Symbolic Execution Game Semantics

by   Yu-Yang Lin, et al.

We present a framework for symbolically executing and model checking higher-order programs with external (open) methods. We focus on the client-library paradigm and in particular we aim to check libraries with respect to any definable client. We combine traditional symbolic execution techniques with operational game semantics to build a symbolic execution semantics that captures arbitrary external behaviour. We prove the symbolic semantics to be sound and complete. This yields a bounded technique by imposing bounds on the depth of recursion and callbacks. We provide an implementation of our technique in the K framework and showcase its performance on a custom benchmark based on higher-order coding errors such as reentrancy bugs.


page 19

page 20

page 29


Higher-Order Bounded Model Checking

We present a Bounded Model Checking technique for higher-order programs....

Symbolic Semantics for Probabilistic Programs (extended version)

We present a new symbolic execution semantics of probabilistic programs ...

Engineering a Formally Verified Automated Bug Finder

Symbolic execution is a program analysis technique executing programs wi...

TASE: Reducing latency of symbolic execution with transactional memory

We present the design and implementation of a tool called TASE that uses...

Bounded Invariant Checking for Stateflow Programs

Stateflow models are complex software models, often used as part of safe...

Memory Order Decomposition of Symbolic Sequences

We introduce a general method for the study of memory in symbolic sequen...

Please sign up or login with your details

Forgot password? Click here to reset