stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
6f808c3b3d6808ecc97ecf1e96117ec805d92c76
git.stella-ops.org/docs/features/checked/scanner/speculative-execution-engine.md
master e9aeadc040 save checkpoint
2026-02-14 09:11:48 +02:00

2.3 KiB
Raw Blame History

Speculative Execution Engine (Shell Script Symbolic Execution)

Module

Scanner

Status

VERIFIED

Description

Symbolic execution engine for shell scripts that enumerates all possible execution paths through entrypoint scripts (Dockerfile CMD/ENTRYPOINT), tracking symbolic variable states and branch conditions to determine all reachable terminal states with confidence scoring.

Implementation Details

  • Symbolic Executor:
    • src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Speculative/ShellSymbolicExecutor.cs - ShellSymbolicExecutor performing symbolic execution of shell scripts, tracking variable states and branch conditions
    • src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Speculative/ISymbolicExecutor.cs - Interface for symbolic execution
  • Execution Tree:
    • src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Speculative/ExecutionTree.cs - ExecutionTree representing all possible execution paths through the script with terminal states
  • Path Analysis:
    • src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Speculative/PathEnumerator.cs - PathEnumerator enumerating all possible execution paths through branch conditions
    • src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Speculative/PathConfidenceScorer.cs - PathConfidenceScorer scoring each path's likelihood based on branch conditions and variable constraints

E2E Test Plan

  • Execute symbolic analysis on a Dockerfile ENTRYPOINT shell script with conditional branches and verify all possible execution paths are enumerated
  • Verify the execution tree correctly tracks symbolic variable states through assignment and substitution
  • Verify branch conditions (if/else, case/esac) create appropriate path forks in the execution tree
  • Verify PathConfidenceScorer assigns higher confidence to paths with fewer conditional dependencies
  • Verify the engine handles common shell constructs (loops, subshells, command substitution, environment variable expansion)
  • Verify terminal states include the final command that would be executed in each path

Verification

Check Result
Tier 0 - Source files exist PASS
Tier 1 - Build + code review PASS
Tier 2 - Integration tests PASS
Verified 2026-02-13T18:10:00Z