Symbolic execution is a powerful technology in ensuring software correctness. However, symbolic execution has the path explosion problem and cannot scale to large programs. In this paper, we present a novel approach, hotness-guided symbolic execution which uses hotness as a strategy to find bugs, and implement it on a bug finding tool HOE. Based on our observation of real world bugs, most bugs are caused by programmers’ careless dealing with unexpected situations. HOE chooses these not-so-often-reached paths to explore in a high priority and ignore hotter paths on demand. We evaluate HOE on an open source C++ library oSIP with...