ScholarGate
⌘K
Assistant
EN
Machine learningProgram analysis and verification

Symbolic Execution

Symbolic execution is a program analysis technique that executes programs using symbolic (non-concrete) values instead of actual inputs, tracking how symbolic values flow through the program. Introduced by James C. King in 1976, symbolic execution builds mathematical constraints on program variables and can determine which inputs cause specific program behaviors, enabling automatic test generation and vulnerability detection. Modern symbolic execution tools like KLEE, S2E, and Z3 have become powerful instruments for finding subtle bugs and security vulnerabilities.

Open in MethodMindSoonVideoSoon

Read the full method

Members only

Sign in with a free account to read this section.

Sign in

Sources

  1. King, J. C. (1976). Symbolic execution and program testing. Communications of the ACM, 19(7), 385-394. DOI: 10.1145/360248.360252
  2. Cadar, C., & Sen, K. (2013). Symbolic execution for software testing: Three decades later. Communications of the ACM, 56(2), 82-90. DOI: 10.1145/2408776.2408795

Related methods

FuzzingStatic Application Security TestingTaint Analysis

Referenced by

FuzzingStatic Application Security TestingTaint Analysis

Spotted an issue on this page? Report or suggest a fix →

ScholarGateSymbolic Execution (Symbolic Execution). Retrieved 2026-06-04 from https://scholargate.app/en/cryptography/symbolic-execution