Please wait a minute...

Frontiers of Computer Science

Front. Comput. Sci.    2018, Vol. 12 Issue (1) : 86-100
Tuning parallel symbolic execution engine for better performance
Anil Kumar KARNA1(), Jinbo DU2, Haihao SHEN3, Hao ZHONG1, Jiong GONG3, Haibo YU2, Xiangning MA3, Jianjun ZHAO4
1. Department of Computer Science, Shanghai Jiao Tong University, Shanghai 200240, China
2. School of Software, Shanghai Jiao Tong University, Shanghai 200240, China
3. Intel Asia-Pacific Research and Development Ltd., Shanghai 200240, China
4. Department of Advanced Information Technology, Kyushu University, Fukuoka 819-0395, Japan
Download: PDF(859 KB)  
Export: BibTeX | EndNote | Reference Manager | ProCite | RefWorks

Symbolic execution is widely used in many code analysis, testing, and verification tools. As symbolic execution exhaustively explores all feasible paths, it is quite time consuming. To handle the problem, researchers have paralleled existing symbolic execution tools (e.g., KLEE). In particular, Cloud9 is a widely used paralleled symbolic execution tool, and researchers have used the tool to analyze real code. However, researchers criticize that tools such as Cloud9 still cannot analyze large scale code. In this paper, we conduct a field study on Cloud9, in which we use KLEE and Cloud9 to analyze benchmarks in C. Our results confirm the criticism. Based on the results, we identify three bottlenecks that hinder the performance of Cloud9: the communication time gap, the job transfer policy, and the cache management of the solved constraints. To handle these problems, we tune the communication time gap with better parameters, modify the job transfer policy, and implement an approach for cache management of solved constraints. We conduct two evaluations on our benchmarks and a real application to understand our improvements. Our results show that our tuned Cloud9 reduces the execution time significantly, both on our benchmarks and the real application. Furthermore, our evaluation results show that our tuning techniques improve the effectiveness on all the devices, and the improvement can be achieved upto five times, depending upon a tuning value of our approach and the behaviour of program under test.

Keywords code analysis      symbolic execution      parallelizing symbolic execution      KLEE      Cloud9     
Corresponding Authors: Anil Kumar KARNA   
Just Accepted Date: 30 September 2016   Online First Date: 30 October 2017    Issue Date: 12 January 2018
 Cite this article:   
Anil Kumar KARNA,Jinbo DU,Haihao SHEN, et al. Tuning parallel symbolic execution engine for better performance[J]. Front. Comput. Sci., 2018, 12(1): 86-100.
E-mail this article
E-mail Alert
Articles by authors
Anil Kumar KARNA
Jinbo DU
Haihao SHEN
Jiong GONG
Haibo YU
Xiangning MA
Jianjun ZHAO
8 Cadar C, Dunbar D, Engler D R. KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs. In: Proceeding of OSDI. 2008, 209–224
9 Bucur S, Ureche V, Zamfir C, Candea G. Parallel symbolic execution for automated real-world software testing. In: Proceedings of the 6th ACM Conference on Computer Systems. 2011, 183–198
1 Ciortea L, Zamfir C, Bucur S, Chipounov V, Candea G. Cloud9: a software testing service. ACM SIGOPS Operating Systems Review, 2010, 43(4): 5–10
2 Staats M, Pˇašareanu C S. Parallel symbolic execution for structural testgeneration. In: Proceedings of the 19th International Symposium on Software Testing and Analysis. 2010, 183–194
10 Candea G, Bucur S, Zamfir C. Automated software testing as a service. In: Proceedings of the 1st ACM Symposium on Cloud Computing. 2010, 155–160
11 Renshaw D, Kong S. Symbolic execution in difficult environments. Technical Report 15-745. 2011
3 King A. Distributed parallel symbolic execution. Dissertation for the Doctoral Degree. Manhattan, KS: Kansas State University, 2009
4 Siddiqui J H, Khurshid S. ParSym: Parallel symbolic execution. In: Proceedings of the 2nd International Conference on Software Technology and Engineering. 2010, 405–409
12 Marinescu P D, Cadar C. Make test-zesti: A symbolic execution solution for improving regression testing. In: Proceedings of the 34th International Conference on Software Engineering. 2012, 716–726
13 Cui H M, Hu G, Wu J Y, Yang J. Verifying systems rules using ruledirected symbolic execution. ACM SIGPLAN Notices, 2013, 48(4): 329–342
5 Sasnauskas R, Dustmann O S, Kaminski B L, Wehrle K, Weise C, Kowalewski S. Scalable symbolic execution of distributed systems. In: Proceedings of the 31st International Conference on Distributed Computing Systems. 2011, 333–342
6 Griesmayer A, Aichernig B, Johnsen E B, Schlatte R. Dynamic symbolic execution of distributed concurrent objects. In: Lee D, Lopes A, Poetzsch-Heffter A, eds. Formal Techniques for Distributed Systems. Berlin: Springer, 2009, 225–230
14 Zhang D Z, Liu D G, Lei Y, Kung D, Csallner C, Wang W H. Detecting vulnerabilities in c programs using trace-based testing. In: Proceedings of IEEE/IFIP International Conference on Dependable Systems and Networks. 2010, 241–250
15 Zitser M, Lippmann R, Leek T. Testing static analysis tools using exploitable buffer overflows from open source code. ACM SIGSOFT Software Engineering Notes, 2004, 29(6): 97–106
16 Saxena P, Poosankam P, McCamant S, Song D. Loop-extended symbolic execution on binary programs. In: Proceedings of the 18th ACM International Symposium on Software Testing and Analysis. 2009, 225–236
17 Jaffar J, Murali V, Navas J A, Santosa A E. TRACER: a symbolic execution tool for verification. In: Proceedings of the 24th International Conference on Computer Aided Verification. 2012, 758–766
18 Coward P D. Symbolic execution systems-a review. Software Engineering Journal, 1988, 3(6): 229–239
19 King J C. Symbolic execution and program testing. Communications of the ACM, 1976, 19(7): 385–394
20 Sen K, Marinov D, Agha G. CUTE: a concolic unit testing engine for C. ACMSIGSOFT Software Engineering Notes, 2005, 30(5): 263–272
21 Zhang Y F, Chen Z B, Wang J. Speculative symbolic execution. In: Proceedings of the 23rd IEEE International Symposium on Software Reliability Engineering. 2012, 101–110
22 Palikareva H, Cadar C. Multi-solver support in symbolic execution. In: Proceedings of International Conference on Computer Aided Verification. 2013, 53–68
Related articles from Frontiers Journals
[1] Zhenbo XU,Jian ZHANG,Zhongxing XU. Melton: a practical and precise memory leak detection tool for C programs[J]. Front. Comput. Sci., 2015, 9(1): 34-54.
Full text