CSV 889: Concurrent Software Verification Subodh Sharma Indian Institute of Technology Delhi State merging, Concolic Execution.

Slides:



Advertisements
Similar presentations
Dataflow Analysis for Datarace-Free Programs (ESOP 11) Arnab De Joint work with Deepak DSouza and Rupesh Nasre Indian Institute of Science, Bangalore.
Advertisements

Bounded Model Checking of Concurrent Data Types on Relaxed Memory Models: A Case Study Sebastian Burckhardt Rajeev Alur Milo M. K. Martin Department of.
Modular and Verified Automatic Program Repair Francesco Logozzo, Thomas Ball RiSE - Microsoft Research Redmond.
Openflow App Testing Chao SHI, Stephen Duraski. Motivation Network is still a complex stuff ! o Distributed mechanism o Complex protocol o Large state.
Finding bugs: Analysis Techniques & Tools Symbolic Execution & Constraint Solving CS161 Computer Security Cho, Chia Yuan.
Masahiro Fujita Yoshihisa Kojima University of Tokyo May 2, 2008
Symbolic Execution with Mixed Concrete-Symbolic Solving
Satisfiability Modulo Theories (An introduction)
The complexity of predicting atomicity violations Azadeh Farzan Univ of Toronto P. Madhusudan Univ of Illinois at Urbana Champaign.
Architecture-aware Analysis of Concurrent Software Rajeev Alur University of Pennsylvania Amir Pnueli Memorial Symposium New York University, May 2010.
An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Enforcing Concurrent Temporal Behaviors Doron Peled, Dept. of CS University of Warwick.
1 Symbolic Execution for Model Checking and Testing Corina Păsăreanu (Kestrel) Joint work with Sarfraz Khurshid (MIT) and Willem Visser (RIACS)
1/20 Generalized Symbolic Execution for Model Checking and Testing Charngki PSWLAB Generalized Symbolic Execution for Model Checking and Testing.
Symbolic execution © Marcelo d’Amorim 2010.
Iterative Context Bounding for Systematic Testing of Multithreaded Programs Madan Musuvathi Shaz Qadeer Microsoft Research.
Poirot – A Concurrency Sleuth Shaz Qadeer Research in Software Engineering Microsoft Research.
Proofs from Tests Nels E. Beckman Aditya V. Nori Sriram K. Rajamani Robert J. Simmons Carnegie Mellon UniversityMicrosoft Research India Carnegie Mellon.
Theoretical Program Checking Greg Bronevetsky. Background The field of Program Checking is about 13 years old. Pioneered by Manuel Blum, Hal Wasserman,
CSE503: SOFTWARE ENGINEERING SYMBOLIC TESTING, AUTOMATED TEST GENERATION … AND MORE! David Notkin Spring 2011.
DART Directed Automated Random Testing Patrice Godefroid, Nils Klarlund, and Koushik Sen Syed Nabeel.
Formal verification Marco A. Peña Universitat Politècnica de Catalunya.
272: Software Engineering Fall 2012 Instructor: Tevfik Bultan Lecture 4: SMT-based Bounded Model Checking of Concurrent Software.
- 1 - EE898-HW/SW co-design Hardware/Software Codesign “Finding right combination of HW/SW resulting in the most efficient product meeting the specification”
Model Checking Embedded Systems
Symbolic Execution with Mixed Concrete-Symbolic Solving (SymCrete Execution) Jonathan Manos.
CUTE: A Concolic Unit Testing Engine for C Technical Report Koushik SenDarko MarinovGul Agha University of Illinois Urbana-Champaign.
Benjamin Gamble. What is Time?  Can mean many different things to a computer Dynamic Equation Variable System State 2.
Testing and Verifying Atomicity of Composed Concurrent Operations Ohad Shacham Tel Aviv University Nathan Bronson Stanford University Alex Aiken Stanford.
Yang Liu, Jun Sun and Jin Song Dong School of Computing National University of Singapore.
Algorithms and Algorithm Analysis The “fun” stuff.
Dynamic Analysis of Multithreaded Java Programs Dr. Abhik Roychoudhury National University of Singapore.
1 Qualitative Reasoning of Distributed Object Design Nima Kaveh & Wolfgang Emmerich Software Systems Engineering Dept. Computer Science University College.
CSV 889: Concurrent Software Verification Subodh Sharma Indian Institute of Technology Delhi Symbolic Execution.
Xusheng Xiao North Carolina State University CSC 720 Project Presentation 1.
Proving Non-Termination Gupta, Henzinger, Majumdar, Rybalchenko, Ru-Gang Xu presentation by erkan.
CSV 889: Concurrent Software Verification Subodh Sharma Indian Institute of Technology Delhi Scalable Symbolic Execution: KLEE.
Symbolic and Concolic Execution of Programs Information Security, CS 526 Omar Chowdhury 10/7/2015Information Security, CS 5261.
CS265: Dynamic Partial Order Reduction Koushik Sen UC Berkeley.
Weighted Automata and Concurrency Akash Lal Microsoft Research, India Tayssir Touili, Nicholas Kidd and Tom Reps ACTS II, Chennai Mathematical Institute.
Getting Rid of Store-Buffers in TSO Analysis Mohamed Faouzi Atig Uppsala University, Sweden Ahmed Bouajjani LIAFA, University of Paris 7, France LIAFA,
Grigore Rosu Founder, President and CEO Professor of Computer Science, University of Illinois
CUTE: A Concolic Unit Testing Engine for C Koushik SenDarko MarinovGul Agha University of Illinois Urbana-Champaign.
CSV 889: Concurrent Software Verification Subodh Sharma Indian Institute of Technology Delhi Relaxed Memory Effects and its Verification.
Bounded Model Checking A. Biere, A. Cimatti, E. Clarke, Y. Zhu, Symbolic Model Checking without BDDs, TACAS’99 Presented by Daniel Choi Provable Software.
( = “unknown yet”) Our novel symbolic execution framework: - extends model checking to programs that have complex inputs with unbounded (very large) data.
Specifying Multithreaded Java semantics for Program Verification Abhik Roychoudhury National University of Singapore (Joint work with Tulika Mitra)
Lazy Annotation for Program Testing and Verification (Supplementary Materials) Speaker: Chen-Hsuan Adonis Lin Advisor: Jie-Hong Roland Jiang December 3,
ICDCS 2006 Efficient Incremental Optimal Chain Partition of Distributed Program Traces Selma Ikiz Vijay K. Garg Parallel and Distributed Systems Laboratory.
MOPS: an Infrastructure for Examining Security Properties of Software Authors Hao Chen and David Wagner Appears in ACM Conference on Computer and Communications.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
On Concurrency Idioms and their Effect on Program Analysis Weizmann Institute of Science Guy Katz and David Harel.
CSE 331 SOFTWARE DESIGN & IMPLEMENTATION SYMBOLIC TESTING Autumn 2011.
1 Active Random Testing of Parallel Programs Koushik Sen University of California, Berkeley.
On Sequentializing Concurrent Programs
Verification for Concurrent Programs
Model Checking Java Programs (Java PathFinder)
Symbolic Execution Suman Jana
Solver & Optimization Problems
Verification and Testing
runtime verification Brief Overview Grigore Rosu
Specifying Multithreaded Java semantics for Program Verification
Timed Automata Formal Systems Pallab Dasgupta Professor,
Over-Approximating Boolean Programs with Unbounded Thread Creation
All You Ever Wanted to Know About Dynamic Taint Analysis & Forward Symbolic Execution (but might have been afraid to ask) Edward J. Schwartz, Thanassis.
Automatic Test Generation SymCrete
CUTE: A Concolic Unit Testing Engine for C
Rich Model Toolkit – An Infrastructure for Reliable Computer Systems
Presentation transcript:

CSV 889: Concurrent Software Verification Subodh Sharma Indian Institute of Technology Delhi State merging, Concolic Execution

Concolic Execution Works well on interprocedural bugs, use of library calls

Concolic Execution Falls back on concrete values when – Non linear arithmetic – pointers pointing to input values

Concolic execution with dynamic data No way to know whether a->c is overwritten. With initial random values, Concolic falls back to concrete values

Nonlinear arithmetic

Problems with Concolic Testing Limited exploration when decision procedures encounter: – Floats, nonlinear arithmetic, 3 rd party components – symbolic pointers

Symbolic Execution with Concurrency Scheduling explosion - an additional headache Solution: Check for feasible interleavings under a “causal model”

Example Symbolic execution of a path along with the schedule Does there exist a bad schedule?

Example Lamport’s HB Causality -- Respect read-after-write pairs to the same shared var. Not sufficient to expose the error

Solution: Allow all interleavings As long as they follow SC semantics What happens in our running example?

Preliminaries Concurrent program P: finite set of threads, finite set of shared vars SV Each thread t i has finite set of local vars LV i Symbolic execution trace: where

Preliminaries Symbolic execution trace: where action:, assert(c) state is a map s: V -> Val

Sym. Exec. of Example

Concurrent Trace Program CTP of : Feasible linearization of

CSSA – Concurrent SSA

SAT Encoding based on CSSA

Path Constraints

Property Constraints HB Constraints

PO Ordering

VD Constraints

Phi Constraints

CSSA Encoding

Context bounding What is a context and a context switch? Context bounding – restrict the number of context switches allowed! In our example: What happens when we bound the contexts to 1? What happens when it is increased to 2?

CTP with Context Bounding For this to happen, we change the HB definition slightly

Acknowledgements

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.