Compact Symbolic Execution (technical report)

TL;DR

This paper introduces compact symbolic execution, a technique that uses templates to reduce the size of symbolic execution trees by folding regular paths, enabling finite analysis of programs with infinite classic trees.

Contribution

It generalizes King's symbolic execution by incorporating templates to efficiently handle loops and recursion, significantly reducing tree size without information loss.

Findings

Compact symbolic execution trees are often finite where classic trees are infinite.

Templates enable folding of regular paths, reducing analysis complexity.

The method preserves all information despite tree size reduction.

Abstract

We present a generalisation of King's symbolic execution technique called compact symbolic execution. It is based on a concept of templates: a template is a declarative parametric description of such a program part, generating paths in symbolic execution tree with regularities in program states along them. Typical sources of these paths are program loops and recursive calls. Using the templates we fold the corresponding paths into single vertices and therefore considerably reduce size of the tree without loss of any information. There are even programs for which compact symbolic execution trees are finite even though the classic symbolic execution trees are infinite.