Related papers: Symbolic Partial-Order Execution for Testing Multi…

Distributed Symbolic Execution using Test-Depth Partitioning

Symbolic execution is a classic technique for systematic bug finding, which has seen many applications in recent years but remains hard to scale. Recent work introduced ranged symbolic execution to distribute the symbolic execution task…

Software Engineering · Computer Science 2021-06-07 Shikhar Singh , Sarfraz Khurshid

On Synergy of Metal, Slicing, and Symbolic Execution

We introduce a novel technique for finding real errors in programs. The technique is based on a synergy of three well-known methods: metacompilation, slicing, and symbolic execution. More precisely, we instrument a given program with a code…

Programming Languages · Computer Science 2012-01-24 Jiří Slabý , Jan Strejček , Marek Trtík

Divide, Conquer and Verify: Improving Symbolic Execution Performance

Symbolic Execution is a formal method that can be used to verify the behavior of computer programs and detect software vulnerabilities. Compared to other testing methods such as fuzzing, Symbolic Execution has the advantage of providing…

Cryptography and Security · Computer Science 2025-09-29 Christopher Scherb , Luc Bryan Heitz , Hermann Grieder , Olivier Mattmann

Can Large Language Models Simulate Symbolic Execution Output Like KLEE?

Symbolic execution helps check programs by exploring different paths based on symbolic inputs. Tools like KLEE are commonly used because they can automatically detect bugs and create test cases. But one of KLEE's biggest issues is how slow…

Software Engineering · Computer Science 2025-11-12 Rong Feng , Vanisha Gupta , Vivek Patel , Viroopaksh Reddy Ernampati , Suman Saha

Symbolic Execution in Practice: A Survey of Applications in Vulnerability, Malware, Firmware, and Protocol Analysis

Symbolic execution is a powerful program analysis technique that allows for the systematic exploration of all program paths. Path explosion, where the number of states to track becomes unwieldy, is one of the biggest challenges hindering…

Cryptography and Security · Computer Science 2025-08-12 Joshua Bailey , Charles Nicholas

Symbolic Execution Meets Multi-LLM Orchestration: Detecting Memory Vulnerabilities in Incomplete Rust CVE Snippets

This paper presents a system combining symbolic execution (KLEE) with a 4-agent multi-LLM architecture for detecting memory vulnerabilities in Rust unsafe code. A central challenge we address is the incomplete-code problem: CVE database…

Cryptography and Security · Computer Science 2026-05-04 Zeyad Abdelrazek , Young Lee

Benchmarking Symbolic Execution Using Constraint Problems -- Initial Results

Symbolic execution is a powerful technique for bug finding and program testing. It is successful in finding bugs in real-world code. The core reasoning techniques use constraint solving, path exploration, and search, which are also the same…

Software Engineering · Computer Science 2020-07-20 Sahil Verma , Roland H. C. Yap

Quantum Symbolic Execution

With advances in quantum computing, researchers can now write and run many quantum programs. However, there is still a lack of effective methods for debugging quantum programs. In this paper, quantum symbolic execution (QSE) is proposed to…

Quantum Physics · Physics 2022-09-20 Jiang Nan , Wang Zichen , Wang Jian

Countering the Path Explosion Problem in the Symbolic Execution of Hardware Designs

Symbolic execution is a powerful verification tool for hardware designs, but suffers from the path explosion problem. We introduce a new approach, piecewise composition, which leverages the modular structure of hardware to transfer the work…

Cryptography and Security · Computer Science 2023-04-13 Kaki Ryan , Cynthia Sturton

Symbolic Execution for Randomized Programs

We propose a symbolic execution method for programs that can draw random samples. In contrast to existing work, our method can verify randomized programs with unknown inputs and can prove probabilistic properties that universally quantify…

Programming Languages · Computer Science 2022-09-19 Zachary Susag , Sumit Lahiri , Justin Hsu , Subhajit Roy

Parallel Program Analysis on Path Ranges

Symbolic execution is a software verification technique symbolically running programs and thereby checking for bugs. Ranged symbolic execution performs symbolic execution on program parts, so called path ranges, in parallel. Due to the…

Software Engineering · Computer Science 2024-06-28 Jan Haltermanna , Marie-Christine Jakobs , Cedric Richter , Heike Wehrheim

A Survey of Symbolic Execution Techniques

Many security and software testing applications require checking whether certain properties of a program hold for any possible usage scenario. For instance, a tool for identifying software vulnerabilities may need to rule out the existence…

Software Engineering · Computer Science 2018-05-03 Roberto Baldoni , Emilio Coppa , Daniele Cono D'Elia , Camil Demetrescu , Irene Finocchi

Scaling Symbolic Execution to Large Software Systems

Static analysis is the analysis of a program without executing it, usually carried out by an automated tool. Symbolic execution is a popular static analysis technique used both in program verification and in bug detection software. It works…

Software Engineering · Computer Science 2024-08-06 Gabor Horvath , Reka Kovacs , Zoltan Porkolab

Verifying a Sparse Matrix Algorithm Using Symbolic Execution

Scientific software is, by its very nature, complex. It is mathematical and highly optimized which makes it prone to subtle bugs not as easily detected by traditional testing. We outline how symbolic execution can be used to write tests…

Software Engineering · Computer Science 2025-10-16 Alexander C. Wilton

Empc: Effective Path Prioritization for Symbolic Execution with Path Cover

Symbolic execution is a powerful program analysis technique that can formally reason the correctness of program behaviors and detect software bugs. It can systematically explore the execution paths of the tested program. But it suffers from…

Cryptography and Security · Computer Science 2025-05-07 Shuangjie Yao , Dongdong She

Stateless Model Checking for TSO and PSO

We present a technique for efficient stateless model checking of programs that execute under the relaxed memory models TSO and PSO. The basis for our technique is a novel representation of executions under TSO and PSO, called chronological…

Logic in Computer Science · Computer Science 2015-01-12 Parosh Abdulla , Stavros Aronis , Mohammed Faouzi Atig , Bengt Jonsson , Carl Leonardsson , Konstantinos Sagonas

Engineering a Formally Verified Automated Bug Finder

Symbolic execution is a program analysis technique executing programs with symbolic instead of concrete inputs. This principle allows for exploring many program paths at once. Despite its wide adoption -- in particular for program testing…

Programming Languages · Computer Science 2023-10-13 Arthur Correnson , Dominic Steinhoefel

Abstracting Path Conditions for Effective Symbolic Execution

We present an algorithm for tests generation tools based on symbolic execution. The algorithm is supposed to help in situations, when a tool is repeatedly failing to cover some code by tests. The algorithm then provides the tool a necessary…

Symbolic Computation · Computer Science 2011-12-21 Marek Trtík

Evaluating Manual Intervention to Address the Challenges of Bug Finding with KLEE

Symbolic execution has shown its ability to find security-relevant flaws in software, but faces significant scalability challenges. There is a commonly held belief that manual intervention by an expert can help alleviate these limiting…

Software Engineering · Computer Science 2018-05-10 John Galea , Sean Heelan , Daniel Neville , Daniel Kroening

Symbolic Execution Game Semantics

We present a framework for symbolically executing and model checking higher-order programs with external (open) methods. We focus on the client-library paradigm and in particular we aim to check libraries with respect to any definable…

Programming Languages · Computer Science 2020-02-24 Yu-Yang Lin , Nikos Tzevelekos