A Symbolic Execution Technology Supporting Multi-thread Program

Abstract

Abstract: Symbolic execution is a useful method in program verifying. But most symbolic execution tools don’t support multi-thread program. This paper analyzes the existed tools which support multi-thread program, and finds these problems: 1) some tools have good performance, but do not support lib, and hard to use practically; 2) some tools support lib, but are too old to upgrade, and can not find some basic bugs such as subtraction overflow, multiplication overflow and shift overflow. To solve these problems, this paper designs and implements MTSE(Multi-Thread Symbolic Execution) based on KLEE. MTSE supports multi-thread program with libc and libc++. MTSE can find 50% more bugs than Cloud9, and bring about 30% improvement in both instruction coverage and branch coverage compared with Cloud9.

Key words: symbolic execution, multi-thread program, program analysis

CLC Number:

TP312

LI Tong, DING Guo-fu. A Symbolic Execution Technology Supporting Multi-thread Program[J]. Computer and Modernization, 2020, 0(06): 60-.

References ［24］

［1］	RUNESON P, ALEXANDERSSON M, NYHOLM O. Detection of duplicate defect reports using natural language processing［C］// The 29th IEEE International Conference on Software Engineering. 2007:499-510.
［2］	刘文杰,江贺. 软件缺陷报告严重性属性分析［J］. 计算机工程与应用, 2019,55(14):48-53.
［3］	SONI R. Nginx［M］. Berkeley: Apress, 2016.
［4］	ZACCONE G. Getting Started with TensorFlow［M］. England:Packt Publishing Ltd., 2016.
［5］	BECK P D, NEHMEIER M. Parallel interval newton method on CUDA［C］// International Workshop on Applied Parallel Computing. 2012:454-464.
［6］	王戟,詹乃军,冯新宇,等. 形式化方法概貌［J］. 软件学报， 2019（1）:33-61.
［7］	CADAR C, DUNBAR D, ENGLER D R. KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs［C］// Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation. 2008,8:209-224.
［8］	SEN K, MARINOV D, AGHA G. CUTE: A concolic unit testing engine for C［J］. ACM SIGSOFT Software Engineering Notes, 2005,30(5):263-272.
［9］	GODEFROID P, KLARLUND N, SEN K. DART: Directed automated random testing［C］// Proceedings of 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation. 2005:213-223.
［10］	BUCUR S, URECHE V, ZAMFIR C, et al. Parallel symbolic execution for automated real-world software testing［C］// Proceedings of the 6th ACM Conference on Computer Systems. 2011:183-198.
［11］	SEN K, AGHA G. CUTE and jCUTE: Concolic unit testing and explicit path model-checking tools［C］// International Conference on Computer Aided Verification. 2006:419-423.
［12］	KHKNEN K, SAARIKIVI O, HELJANKO K. LCT: A parallel distributed testing tool for multithreaded Java programs［J］. Electronic Notes in Theoretical Computer Science, 2013,296:253-259.
［13］	MECHTAEV S, YI J, ROYCHOUDHURY A. Angelix: Scalable multiline program patch synthesis via symbolic analysis［C］// Proceedings of the 38th ACM International Conference on Software Engineering. 2016:691-701.
［14］	PALIKAREVA H, KUCHTA T, CADAR C. Shadow of a doubt: Testing for divergences between software versions［C］// 2016 IEEE/ACM 38th International Conference on Software Engineering. 2016:1181-1192.
［15］	PEDROSA L, FOGEL A, KOTHARI N, et al. Analyzing protocol implementations for interoperability［C］// The 12th USENIX Symposium on Networked Systems Design and Implementation. 2015:485-498.
［16］	KUCHTA T, CADAR C, CASTRO M, et al. Docovery: Toward generic automatic document recovery［C］// Proceedings of the 29th ACM/IEEE International Conference on Automated Software Engineering. 2014:563-574.
［17］	SLABY J, STREJ〖XCC1.TIF;%90%90〗EK J, TRTK M. Symbiotic: Synergy of instrumentation, slicing, and symbolic execution［C］// International Conference on Tools and Algorithms for the Construction and Analysis of Systems. 2013:630-632.
［18］	JIN W, ORSO A. BugRedux: Reproducing field failures for in-house debugging［C］// 2012 34th IEEE International Conference on Software Engineering. 2012:474-484.
［19］	NGUYEN H D T, Qi D, ROYCHOUDHURY A, et al. Semfix: Program repair via semantic analysis［C］// 2013 35th IEEE International Conference on Software Engineering. 2013:772-781.
［20］	HUANG J, ZHANG C, DOLBY J. CLAP: Recording local executions to reproduce concurrency failures［J］. ACM Sigplan Notices, 2013,48(6):141-152.
［21］	The KLEE Team. Publications and Systems Using KLEE ［EB/OL］. ［2019-09-23］. http://klee.github.io/publications/.
［22］	李畅,范策,许宪成,等. 进程互斥与同步解析［J］. 现代计算机, 2010(14):6-10.
［23］	SEN K. Concolic testing［C］// Proceedings of the 22nd IEEE/ACM International Conference on Automated Software Engineering. 2007:571-572.
［24］	SEREBRYANY K, ISKHODZHANOV T. ThreadSanitizer: Data race detection in practice［C］// Proceedings of ACM Workshop on Binary Instrumentation and Applications. 2009:62-71.

[1]	DAI Yan-jun1, WU Zhi-qiang2, LIU Jie1, LIU Zhao-hui1, CHEN Zhi2, XIAO An-hong2. A Symbolic Execution Optimization Method for Safety-critical Software System [J]. Computer and Modernization, 2020, 0(01): 96-.
[2]	SHI Chuan, ZHANG Yang, WANG Li-hua. Design of Real-time Data Exchange and Management Software for #br# Maneuverable Command Automation System [J]. Computer and Modernization, 2017, 0(5): 99-102,108.
[3]	SONG Wen-hao1, ZHONG Hao2, YU Hai-bo1. An Efficient API Search Algorithm [J]. Computer and Modernization, 2016, 0(4): 59-64.
[4]	HU Xiang1, SHU Li-lian2 . Search Engine of Massive Source Code Based on Semantic Network [J]. Computer and Modernization, 2014, 0(7): 19-23.
[5]	FAN Yu. Research on Path Feasibility Detection Based on Symbolic Execution and Data Mining [J]. Computer and Modernization, 2013, 1(3): 74-77.
[6]	XIA Jia-bin. Prioritizing Dynamic Program Slices Based on Probabilistic Inference [J]. Computer and Modernization, 2013, 1(3): 12-16.
[7]	LIU Gang;HU Kai-ping;SONG Fa-xing. An Approach for Analysis of Pointer Programs [J]. Computer and Modernization, 2012, 1(200): 82-04.