Symbolic execution or Symbolic evaluation is the means of analyzing a program to determine what inputs cause each part of a program to execute.
It is a software testing technique that is useful to aid the generation of test data and in proving the program quality.
Steps in Symbolic Execution
- The execution requires a selection of paths that are exercised by a set of data values. A program, which is executed using actual data, results in the output of a series of values.
- In symbolic-execution, the data is replaced by symbolic values with set of expressions, one expression per output variable.
- The common approach for symbolic-execution is to perform an analysis of the program, resulting in the creation of a flow graph.
- The flowgraph identifies the decision points and the assignments associated with each flow. By traversing the flow graph from an entry point, a list of assignment statements and branch predicates is produced.
Disadvantages of using symbolic execution
- Symbolic-execution cannot proceed if the number of iterations in the loop is known.
- The second issue is the invocation of any out-of-line code or module calls.
- Symbolic-execution cannot be used with arrays.
- The symbolic-execution cannot identify of infeasible paths.
79 total views, 0 views today