BLISS: Improved Symbolic Execution by Bounded Lazy Initialization with SAT Support
- Autores
- Rosner, Nicolas Leandro; Geldenhuys, Jaco; Aguirre, Nazareno Matias; Visser, Willem; Frias, Marcelo Fabian
- Año de publicación
- 2015
- Idioma
- inglés
- Tipo de recurso
- artículo
- Estado
- versión publicada
- Descripción
- Lazy Initialization (LI) allows symbolic execution to effectively deal with heap-allocated data structures, thanks to a significant reduction in spurious and redundant symbolic structures. Bounded lazy initialization (BLI) improves on LI by taking advantage of precomputed relational bounds on the interpretation of class fields in order to reduce the number of spurious structures even further. In this paper we present bounded lazy initialization with SAT support (BLISS), a novel technique that refines the search for valid structures during the symbolic execution process. BLISS builds upon BLI, extending it with field bound refinement and satisfiability checks. Field bounds are refined while a symbolic structure is concretized, avoiding cases that, due to the concrete part of the heap and the field bounds, can be deemed redundant. Satisfiability checks on refined symbolic heaps allow us to prune these heaps as soon as they are identified as infeasible, i.e., as soon as it can be confirmed that they cannot be extended to any valid concrete heap. Compared to LI and BLI, BLISS reduces the time required by LI by up to four orders of magnitude for the most complex data structures. Moreover, the number of partially symbolic structures obtained by exploring program paths is reduced by BLISS by over 50 percent, with reductions of over 90 percent in some cases (compared to LI). BLISS uses less memory than LI and BLI, which enables the exploration of states unreachable by previous techniques.
Fil: Rosner, Nicolas Leandro. Universidad de Buenos Aires. Facultad de Ciencias Exactas y Naturales. Departamento de Computación; Argentina
Fil: Geldenhuys, Jaco. University of Stellenbosch; Sudáfrica
Fil: Aguirre, Nazareno Matias. Consejo Nacional de Investigaciones Científicas y Técnicas; Argentina. Universidad Nacional de Río Cuarto. Facultad de Ciencias Exactas Fisicoquímicas y Naturales. Departamento de Computación; Argentina
Fil: Visser, Willem. University of Stellenbosch; Sudáfrica
Fil: Frias, Marcelo Fabian. Instituto Tecnológico de Buenos Aires; Argentina. Consejo Nacional de Investigaciones Científicas y Técnicas; Argentina - Materia
-
Symbolic Execution
Lazy Initialization
Tight Field Bounds
Symbolic Pathfinder - Nivel de accesibilidad
- acceso abierto
- Condiciones de uso
- https://creativecommons.org/licenses/by-nc-sa/2.5/ar/
- Repositorio
.jpg)
- Institución
- Consejo Nacional de Investigaciones Científicas y Técnicas
- OAI Identificador
- oai:ri.conicet.gov.ar:11336/42805
Ver los metadatos del registro completo
| id |
CONICETDig_a5d1d94cc1360a39c7ef74a9b03d1c24 |
|---|---|
| oai_identifier_str |
oai:ri.conicet.gov.ar:11336/42805 |
| network_acronym_str |
CONICETDig |
| repository_id_str |
3498 |
| network_name_str |
CONICET Digital (CONICET) |
| spelling |
BLISS: Improved Symbolic Execution by Bounded Lazy Initialization with SAT SupportRosner, Nicolas LeandroGeldenhuys, JacoAguirre, Nazareno MatiasVisser, WillemFrias, Marcelo FabianSymbolic ExecutionLazy InitializationTight Field BoundsSymbolic Pathfinderhttps://purl.org/becyt/ford/1.2https://purl.org/becyt/ford/1Lazy Initialization (LI) allows symbolic execution to effectively deal with heap-allocated data structures, thanks to a significant reduction in spurious and redundant symbolic structures. Bounded lazy initialization (BLI) improves on LI by taking advantage of precomputed relational bounds on the interpretation of class fields in order to reduce the number of spurious structures even further. In this paper we present bounded lazy initialization with SAT support (BLISS), a novel technique that refines the search for valid structures during the symbolic execution process. BLISS builds upon BLI, extending it with field bound refinement and satisfiability checks. Field bounds are refined while a symbolic structure is concretized, avoiding cases that, due to the concrete part of the heap and the field bounds, can be deemed redundant. Satisfiability checks on refined symbolic heaps allow us to prune these heaps as soon as they are identified as infeasible, i.e., as soon as it can be confirmed that they cannot be extended to any valid concrete heap. Compared to LI and BLI, BLISS reduces the time required by LI by up to four orders of magnitude for the most complex data structures. Moreover, the number of partially symbolic structures obtained by exploring program paths is reduced by BLISS by over 50 percent, with reductions of over 90 percent in some cases (compared to LI). BLISS uses less memory than LI and BLI, which enables the exploration of states unreachable by previous techniques.Fil: Rosner, Nicolas Leandro. Universidad de Buenos Aires. Facultad de Ciencias Exactas y Naturales. Departamento de Computación; ArgentinaFil: Geldenhuys, Jaco. University of Stellenbosch; SudáfricaFil: Aguirre, Nazareno Matias. Consejo Nacional de Investigaciones Científicas y Técnicas; Argentina. Universidad Nacional de Río Cuarto. Facultad de Ciencias Exactas Fisicoquímicas y Naturales. Departamento de Computación; ArgentinaFil: Visser, Willem. University of Stellenbosch; SudáfricaFil: Frias, Marcelo Fabian. Instituto Tecnológico de Buenos Aires; Argentina. Consejo Nacional de Investigaciones Científicas y Técnicas; ArgentinaIEEE Computer Society2015-07info:eu-repo/semantics/articleinfo:eu-repo/semantics/publishedVersionhttp://purl.org/coar/resource_type/c_6501info:ar-repo/semantics/articuloapplication/pdfapplication/pdfhttp://hdl.handle.net/11336/42805Rosner, Nicolas Leandro; Geldenhuys, Jaco; Aguirre, Nazareno Matias; Visser, Willem; Frias, Marcelo Fabian; BLISS: Improved Symbolic Execution by Bounded Lazy Initialization with SAT Support; IEEE Computer Society; IEEE Transactions On Software Engineering; 41; 7; 7-2015; 639-6600098-5589CONICET DigitalCONICETenginfo:eu-repo/semantics/altIdentifier/doi/10.1109/TSE.2015.2389225info:eu-repo/semantics/altIdentifier/url/https://ieeexplore.ieee.org/document/7004061/info:eu-repo/semantics/openAccesshttps://creativecommons.org/licenses/by-nc-sa/2.5/ar/reponame:CONICET Digital (CONICET)instname:Consejo Nacional de Investigaciones Científicas y Técnicas2025-09-03T10:10:43Zoai:ri.conicet.gov.ar:11336/42805instacron:CONICETInstitucionalhttp://ri.conicet.gov.ar/Organismo científico-tecnológicoNo correspondehttp://ri.conicet.gov.ar/oai/requestdasensio@conicet.gov.ar; lcarlino@conicet.gov.arArgentinaNo correspondeNo correspondeNo correspondeopendoar:34982025-09-03 10:10:43.893CONICET Digital (CONICET) - Consejo Nacional de Investigaciones Científicas y Técnicasfalse |
| dc.title.none.fl_str_mv |
BLISS: Improved Symbolic Execution by Bounded Lazy Initialization with SAT Support |
| title |
BLISS: Improved Symbolic Execution by Bounded Lazy Initialization with SAT Support |
| spellingShingle |
BLISS: Improved Symbolic Execution by Bounded Lazy Initialization with SAT Support Rosner, Nicolas Leandro Symbolic Execution Lazy Initialization Tight Field Bounds Symbolic Pathfinder |
| title_short |
BLISS: Improved Symbolic Execution by Bounded Lazy Initialization with SAT Support |
| title_full |
BLISS: Improved Symbolic Execution by Bounded Lazy Initialization with SAT Support |
| title_fullStr |
BLISS: Improved Symbolic Execution by Bounded Lazy Initialization with SAT Support |
| title_full_unstemmed |
BLISS: Improved Symbolic Execution by Bounded Lazy Initialization with SAT Support |
| title_sort |
BLISS: Improved Symbolic Execution by Bounded Lazy Initialization with SAT Support |
| dc.creator.none.fl_str_mv |
Rosner, Nicolas Leandro Geldenhuys, Jaco Aguirre, Nazareno Matias Visser, Willem Frias, Marcelo Fabian |
| author |
Rosner, Nicolas Leandro |
| author_facet |
Rosner, Nicolas Leandro Geldenhuys, Jaco Aguirre, Nazareno Matias Visser, Willem Frias, Marcelo Fabian |
| author_role |
author |
| author2 |
Geldenhuys, Jaco Aguirre, Nazareno Matias Visser, Willem Frias, Marcelo Fabian |
| author2_role |
author author author author |
| dc.subject.none.fl_str_mv |
Symbolic Execution Lazy Initialization Tight Field Bounds Symbolic Pathfinder |
| topic |
Symbolic Execution Lazy Initialization Tight Field Bounds Symbolic Pathfinder |
| purl_subject.fl_str_mv |
https://purl.org/becyt/ford/1.2 https://purl.org/becyt/ford/1 |
| dc.description.none.fl_txt_mv |
Lazy Initialization (LI) allows symbolic execution to effectively deal with heap-allocated data structures, thanks to a significant reduction in spurious and redundant symbolic structures. Bounded lazy initialization (BLI) improves on LI by taking advantage of precomputed relational bounds on the interpretation of class fields in order to reduce the number of spurious structures even further. In this paper we present bounded lazy initialization with SAT support (BLISS), a novel technique that refines the search for valid structures during the symbolic execution process. BLISS builds upon BLI, extending it with field bound refinement and satisfiability checks. Field bounds are refined while a symbolic structure is concretized, avoiding cases that, due to the concrete part of the heap and the field bounds, can be deemed redundant. Satisfiability checks on refined symbolic heaps allow us to prune these heaps as soon as they are identified as infeasible, i.e., as soon as it can be confirmed that they cannot be extended to any valid concrete heap. Compared to LI and BLI, BLISS reduces the time required by LI by up to four orders of magnitude for the most complex data structures. Moreover, the number of partially symbolic structures obtained by exploring program paths is reduced by BLISS by over 50 percent, with reductions of over 90 percent in some cases (compared to LI). BLISS uses less memory than LI and BLI, which enables the exploration of states unreachable by previous techniques. Fil: Rosner, Nicolas Leandro. Universidad de Buenos Aires. Facultad de Ciencias Exactas y Naturales. Departamento de Computación; Argentina Fil: Geldenhuys, Jaco. University of Stellenbosch; Sudáfrica Fil: Aguirre, Nazareno Matias. Consejo Nacional de Investigaciones Científicas y Técnicas; Argentina. Universidad Nacional de Río Cuarto. Facultad de Ciencias Exactas Fisicoquímicas y Naturales. Departamento de Computación; Argentina Fil: Visser, Willem. University of Stellenbosch; Sudáfrica Fil: Frias, Marcelo Fabian. Instituto Tecnológico de Buenos Aires; Argentina. Consejo Nacional de Investigaciones Científicas y Técnicas; Argentina |
| description |
Lazy Initialization (LI) allows symbolic execution to effectively deal with heap-allocated data structures, thanks to a significant reduction in spurious and redundant symbolic structures. Bounded lazy initialization (BLI) improves on LI by taking advantage of precomputed relational bounds on the interpretation of class fields in order to reduce the number of spurious structures even further. In this paper we present bounded lazy initialization with SAT support (BLISS), a novel technique that refines the search for valid structures during the symbolic execution process. BLISS builds upon BLI, extending it with field bound refinement and satisfiability checks. Field bounds are refined while a symbolic structure is concretized, avoiding cases that, due to the concrete part of the heap and the field bounds, can be deemed redundant. Satisfiability checks on refined symbolic heaps allow us to prune these heaps as soon as they are identified as infeasible, i.e., as soon as it can be confirmed that they cannot be extended to any valid concrete heap. Compared to LI and BLI, BLISS reduces the time required by LI by up to four orders of magnitude for the most complex data structures. Moreover, the number of partially symbolic structures obtained by exploring program paths is reduced by BLISS by over 50 percent, with reductions of over 90 percent in some cases (compared to LI). BLISS uses less memory than LI and BLI, which enables the exploration of states unreachable by previous techniques. |
| publishDate |
2015 |
| dc.date.none.fl_str_mv |
2015-07 |
| dc.type.none.fl_str_mv |
info:eu-repo/semantics/article info:eu-repo/semantics/publishedVersion http://purl.org/coar/resource_type/c_6501 info:ar-repo/semantics/articulo |
| format |
article |
| status_str |
publishedVersion |
| dc.identifier.none.fl_str_mv |
http://hdl.handle.net/11336/42805 Rosner, Nicolas Leandro; Geldenhuys, Jaco; Aguirre, Nazareno Matias; Visser, Willem; Frias, Marcelo Fabian; BLISS: Improved Symbolic Execution by Bounded Lazy Initialization with SAT Support; IEEE Computer Society; IEEE Transactions On Software Engineering; 41; 7; 7-2015; 639-660 0098-5589 CONICET Digital CONICET |
| url |
http://hdl.handle.net/11336/42805 |
| identifier_str_mv |
Rosner, Nicolas Leandro; Geldenhuys, Jaco; Aguirre, Nazareno Matias; Visser, Willem; Frias, Marcelo Fabian; BLISS: Improved Symbolic Execution by Bounded Lazy Initialization with SAT Support; IEEE Computer Society; IEEE Transactions On Software Engineering; 41; 7; 7-2015; 639-660 0098-5589 CONICET Digital CONICET |
| dc.language.none.fl_str_mv |
eng |
| language |
eng |
| dc.relation.none.fl_str_mv |
info:eu-repo/semantics/altIdentifier/doi/10.1109/TSE.2015.2389225 info:eu-repo/semantics/altIdentifier/url/https://ieeexplore.ieee.org/document/7004061/ |
| dc.rights.none.fl_str_mv |
info:eu-repo/semantics/openAccess https://creativecommons.org/licenses/by-nc-sa/2.5/ar/ |
| eu_rights_str_mv |
openAccess |
| rights_invalid_str_mv |
https://creativecommons.org/licenses/by-nc-sa/2.5/ar/ |
| dc.format.none.fl_str_mv |
application/pdf application/pdf |
| dc.publisher.none.fl_str_mv |
IEEE Computer Society |
| publisher.none.fl_str_mv |
IEEE Computer Society |
| dc.source.none.fl_str_mv |
reponame:CONICET Digital (CONICET) instname:Consejo Nacional de Investigaciones Científicas y Técnicas |
| reponame_str |
CONICET Digital (CONICET) |
| collection |
CONICET Digital (CONICET) |
| instname_str |
Consejo Nacional de Investigaciones Científicas y Técnicas |
| repository.name.fl_str_mv |
CONICET Digital (CONICET) - Consejo Nacional de Investigaciones Científicas y Técnicas |
| repository.mail.fl_str_mv |
dasensio@conicet.gov.ar; lcarlino@conicet.gov.ar |
| _version_ |
1842270131331268608 |
| score |
13.13397 |