Exact Heap Summaries for Symbolic Execution
نویسندگان
چکیده
A recent trend in the analysis of object-oriented programs is the modeling of references as sets of guarded values, enabling multiple heap shapes to be represented in a single state. A fundamental problem with using these guarded value sets is the inability to generate test inputs in a manner similar to symbolic execution based analyses. Although several solutions have been proposed, none have been proven to be sound and complete with respect to the heap properties provable by generalized symbolic execution (GSE). This work presents a method for initializing input references in a symbolic input heap using guarded value sets that exactly preserves GSE semantics. A correctness proof for the initialization scheme is provided with a proof-of-concept implementation. Results from an empirical evaluation on a command set of GSE data structure benchmarks show an increase in the size and number of analyzed heaps over existing GSE representations. The initialization technique can be used to ensure that guarded value set based symbolic execution engines operate in a provably correct manner with regards to symbolic references as well as provide the ability to generate concrete heaps that serve as test inputs to the program.
منابع مشابه
Symbolic Summaries ∗
Current techniques for validating and verifying program changes often consider the entire program, even for small changes, leading to enormous V&V costs over a program’s lifetime. This is due, in large part, to the use of syntactic program differencing techniques which are necessarily imprecise. Building on recent advances in symbolic execution of heap manipulating programs, in this paper, we d...
متن کاملSummaries ∗
Current techniques for validating and verifying program changes often consider the entire program, even for small changes, leading to enormous V&V costs over a program’s lifetime. This is due, in large part, to the use of syntactic program differencing techniques which are necessarily imprecise. Building on recent advances in symbolic execution of heap manipulating programs, in this paper, we d...
متن کاملEnhancing Symbolic Execution of Heap-based Programs with Separation Logic for Test Input Generation
Symbolic execution is a well established method for test input generation. By taking inputs as symbolic values and solving constraints encoding path conditions, it helps achieve a better test coverage. Despite of having achieved tremendous success over numeric domains, existing symbolic execution techniques for heap-based programs (e.g., linked lists and trees) are limited due to the lack of a ...
متن کاملA Symbolic Execution Framework with Explicit Heaps and Separation
Program verification of heap properties is challenging. A promising approach is Separation Logic, which supports local reasoning over disjoint portions of the heap. In this paper, we propose a heap constraint language H that explicates the heap and incorporates separation. By explicating the heap, the language is more suitable for automatic symbolic execution. We show that this language can be ...
متن کاملSummary-based inference of quantitative bounds of live heap objects
This article presents a symbolic static analysis for computing parametric upper bounds of the number of simultaneously live objects of sequential Java-like programs. Inferring the peak amount of irreclaimable objects is the cornerstone for analyzing potential heap-memory consumption of stand-alone applications or libraries. The analysis builds method-level summaries quantifying the peak number ...
متن کامل