Abstract
Symbolic execution is a powerful technique for program analysis. However, the formal semantics underlying symbolic execution is often developed on an ad-hoc basis and decoupled from the concrete semantics of the programming language. To overcome this issue, we introduce symbolic SOS: a rule format that allows us to simultaneously specify concrete and symbolic operational semantics. We prove that symbolic semantics, when generated from symbolic SOS, is both correct and complete with respect to the corresponding concrete semantics. The approach relies only on an algebraic signature of the source language, and is thus language-independent.
This research is partially supported by the NWO grant No. OCENW.M20.053, ERC grant Autoprobe (no. 101002697) and a Royal Society Wolfson fellowship.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
We assume that this always results in a Boolean expression; abstracting from program-level type correctness.
- 2.
Not to be confused with substitutions of values or expressions.
References
Ahrendt, W., Beckert, B., Bubel, R., Hähnle, R., Schmitt, P.H., Ulbrich, M. (eds.): Deductive Software Verification - The KeY Book - From Theory to Practice. LNCS, vol. 10001. Springer (2016). https://doi.org/10.1007/978-3-319-49812-6
Arusoaie, A., Lucanu, D., Rusu, V.: A generic framework for symbolic execution. In: Erwig, M., Paige, R.F., Van Wyk, E. (eds.) SLE 2013. LNCS, vol. 8225, pp. 281–301. Springer, Cham (2013). https://doi.org/10.1007/978-3-319-02654-1_16
Baldoni, R., Coppa, E., D’elia, D.C., Demetrescu, C., Finocchi, I.: A survey of symbolic execution techniques. ACM Comput. Surv. (CSUR) 51(3), 1–39 (2018)
Berdine, J., Calcagno, C., O’Hearn, P.W.: Symbolic execution with separation logic. In: Yi, K. (ed.) APLAS 2005. LNCS, vol. 3780, pp. 52–68. Springer, Heidelberg (2005). https://doi.org/10.1007/11575467_5
Bloom, B., Istrail, S., Meyer, A.R.: Bisimulation can’t be traced. J. ACM 42(1), 232–268 (1995). https://doi.org/10.1145/200836.200876
Bodin, M., Gardner, P., Jensen, T., Schmitt, A.: Skeletal semantics and their interpretations. Proc. ACM Program. Lang. 3(POPL) (2019). https://doi.org/10.1145/3290357
Bodin, M., Jensen, T., Schmitt, A.: Certified abstract interpretation with pretty-big-step semantics. In: Proceedings of the 2015 Conference on Certified Programs and Proofs, CPP 2015, pp. 29–40. Association for Computing Machinery (2015). https://doi.org/10.1145/2676724.2693174
de Boer, F.S., Bonsangue, M.: On the nature of symbolic execution. In: ter Beek, M.H., McIver, A., Oliveira, J.N. (eds.) Formal Methods - The Next 30 Years, pp. 64–80. Springer, Cham (2019)
de Boer, F.S., Bonsangue, M.: Symbolic execution formally explained. Formal Aspects Comput.33(4), 617–636 (2021)
Boyer, R.S., Elspas, B., Levitt, K.N.: SELECT - a formal system for testing and debugging programs by symbolic execution. In: Shooman, M.L., Yeh, R.T. (eds.) Proc. International Conference on Reliable Software 1975, pp. 234–245. ACM (1975). https://doi.org/10.1145/800027.808445
Fragoso Santos, J., Maksimović, P., Ayoun, S.É., Gardner, P.: Gillian, part i: a multi-language platform for symbolic execution. In: Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 927–942 (2020)
van Glabbeek, R.J.: The meaning of negative premises in transition system specifications II. J. Log. Algebraic Methods Program. 60-61, 229–258 (2004). https://doi.org/10.1016/J.JLAP.2004.03.007
Goncharov, S., Milius, S., Schröder, L., Tsampas, S., Urbat, H.: Stateful Structural Operational Semantics. In: Felty, A.P. (ed.) 7th International Conference on Formal Structures for Computation and Deduction (FSCD 2022). Leibniz International Proceedings in Informatics (LIPIcs), vol. 228, pp. 30:1–30:19. Schloss Dagstuhl – Leibniz-Zentrum für Informatik, Dagstuhl, Germany (2022). https://doi.org/10.4230/LIPIcs.FSCD.2022.30
Groote, J.F.: Transition system specifications with negative premises. Theor. Comput. Sci. 118(2), 263–299 (1993). https://doi.org/10.1016/0304-3975(93)90111-6
Katz, S., Manna, Z.: Towards automatic debugging of programs. ACM SIGPLAN Notices 10(6), 143–155 (1975)
King, J.C.: Symbolic execution and program testing. Commun. ACM 19(7), 385–394 (1976)
Klin, B., Nachyla, B.: Some undecidable properties of SOS specifications. J. Log. Algebraic Methods Program. 87, 94–109 (2017). https://doi.org/10.1016/J.JLAMP.2016.08.005
Lucanu, D., Rusu, V., Arusoaie, A.: A generic framework for symbolic execution: a coinductive approach. J. Symb. Comput. 80, 125–163 (2017)
Maksimović, P., Ayoun, S.É., Santos, J.F., Gardner, P.: Gillian, Part II: real-world verification for JavaScript and C. In: Silva, A., Leino, K.R.M. (eds.) CAV 2021. LNCS, vol. 12760, pp. 827–850. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-81688-9_38
Plotkin, G.D.: A structural approach to operational semantics. J. Log. Algebraic Methods Program. 60-61, 17–139 (2004). originally a tech. report from Aarhus University, 1981
Porncharoenwase, S., Nelson, L., Wang, X., Torlak, E.: A formal foundation for symbolic evaluation with merging. Proc. ACM Program. Lang. 6(POPL), January 2022. https://doi.org/10.1145/3498709
Rosu, G.: K - a semantic framework for programming languages and formal analysis tools. In: Peled, D., Pretschner, A. (eds.) Dependable Software Systems Engineering. IOS Press, NATO Science for Peace and Security (2017)
Ştefănescu, A., Ciobâcă, Ş, Mereuta, R., Moore, B.M., Şerbănută, T.F., Roşu, G.: All-path reachability logic. In: Dowek, G. (ed.) RTA 2014. LNCS, vol. 8560, pp. 425–440. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-08918-8_29
Steinhöfel, D.: Abstract execution: automatically proving infinitely many programs. Ph.D. thesis, Technische Universität Darmstadt (2020)
Turi, D., Plotkin, G.: Towards a mathematical operational semantics. In: Proceedings of Twelfth Annual IEEE Symposium on Logic in Computer Science, pp. 280–291 (1997). https://doi.org/10.1109/LICS.1997.614955
Voogd, E., Johnsen, E.B., Silva, A., Susag, Z.J., Wasowski, A.: Symbolic semantics for probabilistic programs. In: Proc. 20th Intl. Conf. on Quantitative Evaluation of SysTems (QEST 2023). Lecture Notes in Computer Science, vol. 14287, pp. 329–345. Springer (2023). https://doi.org/10.1007/978-3-031-43835-6_23
Acknowledgements
The authors would like to thank the anonymous reviewers for their insightful questions and feedback.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2025 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Voogd, E., Johnsen, E.B., Kløvstad, Å.A.A., Rot, J., Silva, A. (2025). Correct and Complete Symbolic Execution for Free. In: Kosmatov, N., Kovács, L. (eds) Integrated Formal Methods. IFM 2024. Lecture Notes in Computer Science, vol 15234. Springer, Cham. https://doi.org/10.1007/978-3-031-76554-4_13
Download citation
DOI: https://doi.org/10.1007/978-3-031-76554-4_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-76553-7
Online ISBN: 978-3-031-76554-4
eBook Packages: Computer ScienceComputer Science (R0)