Symbolic Execution Examples From Class
======================================


Example 1
---------

int foo(int z) {
	let x = 5 in
	let y = x + z in
	let w = y / 2 in
	w
}

Analysis of Example 1
---------------------

Statement           Sigma       S
-----------         ---------   ----------
<beginning>         z:(a:int)   <true, mu>
let x = 5 in        x:(5:int)   (no change)
let y = x + z in    y:(5+a)
let w = y / 2 in    w:(5+a)/2
w

Symbolic result of function is (5+a)/2


Example 2
---------

int bar(int x) {
	let p = ref 1 in  // letp
	if (not (x == 0)) // if
		p := x        // px
	100 / !p          // div
}

// equivalent C code
int bar(int x) {
	int *p = malloc(sizeof(int));  // letp
	*p = 1;                        // letp
	if (!(x == 0)) {     // if
		*p = x;          // px
	}
	return 100 / *p;     // div
}

Analysis of Example 2
---------------------

Sigma_init = x:(a:int)
S_init = <true, mu>

Sigma_letp = Sigma_init, p:(b:int ref)
S_letp = <true, m1=(mu, b -> 1)>

S_iftrue  = <!(a == 0),  (mu, b -> 1)>
S_iffalse = <!!(a == 0), (mu, b -> 1)>

S_px      = <!(a == 0),  m2=(mu, b -> 1, b -> a)>

Symbolic result of function is
 (1) 100 / m2[b]	// reduces to 100/a
 (2) 100 / m1[b]	// reduces to 100/1 = 100