SmartExecutor: Coverage-Driven Symbolic Execution Guided by a Function Dependency Graph

Qiping Wei; Fadul Sikder; Huadong Feng; Yu Lei; Raghu Kacker; D. Richard Kuhn

SmartExecutor: Coverage-Driven Symbolic Execution Guided by a Function Dependency Graph

Qiping Wei, Fadul Sikder, Huadong Feng, Yu Lei, Raghu Kacker, D. Richard Kuhn

Published: 01 Jan 2023, Last Modified: 07 Aug 2024BRAINS 2023EveryoneRevisionsBibTeXCC BY-SA 4.0

Abstract: Symbolic execution of smart contracts suffers from sequence explosion. Some existing tools limit the sequence length, thus being unable to adequately evaluate some functions. In this paper, we propose a symbolic execution approach without limiting the sequence length. In our approach, the symbolic execution process is guided by a function dependency graph aiming to maximize code coverage while reducing the number of sequences to be executed. Our approach consists of two major phases. The first phase executes all sequences up to a length limit while the second attempts to cover the not-fully covered functions. We have developed a tool called SmartExecutor and conducted an experimental evaluation on the SGUARD dataset. The experimental results indicate that compared with a state-of-the-art symbolic execution tool Mythril, SmartExecutor achieves higher code coverage and detects more vulnerabilities with less time.

Loading