A set of semantic-preserving transformations that take advantage of contextual information collected during symbolic execution to speedup array operations.
Despite significant recent advances, the effectiveness of symbolic execution is limited when used to test complex, real-world software. One of the main scalability challenges is related to constraint solving: large applications and long exploration paths lead to complex constraints, often involving big arrays indexed by symbolic expressions.
In this paper, we propose a set of semantic-preserving transformations for array operations that take advantage of contextual information collected during symbolic execution. Our transformations lead to simpler encodings and hence better performance in constraint solving.
The results we obtain are encouraging: we show, through an extensive experimental analysis, that our transformations help to significantly improve the performance of symbolic execution in the presence of arrays. We also show that our transformations enable the analysis of new code, which would be otherwise out of reach for symbolic execution.
KLEE-Array is made available both as source tarball and in a binary form, pre-installed in a virtual machine. For more details, please visit the artifact replication page.
This work was supported by the EPSRC through grants EP/N007166/1 and EP/L002795/1.