Show simple item record

Symbolic Execution for (Almost) Free: Hijacking an Existing Implementation to Perform Symbolic Execution

dc.date.accessioned2014-04-24T19:30:05Z
dc.date.accessioned2018-11-26T22:27:10Z
dc.date.available2014-04-24T19:30:05Z
dc.date.available2018-11-26T22:27:10Z
dc.date.issued2014-04-22
dc.identifier.urihttp://hdl.handle.net/1721.1/86235
dc.identifier.urihttp://repository.aust.edu.ng/xmlui/handle/1721.1/86235
dc.description.abstractSymbolic execution of a language is traditionally achieved by replacing the language s interpreter with an entirely new interpreter. This may be an unnecessary burden, and it is tempting instead to try to use as much of the existing interpret infrastructure as possible, both for handling aspects of the computation that are not symbolic, and for propagating symbolic ones. This approach was used to implement Rubicon, a bounded verification system for Ruby on Rails web applications, in less than 1000 lines of Ruby code. Rubicon uses symbolic execution to derive verification conditions from Rails applications and an off-the-shelf solver to check them. Despite its small size, Rubicon has been used to find previously unknown bugs in open-source Rails applications. The key idea is to encode symbolic values and operations in a library written in the target language itself, overriding only a small part of the standard interpreter. We formalize this approach, showing that replacing a few key operators with symbolic versions in a standard interpreter gives the same effect as replacing the entire interpreter with a symbolic one.en_US
dc.format.extent12 p.en_US
dc.rightsCreative Commons Attribution-NonCommercial-ShareAlike 4.0 International*
dc.rights.urihttp://creativecommons.org/licenses/by-nc-sa/4.0/en_US
dc.subjectsymbolic executionen_US
dc.subjectweb applicationsen_US
dc.subjectsecurityen_US
dc.subjectverificationen_US
dc.titleSymbolic Execution for (Almost) Free: Hijacking an Existing Implementation to Perform Symbolic Executionen_US


Files in this item

FilesSizeFormatView
MIT-CSAIL-TR-2014-007.pdf273.2Kbapplication/pdfView/Open

This item appears in the following Collection(s)

Show simple item record

Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International
Except where otherwise noted, this item's license is described as Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International