FastKLEE: Faster Symbolic Execution via Reducing Redundant Bound Checking of Type-Safe Pointers
Symbolic execution (SE) has been widely adopted for automatic program analysis and software testing. Many SE engines (e.g., KLEE or Angr) need to interpret certain intermediate representations (IR) of code during execution, which may be slow and costly. Although a plurality of studies is proposed to accelerate SE, few of them consider optimizing the internal interpretation operations. In this paper, we propose FastKLEE, a faster SE engine that aims to speed up execution via reducing redundant bound checking of type-safe pointers during IR code interpretation. Our two key insights are: (1) the number of interpreted instructions can be tremendous and reducing the interpretation overheads of the extensively interpreted ones (e.g., read/write) could potentially accelerate the execution; (2) a large portion of the pointers in C programs can be statically verified to be type-safe but existing SE engines treat all the pointers equally, meaning that those engines perform unnecessary bound checking for all the pointers, thus slowing down the execution. Specifically, in FastKLEE, a type inference system is first leveraged to classify pointer types (i.e., safe or unsafe) for the most frequently interpreted read/write instructions. Then, a customized memory operation is designed to perform bound checking for only the unsafe pointers and omit redundant checking on safe pointers during interpretation. We implement FastKLEE on top of the well-known SE engine KLEE and combined it with the notable type inference system CCured. Evaluation results demonstrate that FastKLEE is able to reduce by up to 9.1% (5.6% on average) as the state-of-the-art approach KLEE in terms of the time to explore the same number (i.e., 10k) of execution paths. FastKLEE is open-sourced at https://github.com/haoxintu/FastKLEE. A video demo of FastKLEE is available at https://youtu.be/fjV_a3kt-mo.
Wed 16 NovDisplayed time zone: Beijing, Chongqing, Hong Kong, Urumqi change
14:00 - 15:30 | SecurityDemonstrations / Research Papers at SRC LT 50 Chair(s): Andreea Costea School of Computing, National University Of Singapore | ||
14:00 15mTalk | Automated Unearthing of Dangerous Issue Reports Research Papers Shengyi Pan Zhejiang University, Jiayuan Zhou Huawei, Filipe Cogo Huawei, Xin Xia Huawei, Lingfeng Bao Zhejiang University, Xing Hu Zhejiang University, Shanping Li Zhejiang University, Ahmed E. Hassan Queen’s University DOI | ||
14:15 15mTalk | On the Vulnerability Proneness of Multilingual Code Research Papers Wen Li Washington State University, Li Li Monash University, Haipeng Cai Washington State University DOI Pre-print | ||
14:30 7mTalk | VulCurator: A Vulnerability-Fixing Commit Detector Demonstrations Truong Giang Nguyen Singapore Management University, Le-Cong Thanh Singapore Management University, Hong Jin Kang Singapore Management University, Xuan-Bach D. Le University of Melbourne, David Lo Singapore Management University | ||
14:38 7mTalk | KVS: A Tool for Knowledge-Driven Vulnerability Searching Demonstrations Xingqi Cheng Yangzhou University, Xiaobing Sun Yangzhou University, Lili Bo Yangzhou University, Ying Wei Yangzhou University | ||
14:45 7mTalk | MANDO-GURU: Vulnerability Detection for Smart Contract Source Code By Heterogeneous Graph Embeddings Demonstrations Hoang H. Nguyen L3S Research Center, Leibniz Universität Hannover, Hannover, Germany, Nhat-Minh Nguyen Singapore Management University, Singapore, Hong-Phuc Doan Hanoi University of Science and Technology, Hanoi, Vietnam, Zahra Ahmadi L3S Research Center, Leibniz Universität Hannover, Hannover, Germany, Thanh-Nam Doan Independent Researcher, Atlanta, Georgia, USA, Lingxiao Jiang Singapore Management University DOI Pre-print Media Attached | ||
14:53 7mTalk | FastKLEE: Faster Symbolic Execution via Reducing Redundant Bound Checking of Type-Safe Pointers Demonstrations Haoxin Tu Singapore Management University, Singapore, Lingxiao Jiang Singapore Management University, Xuhua Ding Singapore Management University, He Jiang Dalian University of Technology |