Write a Blog >>
ESEC/FSE 2022
Mon 14 - Fri 18 November 2022 Singapore
Wed 16 Nov 2022 14:53 - 15:00 at SRC LT 50 - Security Chair(s): Andreea Costea

Symbolic execution (SE) has been widely adopted for automatic program analysis and software testing. Many SE engines (e.g., KLEE or Angr) need to interpret certain intermediate representations (IR) of code during execution, which may be slow and costly. Although a plurality of studies is proposed to accelerate SE, few of them consider optimizing the internal interpretation operations. In this paper, we propose FastKLEE, a faster SE engine that aims to speed up execution via reducing redundant bound checking of type-safe pointers during IR code interpretation. Our two key insights are: (1) the number of interpreted instructions can be tremendous and reducing the interpretation overheads of the extensively interpreted ones (e.g., read/write) could potentially accelerate the execution; (2) a large portion of the pointers in C programs can be statically verified to be type-safe but existing SE engines treat all the pointers equally, meaning that those engines perform unnecessary bound checking for all the pointers, thus slowing down the execution. Specifically, in FastKLEE, a type inference system is first leveraged to classify pointer types (i.e., safe or unsafe) for the most frequently interpreted read/write instructions. Then, a customized memory operation is designed to perform bound checking for only the unsafe pointers and omit redundant checking on safe pointers during interpretation. We implement FastKLEE on top of the well-known SE engine KLEE and combined it with the notable type inference system CCured. Evaluation results demonstrate that FastKLEE is able to reduce by up to 9.1% (5.6% on average) as the state-of-the-art approach KLEE in terms of the time to explore the same number (i.e., 10k) of execution paths. FastKLEE is open-sourced at https://github.com/haoxintu/FastKLEE. A video demo of FastKLEE is available at https://youtu.be/fjV_a3kt-mo.

Wed 16 Nov

Displayed time zone: Beijing, Chongqing, Hong Kong, Urumqi change

14:00 - 15:30
SecurityDemonstrations / Research Papers at SRC LT 50
Chair(s): Andreea Costea School of Computing, National University Of Singapore
14:00
15m
Talk
Automated Unearthing of Dangerous Issue Reports
Research Papers
Shengyi Pan Zhejiang University, Jiayuan Zhou Huawei, Filipe Cogo Huawei, Xin Xia Huawei, Lingfeng Bao Zhejiang University, Xing Hu Zhejiang University, Shanping Li Zhejiang University, Ahmed E. Hassan Queen’s University
DOI
14:15
15m
Talk
On the Vulnerability Proneness of Multilingual Code
Research Papers
Wen Li Washington State University, Li Li Monash University, Haipeng Cai Washington State University
DOI Pre-print
14:30
7m
Talk
VulCurator: A Vulnerability-Fixing Commit Detector
Demonstrations
Truong Giang Nguyen Singapore Management University, Le-Cong Thanh Singapore Management University, Hong Jin Kang Singapore Management University, Xuan-Bach D. Le University of Melbourne, David Lo Singapore Management University
14:38
7m
Talk
KVS: A Tool for Knowledge-Driven Vulnerability Searching
Demonstrations
Xingqi Cheng Yangzhou University, Xiaobing Sun Yangzhou University, Lili Bo Yangzhou University, Ying Wei Yangzhou University
14:45
7m
Talk
MANDO-GURU: Vulnerability Detection for Smart Contract Source Code By Heterogeneous Graph Embeddings
Demonstrations
Hoang H. Nguyen L3S Research Center, Leibniz Universität Hannover, Hannover, Germany, Nhat-Minh Nguyen Singapore Management University, Singapore, Hong-Phuc Doan Hanoi University of Science and Technology, Hanoi, Vietnam, Zahra Ahmadi L3S Research Center, Leibniz Universität Hannover, Hannover, Germany, Thanh-Nam Doan Independent Researcher, Atlanta, Georgia, USA, Lingxiao Jiang Singapore Management University
DOI Pre-print Media Attached
14:53
7m
Talk
FastKLEE: Faster Symbolic Execution via Reducing Redundant Bound Checking of Type-Safe Pointers
Demonstrations
Haoxin Tu Singapore Management University, Singapore, Lingxiao Jiang Singapore Management University, Xuhua Ding Singapore Management University, He Jiang Dalian University of Technology