Dynamic symbolic execution (DSE) has been proposed to effectively generate test inputs for real-world programs. Un-fortunately, DSE techniques do not scale well for large realis-tic programs, because often the number of feasible execution paths of a program increases exponentially with the increase in the length of an execution path. In this paper, we propose MultiSE, a new technique for merging states incrementally during symbolic execution, without using auxiliary variables. The key idea of MultiSE is based on an alternative representation of the state, where we map each variable, including the program counter, to a set of guarded symbolic expressions called a value summary. MultiSE has several advantages over conventional DSE and conventional state merging techniques: value summaries en-able sharing of symbolic expressions and path constraints along multiple paths and thus avoid redundant execution. MultiSE does not introduce auxiliary symbolic variables, which enables it to 1) make progress even when merging values not supported by the constraint solver, 2) avoid ex-pensive constraint solver calls when resolving function calls and jumps, and 3) carry out most operations concretely. Moreover, MultiSE updates value summaries incrementally at every assignment instruction, which makes it unnecessary to identify the join points and to keep track of variables to merge at join points. We have implemented MultiSE for JavaScript programs in a publicly available open-source tool. Our evaluation of MultiSE on several programs shows that 1) value summaries are an effective technique to take advantage of the sharing of value along multiple execution path, that 2) MultiSE can run significantly faster than traditional dynamic symbolic execution and, 3) MultiSE saves a substantial number of state merges compared to conventional state-merging tech-niques.

ns iste nt * Complete * W ell D ocumented*Easyto

The programming languages (PL) research community has tradi-tionally catered to the needs of professional programmers in the continuously evolving technical industry. However, there is a new opportunity that knocks our doors. The recent IT revolution has re-sulted in the masses having access to personal computing devices. More than 99 % of these computer users are non-programmers and are today limited to being passive consumers of the software that is made available to them. Can we empower these users to more ef-fectively leverage computers for their daily tasks? The formalisms, techniques, and tools developed in the PL and the formal methods research communities can play a pivotal role!

Abstract. Our Mathematical Programming Modulo Theories (MPMT) constraint solving framework extends Mathematical Programming tech-nology with techniques from the field of Automated Reasoning, e.g., solvers for first-order theories. In previous work, we used MPMT to syn-thesize system architectures for Boeing’s Dreamliner and we studied the theoretical aspects of MPMT by means of the Branch and Cut Modulo T (BC(T)) transition system. BC(T) can be thought of as a blueprint for MPMT solvers. This paper provides a more practical and algorith-mic view of BC(T). We elaborate on the design and features of Inez, our BC(T) constraint solver. Inez is an open-source, freely available superset of the OCaml programming language that uses the SCIP Branch and Cut framework to extend OCaml with MPMT capability. Inez allows users to write programs that arbitrarily interweave general computation with MPMT constraint solving. 1

ns iste nt * Complete * W ell D ocumented*Easyto

Over the last decade, executable models of biological behaviors have repeatedly pro-vided new scientific discoveries, uncovered novel insights, and directed new experimental avenues. These models are computer programs whose execution mechanistically simu-lates aspects of the cell’s behaviors. If the observed behavior of the program agrees with the observed biological behavior, then the program explains the phenomena.This approach has proven beneficial for gaining new biological insights and directing new experimental avenues. One advantage of this approach is that techniques for analysis of computer pro-grams can be applied to the analysis of executable models. For example, one can confirm that a model agrees with experiments for all possible executions of the model (correspond-ing to all environmental conditions), even if there are a huge number of executions. Various formal methods have been adapted for this context, for example, model checking or sym-bolic analysis of state spaces. To avoid manual construction of executable models, one can apply synthesis, a method to produce programs automatically from high-level speci-fications. In the context of biological modeling, synthesis would correspond to extracting executable models from experimental data. We survey recent results about the usage of