Denotational Semantics for Symbolic Execution

被引:1
作者
Voogd, Erik [1 ]
Klovstad, Asmund Aqissiaq Arild [1 ]
Johnsen, Einar Broch [1 ]
机构
[1] Univ Oslo, Dept Informat, Oslo, Norway
来源
THEORETICAL ASPECTS OF COMPUTING, ICTAC 2023 | 2023年 / 14446卷
关键词
Formal methods; Programming semantics; Denotational semantics; Symbolic execution;
D O I
10.1007/978-3-031-47963-2_22
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
Symbolic execution is a technique to systematically explore all possible paths through a program. This technique can be formally explained by means of small-step transition systems that update symbolic states and compute a precondition corresponding to the taken execution path (called the path condition). To enable swift and robust compositional reasoning, this paper defines a denotational semantics for symbolic execution. We prove the correspondence between the denotational semantics and both the small-step execution semantics and a concrete semantics. The denotational semantics is a function defined piecewise using a partitioning of the input space. Each part of the input space is a path condition obtained from symbolic execution, and the semantics of this part is the corresponding symbolic substitution interpreted as a function on the initial state space. Correctness and completeness of symbolic execution is encapsulated in a graceful identity of functions. We provide mechanizations in Coq for our main results.
引用
收藏
页码:370 / 387
页数:18
相关论文
共 19 条
[1]  
Ahrendt W, 2016, LECT NOTES COMPUT SC, V10001, P1, DOI 10.1007/978-3-319-49812-6
[2]   Symbolic Execution for Software Testing: Three Decades Later [J].
Cadar, Cristian ;
Sen, Koushik .
COMMUNICATIONS OF THE ACM, 2013, 56 (02) :82-90
[3]  
Cadar C, 2011, 2011 33RD INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE), P1066, DOI 10.1145/1985793.1985995
[4]   EXE: Automatically Generating Inputs of Death [J].
Cadar, Cristian ;
Ganesh, Vijay ;
Pawlowski, Peter M. ;
Dill, David L. ;
Engler, Dawson R. .
ACM TRANSACTIONS ON INFORMATION AND SYSTEM SECURITY, 2008, 12 (02)
[5]  
Cadar Cristian, 2008, OSDI, P209
[6]   Symbolic execution formally explained [J].
de Boer, Frank S. ;
Bonsangue, Marcello .
FORMAL ASPECTS OF COMPUTING, 2021, 33 (4-5) :617-636
[7]   OpenJDK's Java']Java.utils.Collection.sort() Is Broken: The Good, the Bad and the Worst Case [J].
de Gouw, Stijn ;
Rot, Jurriaan ;
de Boer, Frank S. ;
Bubel, Richard ;
Haehnle, Reiner .
COMPUTER AIDED VERIFICATION, PT I, 2015, 9206 :273-289
[8]   DART: Directed automated random testing [J].
Godefroid, P ;
Klarlund, N ;
Sen, K .
ACM SIGPLAN NOTICES, 2005, 40 (06) :213-223
[9]   The Symbolic Execution Debugger (SED): a platform for interactive symbolic execution, debugging, verification and more [J].
Hentschel, Martin ;
Bubel, Richard ;
Haehnle, Reiner .
INTERNATIONAL JOURNAL ON SOFTWARE TOOLS FOR TECHNOLOGY TRANSFER, 2019, 21 (05) :485-513
[10]  
Klovstad A.A.A., 2023, LIPIcs