Path explosion
In computer science, path explosion is a fundamental problem that limits the scalability and/or completeness of certain kinds of program analyses, including fuzzing, symbolic execution, and path-sensitive static analysis. Path explosion refers to the fact that the number of control-flow paths in a program grows exponentially ("explodes") with an increase in program size and can even be infinite in the case of programs with unbounded loop iterations.[1][2] Therefore, any program analysis that attempts to explore control-flow paths through a program will either have exponential runtime in the length of the program (or potentially even failure to terminate on certain inputs), or will have to choose to analyze only a subset of all possible paths. When an analysis only explores a subset of all paths, the decision of which paths to analyze is often made heuristically.[3]
References
[edit]- ^ Anand, Saswat; Patrice Godefroid; Nikolai Tillmann (2008). "Demand-Driven Compositional Symbolic Execution". Tools and Algorithms for the Construction and Analysis of Systems. Lecture Notes in Computer Science. Vol. 4963. pp. 367–381. doi:10.1007/978-3-540-78800-3_28. ISBN 978-3-540-78799-0.
- ^ Boonstoppel, Peter; Cadar, Cristian; Engler, Dawson (2008). Ramakrishnan, C. R.; Rehof, Jakob (eds.). "RWset: Attacking Path Explosion in Constraint-Based Test Generation". Tools and Algorithms for the Construction and Analysis of Systems. Berlin, Heidelberg: Springer: 351–366. doi:10.1007/978-3-540-78800-3_27. ISBN 978-3-540-78800-3. "the number of distinct paths increases exponentially with the number of conditional statements traversed. In all but the smallest programs, this typically leads to an essentially inexhaustible set of paths to explore."
- ^ Ma, Kin-Keng; Khoo Yit Phang; Jeffrey S. Foster; Michael Hicks (2011). "Directed Symbolic Execution". Proceedings of the 18th International Conference on Statis Analysis. pp. 95–111. ISBN 9783642237010. Retrieved 2013-04-03.