Abstract
Building effective symbolic execution engines poses challenges in multiple dimensions: an engine must correctly model the program semantics, provide flexibility in symbolic execution strategies, and execute them efficiently.
This paper proposes a principled approach to building correct, flexible, and efficient symbolic execution engines, directly rooted in the semantics of the underlying language in terms of a high-level definitional interpreter. The definitional interpreter induces algebraic effects to abstract over semantic variants of symbolic execution, e.g., collecting path conditions as a state effect and path exploration as a nondeterminism effect. Different handlers of these effects give rise to different symbolic execution strategies, making execution strategies orthogonal to the symbolic execution semantics, thus improving flexibility. Furthermore, by annotating the symbolic definitional interpreter with binding-times and specializing it to the input program via the first Futamura projection, we obtain a "symbolic compiler", generating efficient instrumented code having the symbolic execution semantics. Our work reconciles the interpretation- and instrumentation-based approaches to building symbolic execution engines in a uniform framework.
We illustrate our approach on a simple imperative language step-by-step and then scale up to a significant subset of LLVM IR. We also show effect handlers for common path selection strategies. Evaluating our prototype's performance shows speedups of 10~30x over the unstaged counterpart, and ~2x over KLEE, a state-of-the-art symbolic interpreter for LLVM IR.
Supplemental Material
- Baris Aktemur, Yukiyoshi Kameyama, Oleg Kiselyov, and Chung-chieh Shan. 2013. Shonan Challenge for Generative Programming: Short Position Paper. In Proceedings of the ACM SIGPLAN 2013 Workshop on Partial Evaluation and Program Manipulation (Rome, Italy) ( PEPM '13). ACM, New York, NY, USA, 147-154. https://doi.org/10.1145/2426890.2426917 Google Scholar
Digital Library
- Nada Amin and Tiark Rompf. 2017. LMS-Verify: abstraction without regret for verified systems programming. In Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages, POPL 2017, Paris, France, January 18-20, 2017, Giuseppe Castagna and Andrew D. Gordon (Eds.). ACM, 859-873. http://dl.acm.org/citation.cfm?id= 3009867Google Scholar
Digital Library
- Nada Amin and Tiark Rompf. 2018. Collapsing towers of interpreters. PACMPL 2, POPL ( 2018 ), 52 : 1-52 : 33. https: //doi.org/10.1145/3158140 Google Scholar
Digital Library
- Saswat Anand, Corina S. Păsăreanu, and Willem Visser. 2007. JPF-SE: A Symbolic Execution Extension to Java PathFinder. In Tools and Algorithms for the Construction and Analysis of Systems, Orna Grumberg and Michael Huth (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 134-138.Google Scholar
- Roberto Baldoni, Emilio Coppa, Daniele Cono D'Elia, Camil Demetrescu, and Irene Finocchi. 2018. A Survey of Symbolic Execution Techniques. ACM Comput. Surv. 51, 3 ( 2018 ), 50 : 1-50 : 39. https://doi.org/10.1145/3182657 Google Scholar
Digital Library
- Alan Bawden. 1999. Quasiquotation in Lisp. In Proceedings of the 1999 ACM SIGPLAN Workshop on Partial Evaluation and Semantics-Based Program Manipulation, San Antonio, Texas, USA, January 22-23, 1999. Technical report BRICS-NS-99-1, Olivier Danvy (Ed.). University of Aarhus, 4-12.Google Scholar
- Dominique Boucher and Marc Feeley. 1996. Abstract Compilation: A New Implementation Paradigm for Static Analysis. In Proceedings of the 6th International Conference on Compiler Construction (CC '96). Springer-Verlag, London, UK, UK, 192-207. http://dl.acm.org/citation.cfm?id= 647473. 727587Google Scholar
Cross Ref
- Robert S. Boyer, Bernard Elspas, and Karl N. Levitt. 1975. SELECT-a Formal System for Testing and Debugging Programs by Symbolic Execution. In Proceedings of the International Conference on Reliable Software (Los Angeles, California). ACM, New York, NY, USA, 234-245. https://doi.org/10.1145/800027.808445 Google Scholar
Digital Library
- Oliver Bračevac, Nada Amin, Guido Salvaneschi, Sebastian Erdweg, Patrick Eugster, and Mira Mezini. 2018. Versatile event correlation with algebraic efects. Proc. ACM Program. Lang. 2, ICFP ( 2018 ), 67 : 1-67 : 31. https://doi.org/10.1145/3236762 Google Scholar
Digital Library
- Val Breazu-Tannen, Peter Buneman, and Limsoon Wong. 1992. Naturally embedded query languages. In Database Theory-ICDT '92, Joachim Biskup and Richard Hull (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 140-154.Google Scholar
Cross Ref
- Stefan Bucur, Johannes Kinder, and George Candea. 2014. Prototyping symbolic execution engines for interpreted languages. In Architectural Support for Programming Languages and Operating Systems, ASPLOS '14, Salt Lake City, UT, USA, March 1-5, 2014, Rajeev Balasubramonian, Al Davis, and Sarita V. Adve (Eds.). ACM, 239-254. https://doi.org/10.1145/2541940.2541977 Google Scholar
Digital Library
- Jacob Burnim. 2014. CREST: Concolic test generation tool for C.Google Scholar
- J. Burnim and K. Sen. 2008. Heuristics for Scalable Dynamic Test Generation. In Proceedings of the 2008 23rd IEEE/ACM International Conference on Automated Software Engineering (ASE '08). IEEE Computer Society, USA, 443-446. https: //doi.org/10.1109/ASE. 2008.69 Google Scholar
Digital Library
- William E. Byrd, Michael Ballantyne, Gregory Rosenblatt, and Matthew Might. 2017. A Unified Approach to Solving Seven Programming Problems (Functional Pearl). Proc. ACM Program. Lang. 1, ICFP, Article 8 ( Aug. 2017 ), 26 pages. https://doi.org/10.1145/3110252 Google Scholar
Digital Library
- Cristian Cadar, Daniel Dunbar, and Dawson Engler. 2008. KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs. In Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation (San Diego, California) ( OSDI'08). USENIX Association, USA, 209-224.Google Scholar
Digital Library
- Cristian Cadar, Vijay Ganesh, Peter M. Pawlowski, David L. Dill, and Dawson R. Engler. 2006. EXE: Automatically Generating Inputs of Death. In Proceedings of the 13th ACM Conference on Computer and Communications Security (Alexandria, Virginia, USA) ( CCS '06). Association for Computing Machinery, New York, NY, USA, 322-335. https: //doi.org/10.1145/1180405.1180445 Google Scholar
Digital Library
- Cristian Cadar and Koushik Sen. 2013. Symbolic Execution for Software Testing: Three Decades Later. Commun. ACM 56, 2 (Feb. 2013 ), 82-90. https://doi.org/10.1145/2408776.2408795 Google Scholar
Digital Library
- Cristiano Calcagno, Walid Taha, Liwen Huang, and Xavier Leroy. 2003. Implementing Multi-stage Languages Using ASTs, Gensym, and Reflection. In Generative Programming and Component Engineering, Second International Conference, GPCE 2003, Erfurt, Germany, September 22-25, 2003, Proceedings (Lecture Notes in Computer Science, Vol. 2830 ), Frank Pfenning and Yannis Smaragdakis (Eds.). Springer, 57-76. https://doi.org/10.1007/978-3-540-39815-8_4 Google Scholar
Cross Ref
- Jacques Carette, Oleg Kiselyov, and Chung-chieh Shan. 2009. Finally tagless, partially evaluated: Tagless staged interpreters for simpler typed languages. J. Funct. Program. 19, 5 ( 2009 ), 509-543. https://doi.org/10.1017/S0956796809007205 Google Scholar
Digital Library
- Robert Cartwright and Matthias Felleisen. 1994. Extensible denotational language specifications. In Theoretical Aspects of Computer Software, Masami Hagiya and John C. Mitchell (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 244-272.Google Scholar
- Sivaramakrishnan Krishnamoorthy Chandrasekaran, Daan Leijen, Matija Pretnar, and Tom Schrijvers. 2018. Algebraic Efect Handlers go Mainstream (Dagstuhl Seminar 18172). Dagstuhl Reports 8, 4 ( 2018 ), 104-125. https://doi.org/10.4230/ DagRep.8.4. 104 Google Scholar
Cross Ref
- Vitaly Chipounov, Volodymyr Kuznetsov, and George Candea. 2011. S2E: A Platform for in-Vivo Multi-Path Analysis of Software Systems. SIGPLAN Not. 46, 3 (March 2011 ), 265-278. https://doi.org/10.1145/1961296.1950396 Google Scholar
Digital Library
- Clif Click and Michael Paleczny. 1995. A Simple Graph-Based Intermediate Representation. SIGPLAN Not. 30, 3 (March 1995 ), 35-49. https://doi.org/10.1145/202530.202534 Google Scholar
Digital Library
- Olivier Danvy and Andrzej Filinski. 1990. Abstracting Control. In Proceedings of the 1990 ACM Conference on LISP and Functional Programming, LFP 1990, Nice, France, 27-29 June 1990. ACM, 151-160. https://doi.org/10.1145/91556.91622 Google Scholar
Digital Library
- David Darais, Nicholas Labich, Phuc C. Nguyen, and David Van Horn. 2017. Abstracting definitional interpreters (functional pearl). PACMPL 1, ICFP ( 2017 ), 12 : 1-12 : 25. https://doi.org/10.1145/3110256 Google Scholar
Digital Library
- Stephen Dolan, Spiros Eliopoulos, Daniel Hillerström, Anil Madhavapeddy, K. C. Sivaramakrishnan, and Leo White. 2017. Concurrent System Programming with Efect Handlers. In Trends in Functional Programming-18th International Symposium, TFP 2017, Canterbury, UK, June 19-21, 2017, Revised Selected Papers (Lecture Notes in Computer Science, Vol. 10788 ), Meng Wang and Scott Owens (Eds.). Springer, 98-117. https://doi.org/10.1007/978-3-319-89719-6_6 Google Scholar
Cross Ref
- Grégory M. Essertel, Ruby Y. Tahboub, James M. Decker, Kevin J. Brown, Kunle Olukotun, and Tiark Rompf. 2018. Flare: Optimizing Apache Spark with Native Compilation for Scale-Up Architectures and Medium-Size Data. In 13th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2018, Carlsbad, CA, USA, October 8-10, 2018., Andrea C. Arpaci-Dusseau and Geof Voelker (Eds.). USENIX Association, 799-815. https://www.usenix.org/conference/osdi18/ presentation/essertelGoogle Scholar
- Matthias Felleisen. 1988. The Theory and Practice of First-Class Prompts. In Conference Record of the Fifteenth Annual ACM Symposium on Principles of Programming Languages, San Diego, California, USA, January 10-13, 1988, Jeanne Ferrante and P. Mager (Eds.). ACM Press, 180-190. https://doi.org/10.1145/73560.73576 Google Scholar
Digital Library
- Cormac Flanagan, Amr Sabry, Bruce F. Duba, and Matthias Felleisen. 1993. The Essence of Compiling with Continuations. In Proceedings of the ACM SIGPLAN 1993 Conference on Programming Language Design and Implementation (Albuquerque, New Mexico, USA) ( PLDI '93). ACM, New York, NY, USA, 237-247. https://doi.org/10.1145/155090.155113 Google Scholar
Digital Library
- Matthew Flatt, Gang Yu, Robert Bruce Findler, and Matthias Felleisen. 2007. Adding delimited and composable control to a production programming environment. In Proceedings of the 12th ACM SIGPLAN International Conference on Functional Programming, ICFP 2007, Freiburg, Germany, October 1-3, 2007, Ralf Hinze and Norman Ramsey (Eds.). ACM, 165-176. https://doi.org/10.1145/1291151.1291178 Google Scholar
Digital Library
- Daniel P. Friedman, William E. Byrd, Oleg Kiselyov, and Jason Hemann. 2018. The Reasoned Schemer, Second Edition. MIT Press.Google Scholar
- Daniel P. Friedman and Mitchell Wand. 1984. Reification: Reflection without Metaphysics. In Proceedings of the 1984 ACM Conference on LISP and Functional Programming, LFP 1984, August 5-8, 1984, Austin, Texas, USA. ACM, 348-355.Google Scholar
- Yoshihiko Futamura. 1971. Partial evaluation of computation process-an approach to a compiler-compiler. Systems, Computers, Controls 25 ( 1971 ), 45-50.Google Scholar
- Yoshihiko Futamura. 1999. Partial Evaluation of Computation Process-An Approach to a Compiler-Compiler. Higher-Order and Symbolic Computation 12, 4 ( 01 Dec 1999 ), 381-391. https://doi.org/10.1023/A:1010095604496 Google Scholar
Digital Library
- Vijay Ganesh and David L. Dill. 2007. A Decision Procedure for Bit-Vectors and Arrays. In Computer Aided Verification, Werner Damm and Holger Hermanns (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 519-531.Google Scholar
- Patrice Godefroid, Nils Klarlund, and Koushik Sen. 2005a. DART: Directed Automated Random Testing. SIGPLAN Not. 40, 6 ( June 2005 ), 213-223. https://doi.org/10.1145/1064978.1065036 Google Scholar
Digital Library
- Patrice Godefroid, Nils Klarlund, and Koushik Sen. 2005b. DART: Directed Automated Random Testing. In Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation (Chicago, IL, USA) ( PLDI '05). Association for Computing Machinery, New York, NY, USA, 213-223. https://doi.org/10.1145/1065010.1065036 Google Scholar
Digital Library
- Daniel Hillerström and Sam Lindley. 2018. Shallow Efect Handlers. In Programming Languages and Systems-16th Asian Symposium, APLAS 2018, Wellington, New Zealand, December 2-6, 2018, Proceedings (Lecture Notes in Computer Science, Vol. 11275 ), Sukyoung Ryu (Ed.). Springer, 415-435. https://doi.org/10.1007/978-3-030-02768-1_22 Google Scholar
Cross Ref
- Daniel Hillerström, Sam Lindley, Robert Atkey, and K. C. Sivaramakrishnan. 2017. Continuation Passing Style for Efect Handlers. In 2nd International Conference on Formal Structures for Computation and Deduction, FSCD 2017, September 3-9, 2017, Oxford, UK (LIPIcs, Vol. 84 ), Dale Miller (Ed.). Schloss Dagstuhl-Leibniz-Zentrum für Informatik, 18 : 1-18 : 19. https://doi.org/10.4230/LIPIcs.FSCD. 2017.18 Google Scholar
Cross Ref
- Christian Hofer, Klaus Ostermann, Tillmann Rendel, and Adriaan Moors. 2008. Polymorphic embedding of dsls. In Generative Programming and Component Engineering, 7th International Conference, GPCE 2008, Nashville, TN, USA, October 19-23, 2008, Proceedings, Yannis Smaragdakis and Jeremy G. Siek (Eds.). ACM, 137-148. https://doi.org/10.1145/1449913.1449935 Google Scholar
Digital Library
- W. E. Howden. 1977. Symbolic Testing and the DISSECT Symbolic Evaluation System. IEEE Transactions on Software Engineering SE-3, 4 ( July 1977 ), 266-278. https://doi.org/10.1109/TSE. 1977.231144 Google Scholar
Digital Library
- J. Ian Johnson, Nicholas Labich, Matthew Might, and David Van Horn. 2013. Optimizing Abstract Abstract Machines. In Proceedings of the 18th ACM SIGPLAN International Conference on Functional Programming (Boston, Massachusetts, USA) ( ICFP '13). ACM, New York, NY, USA, 443-454. https://doi.org/10.1145/2500365.2500604 Google Scholar
Digital Library
- Luke Nelson, James Bornholt, Ronghui Gu, Andrew Baumann, Emina Torlak, and Xi Wang. 2019. Scaling Symbolic Evaluation for Automated Verification of Systems Code with Serval. In Proceedings of the 27th ACM Symposium on Operating Systems Principles (Huntsville, Ontario, Canada) ( SOSP '19). Association for Computing Machinery, New York, NY, USA, 225-242. https://doi.org/10.1145/3341301.3359641 Google Scholar
Digital Library
- Phuc C. Nguyen, Thomas Gilray, Sam Tobin-Hochstadt, and David Van Horn. 2018. Soft contract verification for higher-order stateful programs. Proc. ACM Program. Lang. 2, POPL ( 2018 ), 51 : 1-51 : 30. https://doi.org/10.1145/3158139 Google Scholar
Digital Library
- Phuc C. Nguyen, Sam Tobin-Hochstadt, and David Van Horn. 2014. Soft contract verification. In Proceedings of the 19th ACM SIGPLAN international conference on Functional programming, Gothenburg, Sweden, September 1-3, 2014, Johan Jeuring and Manuel M. T. Chakravarty (Eds.). ACM, 139-152. https://doi.org/10.1145/2628136.2628156 Google Scholar
Digital Library
- Flemming Nielson. 1989. Two-level semantics and abstract interpretation. Theoretical Computer Science 69, 2 ( 1989 ), 117-242. https://doi.org/10.1016/ 0304-3975 ( 89 ) 90091-1 Google Scholar
Digital Library
- Flemming Nielson and Hanne Riis Nielson. 1985. Code generation from two-level denotational meta-languages. In Programs as Data Objects, Proceedings of a Workshop, Copenhagen, Denmark, October 17-19, 1985 (Lecture Notes in Computer Science, Vol. 217 ), Harald Ganzinger and Neil D. Jones (Eds.). Springer, 192-205. https://doi.org/10.1007/3-540-16446-4_11 Google Scholar
Cross Ref
- Flemming Nielson and Hanne Riis Nielson. 1988. Two-level semantics and code generation. Theoretical Computer Science 56, 1 ( 1988 ), 59-133. https://doi.org/10.1016/ 0304-3975 ( 86 ) 90006-X Google Scholar
Digital Library
- Flemming Nielson and Hanne Riis Nielson. 1992. Two-level Functional Languages. Cambridge University Press, New York, NY, USA.Google Scholar
Digital Library
- Hanne Riis Nielson and Flemming Nielson. 2007. Semantics with Applications: An Appetizer (Undergraduate Topics in Computer Science ). Springer-Verlag, Berlin, Heidelberg.Google Scholar
- Georg Ofenbeck, Tiark Rompf, and Markus Püschel. 2017. Staging for Generic Programming in Space and Time. In Proceedings of the 16th ACM SIGPLAN International Conference on Generative Programming: Concepts and Experiences (Vancouver, BC, Canada) ( GPCE 2017). ACM, New York, NY, USA, 15-28. https://doi.org/10.1145/3136040.3136060 Google Scholar
Digital Library
- Georg Ofenbeck, Tiark Rompf, Alen Stojanov, Martin Odersky, and Markus Püschel. 2013. Spiral in scala: towards the systematic construction of generators for performance libraries. In GPCE. ACM, 125-134.Google Scholar
Digital Library
- Simon L. Peyton Jones and Philip Wadler. 1993. Imperative Functional Programming. In Proceedings of the 20th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (Charleston, South Carolina, USA) ( POPL '93). ACM, New York, NY, USA, 71-84. https://doi.org/10.1145/158511.158524 Google Scholar
Digital Library
- Ruben P. Pieters, Exequiel Rivas, and Tom Schrijvers. 2020. Generalized monoidal efects and handlers. J. Funct. Program. 30 ( 2020 ). https://doi.org/10.1017/S0956796820000106 Google Scholar
Cross Ref
- Gordon D. Plotkin and John Power. 2003. Algebraic Operations and Generic Efects. Applied Categorical Structures 11, 1 ( 2003 ), 69-94. https://doi.org/10.1023/A:1023064908962 Google Scholar
Cross Ref
- Gordon D. Plotkin and Matija Pretnar. 2013. Handling Algebraic Efects. Logical Methods in Computer Science 9, 4 ( 2013 ). https://doi.org/10.2168/LMCS-9( 4 :23) 2013 Google Scholar
Cross Ref
- Sebastian Poeplau and Aurélien Francillon. 2020. Symbolic execution with SymCC: Don't interpret, compile!. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, 181-198. https://www.usenix.org/conference/ usenixsecurity20/presentation/poeplauGoogle Scholar
- Matija Pretnar. 2015. An Introduction to Algebraic Efects and Handlers. Invited tutorial paper. Electronic Notes in Theoretical Computer Science 319 ( 2015 ), 19-35. https://doi.org/10.1016/j.entcs. 2015. 12.003 The 31st Conference on the Mathematical Foundations of Programming Semantics (MFPS XXXI). Google Scholar
Digital Library
- Corina S. Păsăreanu and Neha Rungta. 2010. Symbolic PathFinder: Symbolic Execution of Java Bytecode. In Proceedings of the IEEE/ACM International Conference on Automated Software Engineering (Antwerp, Belgium) (ASE '10). Association for Computing Machinery, New York, NY, USA, 179-180. https://doi.org/10.1145/1858996.1859035 Google Scholar
Digital Library
- Juan Pedro Bolívar Puente. 2017. Persistence for the Masses: RRB-Vectors in a Systems Language. Proc. ACM Program. Lang. 1, ICFP, Article 16 ( Aug. 2017 ), 28 pages. https://doi.org/10.1145/3110260 Google Scholar
Digital Library
- John C. Reynolds. 1972. Definitional Interpreters for Higher-order Programming Languages. In Proceedings of the ACM Annual Conference-Volume 2.Google Scholar
Digital Library
- Tiark Rompf. 2016. The Essence of Multi-stage Evaluation in LMS. In A List of Successes That Can Change the World-Essays Dedicated to Philip Wadler on the Occasion of His 60th Birthday (Lecture Notes in Computer Science, Vol. 9600 ), Sam Lindley, Conor McBride, Philip W. Trinder, and Donald Sannella (Eds.). Springer, 318-335. https://doi.org/10.1007/978-3-319-30936-1_17 Google Scholar
Cross Ref
- Tiark Rompf and Nada Amin. 2015. Functional Pearl: A SQL to C Compiler in 500 Lines of Code. In Proceedings of the 20th ACM SIGPLAN International Conference on Functional Programming (Vancouver, BC, Canada) ( ICFP 2015). ACM, New York, NY, USA, 2-9. https://doi.org/10.1145/2784731.2784760 Google Scholar
Digital Library
- Tiark Rompf, Nada Amin, Adriaan Moors, Philipp Haller, and Martin Odersky. 2012. Scala-Virtualized: linguistic reuse for deep embeddings. High. Order Symb. Comput. 25, 1 ( 2012 ), 165-207. https://doi.org/10.1007/s10990-013-9096-9 Google Scholar
Digital Library
- Tiark Rompf, Kevin J. Brown, HyoukJoong Lee, Arvind K. Sujeeth, Manohar Jonnalagedda, Nada Amin, Georg Ofenbeck, Alen Stojanov, Yannis Klonatos, Mohammad Dashti, Christoph Koch, Markus Püschel, and Kunle Olukotun. 2015. Go Meta! A Case for Generative Programming and DSLs in Performance Critical Systems. In 1st Summit on Advances in Programming Languages, SNAPL 2015, May 3-6, 2015, Asilomar, California, USA (LIPIcs, Vol. 32 ), Thomas Ball, Rastislav Bodík, Shriram Krishnamurthi, Benjamin S. Lerner, and Greg Morrisett (Eds.). Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik, 238-261. https://doi.org/10.4230/LIPIcs.SNAPL. 2015.238 Google Scholar
Cross Ref
- Tiark Rompf, Ingo Maier, and Martin Odersky. 2009. Implementing first-class polymorphic delimited continuations by a type-directed selective CPS-transform. In Proceeding of the 14th ACM SIGPLAN international conference on Functional programming, ICFP 2009, Edinburgh, Scotland, UK, August 31-September 2, 2009, Graham Hutton and Andrew P. Tolmach (Eds.). ACM, 317-328. https://doi.org/10.1145/1596550.1596596 Google Scholar
Digital Library
- Tiark Rompf and Martin Odersky. 2010. Lightweight modular staging: a pragmatic approach to runtime code generation and compiled DSLs. In Generative Programming And Component Engineering, Proceedings of the Ninth International Conference on Generative Programming and Component Engineering, GPCE 2010, Eindhoven, The Netherlands, October 10-13, 2010, Eelco Visser and Jaakko Järvi (Eds.). ACM, 127-136. https://doi.org/10.1145/1868294.1868314 Google Scholar
Digital Library
- Edward J. Schwartz, Thanassis Avgerinos, and David Brumley. 2010. All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask). In 31st IEEE Symposium on Security and Privacy, S&P 2010, 16-19 May 2010, Berleley/Oakland, California, USA. IEEE Computer Society, 317-331. https://doi.org/10.1109/SP. 2010.26 Google Scholar
Cross Ref
- Ilya Sergey, Dominique Devriese, Matthew Might, Jan Midtgaard, David Darais, Dave Clarke, and Frank Piessens. 2013. Monadic Abstract Interpreters. In Proceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and Implementation (Seattle, Washington, USA) ( PLDI '13). ACM, New York, NY, USA, 399-410. https://doi.org/10.1145/ 2491956.2491979 Google Scholar
Digital Library
- Tim Sheard and Simon Peyton Jones. 2002. Template Meta-Programming for Haskell. SIGPLAN Not. 37, 12 (Dec. 2002 ), 60-75. https://doi.org/10.1145/636517.636528 Google Scholar
Digital Library
- Junaid Haroon Siddiqui and Sarfraz Khurshid. 2012. Staged Symbolic Execution. In Proceedings of the 27th Annual ACM Symposium on Applied Computing (Trento, Italy) (SAC '12). ACM, New York, NY, USA, 1339-1346. https://doi.org/10. 1145/2245276.2231988 Google Scholar
Digital Library
- Guy L. Steele, Jr. 1994. Building Interpreters by Composing Monads. In Proceedings of the 21st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (Portland, Oregon, USA) ( POPL '94). ACM, New York, NY, USA, 472-492. https://doi.org/10.1145/174675.178068 Google Scholar
Digital Library
- Alen Stojanov, Tiark Rompf, and Markus Püschel. 2019. A stage-polymorphic IR for compiling MATLAB-style dynamic tensor expressions. In GPCE. ACM, 34-47.Google Scholar
Digital Library
- Nicolas Stucki, Aggelos Biboudis, and Martin Odersky. 2018. A practical unification of multi-stage programming and macros. In Proceedings of the 17th ACM SIGPLAN International Conference on Generative Programming: Concepts and Experiences, GPCE 2018, Boston, MA, USA, November 5-6, 2018, Eric Van Wyk and Tiark Rompf (Eds.). ACM, 14-27. https://doi.org/10.1145/3278122.3278139 Google Scholar
Digital Library
- Wouter Swierstra. 2008. Data types à la carte. J. Funct. Program. 18, 4 ( 2008 ), 423-436. https://doi.org/10.1017/ S0956796808006758 Google Scholar
Digital Library
- Walid Taha. 1999. Multi-stage programming: Its theory and applications. Ph.D. Dissertation. Oregon Graduate Institute of Science and Technology.Google Scholar
- Walid Taha and Tim Sheard. 1997. Multi-Stage Programming with Explicit Annotations. In Proceedings of the ACM SIGPLAN Symposium on Partial Evaluation and Semantics-Based Program Manipulation (PEPM '97), Amsterdam, The Netherlands, June 12-13, 1997, John P. Gallagher, Charles Consel, and A. Michael Berman (Eds.). ACM, 203-217. https: //doi.org/10.1145/258993.259019 Google Scholar
Digital Library
- Walid Taha and Tim Sheard. 2000. MetaML and multi-stage programming with explicit annotations. Theor. Comput. Sci. 248, 1-2 ( 2000 ), 211-242. https://doi.org/10.1016/S0304-3975 ( 00 ) 00053-0 Google Scholar
Digital Library
- Ruby Y. Tahboub, Grégory M. Essertel, and Tiark Rompf. 2018. How to Architect a Query Compiler, Revisited. In Proceedings of the 2018 International Conference on Management of Data, SIGMOD Conference 2018, Houston, TX, USA, June 10-15, 2018, Gautam Das, Christopher M. Jermaine, and Philip A. Bernstein (Eds.). ACM, 307-322. https://doi.org/10.1145/ 3183713.3196893 Google Scholar
Digital Library
- Ruby Y. Tahboub and Tiark Rompf. 2020. Architecting a Query Compiler for Spatial Workloads. In Proceedings of the 2020 International Conference on Management of Data, SIGMOD Conference 2020, online conference [Portland, OR, USA], June 14-19, 2020, David Maier, Rachel Pottinger, AnHai Doan, Wang-Chiew Tan, Abdussalam Alawini, and Hung Q. Ngo (Eds.). ACM, 2103-2118. https://doi.org/10.1145/3318464.3389701 Google Scholar
Digital Library
- Ruby Y. Tahboub, Xilun Wu, Grégory M. Essertel, and Tiark Rompf. 2019. Towards compiling graph queries in relational engines. In Proceedings of the 17th ACM SIGPLAN International Symposium on Database Programming Languages, DBPL 2019, Phoenix, AZ, USA, June 23, 2019, Alvin Cheung and Kim Nguyen (Eds.). ACM, 30-41. https://doi.org/10.1145/ 3315507.3330200 Google Scholar
Digital Library
- Emina Torlak and Rastislav Bodik. 2014. A Lightweight Symbolic Virtual Machine for Solver-aided Host Languages. In Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation (Edinburgh, United Kingdom) (PLDI '14). ACM, New York, NY, USA, 530-541. https://doi.org/10.1145/2594291.2594340 Google Scholar
Digital Library
- Philip Wadler. 1992. The Essence of Functional Programming. In Proceedings of the 19th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (Albuquerque, New Mexico, USA) ( POPL '92). ACM, New York, NY, USA, 1-14. https://doi.org/10.1145/143165.143169 Google Scholar
Digital Library
- Guannan Wei, Yuxuan Chen, and Tiark Rompf. 2019. Staged Abstract Interpreters: Fast and Modular Whole-program Analysis via Meta-programming. Proc. ACM Program. Lang. 3, OOPSLA, Article 126 (Oct. 2019 ), 32 pages. https: //doi.org/10.1145/3360552 Google Scholar
Digital Library
- Guannan Wei, James Decker, and Tiark Rompf. 2018. Refunctionalization of Abstract Abstract Machines: Bridging the Gap Between Abstract Abstract Machines and Abstract Definitional Interpreters (Functional Pearl). Proc. ACM Program. Lang. 2, ICFP, Article 105 ( July 2018 ), 28 pages. https://doi.org/10.1145/3236800 Google Scholar
Digital Library
- Nicolas Wu, Tom Schrijvers, and Ralf Hinze. 2014. Efect handlers in scope. In Proceedings of the 2014 ACM SIGPLAN symposium on Haskell, Gothenburg, Sweden, September 4-5, 2014, Wouter Swierstra (Ed.). ACM, 1-12. https://doi.org/10. 1145/2633357.2633358 Google Scholar
Digital Library
- Guowei Yang, Antonio Filieri, Mateus Borges, Donato Clun, and Junye Wen. 2019. Chapter Five-Advances in Symbolic Execution. Advances in Computers, Vol. 113. Elsevier, 225-287. https://doi.org/10.1016/bs.adcom. 2018. 10.002 Google Scholar
Cross Ref
- Zhuo Zhang, Wei You, Guanhong Tao, Guannan Wei, Yonghwi Kwon, and Xiangyu Zhang. 2019. BDA: practical dependence analysis for binary executables by unbiased whole-program path sampling and per-path abstract interpretation. Proc. ACM Program. Lang. 3, OOPSLA ( 2019 ), 137 : 1-137 : 31. https://doi.org/10.1145/3360563 Google Scholar
Digital Library
Index Terms
Compiling symbolic execution with staging and algebraic effects
Recommendations
LLSC: a parallel symbolic execution compiler for LLVM IR
ESEC/FSE 2021: Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software EngineeringWe present LLSC, a prototype compiler for nondeterministic parallel symbolic execution of the LLVM intermediate representation (IR). Given an LLVM IR program, LLSC generates code preserving the symbolic execution semantics and orchestrating solver ...
Compiling Parallel Symbolic Execution with Continuations
ICSE '23: Proceedings of the 45th International Conference on Software EngineeringSymbolic execution is a powerful program analysis and testing technique. Symbolic execution engines are usually implemented as interpreters, and the induced interpretation overhead can dramatically inhibit performance. Alternatively, implementation ...
Symbolic types for lenient symbolic execution
We present lambda_sym, a typed λ-calculus for lenient symbolic execution, where some language constructs do not recognize symbolic values. Its type system, however, ensures safe behavior of all symbolic values in a program. Our calculus extends a base ...






Comments