Symbolic execution (SE) tools often rely on intermediate languages (ILs) to support multiple programming languages, promising reusability and efficiency. In practice, this approach introduces trade-offs between performance, accuracy, and language feature support. We argue that building SE engines \emph{directly} for each source language is both simpler and more effective. We present Soteria, a lightweight OCaml library for writing SE engines in a functional style, without compromising on performance, accuracy or feature support. Soteria enables developers to construct SE engines that operate directly over source-language semantics, offering \emph{configurability}, compositional reasoning, and ease of implementation. Using Soteria, we develop Soteria$^{\text{Rust}}$, the \emph{first} Rust SE engine supporting Tree Borrows (the intricate aliasing model of Rust), and Soteria$^{\text{C}}$, a compositional SE engine for C. Both tools are competitive with or outperform state-of-the-art tools such as Kani, Pulse, CBMC and Gillian-C in performance and the number of bugs detected. We formalise the theoretical foundations of Soteria and prove its soundness, demonstrating that sound, efficient, accurate, and expressive SE can be achieved without the compromises of ILs.

翻译：符号执行（SE）工具通常依赖中间语言（IL）来支持多种编程语言，以承诺可重用性和效率。然而，在实践中，这种方法在性能、准确性和语言特性支持之间引入了权衡。我们认为，为每种源语言直接构建SE引擎既更简单又更有效。本文提出了Soteria，一个轻量级的OCaml库，用于以函数式风格编写SE引擎，同时不牺牲性能、准确性或特性支持。Soteria使开发者能够构建直接基于源语言语义的SE引擎，提供可配置性、组合推理和易于实现的优势。利用Soteria，我们开发了Soteria$^{\\text{Rust}}$——首个支持Tree Borrows（Rust复杂的别名模型）的Rust SE引擎，以及Soteria$^{\\text{C}}$——一个用于C语言的组合式SE引擎。这两种工具在性能和检测错误数量方面均与Kani、Pulse、CBMC和Gillian-C等先进工具竞争或超越它们。我们形式化了Soteria的理论基础并证明了其正确性，表明无需中间语言的妥协即可实现正确、高效、准确且表达力强的符号执行。