Search code examples
testingverificationmodel-checkingsymbolic-execution

implement symbolic execution without model-checking


How can I implement symbolic execution for particular language without using model checking and Finite State Machine (FSM) for example not such as Java Path Finder? I need a detail about it. for example by what language I can implement this symbolic execution and what other things I need to know?


Solution

  • You need:

    • A parser for the language to be symbolically executed that can build ASTs
    • Name resolution (and associated symbol tables), so when your execution engine encounters an identifier it can determine the associated type and value
    • Control flow analysis, so that the symbolic execution engine can follow flow of control through the program
    • A symbolic algebra that can compose and simplify symbolic terms. This needs a parser (so you can enter such equations) and prettyprinter (so you can see what it computes)
    • A way to specify assumed values at the point of symbolic execution start

    This is rather a lot of machinery, and it is hard to find it all in one place. It is harder to build it all just for one tool, which is part of the reason you don't find many tools like this.

    Our DMS Software Reengineering Toolkit has all the requisites. You may find an example of a symbolic language implemented with DMS interesting.