Deferred Concretization in Symbolic Execution via Fuzzing
Concretization is an effective weapon in the armory of symbolic execution engines. However, concretization can lead to loss in coverage, path divergence, and generation of test-cases on which the intended bugs are not reproduced. In this paper, we propose an algorithm, Deferred Concretization, that uses a new category for values within symbolic execution (referred to as the symcrete values) to pend concretization till they are actually needed. Our tool, COLOSSUS, built around these ideas, was able to gain an average coverage improvement of 66.94% and reduce divergence by more than 55% relative to the state-of-the-art symbolic execution engine, KLEE. Moreover, we found that KLEE loses about 38.60% of the states in the symbolic execution tree that COLOSSUS is able to recover, showing that COLOSSUS is capable of covering a much larger coverage space.
Thu 18 JulDisplayed time zone: Beijing, Chongqing, Hong Kong, Urumqi change
16:00 - 17:30 | |||
16:00 22mTalk | Effective and Efficient API Misuse Detection via Exception Propagation and Search-based Testing Technical Papers Maria Kechagia University College London, Xavier Devroey Delft University of Technology, Annibale Panichella Deflt University of Technology, Georgios Gousios TU Delft, Arie van Deursen Delft University of Technology DOI Pre-print Media Attached | ||
16:22 22mTalk | Automated API-Usage Update for Android Apps Technical Papers Mattia Fazzini Georgia Institute of Technology, Qi Xin Georgia Institute of Technology, Alessandro Orso Georgia Tech | ||
16:45 22mTalk | A Large-Scale Study of Application Incompatibilities in Android Technical Papers Haipeng Cai Washington State University, USA, Ziyi Zhang , Li Li Monash University, Australia, Xiaoqin Fu Washington State University Pre-print | ||
17:07 22mTalk | Deferred Concretization in Symbolic Execution via Fuzzing Technical Papers | ||