Symbolic Execution in Software Engineering

Symbolic Execution

Symbolic execution or Symbolic evaluation is the means of analyzing a program to determine what inputs cause each part of a program to execute.

It is a software testing technique that is useful to aid the generation of test data and in proving the program quality.


Steps in Symbolic Execution

  • The execution requires a selection of paths that are exercised by a set of data values. A program, which is executed using actual data, results in the output of a series of values.
  • In symbolic-execution, the data is replaced by symbolic values with set of expressions, one expression per output variable.
  • The common approach for symbolic-execution is to perform an analysis of the program, resulting in the creation of a flow graph.
  • The flowgraph identifies the decision points and the assignments associated with each flow. By traversing the flow graph from an entry point, a list of assignment statements and branch predicates is produced.

Disadvantages of using symbolic execution

  1. Symbolic-execution cannot proceed if the number of iterations in the loop is known.
  2. The second issue is the invocation of any out-of-line code or module calls.
  3. Symbolic-execution cannot be used with arrays.
  4. The symbolic-execution cannot identify of infeasible paths.


176 total views, 1 views today

A Soon-to-be Computer Engineer by profession, he has profound devotion to add Data Scientist as a prefix to his name. He’s been to the nooks of the web (at least of the surface web) and planning to add some real figures in his pocket!

Leave a Reply