Address-Aware Query Caching for Symbolic Execution

David Trabish; Shachar Itzhaky; Noam Rinetzky

doi:https://doi.org/10.1109/ICST49551.2021.00023

Address-Aware Query Caching for Symbolic Execution

David Trabish, Shachar Itzhaky, Noam Rinetzky

Tel Aviv University, Technion - Israel Institute of Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Symbolic execution (SE) is a popular program analysis technique. SE heavily relies on satisfiability queries during path exploration, often resulting in the majority of the time being spent on solving these queries. Hence, it is not surprising that one of the most vital optimizations SE engines use is query caching. To increase the cache hit rate, queries are transformed into a normal form, which is used as a key for updating the cache. An obstacle to caching queries involving pointers is the presence of numerical address values, which are assigned by the engine according to its memory allocation scheme and are hard to canonicalize across different paths.In this paper, we propose a novel query caching technique that allows efficient handling of queries containing expressions that depend on address values. The key insight is that the result of such queries is in fact agnostic to the concrete address values occurring in them, subject to some basic memory safety constraints. This observation can be used to coalesce more queries during cache lookup, thus further increasing cache utilization.Our extensive evaluation shows that our technique achieves significant performance gains when the analysis encounters queries containing symbolic pointers, while incurring only a modest performance overhead in other cases.

Original language	English
Title of host publication	Proceedings - 2021 IEEE 14th International Conference on Software Testing, Verification and Validation, ICST 2021
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	116-126
Number of pages	11
ISBN (Electronic)	9781728168364
DOIs	https://doi.org/10.1109/ICST49551.2021.00023
State	Published - Apr 2021
Event	14th IEEE International Conference on Software Testing, Verification and Validation, ICST 2021 - Virtual, Porto de Galinhas, Brazil Duration: 12 Apr 2021 → 16 Apr 2021

Publication series

Name	Proceedings - 2021 IEEE 14th International Conference on Software Testing, Verification and Validation, ICST 2021

Conference

Conference	14th IEEE International Conference on Software Testing, Verification and Validation, ICST 2021
Country/Territory	Brazil
City	Virtual, Porto de Galinhas
Period	12/04/21 → 16/04/21

Keywords

Query caching
Symbolic execution

All Science Journal Classification (ASJC) codes

Artificial Intelligence
Software
Safety, Risk, Reliability and Quality

Access to Document

https://doi.org/10.1109/ICST49551.2021.00023

Cite this

Trabish, D., Itzhaky, S., & Rinetzky, N. (2021). Address-Aware Query Caching for Symbolic Execution. In Proceedings - 2021 IEEE 14th International Conference on Software Testing, Verification and Validation, ICST 2021 (pp. 116-126). Article 9438562 (Proceedings - 2021 IEEE 14th International Conference on Software Testing, Verification and Validation, ICST 2021). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICST49551.2021.00023

Trabish, David ; Itzhaky, Shachar ; Rinetzky, Noam. / Address-Aware Query Caching for Symbolic Execution. Proceedings - 2021 IEEE 14th International Conference on Software Testing, Verification and Validation, ICST 2021. Institute of Electrical and Electronics Engineers Inc., 2021. pp. 116-126 (Proceedings - 2021 IEEE 14th International Conference on Software Testing, Verification and Validation, ICST 2021).

@inproceedings{c2a36e9876f2420b90d18b5016757c4f,

title = "Address-Aware Query Caching for Symbolic Execution",

abstract = "Symbolic execution (SE) is a popular program analysis technique. SE heavily relies on satisfiability queries during path exploration, often resulting in the majority of the time being spent on solving these queries. Hence, it is not surprising that one of the most vital optimizations SE engines use is query caching. To increase the cache hit rate, queries are transformed into a normal form, which is used as a key for updating the cache. An obstacle to caching queries involving pointers is the presence of numerical address values, which are assigned by the engine according to its memory allocation scheme and are hard to canonicalize across different paths.In this paper, we propose a novel query caching technique that allows efficient handling of queries containing expressions that depend on address values. The key insight is that the result of such queries is in fact agnostic to the concrete address values occurring in them, subject to some basic memory safety constraints. This observation can be used to coalesce more queries during cache lookup, thus further increasing cache utilization.Our extensive evaluation shows that our technique achieves significant performance gains when the analysis encounters queries containing symbolic pointers, while incurring only a modest performance overhead in other cases.",

keywords = "Query caching, Symbolic execution",

author = "David Trabish and Shachar Itzhaky and Noam Rinetzky",

note = "Publisher Copyright: {\textcopyright} 2021 IEEE.; 14th IEEE International Conference on Software Testing, Verification and Validation, ICST 2021 ; Conference date: 12-04-2021 Through 16-04-2021",

year = "2021",

month = apr,

doi = "https://doi.org/10.1109/ICST49551.2021.00023",

language = "الإنجليزيّة",

series = "Proceedings - 2021 IEEE 14th International Conference on Software Testing, Verification and Validation, ICST 2021",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "116--126",

booktitle = "Proceedings - 2021 IEEE 14th International Conference on Software Testing, Verification and Validation, ICST 2021",

address = "الولايات المتّحدة",

}

Trabish, D, Itzhaky, S & Rinetzky, N 2021, Address-Aware Query Caching for Symbolic Execution. in Proceedings - 2021 IEEE 14th International Conference on Software Testing, Verification and Validation, ICST 2021., 9438562, Proceedings - 2021 IEEE 14th International Conference on Software Testing, Verification and Validation, ICST 2021, Institute of Electrical and Electronics Engineers Inc., pp. 116-126, 14th IEEE International Conference on Software Testing, Verification and Validation, ICST 2021, Virtual, Porto de Galinhas, Brazil, 12/04/21. https://doi.org/10.1109/ICST49551.2021.00023

Address-Aware Query Caching for Symbolic Execution. / Trabish, David; Itzhaky, Shachar; Rinetzky, Noam.
Proceedings - 2021 IEEE 14th International Conference on Software Testing, Verification and Validation, ICST 2021. Institute of Electrical and Electronics Engineers Inc., 2021. p. 116-126 9438562 (Proceedings - 2021 IEEE 14th International Conference on Software Testing, Verification and Validation, ICST 2021).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Address-Aware Query Caching for Symbolic Execution

AU - Trabish, David

AU - Itzhaky, Shachar

AU - Rinetzky, Noam

PY - 2021/4

Y1 - 2021/4

N2 - Symbolic execution (SE) is a popular program analysis technique. SE heavily relies on satisfiability queries during path exploration, often resulting in the majority of the time being spent on solving these queries. Hence, it is not surprising that one of the most vital optimizations SE engines use is query caching. To increase the cache hit rate, queries are transformed into a normal form, which is used as a key for updating the cache. An obstacle to caching queries involving pointers is the presence of numerical address values, which are assigned by the engine according to its memory allocation scheme and are hard to canonicalize across different paths.In this paper, we propose a novel query caching technique that allows efficient handling of queries containing expressions that depend on address values. The key insight is that the result of such queries is in fact agnostic to the concrete address values occurring in them, subject to some basic memory safety constraints. This observation can be used to coalesce more queries during cache lookup, thus further increasing cache utilization.Our extensive evaluation shows that our technique achieves significant performance gains when the analysis encounters queries containing symbolic pointers, while incurring only a modest performance overhead in other cases.

AB - Symbolic execution (SE) is a popular program analysis technique. SE heavily relies on satisfiability queries during path exploration, often resulting in the majority of the time being spent on solving these queries. Hence, it is not surprising that one of the most vital optimizations SE engines use is query caching. To increase the cache hit rate, queries are transformed into a normal form, which is used as a key for updating the cache. An obstacle to caching queries involving pointers is the presence of numerical address values, which are assigned by the engine according to its memory allocation scheme and are hard to canonicalize across different paths.In this paper, we propose a novel query caching technique that allows efficient handling of queries containing expressions that depend on address values. The key insight is that the result of such queries is in fact agnostic to the concrete address values occurring in them, subject to some basic memory safety constraints. This observation can be used to coalesce more queries during cache lookup, thus further increasing cache utilization.Our extensive evaluation shows that our technique achieves significant performance gains when the analysis encounters queries containing symbolic pointers, while incurring only a modest performance overhead in other cases.

KW - Query caching

KW - Symbolic execution

UR - http://www.scopus.com/inward/record.url?scp=85107907187&partnerID=8YFLogxK

U2 - https://doi.org/10.1109/ICST49551.2021.00023

DO - https://doi.org/10.1109/ICST49551.2021.00023

M3 - منشور من مؤتمر

T3 - Proceedings - 2021 IEEE 14th International Conference on Software Testing, Verification and Validation, ICST 2021

SP - 116

EP - 126

BT - Proceedings - 2021 IEEE 14th International Conference on Software Testing, Verification and Validation, ICST 2021

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 14th IEEE International Conference on Software Testing, Verification and Validation, ICST 2021

Y2 - 12 April 2021 through 16 April 2021

ER -

Trabish D, Itzhaky S, Rinetzky N. Address-Aware Query Caching for Symbolic Execution. In Proceedings - 2021 IEEE 14th International Conference on Software Testing, Verification and Validation, ICST 2021. Institute of Electrical and Electronics Engineers Inc. 2021. p. 116-126. 9438562. (Proceedings - 2021 IEEE 14th International Conference on Software Testing, Verification and Validation, ICST 2021). doi: https://doi.org/10.1109/ICST49551.2021.00023

Address-Aware Query Caching for Symbolic Execution

Abstract

Publication series

Conference

Keywords

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this