PathWalker: A dynamic symbolic execution tool based on LLVM byte code instrumentation

Zhang Jun-Xian; Li Zhou-Jun; Zheng Xian-Chen

doi:10.1007/978-3-319-25942-0_15

PathWalker: A dynamic symbolic execution tool based on LLVM byte code instrumentation

Zhang Jun-Xian^*
, Li Zhou-Jun
, Zheng Xian-Chen

^*此作品的通讯作者

计算机学院

Beihang University
University of Jinan

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

摘要

Dynamic symbolic execution (or concolic execution) is a powerful method for program analysis and software testing by attaching symbolic execution to the concrete running of a program. This paper proposes an approach to handle aggregate types (e.g., pointers, arrays, structures) and their complex combinations for the dynamic symbolic execution of C programs. The main idea of the approach is splitting a complex type program variable into a series of primitive type variables. During the concrete execution of a program, a con- colic execution engine is provided to observe the operations on every program variable at the level of primitive types, and then the symbolic state of the program is updated. The path constraints which must be satisfied to drive the program running along the current execution path are collected to generate new test data for other paths. Our approach guarantees that only primitive type variables can appear in the symbolic states and path constraints. Based on LLVM byte code instrumentation, we present a new tool, called PathWalker, which implements this approach. Experimental results reveal that PathWalker is effective to deal with complex types in C codes.

源语言	英语
主期刊名	Dependable Software Engineering
主期刊副标题	Theories, Tools, and Applications - 1st International Symposium, SETTA 2015, Proceedings
编辑	Zhiming Liu, Wang Yi, Xuandong Li
出版商	Springer Verlag
页	227-242
页数	16
ISBN（印刷版）	9783319259413
DOI	https://doi.org/10.1007/978-3-319-25942-0_15
出版状态	已出版 - 2015
活动	1st International Symposium on Dependable Software Engineering: Theories, Tools, and Applications, SETTA 2015 - Nanjing, 中国期限: 4 11月 2015 → 6 11月 2015

出版系列

姓名	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
卷	9409
ISSN（印刷版）	0302-9743
ISSN（电子版）	1611-3349

会议

会议	1st International Symposium on Dependable Software Engineering: Theories, Tools, and Applications, SETTA 2015
国家/地区	中国
市	Nanjing
时期	4/11/15 → 6/11/15

访问文件

10.1007/978-3-319-25942-0_15

其它文件与链接

链接到 Scopus 的出版物

引用此

Jun-Xian, Z., Zhou-Jun, L., & Xian-Chen, Z. (2015). PathWalker: A dynamic symbolic execution tool based on LLVM byte code instrumentation. 在 Z. Liu, W. Yi, & X. Li (编辑), Dependable Software Engineering: Theories, Tools, and Applications - 1st International Symposium, SETTA 2015, Proceedings (页码 227-242). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); 卷 9409). Springer Verlag. https://doi.org/10.1007/978-3-319-25942-0_15

Jun-Xian, Zhang ; Zhou-Jun, Li ; Xian-Chen, Zheng. / PathWalker : A dynamic symbolic execution tool based on LLVM byte code instrumentation. Dependable Software Engineering: Theories, Tools, and Applications - 1st International Symposium, SETTA 2015, Proceedings. 编辑 / Zhiming Liu ; Wang Yi ; Xuandong Li. Springer Verlag, 2015. 页码 227-242 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{e134c2e7b9234eb2966245d63b8133dc,

title = "PathWalker: A dynamic symbolic execution tool based on LLVM byte code instrumentation",

abstract = "Dynamic symbolic execution (or concolic execution) is a powerful method for program analysis and software testing by attaching symbolic execution to the concrete running of a program. This paper proposes an approach to handle aggregate types (e.g., pointers, arrays, structures) and their complex combinations for the dynamic symbolic execution of C programs. The main idea of the approach is splitting a complex type program variable into a series of primitive type variables. During the concrete execution of a program, a con- colic execution engine is provided to observe the operations on every program variable at the level of primitive types, and then the symbolic state of the program is updated. The path constraints which must be satisfied to drive the program running along the current execution path are collected to generate new test data for other paths. Our approach guarantees that only primitive type variables can appear in the symbolic states and path constraints. Based on LLVM byte code instrumentation, we present a new tool, called PathWalker, which implements this approach. Experimental results reveal that PathWalker is effective to deal with complex types in C codes.",

keywords = "Dynamic symbolic execution, LLVM aggregate type, Program instrumentation",

author = "Zhang Jun-Xian and Li Zhou-Jun and Zheng Xian-Chen",

note = "Publisher Copyright: {\textcopyright} Springer International Publishing Switzerland 2015.; 1st International Symposium on Dependable Software Engineering: Theories, Tools, and Applications, SETTA 2015 ; Conference date: 04-11-2015 Through 06-11-2015",

year = "2015",

doi = "10.1007/978-3-319-25942-0\_15",

language = "英语",

isbn = "9783319259413",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "227--242",

editor = "Zhiming Liu and Wang Yi and Xuandong Li",

booktitle = "Dependable Software Engineering",

address = "德国",

}

Jun-Xian, Z, Zhou-Jun, L & Xian-Chen, Z 2015, PathWalker: A dynamic symbolic execution tool based on LLVM byte code instrumentation. 在 Z Liu, W Yi & X Li (编辑), Dependable Software Engineering: Theories, Tools, and Applications - 1st International Symposium, SETTA 2015, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 卷 9409, Springer Verlag, 页码 227-242, 1st International Symposium on Dependable Software Engineering: Theories, Tools, and Applications, SETTA 2015, Nanjing, 中国, 4/11/15. https://doi.org/10.1007/978-3-319-25942-0_15

PathWalker: A dynamic symbolic execution tool based on LLVM byte code instrumentation. / Jun-Xian, Zhang; Zhou-Jun, Li; Xian-Chen, Zheng.
Dependable Software Engineering: Theories, Tools, and Applications - 1st International Symposium, SETTA 2015, Proceedings. 编辑 / Zhiming Liu; Wang Yi; Xuandong Li. Springer Verlag, 2015. 页码 227-242 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); 卷 9409).

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

TY - GEN

T1 - PathWalker

T2 - 1st International Symposium on Dependable Software Engineering: Theories, Tools, and Applications, SETTA 2015

AU - Jun-Xian, Zhang

AU - Zhou-Jun, Li

AU - Xian-Chen, Zheng

N1 - Publisher Copyright: © Springer International Publishing Switzerland 2015.

PY - 2015

Y1 - 2015

N2 - Dynamic symbolic execution (or concolic execution) is a powerful method for program analysis and software testing by attaching symbolic execution to the concrete running of a program. This paper proposes an approach to handle aggregate types (e.g., pointers, arrays, structures) and their complex combinations for the dynamic symbolic execution of C programs. The main idea of the approach is splitting a complex type program variable into a series of primitive type variables. During the concrete execution of a program, a con- colic execution engine is provided to observe the operations on every program variable at the level of primitive types, and then the symbolic state of the program is updated. The path constraints which must be satisfied to drive the program running along the current execution path are collected to generate new test data for other paths. Our approach guarantees that only primitive type variables can appear in the symbolic states and path constraints. Based on LLVM byte code instrumentation, we present a new tool, called PathWalker, which implements this approach. Experimental results reveal that PathWalker is effective to deal with complex types in C codes.

AB - Dynamic symbolic execution (or concolic execution) is a powerful method for program analysis and software testing by attaching symbolic execution to the concrete running of a program. This paper proposes an approach to handle aggregate types (e.g., pointers, arrays, structures) and their complex combinations for the dynamic symbolic execution of C programs. The main idea of the approach is splitting a complex type program variable into a series of primitive type variables. During the concrete execution of a program, a con- colic execution engine is provided to observe the operations on every program variable at the level of primitive types, and then the symbolic state of the program is updated. The path constraints which must be satisfied to drive the program running along the current execution path are collected to generate new test data for other paths. Our approach guarantees that only primitive type variables can appear in the symbolic states and path constraints. Based on LLVM byte code instrumentation, we present a new tool, called PathWalker, which implements this approach. Experimental results reveal that PathWalker is effective to deal with complex types in C codes.

KW - Dynamic symbolic execution

KW - LLVM aggregate type

KW - Program instrumentation

UR - https://www.scopus.com/pages/publications/84951130833

U2 - 10.1007/978-3-319-25942-0_15

DO - 10.1007/978-3-319-25942-0_15

M3 - 会议稿件

AN - SCOPUS:84951130833

SN - 9783319259413

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 227

EP - 242

BT - Dependable Software Engineering

A2 - Liu, Zhiming

A2 - Yi, Wang

A2 - Li, Xuandong

PB - Springer Verlag

Y2 - 4 November 2015 through 6 November 2015

ER -

Jun-Xian Z, Zhou-Jun L, Xian-Chen Z. PathWalker: A dynamic symbolic execution tool based on LLVM byte code instrumentation. 在 Liu Z, Yi W, Li X, 编辑, Dependable Software Engineering: Theories, Tools, and Applications - 1st International Symposium, SETTA 2015, Proceedings. Springer Verlag. 2015. 页码 227-242. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-25942-0_15

PathWalker: A dynamic symbolic execution tool based on LLVM byte code instrumentation

摘要

出版系列

会议

访问文件

其它文件与链接

指纹

引用此