Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSV 889: Concurrent Software Verification Subodh Sharma Indian Institute of Technology Delhi Symbolic Execution.

Published bySybil Blair Modified over 8 years ago

Similar presentations

Presentation on theme: "CSV 889: Concurrent Software Verification Subodh Sharma Indian Institute of Technology Delhi Symbolic Execution."— Presentation transcript:

1 CSV 889: Concurrent Software Verification Subodh Sharma Indian Institute of Technology Delhi Symbolic Execution

2 Runtime Verification vs Symbolic Execution Courtesy: Zvonimir slides from sv 2012 course

3 Key developements King, CACM 1976 Still an active area of research – CUTE [UIUC] – KLEE [Stanford] – Java Path Finder [NASA]...

4 Nuts and Bolts of Symbolic Execution Treat values of variables as symbolic For “program path” collect constraints over symbolic expressions – Known as “Path Conditions” Check feasibility at branches – By using either SAT or SMT tools – Could be used for pruning infeasible paths Fork and proceed

5 Example I Concrete execution x = 3, y = 2

6 Example I Symbolic execution x = a, y = b

7 Problems with Symbolic Execution Constraints – Linear arithmetic – nonlinear – higher order functions – unknown data structure invariants

8 Example II Courtesy: S. Anand, 2009 What constraints to generate for data structure updates?

9 Example II Courtesy: S. Anand, 2009 Use data structure invariants

10 Example II Courtesy: S. Anand, 2009 Use data structure invariants

11 Dealing with Functions Goal: Find an input to crash the program What is the total number of program paths leading to error()? Key idea is to compute function summaries! Courtesy: S. Anand, 2009

12 Dealing with Functions Courtesy: S. Anand, 2009

13 Summary TODAY: Basics of Symbolic Execution and the problems with it NEXT CLASS: State-of-the-art Symbolic execution engines (KLEE, CUTE) + Handling Concurrency

Download ppt "CSV 889: Concurrent Software Verification Subodh Sharma Indian Institute of Technology Delhi Symbolic Execution."

Similar presentations

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.
Amal Khalil & Juergen Dingel

Amal Khalil & Juergen Dingel
50.530: Software Engineering

50.530: Software Engineering
Masahiro Fujita Yoshihisa Kojima University of Tokyo May 2, 2008

Masahiro Fujita Yoshihisa Kojima University of Tokyo May 2, 2008
Symbolic Execution with Mixed Concrete-Symbolic Solving

Symbolic Execution with Mixed Concrete-Symbolic Solving
A System to Generate Test Data and Symbolically Execute Programs Lori A. Clarke September 1976.

A System to Generate Test Data and Symbolically Execute Programs Lori A. Clarke September 1976.
Satisfiability Modulo Theories (An introduction)

Satisfiability Modulo Theories (An introduction)
PLDI’2005Page 1June 2005 Example (C code) int double(int x) { return 2 * x; } void test_me(int x, int y) { int z = double(x); if (z==y) { if (y == x+10)

PLDI’2005Page 1June 2005 Example (C code) int double(int x) { return 2 * x; } void test_me(int x, int y) { int z = double(x); if (z==y) { if (y == x+10)
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Software Engineering & Automated Deduction Willem Visser Stellenbosch University With Nikolaj Bjorner (Microsoft Research, Redmond) Natarajan Shankar (SRI.

Software Engineering & Automated Deduction Willem Visser Stellenbosch University With Nikolaj Bjorner (Microsoft Research, Redmond) Natarajan Shankar (SRI.
1/20 Generalized Symbolic Execution for Model Checking and Testing Charngki PSWLAB Generalized Symbolic Execution for Model Checking and Testing.

1/20 Generalized Symbolic Execution for Model Checking and Testing Charngki PSWLAB Generalized Symbolic Execution for Model Checking and Testing.
Symbolic execution © Marcelo d’Amorim 2010.

Symbolic execution © Marcelo d’Amorim 2010.
Rahul Sharma, Saurabh Gupta, Bharath Hariharan, Alex Aiken, and Aditya Nori (Stanford, UC Berkeley, Microsoft Research India) Verification as Learning.

Rahul Sharma, Saurabh Gupta, Bharath Hariharan, Alex Aiken, and Aditya Nori (Stanford, UC Berkeley, Microsoft Research India) Verification as Learning.
A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.

A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.
Hybrid Approach to Model-Checking of Timed Automata DAT4 Project Proposal Supervisor: Alexandre David.

Hybrid Approach to Model-Checking of Timed Automata DAT4 Project Proposal Supervisor: Alexandre David.
6/14/991 Symbolic verification of systems with state machines David L. Dill Jeffrey Su Jens Skakkebaek Computer System Laboratory Stanford University.

6/14/991 Symbolic verification of systems with state machines David L. Dill Jeffrey Su Jens Skakkebaek Computer System Laboratory Stanford University.
Trajectory-Directed Discrete State Space Modeling for Formal Verification of Nonlinear Analog Circuits Presented by Valeriy Balabanov.

Trajectory-Directed Discrete State Space Modeling for Formal Verification of Nonlinear Analog Circuits Presented by Valeriy Balabanov.
CSE503: SOFTWARE ENGINEERING SYMBOLIC TESTING, AUTOMATED TEST GENERATION … AND MORE! David Notkin Spring 2011.

CSE503: SOFTWARE ENGINEERING SYMBOLIC TESTING, AUTOMATED TEST GENERATION … AND MORE! David Notkin Spring 2011.
Course Summary. © Katz, 2003 Formal Specifications of Complex Systems-- Real-time 2 Topics (1) Families of specification methods, evaluation criteria.

Course Summary. © Katz, 2003 Formal Specifications of Complex Systems-- Real-time 2 Topics (1) Families of specification methods, evaluation criteria.
Nikolaj Bjørner Microsoft Research Lecture 3. DayTopicsLab 1Overview of SMT and applications. SAT solving, Z3 Encoding combinatorial problems with Z3.

Nikolaj Bjørner Microsoft Research Lecture 3. DayTopicsLab 1Overview of SMT and applications. SAT solving, Z3 Encoding combinatorial problems with Z3.

Similar presentations

Ads by Google