2

How can I implement symbolic execution for particular language without using model checking and Finite State Machine (FSM) for example not such as Java Path Finder? I need a detail about it. for example by what language I can implement this symbolic execution and what other things I need to know?

Improve this question

1 Answer 1

Reset to default
3

You need:

  • A parser for the language to be symbolically executed that can build ASTs
  • Name resolution (and associated symbol tables), so when your execution engine encounters an identifier it can determine the associated type and value
  • Control flow analysis, so that the symbolic execution engine can follow flow of control through the program
  • A symbolic algebra that can compose and simplify symbolic terms. This needs a parser (so you can enter such equations) and prettyprinter (so you can see what it computes)
  • A way to specify assumed values at the point of symbolic execution start

This is rather a lot of machinery, and it is hard to find it all in one place. It is harder to build it all just for one tool, which is part of the reason you don't find many tools like this.

Our DMS Software Reengineering Toolkit has all the requisites. You may find an example of a symbolic language implemented with DMS interesting.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Thanks for your kind help. if I want to use model-checking what changes occur to above steps? whether using model-checking make implementation of symbolic execution easier than when not use?
For model checking you have to be willing to enumerate different symbolic simulations for each state, and add constraints over what states aren't allowed. Because state spaces are huge, you probably want all that to go parallel. DMS has parallel foundations :-} See semanticdesigns.com/Products/DMS/ParlanseForDMS.html
thanks a lot. Would you please explain fourth and fifth item of the answer a little more?
Item 4: see the link "symbolic language implemented with DMS". In particular, this means being able to build algebraic/boolean formulas, and mechanically/automatically simplyifying those formulas using algebraic laws. Item 5: you need to pick a part of your code, and specify the (algebraic) conditions under which that code starts execution ("precondition").
Thank you very much indeed.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.