Symbolic Execution Game Semantics

02/21/2020
by   Yu-Yang Lin, et al.
0

We present a framework for symbolically executing and model checking higher-order programs with external (open) methods. We focus on the client-library paradigm and in particular we aim to check libraries with respect to any definable client. We combine traditional symbolic execution techniques with operational game semantics to build a symbolic execution semantics that captures arbitrary external behaviour. We prove the symbolic semantics to be sound and complete. This yields a bounded technique by imposing bounds on the depth of recursion and callbacks. We provide an implementation of our technique in the K framework and showcase its performance on a custom benchmark based on higher-order coding errors such as reentrancy bugs.

READ FULL TEXT

page 19

page 20

page 29

04/05/2018

Higher-Order Bounded Model Checking

We present a Bounded Model Checking technique for higher-order programs....
05/06/2021

There and Back Again: From Bounded Checking to Verification of Program Equivalence via Symbolic Up-to Techniques

We present a bounded equivalence verification technique for higher-order...
12/27/2019

TASE: Reducing latency of symbolic execution with transactional memory

We present the design and implementation of a tool called TASE that uses...
05/14/2020

Symbolic Partial-Order Execution for Testing Multi-Threaded Programs

We describe a technique for systematic testing of multi-threaded program...
06/20/2020

Dynamic Symbolic Execution of Higher-Order Functions

The effectiveness of concolic testing deteriorates as the size of progra...
03/10/2021

Bounded Invariant Checking for Stateflow Programs

Stateflow models are complex software models, often used as part of safe...
01/21/2021

Complete trace models of state and control

We consider a hierarchy of four typed call-by-value languages with eithe...