0% found this document useful (0 votes)

8 views90 pages

Symbolic Execution

The document discusses symbolic execution (SE) and its variations, including concolic testing and hybrid concolic testing, as methods for program validation. It covers foundational concepts such as propositional formulas, conjunctive normal form (CNF), and satisfiability modulo theory (SMT), along with practical examples and limitations of these techniques. The presentation also highlights the use of tools like SAGE for testing and debugging software.

Uploaded by

licdk031026

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

8 views90 pages

Symbolic Execution

Uploaded by

licdk031026

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 90

Software Engineering

Symbolic Execution

CUHK Shenzhen
Pinjia He
1. Symbolic Execution
2. Concolic Testing (Dynamic SE)
3. Hybrid Concolic Testing

Pinjia He @ CUHK Shenzhen

Background: Propositional
Formula
• A propositional formula is a type of syntactic formula
which is well formed and has a truth value.

• A propositional formula is constructed from simple

propositions, such as "five is greater than three”

• Using connectives or logical operators such as NOT,

AND, OR.

3
Background: CNF
• CNF: Conjunctive normal form

• A formula is in conjunctive normal form (CNF) if it is

a conjunction of one or more clauses, where a
clause is a disjunction of literals

• An AND of ORs.

4
Background: SAT

5
Background: Satisfiability Modulo
Theory

6
Background: Satisfiability Modulo
Theory

7
Background: Satisfiability Modulo
Theory

8
Background: Satisfiability Modulo
Theory

9
Background: Satisfiability Modulo
Theory

10
First-order logic: https://www.youtube.com/watch?v=ARywou8HLQk
Example SMT Solving

11
Symbolic Execution (SE)

12
Program Validation Approaches

13
Symbolic (and Concolic)
Execution

14
Symbolic Execution (SE)

15
Symbolic Execution (SE)

16
Symbolic Execution

17
More Details

18
Symbolic Execution

19
Symbolic Execution

20
SMT Queries

21
Optimizing SMT Queries

22
Optimizing SMT Queries (cont.)

23
How to use SE find bugs?

24
Overview
• Symbolic Execution (SE)
• Concolic Testing (aka Dynamic SE: DSE)
• Hybrid Concolic Testing

25
Classical SE Practical Issues

26
Solution: Concolic Execution

27
Concolic Execution Details

28
An Illustrative Example

29
An Illustrative Example

30
An Illustrative Example

31
An Illustrative Example

32
An Illustrative Example

33
An Illustrative Example

34
An Illustrative Example

35
An Illustrative Example

36
An Illustrative Example

37
An Illustrative Example

38
An Illustrative Example

39
An Illustrative Example

40
A More Complex Example

41
A More Complex Example

42
A More Complex Example

43
A More Complex Example

44
A More Complex Example

45
A More Complex Example

46
A More Complex Example

47
A More Complex Example

48
A More Complex Example

49
A Third Example

50
A Third Example

51
A Third Example

52
A Third Example

53
A Third Example

54
Example: Testing Data Structures

55
Data-Structure Example

56
Data-Structure Example

57
Data-Structure Example

58
Data-Structure Example

59
Data-Structure Example

60
Data-Structure Example

61
Data-Structure Example

62
Data-Structure Example

63
Data-Structure Example

64
Data-Structure Example

65
Data-Structure Example

66
Data-Structure Example

67
Data-Structure Example

68
Data-Structure Example

69
Data-Structure Example

70
Data-Structure Example

71
Data-Structure Example

72
Data-Structure Example

73
Data-Structure Example

74
SAGE Tool at Microsoft

75
Example: SAGE Crashing a Media
Parser

76
Overview
• Symbolic Execution (SE)
• Concolic Testing (aka Dynamic SE: DSE)
• Hybrid Concolic Testing

77
Limitations

78
Limitations

79
Limitations: A Comparative View

80
Limitations: Example

81
Limitations: Example

82
Hybrid Concolic Testing

83
Hybrid Concolic Testing

84
Hybrid Concolic Testing

85
Hybrid Concolic Testing

86
Hybrid Concolic Testing

87
Hybrid Concolic Testing

88
Summary

89
References

Symbolic Exec
No ratings yet
Symbolic Exec
38 pages
SWVV L17a Code-Based Testing
No ratings yet
SWVV L17a Code-Based Testing
20 pages
Fuzzing and Patch Analysis - SAGEly Advice
No ratings yet
Fuzzing and Patch Analysis - SAGEly Advice
61 pages
Symbolic Testing
No ratings yet
Symbolic Testing
27 pages
Chapter6 Part2
No ratings yet
Chapter6 Part2
53 pages
2 Tokens Naturalness of Code
No ratings yet
2 Tokens Naturalness of Code
56 pages
5.CD Lab Manual
No ratings yet
5.CD Lab Manual
35 pages
CUTE
No ratings yet
CUTE
10 pages
SSCD Chapter3
No ratings yet
SSCD Chapter3
97 pages
LM35
No ratings yet
LM35
49 pages
CD Unit-1 Imp Question & Answers
No ratings yet
CD Unit-1 Imp Question & Answers
10 pages
7.CD Lab Manual
No ratings yet
7.CD Lab Manual
35 pages
5.CD Lab Manual
No ratings yet
5.CD Lab Manual
35 pages
ECS-603 Put 13-14 Sol
No ratings yet
ECS-603 Put 13-14 Sol
24 pages
Lecture 24
No ratings yet
Lecture 24
49 pages
Compiler CT
No ratings yet
Compiler CT
8 pages
Chapter 1
No ratings yet
Chapter 1
28 pages
Fitness-Guided Path Exploration in Dynamic Symbolic Execution
No ratings yet
Fitness-Guided Path Exploration in Dynamic Symbolic Execution
10 pages
V02 Parsing, Conditionals, Names
No ratings yet
V02 Parsing, Conditionals, Names
64 pages
Unit 1
No ratings yet
Unit 1
50 pages
Compiler Construction Week 2
No ratings yet
Compiler Construction Week 2
29 pages
Phases of Compiler Construction
No ratings yet
Phases of Compiler Construction
39 pages
CD - Ch.1
No ratings yet
CD - Ch.1
28 pages
Lecture4 Slides
No ratings yet
Lecture4 Slides
114 pages
Module4 PPT V2 - Part1
No ratings yet
Module4 PPT V2 - Part1
110 pages
9 - Syntax Analysis
No ratings yet
9 - Syntax Analysis
60 pages
Unit 1
No ratings yet
Unit 1
109 pages
Unit V Symantic Analysis
No ratings yet
Unit V Symantic Analysis
45 pages
C 5: C - B T D: Oftware Esting
No ratings yet
C 5: C - B T D: Oftware Esting
33 pages
08 Requirements Based Predicate Testing One Slide
No ratings yet
08 Requirements Based Predicate Testing One Slide
88 pages
Software Testing I: Prof. Dr. Holger Schlingloff
No ratings yet
Software Testing I: Prof. Dr. Holger Schlingloff
36 pages
Compiler Design
No ratings yet
Compiler Design
16 pages
Cacm 13
No ratings yet
Cacm 13
8 pages
Module 1
No ratings yet
Module 1
133 pages
Type Inference
No ratings yet
Type Inference
34 pages
Final 22 (169 To 171)
No ratings yet
Final 22 (169 To 171)
26 pages
Demonstrate The Phases of A Compiler With Example
No ratings yet
Demonstrate The Phases of A Compiler With Example
16 pages
Overview of Compiler Environment Pass and Phase Phases of Compiler Regular Expression Lexical Analyzer LEX Tool Bootstrapping
No ratings yet
Overview of Compiler Environment Pass and Phase Phases of Compiler Regular Expression Lexical Analyzer LEX Tool Bootstrapping
35 pages
CD - Ch.1
No ratings yet
CD - Ch.1
28 pages
Compiler
No ratings yet
Compiler
15 pages
Acknowledgements: The Slides For This Lecture Are A Modified Versions of The Offering by
No ratings yet
Acknowledgements: The Slides For This Lecture Are A Modified Versions of The Offering by
145 pages
Se Unit-4-Psu
No ratings yet
Se Unit-4-Psu
67 pages
Compiler Design
No ratings yet
Compiler Design
40 pages
Module 1
No ratings yet
Module 1
86 pages
CD 2 M
No ratings yet
CD 2 M
5 pages
Compiler Design Pyq
No ratings yet
Compiler Design Pyq
44 pages
Guided Test Generation For Database Applications V
No ratings yet
Guided Test Generation For Database Applications V
12 pages
3 UnitTests
No ratings yet
3 UnitTests
16 pages
Software Testing Lect 2-3
No ratings yet
Software Testing Lect 2-3
34 pages
Unit-I - CD R2021
No ratings yet
Unit-I - CD R2021
60 pages
CD Chapter 1
No ratings yet
CD Chapter 1
28 pages
UnitTesting Lecture s05
No ratings yet
UnitTesting Lecture s05
55 pages
My - Software Testing
No ratings yet
My - Software Testing
59 pages
Day - 1 Intro To Compilers
No ratings yet
Day - 1 Intro To Compilers
53 pages
Lecture 15
No ratings yet
Lecture 15
82 pages
Software Testing: Dr. R. Mall
No ratings yet
Software Testing: Dr. R. Mall
87 pages
Unit 1 CD
No ratings yet
Unit 1 CD
26 pages
168automatic Test Data Generation From Embedded C Code 1st Edition by Eileen Dillon, Christophe Meudec ISBN 9783540301387 Instant Download
100% (3)
168automatic Test Data Generation From Embedded C Code 1st Edition by Eileen Dillon, Christophe Meudec ISBN 9783540301387 Instant Download
44 pages
Complier Design Gate Question
No ratings yet
Complier Design Gate Question
22 pages
Introduction to Coding in Hours With Python Level 1: A Guide to Programming for Students With No Prior Experience (Learn Coding Basics With Python)
From Everand
Introduction to Coding in Hours With Python Level 1: A Guide to Programming for Students With No Prior Experience (Learn Coding Basics With Python)
Jack C. Stanely
No ratings yet
Book Reviews: Paradigms of Artificial Intelligence Programming: Case Studies in Common Lisp
No ratings yet
Book Reviews: Paradigms of Artificial Intelligence Programming: Case Studies in Common Lisp
3 pages
R22 MCA Syllabus - MFCS
No ratings yet
R22 MCA Syllabus - MFCS
1 page
CSE 205 Lab Manual 8 Merge Sort
No ratings yet
CSE 205 Lab Manual 8 Merge Sort
5 pages
Lesson+2 Flowcharts
No ratings yet
Lesson+2 Flowcharts
14 pages
Python MCQ - Basics
100% (1)
Python MCQ - Basics
8 pages
SPCC Easy Solutions SPCC Easy Solution Book
No ratings yet
SPCC Easy Solutions SPCC Easy Solution Book
71 pages
Unit 2 Artificial Intelligence - Problem-Solving Through Searching
No ratings yet
Unit 2 Artificial Intelligence - Problem-Solving Through Searching
120 pages
A Survey On Post-Quantum Cryptography For Constrained Devices
No ratings yet
A Survey On Post-Quantum Cryptography For Constrained Devices
8 pages
Tabu Search
No ratings yet
Tabu Search
11 pages
JAVA Modifier Inheritance
No ratings yet
JAVA Modifier Inheritance
3 pages
Construction of SLR Parsing Table
No ratings yet
Construction of SLR Parsing Table
1 page
2.3.3. Sorting Algorithms-3
No ratings yet
2.3.3. Sorting Algorithms-3
4 pages
ML PDF
No ratings yet
ML PDF
29 pages
Algorithm Complexity Cheat Sheet
No ratings yet
Algorithm Complexity Cheat Sheet
2 pages
Travelling Salesman Problem: Example
No ratings yet
Travelling Salesman Problem: Example
17 pages
DAA Question Bank 2020
100% (1)
DAA Question Bank 2020
7 pages
K-Means++: The Advantages of Careful Seeding: David Arthur and Sergei Vassilvitskii
No ratings yet
K-Means++: The Advantages of Careful Seeding: David Arthur and Sergei Vassilvitskii
11 pages
Quiz Assignment-III Solutions: Distributed Systems (Week-3)
100% (1)
Quiz Assignment-III Solutions: Distributed Systems (Week-3)
4 pages
Discrete Mathematics
No ratings yet
Discrete Mathematics
57 pages
Fundamentals of Data Structures and Algorithms
No ratings yet
Fundamentals of Data Structures and Algorithms
2 pages
Admin Journal Manager 63 69 Liantoni
No ratings yet
Admin Journal Manager 63 69 Liantoni
7 pages
DSA s23
No ratings yet
DSA s23
2 pages
A Collection of Technical Interview Questions
82% (11)
A Collection of Technical Interview Questions
34 pages
Describing Syntax and Semantics (Part 2) : Concepts of Programming Languages
No ratings yet
Describing Syntax and Semantics (Part 2) : Concepts of Programming Languages
31 pages
C Programming and Data Structures
No ratings yet
C Programming and Data Structures
5 pages
Java Interface
No ratings yet
Java Interface
6 pages
Project Crashing
No ratings yet
Project Crashing
5 pages
Binary Adder
No ratings yet
Binary Adder
3 pages
Q 2
No ratings yet
Q 2
1 page

Symbolic Execution

Uploaded by

Symbolic Execution

Uploaded by

Software Engineering

Pinjia He @ CUHK Shenzhen

• A propositional formula is constructed from simple

• Using connectives or logical operators such as NOT,

• A formula is in conjunctive normal form (CNF) if it is

You might also like