Symbolic execution (SE) tools often rely on intermediate languages (ILs) to support multiple programming languages, promising reusability and efficiency. In practice, this approach introduces trade-offs between performance, accuracy, and language feature support. We argue that building SE engines \emph{directly} for each source language is both simpler and more effective. We present Soteria, a lightweight OCaml library for writing SE engines in a functional style, without compromising on performance, accuracy or feature support. Soteria enables developers to construct SE engines that operate directly over source-language semantics, offering \emph{configurability}, compositional reasoning, and ease of implementation. Using Soteria, we develop Soteria$^{\text{Rust}}$, the \emph{first} Rust SE engine supporting Tree Borrows (the intricate aliasing model of Rust), and Soteria$^{\text{C}}$, a compositional SE engine for C. Both tools are competitive with or outperform state-of-the-art tools such as Kani, Pulse, CBMC and Gillian-C in performance and the number of bugs detected. We formalise the theoretical foundations of Soteria and prove its soundness, demonstrating that sound, efficient, accurate, and expressive SE can be achieved without the compromises of ILs.

翻译：符号执行工具通常依赖中间语言支持多源语言，以提升可重用性和效率。然而在实践中，这种方法需在性能、准确性和语言特性支持间权衡取舍。我们论证，直接为每种源语言构建符号执行引擎既更简单也更高效。本文提出Soteria——一款轻量级OCaml函数式库，用于构建符号执行引擎，无需在性能、准确性或特性支持上妥协。Soteria使开发者能够直接基于源语言语义构建符号执行引擎，提供可配置性、组合式推理和易于实现的特性。基于Soteria，我们开发了Soteria$^{\text{Rust}}$——首个支持Tree Borrows（Rust精妙别名模型）的Rust符号执行引擎，以及Soteria$^{\text{C}}$——面向C语言的组合式符号执行引擎。这两个工具在性能及检测的缺陷数量上，与Kani、Pulse、CBMC和Gillian-C等先进工具相比具有竞争力或更优表现。我们形式化了Soteria的理论基础并证明了其正确性，表明无需中间语言的折中即可实现正确、高效、精确且富有表达力的符号执行。