Artifact: Zero-Overhead Path Prediction with Progressive Symbolic Execution

Artifact 1178 for ICSE 2019 Paper 449, Zero-Overhead Path Prediction with Progressive Symbolic Execution

compressed docker image, to load: 

gunzip -c icse19-zop2.tgz | docker load


Zero-overhead profiling (ZOP) introduced tech-
niques to profile an un-instrumented program by observing the
electromagnetic (EM) emanations generated by the processing
hardware during execution. Although demonstrated to be both
accurate and practical, the technique does have a few shortcom-
ings. It requires a training phase with extensive code coverage;
it predicts a path profile instead of full program traces; and its
prediction can suffer an unrecoverable loss of accuracy.
To address these issues, we extend the ZOP technique to zero-
overhead path prediction (ZOP-2). For a comprehensive training
phase, ZOP-2 uses symbolic execution to generate inputs yielding
high coverage. To overcome symbolic execution’s limitations and
scalability problems, we propose progressive symbolic execution
(PSE). When traditional symbolic execution fails to achieve the
desired coverage on a program P, PSE applies symbolic execution
to increasingly small subsets of P, to explore not-yet-covered
program paths. PSE also generates the scaffolding needed to run
these inputs on the generated subsets of P. For the prediction
phase, ZOP-2 lifts the reliance on the control flow graph and use
stateless prediction to recover from misprediction.
In our evaluation, we generate training inputs for four
benchmarks using symbolic execution. The EM emanations are
collected for both test inputs and the various training inputs, and
the program path is predicted using a stateless path prediction
algorithm. Our results show that ZOP-2 provides over 90% path
prediction accuracy, and that PSE generates inputs covering
feasible paths missed by other symbolic execution techniques.