research-article

Minimizing the Size of Path Conditions Using Convex Polyhedra Abstract Domain

Authors:

Elena ShermanAuthors Info & Claims

ACM SIGSOFT Software Engineering Notes, Volume 40, Issue 1

Pages 1 - 5

https://doi.org/10.1145/2693208.2693244

Published: 06 February 2015 Publication History

Abstract

Symbolic execution (SE) is a path-sensitive program analysis technique widely used in program verification. As it interprets a program path on symbolic inputs, SE generates a set of constraints called a path condition (PC). A PC describes possible concrete values that can traverse the same path during program execution. In order to determine whether such a set is non-empty, symbolic execution utilizes constraint solvers to determine whether a PC is satisfiable.

The further SE explores a program path, the more constraints are added to PCs. This raises the issue of the scalability of the approach since SE needs more memory to store large PCs and a solver needs additional time to decide them. Approaches such as,slicing and decomposition of a PC addresses the latter but not the former issue.

In this work we propose an orthogonal to the previous efforts technique that minimizes the number of constraints in a PC. The idea is to identify in the PC a set of linear constraints describing a polyhedron and use effiocient techniques to remove the redundant constraints in that set. In this work, we outsource this task to Parma Polyhedra Library (PPL). Our experiments have shown that this approach reduced the size of PCs and if a solver is insensitive to the PPL's constraint format the solver's time to decide PCs is reduced also.

References

[1]

R. Bagnara, P. M. Hill, and E. Za_anella. The parma polyhedra library: Toward a complete set of numerical abstractions for the analysis and verification of hardware and software systems. Science of Computer Programming, 72(1-2):3--21, 2008. Special Issue on Second issue of experimental software and toolkits (EST).

Digital Library

[2]

C. Cadar, D. Dunbar, and D. Engler. Klee: Unassisted and automatic generation of high-coverage tests for complex systems programs. In Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation, OSDI'08, pages 209--224, Berkeley, CA, USA, 2008. USENIX Association.

Digital Library

[3]

N. Chernikova. Algorithm for finding a general formula for the non-negative solutions of a system of linear inequalities. fUSSRg Computational Mathematics and Mathematical Physics, 5(2):228--233, 1965.

[4]

Choco. http://www.emn.fr/z-info/choco-solver/.

[5]

P. Cousot and R. Cousot. Static determination of dynamic properties of programs. In Proceedings of the Second International Symposium on Programming, pages 106--130. Dunod, Paris, France, 1976.

[6]

P. Cousot and R. Cousot. Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of _xpoints. In Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages, POPL '77, pages 238--252, New York, NY, USA, 1977. ACM.

Digital Library

[7]

P. Cousot and R. Cousot. Systematic design of program analysis frameworks. In Proceedings of the 6th ACM SIGACT-SIGPLAN symposium on Principles of programming languages, POPL '79, pages 269--282, New York, NY, USA, 1979. ACM.

Digital Library

[8]

P. Cousot and N. Halbwachs. Automatic discovery of linear restraints among variables of a program. In Proceedings of the 5th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, POPL '78, pages 84--96, New York, NY, USA, 1978. ACM.

Digital Library

[9]

Cvc3. http://www.cs.nyu.edu/acsys/cvc3/.

[10]

L. De Moura and N. Bjørner. Z3: An efficient SMT solver. Tools and Algorithms for the Construction and Analysis of Systems, pages 337--340, 2008.

[11]

J. Jaffar, V. Murali, J. A. Navas, and A. E. Santosa. Tracer: A symbolic execution tool for verification. In Proceedings of the 24th International Conference on Computer Aided Verification, CAV'12, pages 758--766, Berlin, Heidelberg, 2012. Springer-Verlag.

Digital Library

[12]

J. C. King. Symbolic execution and program testing. Commun. ACM, 19(7):385--394, July 1976.

Digital Library

[13]

G. Lalire, M. Argoud, and B. Jeannet. The interproc analyzer. http://pop-art.inrialpes.fr/people/bjeannet/bjeannet-forge/interproc.

[14]

A. Miné. The octagon abstract domain. Higher Order Symbol. Comput., 19(1):31--100, Mar. 2006.

Digital Library

[15]

C. S. Păsăreanu and N. Rungta. Symbolic pathfinder: Symbolic execution of java bytecode. In Proceedings of the IEEE/ACM International Conference on Automated Software Engineering, ASE '10, pages 179--180, New York, NY, USA, 2010. ACM.

Digital Library

[16]

Software-artifact infrastructure repository. http://http://sir.unl.edu/.

[17]

H. L. Verge. A note on chernikova's algorithm. Technical report, 1994.

[18]

W. Visser, J. Geldenhuys, and M. B. Dwyer. Green: reducing, reusing and recycling constraints in program analysis. pages 58:1--58:11, 2012.

Digital Library

Cited By

Ballou KSherman E(2023)Identifying Minimal Changes in the Zone Abstract DomainTheoretical Aspects of Software Engineering10.1007/978-3-031-35257-7_13(221-239)Online publication date: 27-Jun-2023
https://doi.org/10.1007/978-3-031-35257-7_13
Yang GFilieri ABorges MClun DWen J(2018)Advances in Symbolic Execution10.1016/bs.adcom.2018.10.002Online publication date: 2018
https://doi.org/10.1016/bs.adcom.2018.10.002

Index Terms

Minimizing the Size of Path Conditions Using Convex Polyhedra Abstract Domain
1. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Software defect analysis
        Software testing and debugging

Recommendations

User-defined backtracking criteria for symbolic execution

Symbolic execution is a path-sensitive program analysis technique that aids users with program verification. To avoid exploring infeasible paths, symbolic execution checks the prefix of a current path for feasibility by adding a branch constraint to the ...
Enhancing constraint based test generation by local search
ICSCA '17: Proceedings of the 6th International Conference on Software and Computer Applications

The core operation of symbolic execution based test data generation is to generate a path constraint in terms of input variables for a selected path. Solutions to the path constraint are test data which will be used to execute the target path. So far, ...
Symbolic Execution with Interval Solving and Meta-heuristic Search
ICST '12: Proceedings of the 2012 IEEE Fifth International Conference on Software Testing, Verification and Validation

A challenging problem in symbolic execution is to solve complex mathematical constraints such as constraints that include floating-point variables and transcendental functions. The inability to solve such constraints limit the application scope of ...

Comments

Information & Contributors

Information

Published In

cover image ACM SIGSOFT Software Engineering Notes

ACM SIGSOFT Software Engineering Notes Volume 40, Issue 1

January 2015

237 pages

ISSN:0163-5948

DOI:10.1145/2693208

Editor:
Michael Wing

Issue’s Table of Contents

Copyright © 2015 Authors.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 February 2015

Published in SIGSOFT Volume 40, Issue 1

Check for updates

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
95
Total Downloads

Downloads (Last 12 months)1
Downloads (Last 6 weeks)0

Reflects downloads up to 08 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Ballou KSherman E(2023)Identifying Minimal Changes in the Zone Abstract DomainTheoretical Aspects of Software Engineering10.1007/978-3-031-35257-7_13(221-239)Online publication date: 27-Jun-2023
https://doi.org/10.1007/978-3-031-35257-7_13
Yang GFilieri ABorges MClun DWen J(2018)Advances in Symbolic Execution10.1016/bs.adcom.2018.10.002Online publication date: 2018
https://doi.org/10.1016/bs.adcom.2018.10.002

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Issue’s Table of Contents