License: 
Creative Commons Attribution 3.0 Unported license (CC BY 3.0)
When quoting this document, please refer to the following
DOI: 10.4230/LIPIcs.ECOOP.2018.6
URN: urn:nbn:de:0030-drops-92115
URL: http://dagstuhl.sunsite.rwth-aachen.de/volltexte/2018/9211/
Chen, Junjie ;
Hu, Wenxiang ;
Zhang, Lingming ;
Hao, Dan ;
Khurshid, Sarfraz ;
Zhang, Lu
Learning to Accelerate Symbolic Execution via Code Transformation
Abstract
Symbolic execution is an effective but expensive technique for automated test generation. Over the years, a large number of refined symbolic execution techniques have been proposed to improve its efficiency. However, the symbolic execution efficiency problem remains, and largely limits the application of symbolic execution in practice. Orthogonal to refined symbolic execution, in this paper we propose to accelerate symbolic execution through semantic-preserving code transformation on the target programs. During the initial stage of this direction, we adopt a particular code transformation, compiler optimization, which is initially proposed to accelerate program concrete execution by transforming the source program into another semantic-preserving target program with increased efficiency (e.g., faster or smaller). However, compiler optimizations are mostly designed to accelerate program concrete execution rather than symbolic execution. Recent work also reported that unified settings on compiler optimizations that can accelerate symbolic execution for any program do not exist at all. Therefore, in this work we propose a machine-learning based approach to tuning compiler optimizations to accelerate symbolic execution, whose results may also aid further design of specific code transformations for symbolic execution. In particular, the proposed approach LEO separates source-code functions and libraries through our program-splitter, and predicts individual compiler optimization (i.e., whether a type of code transformation is chosen) separately through analyzing the performance of existing symbolic execution. Finally, LEO applies symbolic execution on the code transformed by compiler optimization (through our local-optimizer). We conduct an empirical study on GNU Coreutils programs using the KLEE symbolic execution engine. The results show that LEO significantly accelerates symbolic execution, outperforming the default KLEE configurations (i.e., turning on/off all compiler optimizations) in various settings, e.g., with the default training/testing time, LEO achieves the highest line coverage in 50/68 programs, and its average improvement rate on all programs is 46.48%/88.92% in terms of line coverage compared with turning on/off all compiler optimizations.
BibTeX - Entry
@InProceedings{chen_et_al:LIPIcs:2018:9211,
author = {Junjie Chen and Wenxiang Hu and Lingming Zhang and Dan Hao and Sarfraz Khurshid and Lu Zhang},
title = {{Learning to Accelerate Symbolic Execution via Code Transformation}},
booktitle = {32nd European Conference on Object-Oriented Programming (ECOOP 2018)},
pages = {6:1--6:27},
series = {Leibniz International Proceedings in Informatics (LIPIcs)},
ISBN = {978-3-95977-079-8},
ISSN = {1868-8969},
year = {2018},
volume = {109},
editor = {Todd Millstein},
publisher = {Schloss Dagstuhl--Leibniz-Zentrum fuer Informatik},
address = {Dagstuhl, Germany},
URL = {http://drops.dagstuhl.de/opus/volltexte/2018/9211},
URN = {urn:nbn:de:0030-drops-92115},
doi = {10.4230/LIPIcs.ECOOP.2018.6},
annote = {Keywords: Symbolic Execution, Code Transformation, Machine Learning}
}
|
Keywords: |
|
Symbolic Execution, Code Transformation, Machine Learning |
|
Collection: |
|
32nd European Conference on Object-Oriented Programming (ECOOP 2018) |
|
Issue Date: |
|
2018 |
|
Date of publication: |
|
10.07.2018 |
