Download presentation
Presentation is loading. Please wait.
Published bySybil Blair Modified over 8 years ago
1
CSV 889: Concurrent Software Verification Subodh Sharma Indian Institute of Technology Delhi Symbolic Execution
2
Runtime Verification vs Symbolic Execution Courtesy: Zvonimir slides from sv 2012 course
3
Key developements King, CACM 1976 Still an active area of research – CUTE [UIUC] – KLEE [Stanford] – Java Path Finder [NASA]...
4
Nuts and Bolts of Symbolic Execution Treat values of variables as symbolic For “program path” collect constraints over symbolic expressions – Known as “Path Conditions” Check feasibility at branches – By using either SAT or SMT tools – Could be used for pruning infeasible paths Fork and proceed
5
Example I Concrete execution x = 3, y = 2
6
Example I Symbolic execution x = a, y = b
7
Problems with Symbolic Execution Constraints – Linear arithmetic – nonlinear – higher order functions – unknown data structure invariants
8
Example II Courtesy: S. Anand, 2009 What constraints to generate for data structure updates?
9
Example II Courtesy: S. Anand, 2009 Use data structure invariants
10
Example II Courtesy: S. Anand, 2009 Use data structure invariants
11
Dealing with Functions Goal: Find an input to crash the program What is the total number of program paths leading to error()? Key idea is to compute function summaries! Courtesy: S. Anand, 2009
12
Dealing with Functions Courtesy: S. Anand, 2009
13
Summary TODAY: Basics of Symbolic Execution and the problems with it NEXT CLASS: State-of-the-art Symbolic execution engines (KLEE, CUTE) + Handling Concurrency
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.