Relational Symbolic Execution

Gian Pietro Farina; Stephen Chong; Marco Gaboardi

arXiv:1711.08349·cs.PL·August 5, 2019

Relational Symbolic Execution

Gian Pietro Farina, Stephen Chong, Marco Gaboardi

PDF

TL;DR

This paper introduces RelSym, a relational symbolic execution engine that extends classical symbolic execution to verify relational properties involving two program runs, aiding security, privacy, and optimization analyses.

Contribution

It generalizes symbolic execution to support relational specifications, enabling analysis of properties about multiple program executions on related inputs.

Findings

01

Supports verification of relational properties in programs with arrays and loops

02

Enables interactive refutation and proof of relational properties

03

Applicable to security, privacy, and optimization scenarios

Abstract

Symbolic execution is a classical program analysis technique used to show that programs satisfy or violate given specifications. In this work we generalize symbolic execution to support program analysis for relational specifications in the form of relational properties - these are properties about two runs of two programs on related inputs, or about two executions of a single program on related inputs. Relational properties are useful to formalize notions in security and privacy, and to reason about program optimizations. We design a relational symbolic execution engine, named RelSym which supports interactive refutation, as well as proving of relational properties for programs written in a language with arrays and for-like loops.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.