Haifa Verification Conference

Hardware and Software: Verification and Testing pp 120-135 | Cite as

Parallel Symbolic Execution: Merging In-Flight Requests

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9434)


The strength of symbolic execution is the systematic analysis and validation of all possible control flow paths of a program and their respective properties, which is done by use of a solver component. Thus, it can be used for program testing in many different domains, e.g. test generation, fault discovery, information leakage detection, or energy consumption analysis. But major challenges remain, notably the huge (up to infinite) number of possible paths and the high computation costs generated by the solver to check the satisfiability of the constraints imposed by the paths. To tackle these challenges, researchers proposed the parallelization of symbolic execution by dividing the state space and handling the parts independently. Although this approach scales out well, we can further improve it by proposing a thread-based parallelized approach. It allows us to reuse shared resources like caches more efficiently – a vital part to reduce the solving costs. More importantly, this architecture enables us to use a new technique, which merges parallel incoming solver requests, leveraging incremental solving capabilities provided by modern solvers. Our results show a reduction of the solver time up to 50 % over the multi-threaded execution.


Expense Cond 



We thank the anonymous reviewers for their insightful comments. This work was partially founded by the German Research Foundation (DFG) under grant FE 1035/1-2.


  1. 1.
    Anand, S., Naik, M., Harrold, M.J., Yang, H.: Automated concolic testing of smartphone apps. In: Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering, FSE 2012, pp. 59:1–59:11. ACM, New York (2012). http://doi.acm.org/10.1145/2393596.2393666
  2. 2.
    Anand, S., Păsăreanu, C.S., Visser, W.: JPF–SE: a symbolic execution extension to Java PathFinder. In: Grumberg, O., Huth, M. (eds.) TACAS 2007. LNCS, vol. 4424, pp. 134–138. Springer, Heidelberg (2007) CrossRefGoogle Scholar
  3. 3.
    Avancini, A., Ceccato, M.: Comparison and integration of genetic algorithms and dynamic symbolic execution for security testing of cross-site scripting vulnerabilities. Inf. Softw. Tech. 55(12), 2209–2222 (2013). http://dx.doi.org/10.1016/j.infsof.2013.08.001 CrossRefGoogle Scholar
  4. 4.
    Bucur, S., Ureche, V., Zamfir, C., Candea, G.: Parallel symbolic execution for automated real-world software testing. In: EuroSys 2011: Proceedings of the Sixth Conference on Computer Systems, pp. 183–198. ACM Request Permissions, New York, April 2011. http://portal.acm.org/citation.cfm?doid=1966445.1966463
  5. 5.
    Cadar, C., Dunbar, D., Engler, D.: Klee: unassisted and automatic generation of high-coverage tests for complex systems programs. In: Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation, OSDI 2008, pp. 209–224. USENIX Association, Berkeley (2008). http://dl.acm.org/citation.cfm?id=1855741.1855756
  6. 6.
    Cimatti, A., Griggio, A., Schaafsma, B.J., Sebastiani, R.: The MathSAT5 SMT solver. In: Piterman, N., Smolka, S.A. (eds.) TACAS 2013. LNCS, vol. 7795, pp. 93–107. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  7. 7.
    Ciortea, L., Zamfir, C., Bucur, S., Chipounov, V., Candea, G.: Cloud9: a software testing service. ACM SIGOPS Operat. Syst. Rev. 43(4), 5–10 (2010). http://dl.acm.org/citation.cfm?id=1713254.1713257 CrossRefGoogle Scholar
  8. 8.
    Corin, R., Manzano, F.A.: Taint analysis of security code in the KLEE symbolic execution engine. In: Chim, T.W., Yuen, T.H. (eds.) ICICS 2012. LNCS, vol. 7618, pp. 264–275. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  9. 9.
    Ganesh, V., Dill, D.L.: A decision procedure for bit-vectors and arrays. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 519–531. Springer, Heidelberg (2007) CrossRefGoogle Scholar
  10. 10.
    Hönig, T., Eibel, C., Kapitza, R., Schröder-Preikschat, W.: SEEP: exploiting symbolic execution for energy-aware programming. Operat. Syst. Rev. 45(3), 58–62 (2011). http://doi.acm.org/10.1145/2094091.2094106 CrossRefGoogle Scholar
  11. 11.
    King, A.: Distributed Parallel Symbolic Execution. Master’s thesis, August 2009Google Scholar
  12. 12.
    King, J.C.: Symbolic execution and program testing. Commun. ACM 19(7), 385–394 (1976). http://doi.acm.org/10.1145/360248.360252 CrossRefMathSciNetMATHGoogle Scholar
  13. 13.
    Lattner, C., Adve, V.: LLVM: a compilation framework for lifelong program analysis & transformation. In: CGO 2004: Proceedings of the International Symposium on Code Generation and Optimization: Feedback-Directed and Runtime Optimization. pp. 75–86. IEEE Computer Society, March 2004. http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=1281665
  14. 14.
    Mirzaei, N., Malek, S., Pasareanu, C.S., Esfahani, N., Mahmood, R.: Testing android apps through symbolic execution. ACM SIGSOFT Softw. Eng. Not. 37(6), 1–5 (2012). http://doi.acm.org/10.1145/2382756.2382798 CrossRefGoogle Scholar
  15. 15.
    de Moura, L., Bjørner, N.S.: Z3: an efficient smt solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  16. 16.
    Palikareva, H., Cadar, C.: Multi-solver support in symbolic execution. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 53–68. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  17. 17.
    Pötzl, D., Holzer, A.: Solving constraints for generational search. In: Veanes, M., Viganò, L. (eds.) TAP 2013. LNCS, vol. 7942, pp. 197–213. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  18. 18.
    Staats, M., Pǎsǎreanu, C.: Parallel symbolic execution for structural test generation. In: The 19th International Symposium, p. 183. ACM Press, New York (2010). http://portal.acm.org/citation.cfm?doid=1831708.1831732

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.Technische Universität DresdenDresdenGermany

Personalised recommendations