Symbolic execution (SE) is a widely used program analysis tech- nique. Existing SE engines model the memory space by associating memory objects with concrete addresses, where the representation of each allocated object is determined during its allocation. We present a novel addressing model where the underlying representa- tion of an allocated object can be dynamically modified even after its allocation, by using symbolic addresses rather than concrete ones. We demonstrate the benefits of our model in two applica- tion scenarios: dynamic inter- and intra-object partitioning. In the former, we show how the recently proposed segmented memory model can be improved by dynamically merging several object representations into a single one, rather than doing that a-priori using static pointer analysis. In the latter, we show how the cost of solving array theory constraints can be reduced by splitting the representations of large objects into multiple smaller ones. Our pre- liminary results show that our approach can significantly improve the overall effectiveness of the symbolic exploration.
Mon 20 Jul Times are displayed in time zone: (GMT-07:00) Tijuana, Baja California change
|12:10 - 12:30|
Yao PeisenHKUST, Qingkai ShiThe Hong Kong University of Science and Technology, Heqing Huang, Charles ZhangThe Hong Kong University of Science and TechnologyDOI
|12:30 - 12:50|
Technical PapersDOI Pre-print
|12:50 - 13:10|
Frank BusseImperial College London, Martin NowackImperial College London, Cristian CadarImperial College LondonDOI Pre-print Media Attached