S. A. Morozov, A. V. Misonizhnik, D. A. Mordvinov, D. V. Koznov, D. A. Ivanov, ““Symcrete” memory model with lazy initialization and objects of symbolic sizes in KLEE”, Proceedings of ISP RAS, 35:3 (2023), 91

Proceedings of the Institute for System Programming of the RAS

RUS ENG

JOURNALS PEOPLE ORGANISATIONS CONFERENCES SEMINARS VIDEO LIBRARY PACKAGE AMSBIB

JavaScript is disabled in your browser. Please switch it on to enable full functionality of the website

	General information
	Latest issue
	Archive

	Search papers
	Search references

	RSS
	Latest issue
	Current issues
	Archive issues
	What is RSS

Proceedings of ISP RAS:
Year:
Volume:
Issue:
Page:
	Find

Personal entry:
Login:
Password:
	Save password
	Enter
	Forgotten password?
	Register

Proceedings of the Institute for System Programming of the RAS, 2023, Volume 35, Issue 3, Pages 91–108
DOI: https://doi.org/10.15514/ISPRAS-2023-35(3)-7 (Mi tisp789)

“Symcrete” memory model with lazy initialization and objects of symbolic sizes in KLEE

S. A. Morozov^a, A. V. Misonizhnik^b, D. A. Mordvinov^c, D. V. Koznov^c, D. A. Ivanov^d

^a National Research University Higher School of Economics
^b IT Solutions Inc.
^c Saint Petersburg State University
^d Huawei Technologies Co., Ltd.

Full-text PDF (1465 kB)

DOI: https://doi.org/10.15514/ISPRAS-2023-35(3)-7

Abstract: Dynamic symbolic execution is a well-known technique for testing applications. It introduces symbolic variables – program data with no concrete value at the moment of instantiation – and uses them to systematically explore the execution paths in a program under analysis. However, not every value can be easily modelled as symbolic: for instance, some values may take values from restricted domains or have complex invariants, hard enough to model using existing logic theories, despite it is not a problem for concrete computations. In this paper, we propose an implementation of infrastructure for dealing with such “hard-to-be-modelled” values. We take the approach known as symcrete execution and implement its robust and scalable version in the well-known KLEE symbolic execution engine. We use this infrastructure to support the symbolic execution of LLVM programs with complex input data structures and input buffers with indeterminate sizes.

Keywords: symbolic execution, software analysis, lazy initialization, symcrete execution, smt-solvers

Funding agency	Grant number
Russian Science Foundation	22-21-00697

Document Type: Article

Language: English

Citation: S. A. Morozov, A. V. Misonizhnik, D. A. Mordvinov, D. V. Koznov, D. A. Ivanov, ““Symcrete” memory model with lazy initialization and objects of symbolic sizes in KLEE”, Proceedings of ISP RAS, 35:3 (2023), 91–108

Citation in format AMSBIB

\Bibitem{MorMisMor23}

\by S.~A.~Morozov, A.~V.~Misonizhnik, D.~A.~Mordvinov, D.~V.~Koznov, D.~A.~Ivanov

\paper “Symcrete” memory model with lazy initialization and objects of symbolic sizes in KLEE

\jour Proceedings of ISP RAS

\yr 2023

\vol 35

\issue 3

\pages 91--108

\mathnet{http://mi.mathnet.ru/tisp789}

\crossref{https://doi.org/10.15514/ISPRAS-2023-35(3)-7}

Linking options:

https://www.mathnet.ru/eng/tisp789

https://www.mathnet.ru/eng/tisp/v35/i3/p91

Citing articles in Google Scholar: Russian citations, English citations
Related articles in Google Scholar: Russian articles, English articles

Proceedings of the Institute for System Programming of the RAS

Statistics & downloads:
Abstract page:	27
Full-text PDF :	21

Что такое QR-код?

Registration to the website

Logotypes