Parallel Symbolic Execution: Merging In-Flight Requests
The strength of symbolic execution is the systematic analysis and validation of all possible control flow paths of a program and their respective properties, which is done by use of a solver component. Thus, it can be used for program testing in many different domains, e.g. test generation, fault discovery, information leakage detection, or energy consumption analysis. But major challenges remain, notably the huge (up to infinite) number of possible paths and the high computation costs generated by the solver to check the satisfiability of the constraints imposed by the paths. To tackle these challenges, researchers proposed the parallelization of symbolic execution by dividing the state space and handling the parts independently. Although this approach scales out well, we can further improve it by proposing a thread-based parallelized approach. It allows us to reuse shared resources like caches more efficiently – a vital part to reduce the solving costs. More importantly, this architecture enables us to use a new technique, which merges parallel incoming solver requests, leveraging incremental solving capabilities provided by modern solvers. Our results show a reduction of the solver time up to 50 % over the multi-threaded execution.
KeywordsSymbolic Execution Path Constraint Ring Buffer State Space Explosion Work Thread
We thank the anonymous reviewers for their insightful comments. This work was partially founded by the German Research Foundation (DFG) under grant FE 1035/1-2.
- 1.Anand, S., Naik, M., Harrold, M.J., Yang, H.: Automated concolic testing of smartphone apps. In: Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering, FSE 2012, pp. 59:1–59:11. ACM, New York (2012). http://doi.acm.org/10.1145/2393596.2393666
- 4.Bucur, S., Ureche, V., Zamfir, C., Candea, G.: Parallel symbolic execution for automated real-world software testing. In: EuroSys 2011: Proceedings of the Sixth Conference on Computer Systems, pp. 183–198. ACM Request Permissions, New York, April 2011. http://portal.acm.org/citation.cfm?doid=1966445.1966463
- 5.Cadar, C., Dunbar, D., Engler, D.: Klee: unassisted and automatic generation of high-coverage tests for complex systems programs. In: Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation, OSDI 2008, pp. 209–224. USENIX Association, Berkeley (2008). http://dl.acm.org/citation.cfm?id=1855741.1855756
- 11.King, A.: Distributed Parallel Symbolic Execution. Master’s thesis, August 2009Google Scholar
- 13.Lattner, C., Adve, V.: LLVM: a compilation framework for lifelong program analysis & transformation. In: CGO 2004: Proceedings of the International Symposium on Code Generation and Optimization: Feedback-Directed and Runtime Optimization. pp. 75–86. IEEE Computer Society, March 2004. http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=1281665
- 18.Staats, M., Pǎsǎreanu, C.: Parallel symbolic execution for structural test generation. In: The 19th International Symposium, p. 183. ACM Press, New York (2010). http://portal.acm.org/citation.cfm?doid=1831708.1831732