Abstract

In this paper, we provide a formal explanation of symbolic execution in terms of a symbolic transition system and prove its correctness and completeness with respect to an operational semantics which models the execution on concrete values.We first introduce a formalmodel for a basic programming languagewith a statically fixed number of programming variables. This model is extended to a programming language with recursive procedures which are called by a call-by-value parameter mechanism. Finally, we present a more general formal framework for proving the soundness and completeness of the symbolic execution of a basic object-oriented language which features dynamically allocated variables.

中文翻译：

---

符号执行正式解释

摘要

在本文中，我们从符号转换系统的角度对符号执行进行了形式化的解释，并在对具体值的执行建模的操作语义方面证明了它的正确性和完整性。我们首先介绍了一种基本编程语言的形式模型。静态固定数量的编程变量。该模型被扩展为具有递归过程的编程语言，该过程由按值调用的参数机制调用。最后，我们提出了一个更通用的形式框架，用于证明具有动态分配变量的基本面向对象语言的符号执行的健全性和完整性。