com/
Audemard, G., Lagniez, J.-M., Simon, L.: Improving Glucose for Incremental SAT Solving with Assumptions: Application to MUS Extraction. In: Järvisalo, M., Van Gelder, A. (eds.) SAT 2013. LNCS, vol. 7962, pp. 309–317. Springer, Heidelberg (2013)
Bankovic, M.: Argosmtexpression: an smt-lib 2.0 compliant expression library. In: Workshop of the SAT (June 2012)
Borges, M., Filieri, A., d’Amorim, M., Păsăreanu, C.S., Visser, W.: Compositional solution space quantification for probabilistic software analysis. In: PLDI, pp. 123–132 (2014)
Boyer, R.S., Elspas, B., Levitt, K.N.: SELECT - A Formal System for Testing and Debugging Programs by Symbolic Execution. In: International Conference on Reliable Software, pp. 234–245 (1975)
Burnim, J., Sen, K.: Heuristics for scalable dynamic test generation. In: ASE 2008, pp. 443–446 (2008)
Cadar, C., Dunbar, D., Engler, D.: Klee: unassisted and automatic generation of high-coverage tests for complex systems programs. In: OSDI, pp. 209–224 (2008)
Cadar, C., Godefroid, P., Khurshid, S., Pasareanu, C.S., Sen, K., Tillmann, N., Visser, W.: Symbolic execution for software testing in practice: preliminary assessment. In: ICSE, pp. 1066–1071 (2011)
Clarke, L.A.: A Program Testing System. In: ACM Annual Conference, pp. 488–491 (1976)
Howden, W.E.: Symbolic Testing and the DISSECT Symbolic Evaluation System. IEEE TSE 3(4), 266–278 (1977)
Hussain, I., Csallner, C., Grechanik, M., Fu, C., Xie, Q., Park, S., Taneja, K., Hossain, B.M.M.: Evaluating program analysis and testing tools with the RUGRAT random benchmark application generator. In: WODA, pp. 1–6 (2012)
Jung webpage, http://jung.sourceforge.net/
King, J.C.: Symbolic execution and program testing. Communications of ACM 19(7), 385–394 (1976)
Li, Y., Albarghouthi, A., Kincaid, Z., Gurfinkel, A., Chechik, M.: Symbolic optimization with smt solvers. SIGPLAN Not. 49(1), 607–618 (2014)
Liu, T., Nagel, M., Taghdiri, M.: Bounded program verification using an smt solver: A case study. In: ICST, pp. 101–110 (2012)
Pasareanu, C.S., Visser, W.: A survey of new trends in symbolic execution for software testing and analysis. STTT 11(4), 339–353 (2009)
Păsăreanu, C.S., Rungta, N.: Symbolic PathFinder: symbolic execution of Java bytecode. In: ASE, pp. 179–180 (2010)
Ramamoorthy, C., Ho, S., Chert, W.: On the automated generation of program test data. IEEE TSE 2(4), 293–300 (1976)
Schwartz, E.J., Avgerinos, T., Brumley, D.: All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In: SP, pp. 317–331 (2010)
SMT-LIB webpage, http://www.smtlib.org/
Soot webpage, http://www.sable.mcgill.ca/soot/
Steiner, W.: An evaluation of smt-based schedule synthesis for time-triggered multi-hop networks. In: RTSS, pp. 375–384 (2010)
Tillmann, N., de Halleux, J.: Pex–white box test generation for.NET. In: Beckert, B., Hähnle, R. (eds.) TAP 2008. LNCS, vol. 4966, pp. 134–153. Springer, Heidelberg (2008)
Visser, W., Geldenhuys, J., Dwyer, M.B.: Green: Reducing, reusing and recycling constraints in program analysis. In: FSE, pp. 1–11 (2012)
Visser, W., Geldenhuys, J., Dwyer, M.B.: Green: Reducing, reusing and recycling constraints in program analysis. In: Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering, FSE 2012, pp. 58:1–58:11. ACM, New York (2012)
Yang, G., Khurshid, S., Pasareanu, C.S.: Memoise: A tool for memoized symbolic execution. In: ICSE, pp. 1343–1346 (May 2013)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Liu, T., Araújo, M., d’Amorim, M., Taghdiri, M. (2014). A Comparative Study of Incremental Constraint Solving Approaches in Symbolic Execution. In: Yahav, E. (eds) Hardware and Software: Verification and Testing. HVC 2014. Lecture Notes in Computer Science, vol 8855. Springer, Cham. https://doi.org/10.1007/978-3-319-13338-6_21
Download citation
DOI: https://doi.org/10.1007/978-3-319-13338-6_21
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-13337-9
Online ISBN: 978-3-319-13338-6
eBook Packages: Computer ScienceComputer Science (R0)