Checking Properties Described by State Machines: On Synergy of Instrumentation, Slicing, and Symbolic Execution
|Original title:||Checking Properties Described by State Machines: On Synergy of Instrumentation, Slicing, and Symbolic Execution|
|Authors:||Jiří Slabý, Jan Strejček, Marek Trtík|
We introduce a novel technique for checking properties described by finite state machines. The technique is based on a synergy of three well-known methods: instrumentation, program slicing, and symbolic execution. More precisely, we instrument a given program with a code that tracks runs of state machines representing various properties. Next we slice the program to reduce its size without affecting runs of state machines. And then we symbolically execute the sliced program to find real violations of the checked properties, i.e. real bugs. Depending on the kind of symbolic execution, the technique can be applied as a stand-alone bug finding technique, or to weed out some false positives from an output of another bug-finding tool. We provide several examples demonstrating the practical applicability of our technique.