Abstract
We present an approach to address a main performance bottleneck in symbolic execution. Despite a powerful method to produce test cases with high coverage, symbolic execution often suffers from the problem of exploring a huge number of paths without (1) significantly increasing the coverage, and (2) going deep enough to hit hot spots. The situation becomes worse for modern programming languages such as C/C++ which extensively use library calls and shared code. In this paper we use a novel “lazy” execution approach to evaluate functions, library calls, and other entities commonly used in a high level language. Specifically, the symbolic executor uses high level abstractions and sub-space search to control and guide symbolic execution so that only necessary paths are visited to produce valid test cases. This method is able to avoid exploring many useless or duplicate paths. Experimental results show that it can help solve path constraints and produce test cases in much less time. For many programs, it can improve the performance by several orders of magnitude while maintaining the same source code coverage.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
