Skip to main content
SpringerLink
Log in
Book cover

International Symposium on Automated Technology for Verification and Analysis

ATVA 2016: Automated Technology for Verification and Analysis pp 495–511Cite as

Certified Symbolic Execution

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 9938))

Abstract

We propose a certification approach for checking the analysis results produced by symbolic execution. Given a program P under test, an analysis producer performs symbolic execution on P and creates a certificate C that represents the results of symbolic execution. The analysis consumer checks the validity of C with respect to P using efficient symbolic re-execution of P. The certificates are simple to create and easy to validate. Each certificate is a list of witnesses that include: test inputs that validate path feasibility without requiring any constraint solving; and infeasibility summaries that provide hints on how to efficiently establish path infeasibility. To account for incompleteness in symbolic execution (due to incompleteness of the backend solver), the certificate also contains an incompleteness summary. Our approach deploys constraint slicing and other heuristics as performance optimizations. Experimental results using a prototype certification tool based on Symbolic PathFinder for Java show that certification can be 3X to 370X (on average, 75X) faster than traditional symbolic execution. We also show the benefits of the approach for the reliability assessment of a software component under different probabilistic environment conditions.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Albert, E., Gmez-Zamalloa, M., Rojas, J.M., Puebla, G.: Compositional CLP-based test data generation for imperative languages. In: LOPSTR 2011 (2011)

    Google Scholar 

  2. Barrett, C.W., Tinelli, C.: CVC3. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 298–302. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  3. Belov, A., Janota, M., Lynce, I., Marques-Silva, J.: On computing minimal equivalent subformulas. In: Milano, M. (ed.) CP 2012. LNCS, vol. 7514, pp. 158–174. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  4. Böhme, S., Weber, T.: Fast LCF-style proof reconstruction for Z3. In: Kaufmann, M., Paulson, L.C. (eds.) ITP 2010. LNCS, vol. 6172, pp. 179–194. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  5. Brumley, D., Caballero, J., Liang, Z., Newsome, J., Song, D.: Towards automatic discovery of deviations in binary implementations with applications to error detection, fingerprint generation. In: SS, pp. 15:1–15:16 (2007)

    Google Scholar 

  6. Burnim, J., Juvekar, S., Sen, K.: WISE: automated test generation for worst-case complexity. In: ICSE, pp. 463–473 (2009)

    Google Scholar 

  7. Clarke, L.A.: A program testing system. In: ACM 1976, pp. 488–491 (1976)

    Google Scholar 

  8. de Moura, L., Bjørner, N.S.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  9. Filieri, A., Păsăreanu, C.S., Visser, W.: Reliability analysis in symbolic pathfinder. In: ICSE 2013, pp. 622–631. IEEE Press, Piscataway (2013)

    Google Scholar 

  10. Geldenhuys, J., Dwyer, M.B., Visser, W.: Probabilistic symbolic execution. In: ISSTA 2012, pp. 166–176. ACM, New York (2012)

    Google Scholar 

  11. Godefroid, P., Klarlund, N., Sen, K.: DART: directed automated random testing. In: PLDI, pp. 213–223 (2005)

    Google Scholar 

  12. Hatcliff, J., Robby, Chalin, P., Belt, J.: Explicating symbolic execution (xsym-exe): an evidence-based verification framework. In: ICSE 2013, pp. 222–231 (2013)

    Google Scholar 

  13. Henzinger, T.A., Jhala, R., Majumdar, R., Necula, G.C., Sutre, G., Weimer, W.: Temporal-safety proofs for systems code. In: Brinksma, E., Larsen, K.G. (eds.) CAV 2002. LNCS, vol. 2404, p. 526. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  14. Inkumsah, K., Xie, T.: Improving structural testing of object-oriented programs via integrating evolutionary testing and symbolic execution. In: ASE, pp. 297–306 (2008)

    Google Scholar 

  15. King, J.C.: Symbolic execution and program testing. Commun. ACM 19(7), 385–394 (1976)

    Article  MathSciNet  MATH  Google Scholar 

  16. Loera, J.A.D., Hemmecke, R., Tauzer, J., Yoshida, R.: Effective lattice point counting in rational convex polytopes. JSC 38(4), 1273–1302 (2004)

    MathSciNet  MATH  Google Scholar 

  17. Ma, K.-K., Yit Phang, K., Foster, J.S., Hicks, M.: Directed symbolic execution. In: Yahav, E. (ed.) SAS 2011. LNCS, vol. 6887, pp. 95–111. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  18. Namjoshi, K.S.: Certifying model checkers. In: Berry, G., Comon, H., Finkel, A. (eds.) CAV 2001. LNCS, vol. 2102, p. 2. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  19. Necula, G.C.: Proof-carrying code. In: POPL, pp. 106–119 (1997)

    Google Scholar 

  20. Peled, D.A., Zuck, L.D.: From model checking to a temporal proof. In: Dwyer, M.B. (ed.) SPIN 2001. LNCS, vol. 2057, p. 1. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  21. Person, S., Yang, G., Rungta, N., Khurshid, S.: Directed incremental symbolic execution. In: PLDI, pp. 504–515 (2011)

    Google Scholar 

  22. Păsăreanu, C.S., Mehlitz, P.C., Bushnell, D.H., Gundy-Burlet, K., Lowry, M., Person, S., Pape, M.: Combining unit-level symbolic execution and system-level concrete execution for testing NASA software. In: ISSTA, pp. 15–25 (2008)

    Google Scholar 

  23. Păsăreanu, C.S., Rungta, N.: Symbolic PathFinder: symbolic execution of Java bytecode. In: ASE, pp. 179–180 (2010)

    Google Scholar 

  24. Qiu, R., Yang, G., Pasareanu, C.S., Khurshid, S.: Compositional symbolic execution with memoized replay. In: ICSE, pp. 632–642 (2015)

    Google Scholar 

  25. Rinard, M., Marinov, D.: Credible compilation with pointers. In: Workshop on Run-Time Result Verication (1999)

    Google Scholar 

  26. Rojas, J.M., Pasareanu, C.S.: Compositional symbolic execution through program specialization. In: BYTECODE 2013 (ETAPS) (2013)

    Google Scholar 

  27. Sen, K., Agha, G.: CUTE and jCUTE: concolic unit testing and explicit path model-checking tools. In: Ball, T., Jones, R.B. (eds.) CAV 2006. LNCS, vol. 4144, pp. 419–423. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  28. Siddiqui, J.H., Khurshid, S.: Scaling symbolic execution using ranged analysis. In: OOPSLA, pp. 523–536 (2012)

    Google Scholar 

  29. Souza, M., Borges, M., d’Amorim, M., Păsăreanu, C.S.: CORAL: solving complex constraints for symbolic pathfinder. In: Bobaru, M., Havelund, K., Holzmann, G.J., Joshi, R. (eds.) NFM 2011. LNCS, vol. 6617, pp. 359–374. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  30. Stump, A., Oe, D., Reynolds, A., Hadarean, L., Tinelli, C.: SMT proof checking using a logical framework. Form. Methods Syst. Des. 42(1), 91–118 (2013)

    Article  MATH  Google Scholar 

  31. Teleghani, A., Atlee, J.M.: Search-carrying code. In: ASE 2010, pp. 367–376

    Google Scholar 

  32. Visser, W., Geldenhuys, J., Dwyer, M.B.: Green: reducing, reusing and recycling constraints in program analysis. In: FSE, pp. 58:1–58:11 (2012)

    Google Scholar 

  33. Whalen, M.W., Godefroid, P., Mariani, L., Polini, A., Tillmann, N., Visser. W.: FITE: future integrated testing environment. In: FoSER, pp. 401–406 (2010)

    Google Scholar 

  34. Xia, S., Hook, J.: Certifying temporal properties for compiled C programs. In: Steffen, B., Levi, G. (eds.) VMCAI 2004. LNCS, vol. 2937, pp. 161–174. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  35. Yang, G., Khurshid, S., Person, S., Rungta, N.: Property differencing for incremental checking. In: ICSE, pp. 1059–1070 (2014)

    Google Scholar 

  36. Yang, G., Pasareanu, C.S., Khurshid, S.: Memoized symbolic execution. In: ISSTA, pp. 144–154 (2012)

    Google Scholar 

Download references

Acknowledgments

This material is based on research sponsored by NSF under grants CCF-1319688, CCF-1319858 and CCF-1549161.

Author information

Authors and Affiliations

  1. University of Texas at Austin, Austin, TX, 78712, USA

    Rui Qiu & Sarfraz Khurshid

  2. CMU/NASA Ames, M/S 269-2, Moffett Field, CA, 94035, USA

    Corina S. Păsăreanu

Authors
  1. Rui Qiu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Corina S. Păsăreanu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sarfraz Khurshid
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rui Qiu .

Editor information

Editors and Affiliations

  1. AIST , Osaka, Japan

    Cyrille Artho

  2. Inria Rennes , Rennes, France

    Axel Legay

  3. Bar Ilan University , Ramat Gan, Israel

    Doron Peled

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

Qiu, R., Păsăreanu, C.S., Khurshid, S. (2016). Certified Symbolic Execution. In: Artho, C., Legay, A., Peled, D. (eds) Automated Technology for Verification and Analysis. ATVA 2016. Lecture Notes in Computer Science(), vol 9938. Springer, Cham. https://doi.org/10.1007/978-3-319-46520-3_31

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-46520-3_31

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-46519-7

  • Online ISBN: 978-3-319-46520-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation