Optimization and Assessment of Path Constraints in Symbolic Execution
Abstract
Symbolic Execution (SE) is a program verification technique that interprets each program execution path on symbolic instead of concrete input values. As SE traverses a program path it generates a set of constraints, known as a path condition (PC), on symbolic input values. To determine whether a program path is executable SE passes the path’s PC to a constraint solver to check for satisfiability. If the PC is satisfiable then a program can execute such path.
As SE interprets large programs the size of PCs can become very extensive which might impair both SE and the constraint solver. This work focuses on exploring techniques that reduce the number of constraints in PCs of real Java programs. In particular, we exploit Parma Polyhedra Library (PPL) APIs for a set linear inequalities to find redundant constraints and over-approximate the set of constraints in a PC. Thus, we can simplify PCs, allowing for efficient program analysis.
Optimization and Assessment of Path Constraints in Symbolic Execution
Symbolic Execution (SE) is a program verification technique that interprets each program execution path on symbolic instead of concrete input values. As SE traverses a program path it generates a set of constraints, known as a path condition (PC), on symbolic input values. To determine whether a program path is executable SE passes the path’s PC to a constraint solver to check for satisfiability. If the PC is satisfiable then a program can execute such path.
As SE interprets large programs the size of PCs can become very extensive which might impair both SE and the constraint solver. This work focuses on exploring techniques that reduce the number of constraints in PCs of real Java programs. In particular, we exploit Parma Polyhedra Library (PPL) APIs for a set linear inequalities to find redundant constraints and over-approximate the set of constraints in a PC. Thus, we can simplify PCs, allowing for efficient program analysis.