CHALUPA, Marek and Jan STREJČEK. Backward Symbolic Execution with Loop Folding. Online. In Cezara Dragoi, Suvam Mukherjee, and Kedar S. Namjoshi. Static Analysis - 28th International Symposium, SAS 2021, Chicago, IL, USA, October 17-19, 2021, Proceedings. Cham (Switzerland): Springer, 2021, p. 49-76. ISBN 978-3-030-88805-3. Available from: https://dx.doi.org/10.1007/978-3-030-88806-0_3.
Other formats:   BibTeX LaTeX RIS
Basic information
Original name Backward Symbolic Execution with Loop Folding
Authors CHALUPA, Marek (203 Czech Republic, guarantor, belonging to the institution) and Jan STREJČEK (203 Czech Republic, belonging to the institution).
Edition Cham (Switzerland), Static Analysis - 28th International Symposium, SAS 2021, Chicago, IL, USA, October 17-19, 2021, Proceedings, p. 49-76, 28 pp. 2021.
Publisher Springer
Other information
Original language English
Type of outcome Proceedings paper
Field of Study 10200 1.2 Computer and information sciences
Country of publisher Switzerland
Confidentiality degree is not subject to a state or trade secret
Publication form electronic version available online
WWW URL
Impact factor Impact factor: 0.402 in 2005
RIV identification code RIV/00216224:14330/21:00122663
Organization unit Faculty of Informatics
ISBN 978-3-030-88805-3
ISSN 0302-9743
Doi http://dx.doi.org/10.1007/978-3-030-88806-0_3
UT WoS 000720084200003
Keywords in English symbolic execution;k-induction;backward symbolic execution;inductive invariants;invariants
Tags firank_B, formal verification, formela-ver, program analysis, Symbiotic
Tags International impact, Reviewed
Changed by Changed by: RNDr. Pavel Šmerk, Ph.D., učo 3880. Changed: 23/5/2022 15:01.
Abstract
Symbolic execution is an established program analysis tech- nique that aims to search all possible execution paths of the given pro- gram. Due to the so-called path explosion problem, symbolic execution is usually unable to analyze all execution paths and thus it is not convenient for program verification as a standalone method. This paper focuses on backward symbolic execution (BSE), which searches program paths backwards from the error location whose reachability should be proven or refuted. We show that this technique is equivalent to performing k-induction on control-flow paths. While standard BSE simply unwinds all program loops, we present an extension called loop folding that aims to derive loop invariants during BSE that are sufficient to prove the unreachability of the error location. The resulting technique is called backward symbolic execution with loop folding (BSELF). Our experiments show that BSELF performs better than BSE and other tools based on k-induction when non-trivial benchmarks are considered. Moreover, a sequential combination of symbolic execution and BSELF achieved very competitive results compared to state-of-the-art verification tools.
Links
MUNI/A/1108/2020, interní kód MUName: Rozsáhlé výpočetní systémy: modely, aplikace a verifikace X. (Acronym: SV-FI MAV X.)
Investor: Masaryk University
MUNI/A/1549/2020, interní kód MUName: Zapojení studentů Fakulty informatiky do mezinárodní vědecké komunity 21 (Acronym: SKOMU)
Investor: Masaryk University
PrintDisplayed: 21/5/2024 19:22