{"title":"Symbolic Program Analysis Using Term Rewriting and Generalization","authors":"Nishant Sinha","doi":"10.1109/FMCAD.2008.ECP.23","DOIUrl":null,"url":null,"abstract":"Symbolic execution by James C. King (1976) is a popular program verification technique, where the program inputs are initialized to unknown symbolic values, and then propagated along program paths with the help of decision procedures. This technique has two main bottlenecks: (a) the number of program execution paths to be explored may be exponential, and, (b) the state representation (map from variables to terms) may blow-up. We propose a new program verification technique that addresses the problems by (a) performing a work list based analysis that handles join points, and (b) simplifying the intermediate state representation by using term rewriting. In addition, our technique tries to compact expressions generated during analysis of program loops by using a term generalization technique based on anti-unification. We have implemented the proposed method in the F-SOFT verification framework using the Maude term rewriting engine. Preliminary experiments show that the proposed method is effective in improving verification times on real-life benchmarks.","PeriodicalId":399042,"journal":{"name":"2008 Formal Methods in Computer-Aided Design","volume":"16 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-11-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"21","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 Formal Methods in Computer-Aided Design","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/FMCAD.2008.ECP.23","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 21
Abstract
Symbolic execution by James C. King (1976) is a popular program verification technique, where the program inputs are initialized to unknown symbolic values, and then propagated along program paths with the help of decision procedures. This technique has two main bottlenecks: (a) the number of program execution paths to be explored may be exponential, and, (b) the state representation (map from variables to terms) may blow-up. We propose a new program verification technique that addresses the problems by (a) performing a work list based analysis that handles join points, and (b) simplifying the intermediate state representation by using term rewriting. In addition, our technique tries to compact expressions generated during analysis of program loops by using a term generalization technique based on anti-unification. We have implemented the proposed method in the F-SOFT verification framework using the Maude term rewriting engine. Preliminary experiments show that the proposed method is effective in improving verification times on real-life benchmarks.
James C. King(1976)的符号执行是一种流行的程序验证技术,其中程序输入被初始化为未知的符号值,然后在决策过程的帮助下沿着程序路径传播。这种技术有两个主要瓶颈:(a)要探索的程序执行路径的数量可能是指数级的,(b)状态表示(从变量到项的映射)可能会爆炸。我们提出了一种新的程序验证技术,通过(a)执行基于工作列表的分析来处理连接点,以及(b)通过使用术语重写来简化中间状态表示来解决这些问题。此外,我们的技术尝试使用基于反统一的术语泛化技术来压缩程序循环分析过程中生成的表达式。我们使用Maude术语重写引擎在F-SOFT验证框架中实现了所提出的方法。初步实验表明,该方法可以有效地提高实际基准测试的验证时间。
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
