Abstract
Software systems can exhibit massive numbers of possi-ble execution paths, and even the most comprehensive testing can exercise only a small fraction of these. It is no surprise that systems experience errors and vulnerabilities in field use when most executions are untested. While the problem seems intractable at the execution level, it may not be so at the functional semantics level. Structured programs are expressed in a finite hierarchy of control structures, each of which corresponds to a mathematical function or relation. A correctness theo-rem defines transformation of these structures from procedural logic into non-procedural, as-built specifications of behavior. These specifications enumerate behavior for all circumstances of use and cover the behav-ior space. Automation of these computations affords a new means for validating software functionality and security properties. This paper describes theory and implementation for loop behavior computation in pa-ticular, and illustrates use of an automated behavior computation system to validate a miniature program with and without embedded malware.