Tuning parallel symbolic execution engine for better performance
- 24 Downloads
Symbolic execution is widely used in many code analysis, testing, and verification tools. As symbolic execution exhaustively explores all feasible paths, it is quite time consuming. To handle the problem, researchers have paralleled existing symbolic execution tools (e.g., KLEE). In particular, Cloud9 is a widely used paralleled symbolic execution tool, and researchers have used the tool to analyze real code. However, researchers criticize that tools such as Cloud9 still cannot analyze large scale code. In this paper, we conduct a field study on Cloud9, in which we use KLEE and Cloud9 to analyze benchmarks in C. Our results confirm the criticism. Based on the results, we identify three bottlenecks that hinder the performance of Cloud9: the communication time gap, the job transfer policy, and the cache management of the solved constraints. To handle these problems, we tune the communication time gap with better parameters, modify the job transfer policy, and implement an approach for cache management of solved constraints. We conduct two evaluations on our benchmarks and a real application to understand our improvements. Our results show that our tuned Cloud9 reduces the execution time significantly, both on our benchmarks and the real application. Furthermore, our evaluation results show that our tuning techniques improve the effectiveness on all the devices, and the improvement can be achieved upto five times, depending upon a tuning value of our approach and the behaviour of program under test.
Keywordscode analysis symbolic execution parallelizing symbolic execution KLEE Cloud9
Unable to display preview. Download preview PDF.
The authors are thankful to the researchers of Software Theory and Practice lab, Shanghai Jiao Tong University and the researchers at Intel Asia-Pacific Research and Development lab for their continuous support and idea to improve the basic motivation of this paper. The authors are also grateful to anonymous referees for their valuable comments and suggestions to improve the presentation of this paper. This research was sponsored by the National Basic Research Program of China (973 Program) (2015CB352203), the National Nature Science Foundation of China (Grant Nos. 61572312 and 61572313), Intel Asia-Pacific Research and Development Ltd., Shanghai, China, Japan Society for the Promotion of Science, Grant-in-Aid for Research Activity Start-up (16H07031), and the Science and Technology Commission of Shanghai Municipality’s Innovation Action Plan (15DZ1100305).
- 2.Staats M, Pˇasˇareanu C S. Parallel symbolic execution for structural testgeneration. In: Proceedings of the 19th International Symposium on Software Testing and Analysis. 2010, 183–194Google Scholar
- 3.King A. Distributed parallel symbolic execution. Dissertation for the Doctoral Degree. Manhattan, KS: Kansas State University, 2009Google Scholar
- 4.Siddiqui J H, Khurshid S. ParSym: Parallel symbolic execution. In: Proceedings of the 2nd International Conference on Software Technology and Engineering. 2010, 405–409Google Scholar
- 5.Sasnauskas R, Dustmann O S, Kaminski B L, Wehrle K, Weise C, Kowalewski S. Scalable symbolic execution of distributed systems. In: Proceedings of the 31st International Conference on Distributed Computing Systems. 2011, 333–342Google Scholar
- 7.Aleb N, Kechid S. A new approach for distributed symbolic software testing. In: Proceedings of International Conference on Computational Science and Its Applications. 2013, 487–497Google Scholar
- 8.Cadar C, Dunbar D, Engler D R. KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs. In: Proceeding of OSDI. 2008, 209–224Google Scholar
- 9.Bucur S, Ureche V, Zamfir C, Candea G. Parallel symbolic execution for automated real-world software testing. In: Proceedings of the 6th ACM Conference on Computer Systems. 2011, 183–198Google Scholar
- 11.Renshaw D, Kong S. Symbolic execution in difficult environments. Technical Report 15–745. 2011Google Scholar
- 12.Marinescu P D, Cadar C. Make test-zesti: A symbolic execution solution for improving regression testing. In: Proceedings of the 34th International Conference on Software Engineering. 2012, 716–726Google Scholar
- 14.Zhang D Z, Liu D G, Lei Y, Kung D, Csallner C, Wang WH. Detecting vulnerabilities in c programs using trace-based testing. In: Proceedings of IEEE/IFIP International Conference on Dependable Systems and Networks. 2010, 241–250Google Scholar
- 16.Saxena P, Poosankam P, McCamant S, Song D. Loop-extended symbolic execution on binary programs. In: Proceedings of the 18th ACM International Symposium on Software Testing and Analysis. 2009, 225–236Google Scholar
- 21.Zhang Y F, Chen Z B, Wang J. Speculative symbolic execution. In: Proceedings of the 23rd IEEE International Symposium on Software Reliability Engineering. 2012, 101–110Google Scholar