Symbolic Memory with Pointers

  • Marek Trtík
  • Jan Strejček
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8837)


We introduce a segment-offset-plane memory model for symbolic execution that supports symbolic pointers, allocations of memory blocks of symbolic sizes, and multi-writes. We further describe our efficient implementation of the model in a free open-source project Bugst. Experimental results provide empirical evidence that the implemented memory model effectively tackles the variable storage-referencing problem of symbolic execution.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Beyer, D.: Second competition on software verification. In: Piterman, N., Smolka, S.A. (eds.) TACAS 2013 (ETAPS 2013). LNCS, vol. 7795, pp. 594–609. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  2. 2.
    Boyer, R.S., Elspas, B., Levitt, K.N.: SELECT – A formal system for testing and debugging programs by symbolic execution. In: ICRS, pp. 234–245. ACM (1975)Google Scholar
  3. 3.
    Cadar, C., Dunbar, D., Engler, D.: KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs. In: OSDI, pp. 209–224. USENIX Association (2008)Google Scholar
  4. 4.
    Cadar, C., Ganesh, V., Pawlowski, P.M., Dill, D.L., Engler, D.R.: EXE: Automatically generating inputs of death. In: CCS, pp. 322–335. ACM (2006)Google Scholar
  5. 5.
    Deng, X., Lee, J.: Robby. Efficient and formal generalized symbolic execution. Autom. Softw. Eng. 19(3), 233–301 (2012)CrossRefGoogle Scholar
  6. 6.
    Elkarablieh, B., Godefroid, P., Levin, M.Y.: Precise pointer reasoning for dynamic test generation. In: ISSTA, pp. 129–140. ACM (2009)Google Scholar
  7. 7.
    Howden, W.E.: Symbolic testing and the DISSECT symbolic evaluation system. IEEE Trans. Software Eng. 3, 266–278 (1977)CrossRefMATHGoogle Scholar
  8. 8.
    Khurshid, S., Păsăreanu, C.S., Visser, W.: Generalized symbolic execution for model checking and testing. In: Garavel, H., Hatcliff, J. (eds.) TACAS 2003. LNCS, vol. 2619, pp. 553–568. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  9. 9.
    King, J.C.: Symbolic execution and program testing. Commun. ACM 19(7), 385–394 (1976)CrossRefMATHGoogle Scholar
  10. 10.
    Sen, K., Marinov, D., Agha, G.: CUTE: A concolic unit testing engine for C. In: ESEC/FSE, pp. 263–272. ACM (2005)Google Scholar
  11. 11.
    Slaby, J., Strejček, J., Trtík, M.: Compact symbolic execution. In: Van Hung, D., Ogawa, M. (eds.) ATVA 2013. LNCS, vol. 8172, pp. 193–207. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  12. 12.
    Vanoverberghe, D., Tillmann, N., Piessens, F.: Test input generation for programs with pointers. In: Kowalewski, S., Philippou, A. (eds.) TACAS 2009. LNCS, vol. 5505, pp. 277–291. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  13. 13.
    Xu, Z., Zhang, J.: A test data generation tool for unit testing of C programs. In: QSIC, pp. 107–116. IEEE (2006)Google Scholar
  14. 14.
  15. 15.
  16. 16.

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Marek Trtík
    • 1
  • Jan Strejček
    • 2
  1. 1.VERIMAGGrenobleFrance
  2. 2.Faculty of InformaticsMasaryk UniversityBrnoCzech Republic

Personalised recommendations