SPA: Symbolic Program Approximation for Scalable Path-Sensitive Analysis

Free registration required

Executive Summary

Symbolic execution is a static-analysis technique that has been used for applications such as test-input generation and change analysis. Symbolic execution's path sensitivity makes scaling it difficult. Despite recent advances that reduce the number of paths to explore, the scalability problem remains. Moreover, there are applications that require the analysis of all paths in a program fragment, which exacerbate the scalability problem. In this paper, the authors present a new technique, called Symbolic Program Approximation (SPA), that performs an approximation of the symbolic execution of all paths between two program points by abstracting away certain symbolic sub-terms to make the symbolic analysis practical, at the cost of some precision. They discuss several applications of SPA, including testing of software changes and static invariant discovery.

  • Format: PDF
  • Size: 206.7 KB