Symbolic Execution Game Semantics

by   Yu-Yang Lin, et al.

We present a framework for symbolically executing and model checking higher-order programs with external (open) methods. We focus on the client-library paradigm and in particular we aim to check libraries with respect to any definable client. We combine traditional symbolic execution techniques with operational game semantics to build a symbolic execution semantics that captures arbitrary external behaviour. We prove the symbolic semantics to be sound and complete. This yields a bounded technique by imposing bounds on the depth of recursion and callbacks. We provide an implementation of our technique in the K framework and showcase its performance on a custom benchmark based on higher-order coding errors such as reentrancy bugs.


page 19

page 20

page 29


Higher-Order Bounded Model Checking

We present a Bounded Model Checking technique for higher-order programs....

There and Back Again: From Bounded Checking to Verification of Program Equivalence via Symbolic Up-to Techniques

We present a bounded equivalence verification technique for higher-order...

TASE: Reducing latency of symbolic execution with transactional memory

We present the design and implementation of a tool called TASE that uses...

Symbolic Partial-Order Execution for Testing Multi-Threaded Programs

We describe a technique for systematic testing of multi-threaded program...

Dynamic Symbolic Execution of Higher-Order Functions

The effectiveness of concolic testing deteriorates as the size of progra...

Bounded Invariant Checking for Stateflow Programs

Stateflow models are complex software models, often used as part of safe...

Complete trace models of state and control

We consider a hierarchy of four typed call-by-value languages with eithe...