Presentation is loading. Please wait.

Presentation is loading. Please wait.

( = “unknown yet”) Our novel symbolic execution framework: - extends model checking to programs that have complex inputs with unbounded (very large) data.

Published byValerie Wade Modified over 8 years ago

Similar presentations

Presentation on theme: "( = “unknown yet”) Our novel symbolic execution framework: - extends model checking to programs that have complex inputs with unbounded (very large) data."— Presentation transcript:

1 ( = “unknown yet”) Our novel symbolic execution framework: - extends model checking to programs that have complex inputs with unbounded (very large) data - automates test input generation Generalized Symbolic Execution for Model Checking and Testing input program Model checking Program instrumentation Decision procedures instrumented program correctness specification continue/ backtrack counterexample(s)/ test suite [heap+constraint+thread scheduling] Framework: Future mission software: - concurrent - complex, dynamically allocated data structures (e.g., lists or trees) - highly interactive: - with complex inputs - large environment - should be extremely reliable - testing: - requires manual input - typically done for a few nominal input cases - not good at finding concurrency bugs - not good at dealing with complex data structures void Executive:: startExecutive(){ runThreads(); …} void Executive:: executePlan(…) { while(!empty) executeCurrentPlanNode(); } … Rover Executive execute action environment/ rover status Input plan complex input structure large environment data concurrency, dynamic data (lists, trees) - model checking: - automatic, good at finding concurrency bugs - not good at dealing with complex data structures - feasible only with a small environment - and a small set of input values Current practice in checking complex software: - modular architecture: can use different model checkers/decision procedures class Node { int elem; Node next; Node deleteFirst() { if (elem < 10) return next; else if (elem < 0) assert(false); … } } Code Analysis of “deleteFirst” with our framework -“simulate” the code using symbolic values instead of program data; enumerate the input structures lazily e0 ≥ 10 /\ e0<0 e0 < 10e0 ≥ 10 truefalse true FALSE Precondition: acyclic list Numeric Constraints Decision Procedures Structural Constraints Lazy initialization+ Enumerate all structures e0 null e0 e1

2 Explanation of Accomplishment POC: Corina Pasareanu (Kestrel Technology LLC) and Willem Visser (RIACS/USRA) Joint work with Sarfraz Khurshid (MIT) Background: Future mission software systems, which will be concurrent and will manipulate complex dynamically allocated data structures, should be extremely reliable. These kinds of systems are known to be hard to test. Even using model checking to discover errors is inadequate due to the large and complex input domains of such systems. Accomplishment: A novel symbolic execution framework was developed and an algorithm implemented that enables model checking of programs that have complex inputs with unbounded (very large) data. The algorithm also automates test input generation.The symbolic execution algorithm has been implemented in the Java PathFinder model checker toolset. It has been used to generate test inputs for code coverage (i.e., condition coverage) of an Altitude Switch used in flight control software. Future Plans: We intend to apply our framework to the analysis of other complex systems, including the Mars K9 Executive prototype. We plan to investigate the application of abstraction techniques in the context of our framework. Overview of Algorithm: We provide a two-fold generalization of traditional symbolic execution methods. One, we define a source to source translation to instrument a program, which enables standard model checkers to perform symbolic execution of the program. The program instrumentation enables a model checker to automatically explore different configurations of the input data structures and manipulate logical formulae on program numeric values (using a decision procedure). Two, we give a novel symbolic execution algorithm that handles dynamically allocated structures (e.g., lists and trees), primitive data (e.g., integers and strings) and concurrency. To symbolically execute a program, the algorithm uses lazy initialization, i.e., it initializes the components of the program’s inputs on an ``as-needed'' basis, without requiring an a priori bound on input sizes. The algorithm uses preconditions to initialize inputs only with valid values.

Download ppt "( = “unknown yet”) Our novel symbolic execution framework: - extends model checking to programs that have complex inputs with unbounded (very large) data."

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

1 Verification by Model Checking. 2 Part 1 : Motivation.
Korat Automated Testing Based on Java Predicates Chandrasekhar Boyapati, Sarfraz Khurshid, Darko Marinov MIT ISSTA 2002 Rome, Italy.

Korat Automated Testing Based on Java Predicates Chandrasekhar Boyapati, Sarfraz Khurshid, Darko Marinov MIT ISSTA 2002 Rome, Italy.
Automated Verification with HIP and SLEEK Asankhaya Sharma.

Automated Verification with HIP and SLEEK Asankhaya Sharma.
A Survey of Approaches for Automated Unit Testing

A Survey of Approaches for Automated Unit Testing
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Model Counting >= Symbolic Execution Willem Visser Stellenbosch University Joint work with Matt Dwyer (UNL, USA) Jaco Geldenhuys (SU, RSA) Corina Pasareanu.

Model Counting >= Symbolic Execution Willem Visser Stellenbosch University Joint work with Matt Dwyer (UNL, USA) Jaco Geldenhuys (SU, RSA) Corina Pasareanu.
1 Symbolic Execution for Model Checking and Testing Corina Păsăreanu (Kestrel) Joint work with Sarfraz Khurshid (MIT) and Willem Visser (RIACS)

1 Symbolic Execution for Model Checking and Testing Corina Păsăreanu (Kestrel) Joint work with Sarfraz Khurshid (MIT) and Willem Visser (RIACS)
1/20 Generalized Symbolic Execution for Model Checking and Testing Charngki PSWLAB Generalized Symbolic Execution for Model Checking and Testing.

1/20 Generalized Symbolic Execution for Model Checking and Testing Charngki PSWLAB Generalized Symbolic Execution for Model Checking and Testing.
Carnegie Mellon University Java PathFinder and Model Checking of Programs Guillaume Brat, Dimitra Giannakopoulou, Klaus Havelund, Mike Lowry, Phil Oh,

Carnegie Mellon University Java PathFinder and Model Checking of Programs Guillaume Brat, Dimitra Giannakopoulou, Klaus Havelund, Mike Lowry, Phil Oh,
FIT1002 2006 1 FIT1002 Computer Programming Unit 19 Testing and Debugging.

FIT FIT1002 Computer Programming Unit 19 Testing and Debugging.
Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.

Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.
The Software Model Checker BLAST by Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala and Rupak Majumdar Presented by Yunho Kim Provable Software Lab, KAIST.

The Software Model Checker BLAST by Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala and Rupak Majumdar Presented by Yunho Kim Provable Software Lab, KAIST.
Developing Verifiable Concurrent Software Tevfik Bultan Department of Computer Science University of California, Santa Barbara

Developing Verifiable Concurrent Software Tevfik Bultan Department of Computer Science University of California, Santa Barbara
1 Today Another approach to “coverage” Cover “everything” – within a well-defined, feasible limit Bounded Exhaustive Testing.

1 Today Another approach to “coverage” Cover “everything” – within a well-defined, feasible limit Bounded Exhaustive Testing.
DART Directed Automated Random Testing Patrice Godefroid, Nils Klarlund, and Koushik Sen Syed Nabeel.

DART Directed Automated Random Testing Patrice Godefroid, Nils Klarlund, and Koushik Sen Syed Nabeel.
Houdini: An Annotation Assistant for ESC/Java Cormac Flanagan and K. Rustan M. Leino Compaq Systems Research Center.

Houdini: An Annotation Assistant for ESC/Java Cormac Flanagan and K. Rustan M. Leino Compaq Systems Research Center.
Efficient Modular Glass Box Software Model Checking Michael Roberson Chandrasekhar Boyapati The University of Michigan.

Efficient Modular Glass Box Software Model Checking Michael Roberson Chandrasekhar Boyapati The University of Michigan.
December 5, 20031 Mars and Beyond: NASA’s Software Challenges in the 21st Century Dr. Michael R. Lowry NASA Ames Research Center.

December 5, Mars and Beyond: NASA’s Software Challenges in the 21st Century Dr. Michael R. Lowry NASA Ames Research Center.
Formal verification Marco A. Peña Universitat Politècnica de Catalunya.

Formal verification Marco A. Peña Universitat Politècnica de Catalunya.
1/23/2003University of Virginia1 Korat: Automated Testing Based on Java Predicates CS751 Presentation by Radu Stoleru C.Boyapaty, S.Khurshid, D.Marinov.

1/23/2003University of Virginia1 Korat: Automated Testing Based on Java Predicates CS751 Presentation by Radu Stoleru C.Boyapaty, S.Khurshid, D.Marinov.

Similar presentations

Ads by Google