Symbolic execution of complex program driven by machine learning based constraint solving

Xin Li; Yongjuan Liang; Hong Qian; Yi Qi Hu; Lei Bu; Yang Yu; Xin Chen; Xuandong Li

doi:10.1145/2970276.2970364

Symbolic execution of complex program driven by machine learning based constraint solving

Xin Li, Yongjuan Liang, Hong Qian, Yi Qi Hu, Lei Bu, Yang Yu, Xin Chen, Xuandong Li

Nanjing University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

31 Scopus citations

Abstract

Symbolic execution is a widely-used program analysis technique. It collects and solves path conditions to guide the program traversing. However, due to the limitation of the current constraint solvers, it is difficult to apply symbolic execution on programs with complex path conditions, like nonlinear constraints and function calls. In this paper, we propose a new symbolic execution tool MLB to handle such problem. Instead of relying on the classical constraint solving, in MLB, the feasibility problems of the path conditions are transformed into optimization problems, by minimizing some dissatisfaction degree. The optimization problems are then handled by the underlying optimization solver through machine learning guided sampling and validation. MLB is implemented on the basis of Symbolic PathFinder and encodes not only the simple linear path conditions, but also nonlinear arithmetic operations, and even black-box function calls of library methods, into symbolic path conditions. Experiment results show that MLB can achieve much better coverage on complex realworld programs.

Original language	English
Title of host publication	ASE 2016 - Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering
Editors	Sarfraz Khurshid, David Lo, Sven Apel
Publisher	Association for Computing Machinery, Inc
Pages	554-559
Number of pages	6
ISBN (Electronic)	9781450338455
DOIs	https://doi.org/10.1145/2970276.2970364
State	Published - 25 Aug 2016
Externally published	Yes
Event	31st IEEE/ACM International Conference on Automated Software Engineering, ASE 2016 - Singapore, Singapore Duration: 3 Sep 2016 → 7 Sep 2016

Publication series

Name	ASE 2016 - Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering

Conference

Conference	31st IEEE/ACM International Conference on Automated Software Engineering, ASE 2016
Country/Territory	Singapore
City	Singapore
Period	3/09/16 → 7/09/16

Keywords

Complicated Path Condition
Constraint Solving
Machine Learning
Symbolic Execution

Access to Document

10.1145/2970276.2970364

Cite this

Li, X., Liang, Y., Qian, H., Hu, Y. Q., Bu, L., Yu, Y., Chen, X., & Li, X. (2016). Symbolic execution of complex program driven by machine learning based constraint solving. In S. Khurshid, D. Lo, & S. Apel (Eds.), ASE 2016 - Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering (pp. 554-559). (ASE 2016 - Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering). Association for Computing Machinery, Inc. https://doi.org/10.1145/2970276.2970364

Li, Xin ; Liang, Yongjuan ; Qian, Hong et al. / Symbolic execution of complex program driven by machine learning based constraint solving. ASE 2016 - Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering. editor / Sarfraz Khurshid ; David Lo ; Sven Apel. Association for Computing Machinery, Inc, 2016. pp. 554-559 (ASE 2016 - Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering).

@inproceedings{8f5f7ac3c93a4b0aa81af842938402e3,

title = "Symbolic execution of complex program driven by machine learning based constraint solving",

abstract = "Symbolic execution is a widely-used program analysis technique. It collects and solves path conditions to guide the program traversing. However, due to the limitation of the current constraint solvers, it is difficult to apply symbolic execution on programs with complex path conditions, like nonlinear constraints and function calls. In this paper, we propose a new symbolic execution tool MLB to handle such problem. Instead of relying on the classical constraint solving, in MLB, the feasibility problems of the path conditions are transformed into optimization problems, by minimizing some dissatisfaction degree. The optimization problems are then handled by the underlying optimization solver through machine learning guided sampling and validation. MLB is implemented on the basis of Symbolic PathFinder and encodes not only the simple linear path conditions, but also nonlinear arithmetic operations, and even black-box function calls of library methods, into symbolic path conditions. Experiment results show that MLB can achieve much better coverage on complex realworld programs.",

keywords = "Complicated Path Condition, Constraint Solving, Machine Learning, Symbolic Execution",

author = "Xin Li and Yongjuan Liang and Hong Qian and Hu, \{Yi Qi\} and Lei Bu and Yang Yu and Xin Chen and Xuandong Li",

note = "Publisher Copyright: {\textcopyright} 2016 ACM.; 31st IEEE/ACM International Conference on Automated Software Engineering, ASE 2016 ; Conference date: 03-09-2016 Through 07-09-2016",

year = "2016",

month = aug,

day = "25",

doi = "10.1145/2970276.2970364",

language = "英语",

series = "ASE 2016 - Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering",

publisher = "Association for Computing Machinery, Inc",

pages = "554--559",

editor = "Sarfraz Khurshid and David Lo and Sven Apel",

booktitle = "ASE 2016 - Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering",

}

Li, X, Liang, Y, Qian, H, Hu, YQ, Bu, L, Yu, Y, Chen, X & Li, X 2016, Symbolic execution of complex program driven by machine learning based constraint solving. in S Khurshid, D Lo & S Apel (eds), ASE 2016 - Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering. ASE 2016 - Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering, Association for Computing Machinery, Inc, pp. 554-559, 31st IEEE/ACM International Conference on Automated Software Engineering, ASE 2016, Singapore, Singapore, 3/09/16. https://doi.org/10.1145/2970276.2970364

Symbolic execution of complex program driven by machine learning based constraint solving. / Li, Xin; Liang, Yongjuan; Qian, Hong et al.
ASE 2016 - Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering. ed. / Sarfraz Khurshid; David Lo; Sven Apel. Association for Computing Machinery, Inc, 2016. p. 554-559 (ASE 2016 - Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Symbolic execution of complex program driven by machine learning based constraint solving

AU - Li, Xin

AU - Liang, Yongjuan

AU - Qian, Hong

AU - Hu, Yi Qi

AU - Bu, Lei

AU - Yu, Yang

AU - Chen, Xin

AU - Li, Xuandong

PY - 2016/8/25

Y1 - 2016/8/25

N2 - Symbolic execution is a widely-used program analysis technique. It collects and solves path conditions to guide the program traversing. However, due to the limitation of the current constraint solvers, it is difficult to apply symbolic execution on programs with complex path conditions, like nonlinear constraints and function calls. In this paper, we propose a new symbolic execution tool MLB to handle such problem. Instead of relying on the classical constraint solving, in MLB, the feasibility problems of the path conditions are transformed into optimization problems, by minimizing some dissatisfaction degree. The optimization problems are then handled by the underlying optimization solver through machine learning guided sampling and validation. MLB is implemented on the basis of Symbolic PathFinder and encodes not only the simple linear path conditions, but also nonlinear arithmetic operations, and even black-box function calls of library methods, into symbolic path conditions. Experiment results show that MLB can achieve much better coverage on complex realworld programs.

AB - Symbolic execution is a widely-used program analysis technique. It collects and solves path conditions to guide the program traversing. However, due to the limitation of the current constraint solvers, it is difficult to apply symbolic execution on programs with complex path conditions, like nonlinear constraints and function calls. In this paper, we propose a new symbolic execution tool MLB to handle such problem. Instead of relying on the classical constraint solving, in MLB, the feasibility problems of the path conditions are transformed into optimization problems, by minimizing some dissatisfaction degree. The optimization problems are then handled by the underlying optimization solver through machine learning guided sampling and validation. MLB is implemented on the basis of Symbolic PathFinder and encodes not only the simple linear path conditions, but also nonlinear arithmetic operations, and even black-box function calls of library methods, into symbolic path conditions. Experiment results show that MLB can achieve much better coverage on complex realworld programs.

KW - Complicated Path Condition

KW - Constraint Solving

KW - Machine Learning

KW - Symbolic Execution

UR - https://www.scopus.com/pages/publications/84989182172

U2 - 10.1145/2970276.2970364

DO - 10.1145/2970276.2970364

M3 - 会议稿件

AN - SCOPUS:84989182172

T3 - ASE 2016 - Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering

SP - 554

EP - 559

BT - ASE 2016 - Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering

A2 - Khurshid, Sarfraz

A2 - Lo, David

A2 - Apel, Sven

PB - Association for Computing Machinery, Inc

T2 - 31st IEEE/ACM International Conference on Automated Software Engineering, ASE 2016

Y2 - 3 September 2016 through 7 September 2016

ER -

Li X, Liang Y, Qian H, Hu YQ, Bu L, Yu Y et al. Symbolic execution of complex program driven by machine learning based constraint solving. In Khurshid S, Lo D, Apel S, editors, ASE 2016 - Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering. Association for Computing Machinery, Inc. 2016. p. 554-559. (ASE 2016 - Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering). doi: 10.1145/2970276.2970364

Symbolic execution of complex program driven by machine learning based constraint solving

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this