Abstract

We propose a language-independent symbolic execution fra-mework. The approach is parameterised by a language definition, which consists of a signature for the language’s syntax and execution infrastructure, a model interpreting the signature, and rewrite rules for the language’s operational semantics. Then, symbolic execution amounts to performing a so-called symbolic rewriting, which consists in changing both the model and the manner in which the operational semantics rules are applied. We prove that the symbolic execution thus defined has the properties naturally expected from it. A prototype implementation of our approach was developed in the K Framework. We demonstrate the genericity of our tool by instantiating it on several languages, and show how it can be used for the symbolic execution and model checking of several programs.

link to PDF: http://hal.inria.fr/hal-00766220