Symbolic Memory with Pointers

  • Marek Trtík
  • Jan Strejček
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8837)


We introduce a segment-offset-plane memory model for symbolic execution that supports symbolic pointers, allocations of memory blocks of symbolic sizes, and multi-writes. We further describe our efficient implementation of the model in a free open-source project Bugst. Experimental results provide empirical evidence that the implemented memory model effectively tackles the variable storage-referencing problem of symbolic execution.


Memory Model Memory Block Read Operation Symbolic Execution Symbolic Expression 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Beyer, D.: Second competition on software verification. In: Piterman, N., Smolka, S.A. (eds.) TACAS 2013 (ETAPS 2013). LNCS, vol. 7795, pp. 594–609. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  2. 2.
    Boyer, R.S., Elspas, B., Levitt, K.N.: SELECT – A formal system for testing and debugging programs by symbolic execution. In: ICRS, pp. 234–245. ACM (1975)Google Scholar
  3. 3.
    Cadar, C., Dunbar, D., Engler, D.: KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs. In: OSDI, pp. 209–224. USENIX Association (2008)Google Scholar
  4. 4.
    Cadar, C., Ganesh, V., Pawlowski, P.M., Dill, D.L., Engler, D.R.: EXE: Automatically generating inputs of death. In: CCS, pp. 322–335. ACM (2006)Google Scholar
  5. 5.
    Deng, X., Lee, J.: Robby. Efficient and formal generalized symbolic execution. Autom. Softw. Eng. 19(3), 233–301 (2012)CrossRefGoogle Scholar
  6. 6.
    Elkarablieh, B., Godefroid, P., Levin, M.Y.: Precise pointer reasoning for dynamic test generation. In: ISSTA, pp. 129–140. ACM (2009)Google Scholar
  7. 7.
    Howden, W.E.: Symbolic testing and the DISSECT symbolic evaluation system. IEEE Trans. Software Eng. 3, 266–278 (1977)CrossRefMATHGoogle Scholar
  8. 8.
    Khurshid, S., Păsăreanu, C.S., Visser, W.: Generalized symbolic execution for model checking and testing. In: Garavel, H., Hatcliff, J. (eds.) TACAS 2003. LNCS, vol. 2619, pp. 553–568. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  9. 9.
    King, J.C.: Symbolic execution and program testing. Commun. ACM 19(7), 385–394 (1976)CrossRefMATHGoogle Scholar
  10. 10.
    Sen, K., Marinov, D., Agha, G.: CUTE: A concolic unit testing engine for C. In: ESEC/FSE, pp. 263–272. ACM (2005)Google Scholar
  11. 11.
    Slaby, J., Strejček, J., Trtík, M.: Compact symbolic execution. In: Van Hung, D., Ogawa, M. (eds.) ATVA 2013. LNCS, vol. 8172, pp. 193–207. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  12. 12.
    Vanoverberghe, D., Tillmann, N., Piessens, F.: Test input generation for programs with pointers. In: Kowalewski, S., Philippou, A. (eds.) TACAS 2009. LNCS, vol. 5505, pp. 277–291. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  13. 13.
    Xu, Z., Zhang, J.: A test data generation tool for unit testing of C programs. In: QSIC, pp. 107–116. IEEE (2006)Google Scholar
  14. 14.
  15. 15.
  16. 16.

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Marek Trtík
    • 1
  • Jan Strejček
    • 2
  1. 1.VERIMAGGrenobleFrance
  2. 2.Faculty of InformaticsMasaryk UniversityBrnoCzech Republic

Personalised recommendations