A formal model for defect detection using symbolic program execution

Language-Independent Program Verification Using Symbolic Execution

In this paper we present an automatic and language-independent program verification approach based on symbolic execution. The specification formalism we consider is Reachability Logic, a language-independent logic that constitutes an alternative to Hoare logics. Reachability Logic has a sound and relatively complete deduction system, which offers a lot of freedom (but no guidelines) for constru...

Unbounded Symbolic Execution for Program Verification

Symbolic execution with interpolation is emerging as an alternative to CEGAR for software verification. The performance of both methods relies critically on interpolation in order to obtain the most general abstraction of the current symbolic or abstract state which can be shown to remain error-free. CEGAR naturally handles unbounded loops because it is based on abstract interpretation. In cont...

Symbolic program execution using the Erlang verification tool

Redundant State Detection for Dynamic Symbolic Execution

Many recent tools use dynamic symbolic execution to perform tasks ranging from automatic test generation, finding security flaws, equivalence verification, and exploit generation. However, while symbolic execution is promising, it perennially struggles with the fact that the number of paths in a program increases roughly exponentially with both code and input size. This paper presents a techniq...

Program Validation by Symbolic and Reverse Execution

Program validation is one of the most crucial tasks during program development since programs should conform to programmers’ requirements.2 To this end, one is often required to formulate requirements into formal specifications and analyze a given program against these specifications until no error is detected; if an error is detected, its cause must be located and fixed. In this dissertation, ...