FastKLEE: faster symbolic execution via reducing redundant bound checking of type-safe pointers
Symbolic execution (SE) has been widely adopted for automatic program analysis and software testing. Many SE engines (e.g., KLEE or Angr) need to interpret certain Intermediate Representations (IR) of code during execution, which may be slow and costly. Although a plurality of studies proposed to ac...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2022
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/7710 https://ink.library.smu.edu.sg/context/sis_research/article/8713/viewcontent/fse22fastKLEEdemo.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-8713 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-87132023-01-10T03:02:51Z FastKLEE: faster symbolic execution via reducing redundant bound checking of type-safe pointers TU, Haoxin JIANG, Lingxiao DING, Xuhua JIANG, He Symbolic execution (SE) has been widely adopted for automatic program analysis and software testing. Many SE engines (e.g., KLEE or Angr) need to interpret certain Intermediate Representations (IR) of code during execution, which may be slow and costly. Although a plurality of studies proposed to accelerate SE, few of them consider optimizing the internal interpretation operations. In this paper, we propose FastKLEE, a faster SE engine that aims to speed up execution via reducing redundant bound checking of type-safe pointers during IR code interpretation. Specifically, in FastKLEE, a type inference system is first leveraged to classify pointer types (i.e., safe or unsafe) for the most frequently interpreted read/write instructions. Then, a customized memory operation is designed to perform bound checking for only the unsafe pointers and omit redundant checking on safe pointers. We implement FastKLEE on top of the well-known SE engine KLEE and combined it with the notable type inference system CCured. Evaluation results demonstrate that FastKLEE is able to reduce by up to 9.1% (5.6% on average) as the state-of-the-art approach KLEE in terms of the time to explore the same number (i.e., 10k) of execution paths. FastKLEE is opensourced at https://github.com/haoxintu/FastKLEE. A video demo of FastKLEE is available at https://youtu.be/fjV_a3kt-mo. 2022-11-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/7710 info:doi/10.1145/3540250.3558919 https://ink.library.smu.edu.sg/context/sis_research/article/8713/viewcontent/fse22fastKLEEdemo.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Performance Software testing Symbolic execution Type inference Computer Engineering |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Performance Software testing Symbolic execution Type inference Computer Engineering |
| spellingShingle |
Performance Software testing Symbolic execution Type inference Computer Engineering TU, Haoxin JIANG, Lingxiao DING, Xuhua JIANG, He FastKLEE: faster symbolic execution via reducing redundant bound checking of type-safe pointers |
| description |
Symbolic execution (SE) has been widely adopted for automatic program analysis and software testing. Many SE engines (e.g., KLEE or Angr) need to interpret certain Intermediate Representations (IR) of code during execution, which may be slow and costly. Although a plurality of studies proposed to accelerate SE, few of them consider optimizing the internal interpretation operations. In this paper, we propose FastKLEE, a faster SE engine that aims to speed up execution via reducing redundant bound checking of type-safe pointers during IR code interpretation. Specifically, in FastKLEE, a type inference system is first leveraged to classify pointer types (i.e., safe or unsafe) for the most frequently interpreted read/write instructions. Then, a customized memory operation is designed to perform bound checking for only the unsafe pointers and omit redundant checking on safe pointers. We implement FastKLEE on top of the well-known SE engine KLEE and combined it with the notable type inference system CCured. Evaluation results demonstrate that FastKLEE is able to reduce by up to 9.1% (5.6% on average) as the state-of-the-art approach KLEE in terms of the time to explore the same number (i.e., 10k) of execution paths. FastKLEE is opensourced at https://github.com/haoxintu/FastKLEE. A video demo of FastKLEE is available at https://youtu.be/fjV_a3kt-mo. |
| format |
text |
| author |
TU, Haoxin JIANG, Lingxiao DING, Xuhua JIANG, He |
| author_facet |
TU, Haoxin JIANG, Lingxiao DING, Xuhua JIANG, He |
| author_sort |
TU, Haoxin |
| title |
FastKLEE: faster symbolic execution via reducing redundant bound checking of type-safe pointers |
| title_short |
FastKLEE: faster symbolic execution via reducing redundant bound checking of type-safe pointers |
| title_full |
FastKLEE: faster symbolic execution via reducing redundant bound checking of type-safe pointers |
| title_fullStr |
FastKLEE: faster symbolic execution via reducing redundant bound checking of type-safe pointers |
| title_full_unstemmed |
FastKLEE: faster symbolic execution via reducing redundant bound checking of type-safe pointers |
| title_sort |
fastklee: faster symbolic execution via reducing redundant bound checking of type-safe pointers |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2022 |
| url |
https://ink.library.smu.edu.sg/sis_research/7710 https://ink.library.smu.edu.sg/context/sis_research/article/8713/viewcontent/fse22fastKLEEdemo.pdf |
| _version_ |
1770576419196239872 |