Frontiers of Computer Science

, Volume 12, Issue 1, pp 86–100 | Cite as

Tuning parallel symbolic execution engine for better performance

  • Anil Kumar Karna
  • Jinbo Du
  • Haihao Shen
  • Hao Zhong
  • Jiong Gong
  • Haibo Yu
  • Xiangning Ma
  • Jianjun Zhao
Research Article


Symbolic execution is widely used in many code analysis, testing, and verification tools. As symbolic execution exhaustively explores all feasible paths, it is quite time consuming. To handle the problem, researchers have paralleled existing symbolic execution tools (e.g., KLEE). In particular, Cloud9 is a widely used paralleled symbolic execution tool, and researchers have used the tool to analyze real code. However, researchers criticize that tools such as Cloud9 still cannot analyze large scale code. In this paper, we conduct a field study on Cloud9, in which we use KLEE and Cloud9 to analyze benchmarks in C. Our results confirm the criticism. Based on the results, we identify three bottlenecks that hinder the performance of Cloud9: the communication time gap, the job transfer policy, and the cache management of the solved constraints. To handle these problems, we tune the communication time gap with better parameters, modify the job transfer policy, and implement an approach for cache management of solved constraints. We conduct two evaluations on our benchmarks and a real application to understand our improvements. Our results show that our tuned Cloud9 reduces the execution time significantly, both on our benchmarks and the real application. Furthermore, our evaluation results show that our tuning techniques improve the effectiveness on all the devices, and the improvement can be achieved upto five times, depending upon a tuning value of our approach and the behaviour of program under test.


code analysis symbolic execution parallelizing symbolic execution KLEE Cloud9 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.



The authors are thankful to the researchers of Software Theory and Practice lab, Shanghai Jiao Tong University and the researchers at Intel Asia-Pacific Research and Development lab for their continuous support and idea to improve the basic motivation of this paper. The authors are also grateful to anonymous referees for their valuable comments and suggestions to improve the presentation of this paper. This research was sponsored by the National Basic Research Program of China (973 Program) (2015CB352203), the National Nature Science Foundation of China (Grant Nos. 61572312 and 61572313), Intel Asia-Pacific Research and Development Ltd., Shanghai, China, Japan Society for the Promotion of Science, Grant-in-Aid for Research Activity Start-up (16H07031), and the Science and Technology Commission of Shanghai Municipality’s Innovation Action Plan (15DZ1100305).

Supplementary material

11704_2016_5459_MOESM1_ESM.ppt (536 kb)
Supplementary material, approximately 537 KB.


  1. 1.
    Ciortea L, Zamfir C, Bucur S, Chipounov V, Candea G. Cloud9: a software testing service. ACM SIGOPS Operating Systems Review, 2010, 43(4): 5–10CrossRefGoogle Scholar
  2. 2.
    Staats M, Pˇasˇareanu C S. Parallel symbolic execution for structural testgeneration. In: Proceedings of the 19th International Symposium on Software Testing and Analysis. 2010, 183–194Google Scholar
  3. 3.
    King A. Distributed parallel symbolic execution. Dissertation for the Doctoral Degree. Manhattan, KS: Kansas State University, 2009Google Scholar
  4. 4.
    Siddiqui J H, Khurshid S. ParSym: Parallel symbolic execution. In: Proceedings of the 2nd International Conference on Software Technology and Engineering. 2010, 405–409Google Scholar
  5. 5.
    Sasnauskas R, Dustmann O S, Kaminski B L, Wehrle K, Weise C, Kowalewski S. Scalable symbolic execution of distributed systems. In: Proceedings of the 31st International Conference on Distributed Computing Systems. 2011, 333–342Google Scholar
  6. 6.
    Griesmayer A, Aichernig B, Johnsen E B, Schlatte R. Dynamic symbolic execution of distributed concurrent objects. In: Lee D, Lopes A, Poetzsch-Heffter A, eds. Formal Techniques for Distributed Systems. Berlin: Springer, 2009, 225–230CrossRefGoogle Scholar
  7. 7.
    Aleb N, Kechid S. A new approach for distributed symbolic software testing. In: Proceedings of International Conference on Computational Science and Its Applications. 2013, 487–497Google Scholar
  8. 8.
    Cadar C, Dunbar D, Engler D R. KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs. In: Proceeding of OSDI. 2008, 209–224Google Scholar
  9. 9.
    Bucur S, Ureche V, Zamfir C, Candea G. Parallel symbolic execution for automated real-world software testing. In: Proceedings of the 6th ACM Conference on Computer Systems. 2011, 183–198Google Scholar
  10. 10.
    Candea G, Bucur S, Zamfir C. Automated software testing as a service. In: Proceedings of the 1st ACM Symposium on Cloud Computing. 2010, 155–160CrossRefGoogle Scholar
  11. 11.
    Renshaw D, Kong S. Symbolic execution in difficult environments. Technical Report 15–745. 2011Google Scholar
  12. 12.
    Marinescu P D, Cadar C. Make test-zesti: A symbolic execution solution for improving regression testing. In: Proceedings of the 34th International Conference on Software Engineering. 2012, 716–726Google Scholar
  13. 13.
    Cui H M, Hu G, Wu J Y, Yang J. Verifying systems rules using ruledirected symbolic execution. ACM SIGPLAN Notices, 2013, 48(4): 329–342CrossRefGoogle Scholar
  14. 14.
    Zhang D Z, Liu D G, Lei Y, Kung D, Csallner C, Wang WH. Detecting vulnerabilities in c programs using trace-based testing. In: Proceedings of IEEE/IFIP International Conference on Dependable Systems and Networks. 2010, 241–250Google Scholar
  15. 15.
    Zitser M, Lippmann R, Leek T. Testing static analysis tools using exploitable buffer overflows from open source code. ACM SIGSOFT Software Engineering Notes, 2004, 29(6): 97–106CrossRefGoogle Scholar
  16. 16.
    Saxena P, Poosankam P, McCamant S, Song D. Loop-extended symbolic execution on binary programs. In: Proceedings of the 18th ACM International Symposium on Software Testing and Analysis. 2009, 225–236Google Scholar
  17. 17.
    Jaffar J, Murali V, Navas J A, Santosa A E. TRACER: a symbolic execution tool for verification. In: Proceedings of the 24th International Conference on Computer Aided Verification. 2012, 758–766CrossRefGoogle Scholar
  18. 18.
    Coward P D. Symbolic execution systems-a review. Software Engineering Journal, 1988, 3(6): 229–239CrossRefGoogle Scholar
  19. 19.
    King J C. Symbolic execution and program testing. Communications of the ACM, 1976, 19(7): 385–394MathSciNetCrossRefMATHGoogle Scholar
  20. 20.
    Sen K, Marinov D, Agha G. CUTE: a concolic unit testing engine for C. ACMSIGSOFT Software Engineering Notes, 2005, 30(5): 263–272CrossRefGoogle Scholar
  21. 21.
    Zhang Y F, Chen Z B, Wang J. Speculative symbolic execution. In: Proceedings of the 23rd IEEE International Symposium on Software Reliability Engineering. 2012, 101–110Google Scholar
  22. 22.
    Palikareva H, Cadar C. Multi-solver support in symbolic execution. In: Proceedings of International Conference on Computer Aided Verification. 2013, 53–68CrossRefGoogle Scholar

Copyright information

© Higher Education Press and Springer-Verlag GmbH Germany 2018

Authors and Affiliations

  • Anil Kumar Karna
    • 1
  • Jinbo Du
    • 2
  • Haihao Shen
    • 3
  • Hao Zhong
    • 1
  • Jiong Gong
    • 3
  • Haibo Yu
    • 2
  • Xiangning Ma
    • 3
  • Jianjun Zhao
    • 4
  1. 1.Department of Computer ScienceShanghai Jiao Tong UniversityShanghaiChina
  2. 2.School of SoftwareShanghai Jiao Tong UniversityShanghaiChina
  3. 3.Intel Asia-Pacific Research and Development Ltd.ShanghaiChina
  4. 4.Department of Advanced Information TechnologyKyushu UniversityFukuokaJapan

Personalised recommendations