skip to main content
10.1145/3238147.3240478acmconferencesArticle/Chapter ViewAbstractPublication PagesaseConference Proceedingsconference-collections
short-paper

CPA-SymExec: efficient symbolic execution in CPAchecker

Published: 03 September 2018 Publication History

Abstract

We present CPA-SymExec, a tool for symbolic execution that is implemented in the open-source, configurable verification framework CPAchecker. Our implementation automatically detects which symbolic facts to track, in order to obtain a small set of constraints that are necessary to decide reachability of a program area of interest. CPA-SymExec is based on abstraction and counterexample-guided abstraction refinement (CEGAR), and uses a constraint-interpolation approach to detect symbolic facts. We show that our implementation can better mitigate the path-explosion problem than symbolic execution without abstraction, by comparing the performance to the state-of-the-art Klee-based symbolic-execution engine Symbiotic and to Klee itself. For the experiments we use two kinds of analysis tasks: one for finding an executable path to a specific location of interest (e.g., if a test vector is desired to show that a certain behavior occurs), and one for confirming that no executable path to a specific location exists (e.g., if it is desired to show that a certain behavior never occurs). CPA-SymExec is released under the Apache 2 license and available (inclusive source code) at <a href="https://cpachecker.sosy-lab.org">https://cpachecker.sosy-lab.org</a>. A demonstration video is available at <a href="https://youtu.be/qoBHtvPKtnw">https://youtu.be/qoBHtvPKtnw</a>.

Supplementary Material

Auxiliary Archive (ase18tools-p21-p-aux.zip)
A short demonstration video of the use of CPA-SymExec, efficient symbolic execution in CPAchecker, for formal verification of an example program and test-case generation based on condition coverage.

References

[1]
D. Beyer. 2017. Software Verification with Validation of Results (Report on SVCOMP 2017). In Proc. TACAS (LNCS 10206). Springer, 331–349.
[2]
D. Beyer, A. J. Chlipala, T. A. Henzinger, R. Jhala, and R. Majumdar. 2004. Generating Tests from Counterexamples. In Proc. ICSE. IEEE, 326–335.
[3]
D. Beyer and M. Dangl. 2016. Verification-Aided Debugging: An Interactive Web-Service for Exploring Error Witnesses. In Proc. CAV (2) (LNCS 9780). Springer, 502–509.
[4]
D. Beyer, M. Dangl, D. Dietsch, and M. Heizmann. 2016. Correctness Witnesses: Exchanging Verification Results Between Verifiers. In Proc. FSE. ACM, 326–337.
[5]
D. Beyer, M. Dangl, D. Dietsch, M. Heizmann, and A. Stahlbauer. 2015. Witness Validation and Stepwise Testification across Software Verifiers. In Proc. FSE. ACM, 721–733.
[6]
D. Beyer, M. Dangl, T. Lemberger, and M. Tautschnig. 2018. Tests from Witnesses: Execution-Based Validation of Verification Results. In Proc. TAP (LNCS 10889). Springer, 3–23.
[7]
D. Beyer and T. Lemberger. 2016. Symbolic Execution with CEGAR. In Proc. ISoLA (LNCS 9952). Springer, 195–211.
[8]
D. Beyer and T. Lemberger. 2018. Replication Package for Article “CPA-SymExec: Efficient Symbolic Execution in CPAchecker” in Proc. ASE’18. 10.5281/zenodo.1321181
[9]
C. Cadar, D. Dunbar, and D. R. Engler. 2009. KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs. In Proc. OSDI. USENIX Association, 209–224. http://www.usenix.org/events/osdi08/tech/full_ papers/cadar/cadar.pdf
[10]
M. Chalupa, M. Vitovská, and J. Strejcek. 2018. SYMBIOTIC 5: Boosted Instrumentation - (Competition Contribution). In Proc. TACAS (LNCS 10806). Springer, 442–446.
[11]
E. M. Clarke, O. Grumberg, S. Jha, Y. Lu, and H. Veith. 2003. Counterexampleguided abstraction refinement for symbolic model checking. J. ACM 50, 5 (2003), 752–794.
[12]
W. Craig. 1957. Linear Reasoning. A New Form of the Herbrand-Gentzen Theorem. J. Symb. Log. 22, 3 (1957), 250–268.
[13]
E. Ermis, M. Schäf, and T. Wies. 2012. Error Invariants. In Proc. FM (LNCS 7436). Springer, 187–201.
[14]
J. Jaffar, V. Murali, J. A. Navas, and A. E. Santosa. 2012. TRACER: A Symbolic Execution Tool for Verification. In Proc. CAV (LNCS 7358). Springer, 758–766.
[15]
R. Jhala and R. Majumdar. 2005. Path Slicing. In Proc. PLDI. ACM, 38–47.
[16]
Y. P. Khoo, J. S. Foster, M. Hicks, and V. Sazawal. 2008. Path projection for usercentered static analysis tools. In Proc. PASTE. ACM, 57–63. 1145/1512475.1512488
[17]
D. Kim, Yonghwi Kwon, P. Liu, I. L. Kim, D. M. Perry, X. Zhang, and G. Rodriguez-Rivera. 2016. Apex: automatic programming assignment error explanation. In Proc. OOPSLA. ACM, 311–327.
[18]
J. C. King. 1976. Symbolic Execution and Program Testing. Commun. ACM 19, 7 (1976), 385–394.
[19]
H. D. T. Nguyen, D. Qi, A. Roychoudhury, and S. Chandra. 2013. SemFix: program repair via semantic analysis. In Proc. ICSE. IEEE, 772–781. 1109/ICSE.2013.6606623
[20]
A. Roychoudhury. 2016. SemFix and beyond: semantic techniques for program repair. In Proc. ForMABS. ACM, 2. Abstract 1 Introduction 2 Architecture of CPA-SymExec 3 Using CPA-SymExec 4 Comparison 5 Conclusion References

Cited By

View all
  • (2024)Software Verification with CPAchecker 3.0: Tutorial and User GuideFormal Methods10.1007/978-3-031-71177-0_30(543-570)Online publication date: 9-Sep-2024
  • (2024)CPAchecker 2.3 with Strategy SelectionTools and Algorithms for the Construction and Analysis of Systems10.1007/978-3-031-57256-2_21(359-364)Online publication date: 6-Apr-2024
  • (2023)Logic for reasoning about bugs in loops over data sequences (IFIL)Modeling and Analysis of Information Systems10.18255/1818-1015-2023-3-214-23330:3(214-233)Online publication date: 17-Sep-2023
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
ASE '18: Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering
September 2018
955 pages
ISBN:9781450359375
DOI:10.1145/3238147
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 September 2018

Permissions

Request permissions for this article.

Check for updates

Badges

Author Tags

  1. Program Analysis
  2. Symbolic Execution
  3. Test-Case Generation

Qualifiers

  • Short-paper

Conference

ASE '18
Sponsor:

Acceptance Rates

Overall Acceptance Rate 82 of 337 submissions, 24%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)9
  • Downloads (Last 6 weeks)1
Reflects downloads up to 24 Dec 2024

Other Metrics

Citations

Cited By

View all
  • (2024)Software Verification with CPAchecker 3.0: Tutorial and User GuideFormal Methods10.1007/978-3-031-71177-0_30(543-570)Online publication date: 9-Sep-2024
  • (2024)CPAchecker 2.3 with Strategy SelectionTools and Algorithms for the Construction and Analysis of Systems10.1007/978-3-031-57256-2_21(359-364)Online publication date: 6-Apr-2024
  • (2023)Logic for reasoning about bugs in loops over data sequences (IFIL)Modeling and Analysis of Information Systems10.18255/1818-1015-2023-3-214-23330:3(214-233)Online publication date: 17-Sep-2023
  • (2023)Robustness Testing of Software VerifiersSoftware Engineering and Formal Methods10.1007/978-3-031-47115-5_5(66-84)Online publication date: 31-Oct-2023
  • (2022)A synergistic approach to improving symbolic execution using test rangesInnovations in Systems and Software Engineering10.1007/s11334-019-00331-915:3-4(325-342)Online publication date: 10-Mar-2022
  • (2022)Graves-CPA: A Graph-Attention Verifier Selector (Competition Contribution)Tools and Algorithms for the Construction and Analysis of Systems10.1007/978-3-030-99527-0_28(440-445)Online publication date: 30-Mar-2022
  • (2020)Violation Witnesses and Result Validation for Multi-Threaded ProgramsLeveraging Applications of Formal Methods, Verification and Validation: Verification Principles10.1007/978-3-030-61362-4_26(449-470)Online publication date: 20-Oct-2020

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media