A new efficient memory allocator for KLEE that supports cross-run and cross-path determinism as well as spatially and temporally distanced allocations.

Overview

Dynamic symbolic execution (DSE) has established itself as an effective testing and analysis technique. While the memory model in DSE has attracted significant attention, the memory allocator has been largely ignored, despite its significant influence on DSE.

In this paper, we discuss the different ways in which the memory allocator can influence DSE, and discuss the main design principles that a memory allocator for DSE needs to follow: support for external calls, cross-run and cross-path determinism, spatially and temporally distanced allocations and stability. We then present KDAlloc, a deterministic allocator for DSE that is guided by these six design principles.

Artefact

The artefact page is available here.

Publications

• A Deterministic Memory Allocator for Dynamic Symbolic Execution

  Daniel Schemmel, Julian Büning, Frank Busse, Martin Nowack, Cristian Cadar

  36th European Conference on Object-Oriented Programming (ECOOP 2022)