Abstract
Given a program and an assertion in that program, determining if the assertion can fail is one of the key applications of program analysis. Symbolic execution is a well-known technique for finding such assertion violations that can enjoy the following two interesting properties. First, symbolic execution can be precise: if it reports that an assertion can fail, then there is an execution of the program that will make the assertion fail. Second, it can be progressing: if there is an execution that makes the assertion fail, it will eventually be found. A symbolic execution algorithm that is both precise and progressing is a semi-decision procedure.
Recently, compositional symbolic execution has been proposed. It improves scalability by analyzing each execution path of each method only once. However, proving precision and progress is more challenging for these compositional algorithms. This paper investigates under what conditions a compositional algorithm is precise and progressing (and hence a semi-decision procedure).
Chapter PDF
Similar content being viewed by others
References
King, J.C.: Symbolic execution and program testing. Commun. ACM 19(7), 385–394 (1976)
Tillmann, N., de Halleux, J.: Pex-white box test generation for.net. In: Proc. of Tests and Proofs 2008, pp. 134–153. Springer, Berlin (2008)
Cadar, C., Ganesh, V., Pawlowski, P.M., Dill, D.L., Engler, D.R.: Exe: automatically generating inputs of death. In: Proc. of CCS 2006, pp. 322–335 (2006)
Godefroid, P., Levin, M.Y., Molnar, D.A.: Automated whitebox fuzz testing. In: NDSS. The Internet Society, SanDiego (2008)
Nori, A.V., Rajamani, S.K., Tetali, S., Thakur, A.V.: The yogi project: Software property checking via static analysis and testing. In: Kowalewski, S., Philippou, A. (eds.) TACAS 2009. LNCS, vol. 5505, pp. 178–181. Springer, Heidelberg (2009)
Costa, M., Crowcroft, J., Castro, M., Rowstron, A., Zhou, L., Zhang, L., Barham, P.: Vigilante: end-to-end containment of internet worms. SIGOPS Oper. Syst. Rev. 39(5), 133–147 (2005)
Brumley, D., Hartwig, C., Kang, M.G., Liang, Z., Newsome, J., Poosankam, P., Song, D.: BitScope: Automatically dissecting malicious binaries. Technical Report CS-07-133, School of Computer Science, Carnegie Mellon University (March 2007)
Anand, S., Pasareanu, C.S., Visser, W.: JPF–SE: A symbolic execution extension to Java Pathfinder. In: Grumberg, O., Huth, M. (eds.) TACAS 2007. LNCS, vol. 4424, pp. 134–138. Springer, Heidelberg (2007)
Molnar, D.A., Wagner, D.: Catchconv: Symbolic execution and run-time type inference for integer conversion errors. Technical Report 2007-23, University of California Berkeley (February 2007)
Person, S., Dwyer, M.B., Elbaum, S., PÇŽsÇŽreanu, C.S.: Differential symbolic execution. In: Proc. of SIGSOFT 2008/FSE-16 (2008)
Godefroid, P.: Compositional dynamic test generation. In: Proc. of POPL 2007, pp. 47–54 (2007)
Anand, S., Godefroid, P., Tillmann, N.: Demand-driven compositional symbolic execution. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 367–381. Springer, Heidelberg (2008)
Godefroid, P., Nori, A.V., Rajamani, S.K., Tetali, S.D.: Compositional may-must program analysis: unleashing the power of alternation. SIGPLAN Not. 45(1), 43–56 (2010)
Vanoverberghe, D., Piessens, F.: Precise and progressing compositional symbolic execution: Extended version (2010), http://www.cs.kuleuven.be/publicaties/rapporten/cw/CW582.abs.html
European Computer Machinery Association: Standard ECMA-335: Common Language Infrastructure. 4th edn. (June 2006)
Evain, J.: Cecil, http://www.mono-project.com/Cecil
de Moura, L., Bjørner, N.S.: Z3: An Efficient SMT Solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008), http://dx.doi.org/10.1007/978-3-540-78800-3_24
Godefroid, P., Klarlund, N., Sen, K.: Dart: directed automated random testing. SIGPLAN Not. 40(6), 213–223 (2005)
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Vanoverberghe, D., Piessens, F. (2011). Theoretical Aspects of Compositional Symbolic Execution. In: Giannakopoulou, D., Orejas, F. (eds) Fundamental Approaches to Software Engineering. FASE 2011. Lecture Notes in Computer Science, vol 6603. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-19811-3_18
Download citation
DOI: https://doi.org/10.1007/978-3-642-19811-3_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-19810-6
Online ISBN: 978-3-642-19811-3
eBook Packages: Computer ScienceComputer Science (R0)