Scribd Logo
Upload

Welcome to Scribd!

  • Symbolic Execution

    Uploaded by

    Arpita Saha
    33 views1 page
    Symbolic execution analyzes programs by tracking symbolic rather than actual values, allowing it to reason about all inputs that take the same path through a program. It associates symbolic variables with values from functions like read and tracks expressions involving symbolic variables in a symbolic state. As control transfers occur, path constraints are updated to track which branch was taken. Symbolic execution is useful for software testing as it can analyze when errors may occur and consider path traversal, though it faces limitations from path explosion when few inputs take the same path.

    Original Description:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Symbolic execution analyzes programs by tracking symbolic rather than actual values, allowing it to reason about all inputs that take the same path through a program. It associates symbolic variables with values from functions like read and tracks expressions involving symbolic variables in a symbolic state. As control transfers occur, path constraints are updated to track which branch was taken. Symbolic execution is useful for software testing as it can analyze when errors may occur and consider path traversal, though it faces limitations from path explosion when few inputs take the same path.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    33 views1 page

    Symbolic Execution

    Uploaded by

    Arpita Saha
    Symbolic execution analyzes programs by tracking symbolic rather than actual values, allowing it to reason about all inputs that take the same path through a program. It associates symbolic variables with values from functions like read and tracks expressions involving symbolic variables in a symbolic state. As control transfers occur, path constraints are updated to track which branch was taken. Symbolic execution is useful for software testing as it can analyze when errors may occur and consider path traversal, though it faces limitations from path explosion when few inputs take the same path.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 1

    In computer science, symbolic execution (also symbolic evaluation) refers to the analysis of programs by tracking symbolic rather than

    actual values, a case of abstract interpretation. The field of symbolic simulation applies the same concept to hardware. Symbolic computation applies the concept to the analysis of mathematical expressions. Symbolic execution is used to reason about all the inputs that take the same path through a program. Consider the program below, which reads in a value and fails if the input is 6. If this program is symbolically executed, a special symbolic variable (as distinct from the program's variables) is associated with the values returned from the read function. These symbolic variables, and expressions of them are tracked in a special symbolic state. The symbolic variable, which we call s, is assigned to y in the symbolic state, later when y is multiplied by two, y is updated to contain the expression 2 * s. At any control transfer instructions, such as the y ==12, a Path Constraint is updated to track which branch was taken. In this example assuming the condition is true, the Path Constraint is updated, from being empty, to contain: 2 * s ==12.
    y = read() y = 2 * y if (y == 12) fails() print("OK")

    By negating some of the conditions in the Path Constraint, and by using a constraint solver to obtain satisfying assignments to the modified Path Constraint it is possible to generate inputs that explore new parts of the program.

    Testing
    Symbolic execution is useful for software testing because it can analyse if and when errors in the code may occur. It can be used to predict what code statements do to specified inputs and outputs. It is also important for considering path traversal.

    Limitations
    Symbolic execution is used to reason about a program path-by-path. This may be superior to reasoning about a program, like Dynamic program analysis does, input-by-input. But if few inputs take the same path through the program, there is no saving over testing each of the inputs separately. Addressing the path explosion of symbolic execution is a research problem.

    You might also like