Relational Symbolic Execution
share
Symbolic execution is a classical program analysis technique, widely used for program testing and bug finding. In this work we generalize symbolic execution to support program analysis for relational properties, namely properties about two programs, or about two executions of a single program on different inputs. We design a relational symbolic execution engine, named RelSym, which supports testing and bug finding for relational properties of imperative programs with for-loops and arrays. RelSym also combines relational symbolic execution with program logics. This combination is useful not only to test but also to prove relational properties, by exploiting the finite structure of arrays and for-loops. We demonstrate the flexibility of RelSym by testing and proving relational properties for examples from different domains, such as information flow, program equivalence, sensitivity analysis, and relational cost analysis.
READ FULL TEXT
