stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

save checkpoint

Browse Source
This commit is contained in:
master
2026-02-14 09:11:48 +02:00
parent 9ca2de05df
commit e9aeadc040
1512 changed files with 30863 additions and 4728 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
docs/features/checked/scanner/speculative-execution-engine.md Normal file
View File

@@ -0,0 +1,39 @@
# Speculative Execution Engine (Shell Script Symbolic Execution)
## Module
Scanner
## Status
VERIFIED
## Description
Symbolic execution engine for shell scripts that enumerates all possible execution paths through entrypoint scripts (Dockerfile CMD/ENTRYPOINT), tracking symbolic variable states and branch conditions to determine all reachable terminal states with confidence scoring.
## Implementation Details
- **Symbolic Executor**:
- `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Speculative/ShellSymbolicExecutor.cs` - `ShellSymbolicExecutor` performing symbolic execution of shell scripts, tracking variable states and branch conditions
- `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Speculative/ISymbolicExecutor.cs` - Interface for symbolic execution
- **Execution Tree**:
- `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Speculative/ExecutionTree.cs` - `ExecutionTree` representing all possible execution paths through the script with terminal states
- **Path Analysis**:
- `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Speculative/PathEnumerator.cs` - `PathEnumerator` enumerating all possible execution paths through branch conditions
- `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Speculative/PathConfidenceScorer.cs` - `PathConfidenceScorer` scoring each path's likelihood based on branch conditions and variable constraints
## E2E Test Plan
- [ ] Execute symbolic analysis on a Dockerfile ENTRYPOINT shell script with conditional branches and verify all possible execution paths are enumerated
- [ ] Verify the execution tree correctly tracks symbolic variable states through assignment and substitution
- [ ] Verify branch conditions (if/else, case/esac) create appropriate path forks in the execution tree
- [ ] Verify `PathConfidenceScorer` assigns higher confidence to paths with fewer conditional dependencies
- [ ] Verify the engine handles common shell constructs (loops, subshells, command substitution, environment variable expansion)
- [ ] Verify terminal states include the final command that would be executed in each path
---
## Verification
| Check | Result |
|-------|--------|
| Tier 0 - Source files exist | PASS |
| Tier 1 - Build + code review | PASS |
| Tier 2 - Integration tests | PASS |
| Verified | 2026-02-13T18:10:00Z |