Denotational Semantics for Symbolic Execution

Voogd, Erik; Kløvstad, Åsmund Aqissiaq Arild; Johnsen, Einar Broch

doi:10.1007/978-3-031-47963-2_22

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14446))

Included in the following conference series:

International Colloquium on Theoretical Aspects of Computing

243 Accesses

Abstract

Symbolic execution is a technique to systematically explore all possible paths through a program. This technique can be formally explained by means of small-step transition systems that update symbolic states and compute a precondition corresponding to the taken execution path (called the path condition). To enable swift and robust compositional reasoning, this paper defines a denotational semantics for symbolic execution. We prove the correspondence between the denotational semantics and both the small-step execution semantics and a concrete semantics. The denotational semantics is a function defined piecewise using a partitioning of the input space. Each part of the input space is a path condition obtained from symbolic execution, and the semantics of this part is the corresponding symbolic substitution interpreted as a function on the initial state space. Correctness and completeness of symbolic execution is encapsulated in a graceful identity of functions. We provide mechanizations in Coq for our main results.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 59.99; Price excludes VAT (USA)

Softcover Book: USD 79.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
Symbolic execution may seem to be a trivial exercise for this simple program, but note that, as programs grow, it is highly effective in several areas of program analysis.
2.
The mechanized theory is available at https://doi.org/10.5281/zenodo.8096802.

References

Ahrendt, W., Beckert, B., Bubel, R., Hähnle, R., Schmitt, P.H., Ulbrich, M. (eds.): Deductive Software Verification - The KeY Book - From Theory to Practice. LNCS, vol. 10001. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-49812-6
Book Google Scholar
de Boer, F.S., Bonsangue, M.: Symbolic execution formally explained. Formal Aspects Comput. 33(4), 617–636 (2021)
Article MathSciNet MATH Google Scholar
Cadar, C., Dunbar, D., Engler, D.R.: KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs. In: Draves, R., van Renesse, R. (eds.) Proceedings of the 8th USENIX Symposium on Operating Systems Design and Implementation (OSDI 2008), pp. 209–224. USENIX Association (2008)
Google Scholar
Cadar, C., Ganesh, V., Pawlowski, P.M., Dill, D.L., Engler, D.R.: EXE: automatically generating inputs of death. In: Juels, A., Wright, R.N., di Vimercati, S.D.C. (eds.) Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS 2006), pp. 322–335. ACM (2006)
Google Scholar
Cadar, C., et al.: Symbolic execution for software testing in practice: preliminary assessment. In: Taylor, R.N., Gall, H.C., Medvidovic, N. (eds.) Proceedings of the 33rd International Conference on Software Engineering (ICSE 2011), pp. 1066–1071. ACM (2011)
Google Scholar
Cadar, C., Sen, K.: Symbolic execution for software testing: three decades later. Commun. ACM 56(2), 82–90 (2013)
Article Google Scholar
Coq Development Team: The Coq proof assistant (2022). https://doi.org/10.5281/zenodo.7313584
Godefroid, P., Klarlund, N., Sen, K.: DART: directed automated random testing. In: Sarkar, V., Hall, M.W. (eds.) Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2005), pp. 213–223. ACM (2005)
Google Scholar
de Gouw, S., Rot, J., de Boer, F.S., Bubel, R., Hähnle, R.: OpenJDK’s Java.utils.Collection.sort() is broken: the good, the bad and the worst case. In: Kroening, D., Păsăreanu, C.S. (eds.) CAV 2015. LNCS, vol. 9206, pp. 273–289. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-21690-4_16
Chapter Google Scholar
Hentschel, M., Bubel, R., Hähnle, R.: The symbolic execution debugger (SED): a platform for interactive symbolic execution, debugging, verification and more. Int. J. Softw. Tools Technol. Transf. 21(5), 485–513 (2019)
Article Google Scholar
Kløvstad, Å.A.A., Kamburjan, E., Johnsen, E.B.: Compositional correctness and completeness for symbolic partial order reduction. In: Proceedings of the 34th International Conference on Concurrency Theory (CONCUR 2023). LIPIcs, Schloss Dagstuhl - Leibniz-Zentrum für Informatik (2023, to appear)
Google Scholar
Kneuper, R.: Symbolic execution: a semantic approach. Sci. Comput. Program. 16(3), 207–249 (1991)
Article MathSciNet MATH Google Scholar
Lucanu, D., Rusu, V., Arusoaie, A.: A generic framework for symbolic execution: a coinductive approach. J. Symb. Comput. 80, 125–163 (2017)
Article MathSciNet MATH Google Scholar
Nakata, K., Uustalu, T.: Trace-based coinductive operational semantics for while. In: Berghofer, S., Nipkow, T., Urban, C., Wenzel, M. (eds.) TPHOLs 2009. LNCS, vol. 5674, pp. 375–390. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03359-9_26
Chapter Google Scholar
Owens, S., Myreen, M.O., Kumar, R., Tan, Y.K.: Functional big-step semantics. In: Thiemann, P. (ed.) ESOP 2016. LNCS, vol. 9632, pp. 589–615. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49498-1_23
Chapter Google Scholar
Porncharoenwase, S., Nelson, L., Wang, X., Torlak, E.: A formal foundation for symbolic evaluation with merging. Proc. ACM Program. Lang. 6(POPL) (2022). https://doi.org/10.1145/3498709
Steinhöfel, D.: Abstract execution: automatically proving infinitely many programs. Ph.D. thesis, Technische Universität Darmstadt (2020)
Google Scholar
Uustalu, T.: Coinductive big-step semantics for concurrency. In: Yoshida, N., Vanderbauwhede, W. (eds.) Proceedings of the 6th Workshop on Programming Language Approaches to Concurrency and Communication-cEntric Software (PLACES 2013), EPTCS, vol. 137, pp. 63–78 (2013)
Google Scholar
Voogd, E., Johnsen, E.B., Silva, A., Susag, Z.J., Wąsowski, A.: Symbolic semantics for probabilistic programs. In: Jansen, N., Tribastone, M. (eds.) QEST 2023. LNCS, vol. 14287, pp. 329–345. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-43835-6_23
Chapter Google Scholar

Download references

Author information

Authors and Affiliations

Department of Informatics, University of Oslo, Oslo, Norway
Erik Voogd, Åsmund Aqissiaq Arild Kløvstad & Einar Broch Johnsen

Authors

Erik Voogd
View author publications
You can also search for this author in PubMed Google Scholar
Åsmund Aqissiaq Arild Kløvstad
View author publications
You can also search for this author in PubMed Google Scholar
Einar Broch Johnsen
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Erik Voogd .

Editor information

Editors and Affiliations

RWTH Aachen University, Aachen, Germany
Erika Ábrahám
Eindhoven University of Technology, Eindhoven, The Netherlands
Clemens Dubslaff
University of Oslo, Oslo, Norway
Silvia Lizeth Tapia Tarifa

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Voogd, E., Kløvstad, Å.A.A., Johnsen, E.B. (2023). Denotational Semantics for Symbolic Execution. In: Ábrahám, E., Dubslaff, C., Tarifa, S.L.T. (eds) Theoretical Aspects of Computing – ICTAC 2023. ICTAC 2023. Lecture Notes in Computer Science, vol 14446. Springer, Cham. https://doi.org/10.1007/978-3-031-47963-2_22

Download citation

DOI: https://doi.org/10.1007/978-3-031-47963-2_22
Published: 23 November 2023
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-47962-5
Online ISBN: 978-3-031-47963-2
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Denotational Semantics for Symbolic Execution