{"title":"组合符号执行:增量解决重访","authors":"Yude Lin, Tim Miller, H. Søndergaard","doi":"10.1109/APSEC.2016.046","DOIUrl":null,"url":null,"abstract":"Symbolic execution can automatically explore different execution paths in a system under test and generate tests to precisely cover them. It has two main advantages—being automatic and thorough within a theory—and has many successful applications. The bottleneck of symbolic execution currently is the computation consumption for complex systems. Compositional Symbolic Execution (CSE) introduces a summarisation module to eliminate the redundancy in the exploration of repeatedly encountered code. In our previous work, we generalised the summarisation for any code fragments instead of functions. In this paper, we transplant this idea onto LLVM with many additional features, one of them being the use of incremental solving. We show that the combination of CSE and incremental solving is mutually beneficial. The obvious weakness of CSE is the lack of context during summarisation. We discuss the use of assumption-based features, available in modern constraint solvers, as a way to overcome this problem.","PeriodicalId":339123,"journal":{"name":"2016 23rd Asia-Pacific Software Engineering Conference (APSEC)","volume":"49 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Compositional Symbolic Execution: Incremental Solving Revisited\",\"authors\":\"Yude Lin, Tim Miller, H. Søndergaard\",\"doi\":\"10.1109/APSEC.2016.046\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Symbolic execution can automatically explore different execution paths in a system under test and generate tests to precisely cover them. It has two main advantages—being automatic and thorough within a theory—and has many successful applications. The bottleneck of symbolic execution currently is the computation consumption for complex systems. Compositional Symbolic Execution (CSE) introduces a summarisation module to eliminate the redundancy in the exploration of repeatedly encountered code. In our previous work, we generalised the summarisation for any code fragments instead of functions. In this paper, we transplant this idea onto LLVM with many additional features, one of them being the use of incremental solving. We show that the combination of CSE and incremental solving is mutually beneficial. The obvious weakness of CSE is the lack of context during summarisation. We discuss the use of assumption-based features, available in modern constraint solvers, as a way to overcome this problem.\",\"PeriodicalId\":339123,\"journal\":{\"name\":\"2016 23rd Asia-Pacific Software Engineering Conference (APSEC)\",\"volume\":\"49 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1900-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 23rd Asia-Pacific Software Engineering Conference (APSEC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/APSEC.2016.046\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 23rd Asia-Pacific Software Engineering Conference (APSEC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/APSEC.2016.046","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Symbolic execution can automatically explore different execution paths in a system under test and generate tests to precisely cover them. It has two main advantages—being automatic and thorough within a theory—and has many successful applications. The bottleneck of symbolic execution currently is the computation consumption for complex systems. Compositional Symbolic Execution (CSE) introduces a summarisation module to eliminate the redundancy in the exploration of repeatedly encountered code. In our previous work, we generalised the summarisation for any code fragments instead of functions. In this paper, we transplant this idea onto LLVM with many additional features, one of them being the use of incremental solving. We show that the combination of CSE and incremental solving is mutually beneficial. The obvious weakness of CSE is the lack of context during summarisation. We discuss the use of assumption-based features, available in modern constraint solvers, as a way to overcome this problem.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
