A Generic Framework for Symbolic Execution: Theory and Applications

The modern world is shifting from the traditional workmanship to a more automated work environment, where software systems are increasingly used for automating, controlling and monitoring human activities. In many cases, software systems appear in critical places which may immediately affect our lives or the environment. Therefore, the software that runs on such systems has to be safe. This requirement has led to the development of various techniques to ensure software safety.

In this dissertation we present a language-independent framework for \emph{symbolic execution}, which is a particular technique for testing, debugging, and verifying programs. The main feature of this framework is that it is parametric in the formal definition of a programming language. We formally define programming languages and symbolic execution, and then we prove that the feasible symbolic executions of a program and the concrete executions of the same program mutually simulate each other. This relationship between concrete and symbolic executions allow us to perform analyses on symbolic programs, and to transfer the results of those analyses to concrete instances of the symbolic programs in question. We use our symbolic execution framework to perform program verification using Hoare Logic and Reachability Logic. For the latter, we propose an alternative proof system, and we show that under reasonable conditions, a certain strategy executing our proof system is sound and weakly complete.

A prototype implementation of our symbolic execution framework has been developed in K. We illustrate it on the symbolic execution, model checking, and deductive verification of nontrivial programs.

Sidebar