Generation of the weakest preconditions of programs with dynamic memory in symbolic execution
Journal: Scientific and Technical Journal of Information Technologies, Mechanics and Optics (Vol.22, No. 5)Publication Date: 2022-10-27
Authors : Misonizhnik A.V. Kostyukov Yu.O. Kostitsyn M.P. Mordvinov D.A. Koznov D.V.;
Page : 982-991
Keywords : weakest preconditions; symbolic execution; backward symbolic analysis; bidirectional analysis; automatic test generation;
Abstract
Symbolic execution is a widely used method for the systematic study of program execution paths; it allows solving a number of important problems related to verification of correctness: searching for errors and vulnerabilities, automatic test generation, etc. The main idea of symbolic execution is generation and use of symbolic expressions in the program analysis in direct order, i.e., from the entry point to the points of interest. At the same time, since the time of E.W. Dijkstra, the method of backward symbolic execution has been popular when the conditions for hitting the point of interest are extended to the entry point of the program due to the iterative calculation of the weakest preconditions. This method is usually much more difficult to implement than direct symbolic execution, so even the artifacts of the latter cannot be used in the implementation. In this paper, the relationship between direct and backward symbolic execution based on the calculation of the weakest preconditions is investigated. In particular, it is shown that the latter can be implemented using the former. A formal presentation of symbolic execution with lazy initialization for programs with dynamic memory is given. An algorithm for calculating the weakest preconditions for arbitrary symbolic executed program branches is proposed. The lazy initialization mechanism and the algorithm for calculating the weakest preconditions are implemented in KLEE, a symbolic virtual machine for the well-known LLVM platform. The proposed method allows performing backward symbolic analysis using direct symbolic execution. This is important for the implementation of bidirectional program execution which can be used both for program verification and for automatic test generation.
Other Latest Articles
- Prediction of fatal outcome in patients with confirm COVID-19
- Ice reconnaissance data processing under low quality source images
- Visual display system of changes in physiological states for patients with chronic disorders and data transmission via optical wireless communication
- An enforced non-negative matrix factorization based approach towards community detection in dynamic networks
- Pressure control in material extrusion additive manufacturing
Last modified: 2022-10-27 18:30:41