Advertisement

Symbolic Execution of Alloy Models

  • Junaid Haroon Siddiqui
  • Sarfraz Khurshid
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6991)

Abstract

Symbolic execution is a technique for systematic exploration of program behaviors using symbolic inputs, which characterize classes of concrete inputs. Symbolic execution is traditionally performed on imperative programs, such as those in C/C++ or Java. This paper presents a novel approach to symbolic execution for declarative programs, specifically those written in Alloy – a first-order, declarative language based on relations. Unlike imperative programs that describe how to perform computation to conform to desired behavioral properties, declarative programs describe what the desired properties are, without enforcing a specific method for computation. Thus, symbolic execution does not directly apply to declarative programs the way it applies to imperative programs. Our insight is that we can leverage the fully automatic, SAT-based analysis of the Alloy Analyzer to enable symbolic execution of Alloy models – the analyzer generates instances, i.e., valuations for the relations in the model, that satisfy the given properties and thus provides an execution engine for declarative programs. We define symbolic types and operations, which allow the existing Alloy tool-set to perform symbolic execution for the supported types and operations. We demonstrate the efficacy of our approach using a suite of models that represent structurally complex properties. Our approach opens promising avenues for new forms of more efficient and effective analyses of Alloy models.

Keywords

Alloy Model Path Condition Symbolic Execution Binary Search Tree Alloy Analyzer 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Bush, W.R., et al.: A Static Analyzer for Finding Dynamic Programming Errors. Softw. Pract. Exper. 30 (2000)Google Scholar
  2. 2.
    Cadar, C., Engler, D.: Execution generated test cases: How to make systems code crash itself. In: Godefroid, P. (ed.) SPIN 2005. LNCS, vol. 3639, pp. 2–23. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  3. 3.
    Cadar, C., et al.: EXE: Automatically Generating Inputs of Death. In: CCS 2006 (2006)Google Scholar
  4. 4.
    Cadar, C., et al.: Symbolic Execution for Software Testing in Practice Preliminary Assessment. In: ICSE Impact (2011)Google Scholar
  5. 5.
    Clarke, L.A.: Test Data Generation and Symbolic Execution of Programs as an aid to Program Validation. PhD thesis, University of Colorado at Boulder (1976)Google Scholar
  6. 6.
    Cormen, T.T., et al.: Introduction to Algorithms. MIT Press, Cambridge (1990)zbMATHGoogle Scholar
  7. 7.
    de Moura, L., Bjørner, N.: Z3: An efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  8. 8.
    Dennis, G., Yessenov, K.: Forge website, http://sdg.csail.mit.edu/forge/
  9. 9.
    Godefroid, P.: Compositional Dynamic Test Generation. In: POPL 2007 (2007)Google Scholar
  10. 10.
    Godefroid, P., et al.: DART: Directed Automated Random Testing. In: PLDI 2005 (2005)Google Scholar
  11. 11.
    Jackson, D.: Software Abstractions: Logic, Language, and Analysis. The MIT Press, Cambridge (2006)Google Scholar
  12. 12.
    Khurshid, S., et al.: Generalized symbolic execution for model checking and testing. In: Garavel, H., Hatcliff, J. (eds.) TACAS 2003. LNCS, vol. 2619, pp. 553–568. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  13. 13.
    Khurshid, S., Marinov, D.: TestEra: Specification-Based Testing of Java Programs using SAT. Automated Softw. Eng. J. 11 (2004)Google Scholar
  14. 14.
    King, J.C.: Symbolic Execution and Program Testing. Commun. ACM 19 (1976)Google Scholar
  15. 15.
    Sen, K., et al.: CUTE: A Concolic Unit Testing Engine for C. In: ESEC/FSE 2005 (2005)Google Scholar
  16. 16.
    Thums, A., Balser, M.: Interactive verification of statecharts. In: Ehrig, H., Damm, W., Desel, J., Große-Rhode, M., Reif, W., Schnieder, E., Westkämper, E. (eds.) INT 2004. LNCS, vol. 3147, pp. 355–373. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  17. 17.
    Torlak, E., Jackson, D.: Kodkod: A relational model finder. In: Grumberg, O., Huth, M. (eds.) TACAS 2007. LNCS, vol. 4424, pp. 632–647. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  18. 18.
    Wang, T., et al.: Symbolic Execution of Behavioral Requirements. In: Pract. Aspects Decl. Lang. (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Junaid Haroon Siddiqui
    • 1
  • Sarfraz Khurshid
    • 1
  1. 1.The University of Texas at AustinUSA

Personalised recommendations