We present counterfactual symbolic execution, a new approach that produces counterexamples that localize the causes of failure of static verification.
First, we develop a notion of symbolic weak head normal form and use it to define lazy symbolic execution reduction rules for non-strict languages like Haskell. Second, we introduce counterfactual branching, a new method to identify places where verification fails due to imprecise specifications (as opposed to incorrect code). Third, we show how to use counterfactual symbolic execution to localize refinement type errors, by translating refinement types into assertions. We implement our approach in a new Haskell symbolic execution engine, G2, and evaluate it on a corpus of 7550 errors gathered from users of the LiquidHaskell refinement type system. We show that for 97.7% of these errors, G2 is able to quickly find counterexamples that show how the code or specifications must be fixed to enable verification.
Tue 25 JunDisplayed time zone: Tijuana, Baja California change
08:30 - 09:30 | Bug Finding & Testing IPLDI Research Papers at 229AB Chair(s): Cindy Rubio-González University of California, Davis | ||
08:30 20mTalk | Lazy Counterfactual Symbolic Execution PLDI Research Papers William T. Hallahan Yale University, Anton Xue Yale University, Maxwell Troy Bland University of California at San Diego, USA, Ranjit Jhala University of California, San Diego, Ruzica Piskac Yale University, USA Media Attached | ||
08:50 20mTalk | Sound Regular Expression Semantics for Dynamic Symbolic Execution of JavaScript PLDI Research Papers Blake Loring , Duncan Mitchell Royal Holloway, University of London, Johannes Kinder Bundeswehr University Munich Media Attached | ||
09:10 20mTalk | Effective Floating-Point Analysis via Weak-Distance Minimization PLDI Research Papers | ||