Denotational Semantics for Symbolic Execution

被引：1

作者：

Voogd, Erik ^{[1
]}

Klovstad, Asmund Aqissiaq Arild ^{[1
]}

Johnsen, Einar Broch ^{[1
]}

机构：

[1] Univ Oslo, Dept Informat, Oslo, Norway

来源：

THEORETICAL ASPECTS OF COMPUTING, ICTAC 2023 | 2023年 / 14446卷

关键词：

Formal methods; Programming semantics; Denotational semantics; Symbolic execution;

D O I：

10.1007/978-3-031-47963-2_22

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

Symbolic execution is a technique to systematically explore all possible paths through a program. This technique can be formally explained by means of small-step transition systems that update symbolic states and compute a precondition corresponding to the taken execution path (called the path condition). To enable swift and robust compositional reasoning, this paper defines a denotational semantics for symbolic execution. We prove the correspondence between the denotational semantics and both the small-step execution semantics and a concrete semantics. The denotational semantics is a function defined piecewise using a partitioning of the input space. Each part of the input space is a path condition obtained from symbolic execution, and the semantics of this part is the corresponding symbolic substitution interpreted as a function on the initial state space. Correctness and completeness of symbolic execution is encapsulated in a graceful identity of functions. We provide mechanizations in Coq for our main results.

引用

页码：370 / 387

页数：18

共 19 条

[1]

Ahrendt W, 2016, LECT NOTES COMPUT SC, V10001, P1, DOI 10.1007/978-3-319-49812-6

[2] Symbolic Execution for Software Testing: Three Decades Later [J].