Program Validation by Symbolic and Reverse Execution
نویسنده
چکیده
Program validation is one of the most crucial tasks during program development since programs should conform to programmers’ requirements.2 To this end, one is often required to formulate requirements into formal specifications and analyze a given program against these specifications until no error is detected; if an error is detected, its cause must be located and fixed. In this dissertation, we present applications of symbolic execution and reverse execution that can help program validation; symbolic execution is used to detect errors and reverse execution is used to locate errors. We review symbolic execution used for program testing and proving to recall two main difficulties in performing symbolic execution, namely (1) handling heapallocated pointer-data structures and (2) dealing with a potentially infinite number of symbolic execution paths. We extend symbolic execution to address these problems. To handle heap-allocated pointer-data structures, “lazier initialization”, which is an improvement over lazy initialization, is introduced and compared with the existing methods. To deal with a potentially infinite number of symbolic execution paths without requiring loop invariants, the size of input is bounded during symbolic execution. In particular, an algorithm to bound the size of arbitrary pointer-data structures is combined with lazier initialization. This bounded lazier initialization helps symbolic execution to terminate, providing a user with relatively high confidence in a given program. Meanwhile, we also review reverse execution used for program debugging and the backtracking of explicit-state model checking to observe that reverse execution has been evolved to reduce its memory usage. We point out that the most memory-efficient way to perform reverse execution, the reverse-code generation method based on static analysis, may not be applicable to non-deterministic programs such as multi-threaded programs. We introduce our own reverse-code generation method based on dynamic analysis to address this problem. We provide the experimental result to show that our bounded lazier initialization is fast enough to detect all possible errors existing within a bounded domain. We also provide a case study of our dynamic reverse-code generation method to show its memory-efficiency. 2We approach validation from programmers’ perspective rather than from customers’ perspective.
منابع مشابه
Symbolic execution systems-a review - Software Engineering Journal
Symbolic execution is a technique that is useful in the validation of software. It may be used to aid in the generation of test data and in program proving. As software engineering becomes more concerned with the development of tools, symbolic execution will become an important item in the toolkit. This paper gives a review of symbolic execution and its applications. A minimum set of features f...
متن کاملA Generic Framework for Symbolic Execution: Theory and Applications
The modern world is shifting from the traditional workmanship to a more automated work environment, where software systems are increasingly used for automating, controlling and monitoring human activities. In many cases, software systems appear in critical places which may immediately affect our lives or the environment. Therefore, the software that runs on such systems has to be safe. This req...
متن کاملRegression Verification Using Impact Summaries
Regression verification techniques are used to prove equivalence of closely related program versions. Existing regression verification techniques leverage the similarities between program versions to help improve analysis scalability by using abstraction and decomposition techniques. These techniques are sound but not complete. In this work, we propose an alternative technique to improve scalab...
متن کاملSymbolic Summaries ∗
Current techniques for validating and verifying program changes often consider the entire program, even for small changes, leading to enormous V&V costs over a program’s lifetime. This is due, in large part, to the use of syntactic program differencing techniques which are necessarily imprecise. Building on recent advances in symbolic execution of heap manipulating programs, in this paper, we d...
متن کاملVerifying networks with symbolic execution and temporal logic
1 VERIFYING NETWORKS WITH SYMBOLIC EXECUTION Symbolic execution is a promising approach to network veri cation [5, 6]. Inspired from software veri cation where it is mainly used to generate test-cases (e.g. [1]), symbolic execution is a technique for exploring all viable execution paths of a program. Symbolic execution runs programs with symbolic inputs instead of concrete ones. Such an input m...
متن کامل