Boosting Symbolic Execution via Constraint Solving Time Prediction (Experience Paper)
Fri 16 Jul 2021 18:40 - 19:00 at ISSTA 2 - Session 20 (time band 1) Analysis Chair(s): Shiyi Wei
Symbolic execution is an essential approach for automated test case generation. However, the approach is generally not scalable to large programs. One critical reason is that the constraint solving problems in symbolic execution are generally hard. Consequently, the symbolic execution process may get stuck in solving such hard problems. To mitigate this issue, symbolic execution tools generally rely on a timeout threshold to terminate the solving. Such a timeout is generally set to a fixed, predefined value, \textit{e.g.}, five minutes in angr. Nevertheless, how to set a proper timeout is critical to the tool's efficiency. This paper proposes an approach to tackle the problem by predicting the time required for solving a constraint model so that the symbolic execution engine could base on the information to determine whether to continue the current solving process. Due to the cost of the prediction itself, our approach triggers the predictor only when the solving time has exceeded a relatively small value. We have shown that such a predictor can achieve promising performance with several different machine learning models and datasets. By further employing an adaptive design, the predictor can achieve an F1-score ranging from 0.743 to 0.800 on these datasets. We then apply the predictor to eight programs and conduct simulation experiments. Results show that the efficiency of constraint solving for symbolic execution can be improved by 1.25x to 3x, depending on the distribution of the hardness of their constraint models.
| Boosting Symbolic Execution via Constraint Solving Time Prediction[slide] (Boosting_Symbolic_Execution_via_Constraint_Solving_Time_Prediction.pdf) | 1.26MiB |
Thu 15 JulDisplayed time zone: Brussels, Copenhagen, Madrid, Paris change
09:10 - 10:50 | Session 10 (time band 3) Symbolic Execution 1Technical Papers at ISSTA 2 Chair(s): Sébastien Bardin CEA LIST, University Paris-Saclay | ||
09:10 20mTalk | Fuzzing SMT Solvers via Two-Dimensional Input Space Exploration Technical Papers Peisen Yao Hong Kong University of Science and Technology, Heqing Huang Hong Kong University of Science and Technology, Wensheng Tang Hong Kong University of Science and Technology, Qingkai Shi Purdue University, Rongxin Wu Xiamen University, Charles Zhang Hong Kong University of Science and Technology DOI | ||
09:30 20mTalk | Boosting Symbolic Execution via Constraint Solving Time Prediction (Experience Paper) Technical Papers Sicheng Luo Fudan University, Hui Xu Fudan University, Yanxiang Bi Fudan University, Xin Wang Fudan University, Yangfan Zhou Fudan University DOI File Attached | ||
09:50 20mTalk | Synthesize Solving Strategy for Symbolic Execution Technical Papers Zhenbang Chen National University of Defense Technology, Zehua Chen National University of Defense Technology, Ziqi Shuai National University of Defense Technology, Guofeng Zhang Hunan University, Weiyu Pan National University of Defense Technology, Yufeng Zhang Hunan University, Ji Wang National University of Defense Technology DOI | ||
10:10 20mTalk | Type and Interval Aware Array Constraint Solving for Symbolic ExecutionACM SIGSOFT Distinguished Paper Technical Papers Ziqi Shuai National University of Defense Technology, Zhenbang Chen National University of Defense Technology, Yufeng Zhang Hunan University, Jun Sun Singapore Management University, Ji Wang National University of Defense Technology DOI | ||
10:30 20mTalk | Grammar-Agnostic Symbolic Execution by Token Symbolization Technical Papers Weiyu Pan National University of Defense Technology, Zhenbang Chen National University of Defense Technology, Guofeng Zhang Hunan University, Yunlai Luo National University of Defense Technology, Yufeng Zhang Hunan University, Ji Wang National University of Defense Technology DOI | ||
Fri 16 JulDisplayed time zone: Brussels, Copenhagen, Madrid, Paris change
18:20 - 20:00 | Session 20 (time band 1) AnalysisTechnical Papers at ISSTA 2 Chair(s): Shiyi Wei University of Texas at Dallas | ||
18:20 20mTalk | A Lightweight Framework for Function Name Reassignment Based on Large-Scale Stripped BinariesACM SIGSOFT Distinguished Paper Technical Papers Han Gao University of Science and Technology of China, Shaoyin Cheng University of Science and Technology of China, Yinxing Xue University of Science and Technology of China, Weiming Zhang University of Science and Technology of China DOI | ||
18:40 20mTalk | Boosting Symbolic Execution via Constraint Solving Time Prediction (Experience Paper) Technical Papers Sicheng Luo Fudan University, Hui Xu Fudan University, Yanxiang Bi Fudan University, Xin Wang Fudan University, Yangfan Zhou Fudan University DOI File Attached | ||
19:00 20mTalk | Finding Data Compatibility Bugs with JSON Subschema CheckingDistinguished Artifact Technical Papers Andrew Habib SnT, University of Luxembourg, Avraham Shinnar IBM Research, Martin Hirzel IBM Research, Michael Pradel University of Stuttgart Link to publication DOI Pre-print File Attached | ||
19:20 20mTalk | SAND: A Static Analysis Approach for Detecting SQL AntipatternsACM SIGSOFT Distinguished Paper Technical Papers Yingjun Lyu Amazon, Sasha Volokh University of Southern California, William G.J. Halfond University of Southern California, Omer Tripp Amazon DOI | ||
19:40 20mTalk | Automated Patch Backporting in Linux (Experience Paper)Distinguished Artifact Technical Papers Ridwan Salihin Shariffdeen National University of Singapore, Xiang Gao National University of Singapore, Gregory J. Duck National University of Singapore, Shin Hwei Tan Southern University of Science and Technology, Julia Lawall Inria, Abhik Roychoudhury National University of Singapore DOI Pre-print Media Attached | ||