Publication details

 

Checking Properties Described by State Machines: On Synergy of Instrumentation, Slicing, and Symbolic Execution

Basic information
Original title:Checking Properties Described by State Machines: On Synergy of Instrumentation, Slicing, and Symbolic Execution
Authors:Jiří Slabý, Jan Strejček, Marek Trtík
Further information
Citation:SLABÝ, Jiří, Jan STREJČEK a Marek TRTÍK. Checking Properties Described by State Machines: On Synergy of Instrumentation, Slicing, and Symbolic Execution. In Mariëlle Stoelinga, Ralf Pinger. Formal Methods for Industrial Critical systems: 17th International Workshop, FMICS 2012. Berlin, Heidelberg: Springer, 2012. s. 207-221, 15 s. ISBN 978-3-642-32468-0. doi:10.1007/978-3-642-32469-7_14.Export BibTeX
@inproceedings{984069,
author = {Slabý, Jiří and Strejček, Jan and Trtík, Marek},
address = {Berlin, Heidelberg},
booktitle = {Formal Methods for Industrial Critical systems: 17th International Workshop, FMICS 2012},
doi = {http://dx.doi.org/10.1007/978-3-642-32469-7_14},
editor = {Mariëlle Stoelinga, Ralf Pinger},
keywords = {Bug finding; Symbolic execution; Program slicing; FSM property specification; Code instrumentation},
howpublished = {tištěná verze "print"},
language = {eng},
location = {Berlin, Heidelberg},
isbn = {978-3-642-32468-0},
pages = {207-221},
publisher = {Springer},
title = {Checking Properties Described by State Machines: On Synergy of Instrumentation, Slicing, and Symbolic Execution},
url = {http://www.springerlink.com/content/p027081716330416/},
year = {2012}
}
Original language:English
Field:Informatics
WWW:link to a new windowhttp://www.springerlink.com/content/p027081716330416/
Type:Article in Proceedings
Keywords:Bug finding; Symbolic execution; Program slicing; FSM property specification; Code instrumentation
Attached files:link to a new windowsse.pdf

We introduce a novel technique for checking properties described by finite state machines. The technique is based on a synergy of three well-known methods: instrumentation, program slicing, and symbolic execution. More precisely, we instrument a given program with a code that tracks runs of state machines representing various properties. Next we slice the program to reduce its size without affecting runs of state machines. And then we symbolically execute the sliced program to find real violations of the checked properties, i.e. real bugs. Depending on the kind of symbolic execution, the technique can be applied as a stand-alone bug finding technique, or to weed out some false positives from an output of another bug-finding tool. We provide several examples demonstrating the practical applicability of our technique.

Related projects: