a conditioned program slicer
play

A Conditioned Program Slicer Chris Fox, University of Essex 21st - PowerPoint PPT Presentation

Aug 18, 2022 •344 likes •1.89k views

Background Program Conditioning Examples of Conditioning Summary and Other Work A Conditioned Program Slicer Chris Fox, University of Essex 21st February 2005 Chris Fox, University of Essex A Conditioned Program Slicer Background Program

  1. Background Slicing Program Conditioning Conditioning Examples of Conditioning Slicing and Conditioning Summary and Other Work Constraining the Context Another Example Consider: x := y; w := x; while (true) { w := 1; x := x + 1; } Slicing (backward) with respect to the value of w at the end of the program will give the code in red (the statements in gray can be “sliced away”.) Chris Fox, University of Essex A Conditioned Program Slicer

  2. Background Slicing Program Conditioning Conditioning Examples of Conditioning Slicing and Conditioning Summary and Other Work Constraining the Context Another Example Consider: x := y; w := x; while (true) { w := 1; x := x + 1; } Slicing (backward) with respect to the value of w at the end of the program will give the code in red (the statements in gray can be “sliced away”.) This illustrates the impact that slicing can have on termination behaviour: it cannot be analysed as giving a simple projection of the (usual) semantics of the program. Chris Fox, University of Essex A Conditioned Program Slicer

  3. Background Slicing Program Conditioning Conditioning Examples of Conditioning Slicing and Conditioning Summary and Other Work Constraining the Context Problematic Example There is a statement/line in the following program that is not involved in determining the final value of x in the following program. Chris Fox, University of Essex A Conditioned Program Slicer

  4. Background Slicing Program Conditioning Conditioning Examples of Conditioning Slicing and Conditioning Summary and Other Work Constraining the Context Problematic Example There is a statement/line in the following program that is not involved in determining the final value of x in the following program. while (p(i)) { if (q(c)) { x := f(); c := g(); } ; i := h(i) } Chris Fox, University of Essex A Conditioned Program Slicer

  5. Background Slicing Program Conditioning Conditioning Examples of Conditioning Slicing and Conditioning Summary and Other Work Constraining the Context Problematic Example There is a statement/line in the following program that is not involved in determining the final value of x in the following program. while (p(i)) { if (q(c)) { x := f(); c := g(); } ; i := h(i) } No conventional slicing algorithm can find it. Chris Fox, University of Essex A Conditioned Program Slicer

  6. Background Slicing Program Conditioning Conditioning Examples of Conditioning Slicing and Conditioning Summary and Other Work Constraining the Context Slicing is Not Trivial Chris Fox, University of Essex A Conditioned Program Slicer

  7. Background Slicing Program Conditioning Conditioning Examples of Conditioning Slicing and Conditioning Summary and Other Work Constraining the Context Slicing is Not Trivial Even just using statement deletion, slicing real programs is non-trivial: Chris Fox, University of Essex A Conditioned Program Slicer

  8. Background Slicing Program Conditioning Conditioning Examples of Conditioning Slicing and Conditioning Summary and Other Work Constraining the Context Slicing is Not Trivial Even just using statement deletion, slicing real programs is non-trivial: unstructured code ( breaks and returns ); 1 Chris Fox, University of Essex A Conditioned Program Slicer

  9. Background Slicing Program Conditioning Conditioning Examples of Conditioning Slicing and Conditioning Summary and Other Work Constraining the Context Slicing is Not Trivial Even just using statement deletion, slicing real programs is non-trivial: unstructured code ( breaks and returns ); 1 arrays, union types and pointers (& functions in C); 2 Chris Fox, University of Essex A Conditioned Program Slicer

  10. Background Slicing Program Conditioning Conditioning Examples of Conditioning Slicing and Conditioning Summary and Other Work Constraining the Context Slicing is Not Trivial Even just using statement deletion, slicing real programs is non-trivial: unstructured code ( breaks and returns ); 1 arrays, union types and pointers (& functions in C); 2 difficult to analyse with standard state-based semantics 3 Chris Fox, University of Essex A Conditioned Program Slicer

  11. Background Slicing Program Conditioning Conditioning Examples of Conditioning Slicing and Conditioning Summary and Other Work Constraining the Context Slicing is Not Trivial Even just using statement deletion, slicing real programs is non-trivial: unstructured code ( breaks and returns ); 1 arrays, union types and pointers (& functions in C); 2 difficult to analyse with standard state-based semantics 3 (non-termination behaviour changes); minimal slices are not computable. 4 Chris Fox, University of Essex A Conditioned Program Slicer

  12. Background Slicing Program Conditioning Conditioning Examples of Conditioning Slicing and Conditioning Summary and Other Work Constraining the Context Slicing is Not Trivial Even just using statement deletion, slicing real programs is non-trivial: unstructured code ( breaks and returns ); 1 arrays, union types and pointers (& functions in C); 2 difficult to analyse with standard state-based semantics 3 (non-termination behaviour changes); minimal slices are not computable. 4 How should we slice OO languages? Chris Fox, University of Essex A Conditioned Program Slicer

  13. Background Slicing Program Conditioning Conditioning Examples of Conditioning Slicing and Conditioning Summary and Other Work Constraining the Context Varieties of Slicing Static Slicing compute the slice for all possible input values. Chris Fox, University of Essex A Conditioned Program Slicer

  14. Background Slicing Program Conditioning Conditioning Examples of Conditioning Slicing and Conditioning Summary and Other Work Constraining the Context Varieties of Slicing Static Slicing compute the slice for all possible input values. Can be computed using a Program Dependence Graph, or by compositional analysis. Chris Fox, University of Essex A Conditioned Program Slicer

  15. Background Slicing Program Conditioning Conditioning Examples of Conditioning Slicing and Conditioning Summary and Other Work Constraining the Context Varieties of Slicing Static Slicing compute the slice for all possible input values. Can be computed using a Program Dependence Graph, or by compositional analysis. Dynamic Slicing compute the slice for a completely specified input. Chris Fox, University of Essex A Conditioned Program Slicer

  16. Background Slicing Program Conditioning Conditioning Examples of Conditioning Slicing and Conditioning Summary and Other Work Constraining the Context Varieties of Slicing Static Slicing compute the slice for all possible input values. Can be computed using a Program Dependence Graph, or by compositional analysis. Dynamic Slicing compute the slice for a completely specified input. Amorphous Slicing Allow more generic transformations. Chris Fox, University of Essex A Conditioned Program Slicer

  17. Background Slicing Program Conditioning Conditioning Examples of Conditioning Slicing and Conditioning Summary and Other Work Constraining the Context Varieties of Slicing Static Slicing compute the slice for all possible input values. Can be computed using a Program Dependence Graph, or by compositional analysis. Dynamic Slicing compute the slice for a completely specified input. Amorphous Slicing Allow more generic transformations. Variable Dependence Extract relationships between input and output variables using a slicing algorithm. Chris Fox, University of Essex A Conditioned Program Slicer

  18. Background Slicing Program Conditioning Conditioning Examples of Conditioning Slicing and Conditioning Summary and Other Work Constraining the Context Varieties of Slicing Static Slicing compute the slice for all possible input values. Can be computed using a Program Dependence Graph, or by compositional analysis. Dynamic Slicing compute the slice for a completely specified input. Amorphous Slicing Allow more generic transformations. Variable Dependence Extract relationships between input and output variables using a slicing algorithm. Conditioned Program Slicing (impose conditions on input variables, or program points, and use that information to decrease the size of a subsequent backward slice.) Chris Fox, University of Essex A Conditioned Program Slicer

  19. Background Slicing Program Conditioning Conditioning Examples of Conditioning Slicing and Conditioning Summary and Other Work Constraining the Context Conditioning Conditioning = Chris Fox, University of Essex A Conditioned Program Slicer

  20. Background Slicing Program Conditioning Conditioning Examples of Conditioning Slicing and Conditioning Summary and Other Work Constraining the Context Conditioning Conditioning = Symbolic Execution Chris Fox, University of Essex A Conditioned Program Slicer

  21. Background Slicing Program Conditioning Conditioning Examples of Conditioning Slicing and Conditioning Summary and Other Work Constraining the Context Conditioning Conditioning = Symbolic Execution + Theorem Proving Chris Fox, University of Essex A Conditioned Program Slicer

  22. Background Slicing Program Conditioning Conditioning Examples of Conditioning Slicing and Conditioning Summary and Other Work Constraining the Context Conditioning Conditioning = Symbolic Execution + Theorem Proving Symbolic Execution Chris Fox, University of Essex A Conditioned Program Slicer

  23. Background Slicing Program Conditioning Conditioning Examples of Conditioning Slicing and Conditioning Summary and Other Work Constraining the Context Conditioning Conditioning = Symbolic Execution + Theorem Proving Symbolic Execution Ideally finds all the possible paths through a program, and the corresponding symbolic states Chris Fox, University of Essex A Conditioned Program Slicer

  24. Background Slicing Program Conditioning Conditioning Examples of Conditioning Slicing and Conditioning Summary and Other Work Constraining the Context Conditioning Conditioning = Symbolic Execution + Theorem Proving Symbolic Execution Ideally finds all the possible paths through a program, and the corresponding symbolic states Theorem Proving Chris Fox, University of Essex A Conditioned Program Slicer

  25. Background Slicing Program Conditioning Conditioning Examples of Conditioning Slicing and Conditioning Summary and Other Work Constraining the Context Conditioning Conditioning = Symbolic Execution + Theorem Proving Symbolic Execution Ideally finds all the possible paths through a program, and the corresponding symbolic states Theorem Proving Determines which of these paths are infeasible Chris Fox, University of Essex A Conditioned Program Slicer

  26. Background Slicing Program Conditioning Conditioning Examples of Conditioning Slicing and Conditioning Summary and Other Work Constraining the Context Conditioning Conditioning = Symbolic Execution + Theorem Proving Symbolic Execution Ideally finds all the possible paths through a program, and the corresponding symbolic states Theorem Proving Determines which of these paths are infeasible, and hence which statements can be eliminated Chris Fox, University of Essex A Conditioned Program Slicer

  27. Background Slicing Program Conditioning Conditioning Examples of Conditioning Slicing and Conditioning Summary and Other Work Constraining the Context Conditioning Conditioning = Symbolic Execution + Theorem Proving Symbolic Execution Ideally finds all the possible paths through a program, and the corresponding symbolic states Theorem Proving Determines which of these paths are infeasible, and hence which statements can be eliminated. Other kinds of reasoning and simplification are also possible (such as the simplification of expressions) Chris Fox, University of Essex A Conditioned Program Slicer

  28. Background Slicing Program Conditioning Conditioning Examples of Conditioning Slicing and Conditioning Summary and Other Work Constraining the Context Conditioning Conditioning = Symbolic Execution + Theorem Proving Symbolic Execution Ideally finds all the possible paths through a program, and the corresponding symbolic states Theorem Proving Determines which of these paths are infeasible, and hence which statements can be eliminated. Other kinds of reasoning and simplification are also possible (such as the simplification of expressions) Conditioned Slicing Chris Fox, University of Essex A Conditioned Program Slicer

  29. Background Slicing Program Conditioning Conditioning Examples of Conditioning Slicing and Conditioning Summary and Other Work Constraining the Context Conditioning Conditioning = Symbolic Execution + Theorem Proving Symbolic Execution Ideally finds all the possible paths through a program, and the corresponding symbolic states Theorem Proving Determines which of these paths are infeasible, and hence which statements can be eliminated. Other kinds of reasoning and simplification are also possible (such as the simplification of expressions) Conditioned Slicing program conditioning is combined with conventional backward slicing to give a conditioned-program slicer . Chris Fox, University of Essex A Conditioned Program Slicer

  30. Background Slicing Program Conditioning Conditioning Examples of Conditioning Slicing and Conditioning Summary and Other Work Constraining the Context Slicing and Conditioning Slicing Chris Fox, University of Essex A Conditioned Program Slicer

  31. Background Slicing Program Conditioning Conditioning Examples of Conditioning Slicing and Conditioning Summary and Other Work Constraining the Context Slicing and Conditioning Slicing We are only interested in the values of a subset of the program variables Chris Fox, University of Essex A Conditioned Program Slicer

  32. Background Slicing Program Conditioning Conditioning Examples of Conditioning Slicing and Conditioning Summary and Other Work Constraining the Context Slicing and Conditioning Slicing We are only interested in the values of a subset of the program variables; which parts of the program can safely be removed? Chris Fox, University of Essex A Conditioned Program Slicer

  33. Background Slicing Program Conditioning Conditioning Examples of Conditioning Slicing and Conditioning Summary and Other Work Constraining the Context Slicing and Conditioning Slicing We are only interested in the values of a subset of the program variables; which parts of the program can safely be removed? Conditioning Chris Fox, University of Essex A Conditioned Program Slicer

  34. Background Slicing Program Conditioning Conditioning Examples of Conditioning Slicing and Conditioning Summary and Other Work Constraining the Context Slicing and Conditioning Slicing We are only interested in the values of a subset of the program variables; which parts of the program can safely be removed? Conditioning We are only interested in a subset of the possible input values Chris Fox, University of Essex A Conditioned Program Slicer

  35. Background Slicing Program Conditioning Conditioning Examples of Conditioning Slicing and Conditioning Summary and Other Work Constraining the Context Slicing and Conditioning Slicing We are only interested in the values of a subset of the program variables; which parts of the program can safely be removed? Conditioning We are only interested in a subset of the possible input values; which parts of the program can safely be removed? Chris Fox, University of Essex A Conditioned Program Slicer

  36. Background Slicing Program Conditioning Conditioning Examples of Conditioning Slicing and Conditioning Summary and Other Work Constraining the Context Slicing and Conditioning Slicing We are only interested in the values of a subset of the program variables; which parts of the program can safely be removed? Conditioning We are only interested in a subset of the possible input values; which parts of the program can safely be removed? Conditioned Slicing Chris Fox, University of Essex A Conditioned Program Slicer

  37. Background Slicing Program Conditioning Conditioning Examples of Conditioning Slicing and Conditioning Summary and Other Work Constraining the Context Slicing and Conditioning Slicing We are only interested in the values of a subset of the program variables; which parts of the program can safely be removed? Conditioning We are only interested in a subset of the possible input values; which parts of the program can safely be removed? Conditioned Slicing subsumes static and dynamic slicing. Chris Fox, University of Essex A Conditioned Program Slicer

  38. Background Slicing Program Conditioning Conditioning Examples of Conditioning Slicing and Conditioning Summary and Other Work Constraining the Context Constraining the Context With conditioned slicing, we are interested in putting restrictions on possible input values. Chris Fox, University of Essex A Conditioned Program Slicer

  39. Background Slicing Program Conditioning Conditioning Examples of Conditioning Slicing and Conditioning Summary and Other Work Constraining the Context Constraining the Context With conditioned slicing, we are interested in putting restrictions on possible input values. We could add conditions that quantify over the unique symbolic input values: Chris Fox, University of Essex A Conditioned Program Slicer

  40. Background Slicing Program Conditioning Conditioning Examples of Conditioning Slicing and Conditioning Summary and Other Work Constraining the Context Constraining the Context With conditioned slicing, we are interested in putting restrictions on possible input values. We could add conditions that quantify over the unique symbolic input values: while ( p ) { . . . scanf("%d", &a); . . . } ; Chris Fox, University of Essex A Conditioned Program Slicer

  41. Background Slicing Program Conditioning Conditioning Examples of Conditioning Slicing and Conditioning Summary and Other Work Constraining the Context Constraining the Context With conditioned slicing, we are interested in putting restrictions on possible input values. We could add conditions that quantify over the unique symbolic input values: ∀ n . ( a n > 0) while ( p ) { . . . scanf("%d", &a); . . . } ; Chris Fox, University of Essex A Conditioned Program Slicer

  42. Background Slicing Program Conditioning Conditioning Examples of Conditioning Slicing and Conditioning Summary and Other Work Constraining the Context Constraining the Context With conditioned slicing, we are interested in putting restrictions on possible input values. We could add conditions that quantify over the unique symbolic input values: ∀ n . ( a n > 0) while ( p ) { . . . scanf("%d", &a); . . . } ; In our implementation, we adopt the simpler approach of using statements of the form assert( condition ) : Chris Fox, University of Essex A Conditioned Program Slicer

  43. Background Slicing Program Conditioning Conditioning Examples of Conditioning Slicing and Conditioning Summary and Other Work Constraining the Context Constraining the Context With conditioned slicing, we are interested in putting restrictions on possible input values. We could add conditions that quantify over the unique symbolic input values: ∀ n . ( a n > 0) while ( p ) { . . . scanf("%d", &a); . . . } ; In our implementation, we adopt the simpler approach of using statements of the form assert( condition ) : while ( p ) { . . . scanf("%d", &a); . . . } Chris Fox, University of Essex A Conditioned Program Slicer

  44. Background Slicing Program Conditioning Conditioning Examples of Conditioning Slicing and Conditioning Summary and Other Work Constraining the Context Constraining the Context With conditioned slicing, we are interested in putting restrictions on possible input values. We could add conditions that quantify over the unique symbolic input values: ∀ n . ( a n > 0) while ( p ) { . . . scanf("%d", &a); . . . } ; In our implementation, we adopt the simpler approach of using statements of the form assert( condition ) : while ( p ) { . . . scanf("%d", &a); assert(a>0); . . . } Chris Fox, University of Essex A Conditioned Program Slicer

  45. Background Symbolic Execution and Theorem Proving Program Conditioning Combining Symbolic States Examples of Conditioning Uninterpreted Constant Values Summary and Other Work Symbolic Execution and Theorem Proving “Execution” of the program, but where all unknown and input values are represented by symbolic values. Chris Fox, University of Essex A Conditioned Program Slicer

  46. Background Symbolic Execution and Theorem Proving Program Conditioning Combining Symbolic States Examples of Conditioning Uninterpreted Constant Values Summary and Other Work Symbolic Execution and Theorem Proving “Execution” of the program, but where all unknown and input values are represented by symbolic values. Program Source Chris Fox, University of Essex A Conditioned Program Slicer

  47. Background Symbolic Execution and Theorem Proving Program Conditioning Combining Symbolic States Examples of Conditioning Uninterpreted Constant Values Summary and Other Work Symbolic Execution and Theorem Proving “Execution” of the program, but where all unknown and input values are represented by symbolic values. Program Source x y z Chris Fox, University of Essex A Conditioned Program Slicer

  48. Background Symbolic Execution and Theorem Proving Program Conditioning Combining Symbolic States Examples of Conditioning Uninterpreted Constant Values Summary and Other Work Symbolic Execution and Theorem Proving “Execution” of the program, but where all unknown and input values are represented by symbolic values. Program Source x y z x 0 y 0 z 0 Chris Fox, University of Essex A Conditioned Program Slicer

  49. Background Symbolic Execution and Theorem Proving Program Conditioning Combining Symbolic States Examples of Conditioning Uninterpreted Constant Values Summary and Other Work Symbolic Execution and Theorem Proving “Execution” of the program, but where all unknown and input values are represented by symbolic values. Program Source x y z x 0 y 0 z 0 x := z; Chris Fox, University of Essex A Conditioned Program Slicer

  50. Background Symbolic Execution and Theorem Proving Program Conditioning Combining Symbolic States Examples of Conditioning Uninterpreted Constant Values Summary and Other Work Symbolic Execution and Theorem Proving “Execution” of the program, but where all unknown and input values are represented by symbolic values. Program Source x y z x 0 y 0 z 0 x := z; z 0 y 0 z 0 Chris Fox, University of Essex A Conditioned Program Slicer

  51. Background Symbolic Execution and Theorem Proving Program Conditioning Combining Symbolic States Examples of Conditioning Uninterpreted Constant Values Summary and Other Work Symbolic Execution and Theorem Proving “Execution” of the program, but where all unknown and input values are represented by symbolic values. Program Source x y z x 0 y 0 z 0 x := z; z 0 y 0 z 0 y := x + z; Chris Fox, University of Essex A Conditioned Program Slicer

  52. Background Symbolic Execution and Theorem Proving Program Conditioning Combining Symbolic States Examples of Conditioning Uninterpreted Constant Values Summary and Other Work Symbolic Execution and Theorem Proving “Execution” of the program, but where all unknown and input values are represented by symbolic values. Program Source x y z x 0 y 0 z 0 x := z; z 0 y 0 z 0 z 0 + z 0 y := x + z; z 0 z 0 Chris Fox, University of Essex A Conditioned Program Slicer

  53. Background Symbolic Execution and Theorem Proving Program Conditioning Combining Symbolic States Examples of Conditioning Uninterpreted Constant Values Summary and Other Work Symbolic Execution and Theorem Proving “Execution” of the program, but where all unknown and input values are represented by symbolic values. Program Source x y z x 0 y 0 z 0 x := z; z 0 y 0 z 0 z 0 + z 0 y := x + z; z 0 z 0 Theorem Proving Chris Fox, University of Essex A Conditioned Program Slicer

  54. Background Symbolic Execution and Theorem Proving Program Conditioning Combining Symbolic States Examples of Conditioning Uninterpreted Constant Values Summary and Other Work Symbolic Execution and Theorem Proving “Execution” of the program, but where all unknown and input values are represented by symbolic values. Program Source x y z x 0 y 0 z 0 x := z; z 0 y 0 z 0 z 0 + z 0 y := x + z; z 0 z 0 Theorem Proving Does y==2*z ? Chris Fox, University of Essex A Conditioned Program Slicer

  55. Background Symbolic Execution and Theorem Proving Program Conditioning Combining Symbolic States Examples of Conditioning Uninterpreted Constant Values Summary and Other Work Symbolic Execution and Theorem Proving “Execution” of the program, but where all unknown and input values are represented by symbolic values. Program Source x y z x 0 y 0 z 0 x := z; z 0 y 0 z 0 z 0 + z 0 y := x + z; z 0 z 0 Theorem Proving Does y==2*z ? From the symbolic state, this is true if: z 0 + z 0 = 2 z 0 Chris Fox, University of Essex A Conditioned Program Slicer

  56. Background Symbolic Execution and Theorem Proving Program Conditioning Combining Symbolic States Examples of Conditioning Uninterpreted Constant Values Summary and Other Work Symbolic Execution and Theorem Proving “Execution” of the program, but where all unknown and input values are represented by symbolic values. Program Source x y z x 0 y 0 z 0 x := z; z 0 y 0 z 0 z 0 + z 0 y := x + z; z 0 z 0 Theorem Proving Does y==2*z ? From the symbolic state, this is true if: z 0 + z 0 = 2 z 0 Is x < y ? Chris Fox, University of Essex A Conditioned Program Slicer

  57. Background Symbolic Execution and Theorem Proving Program Conditioning Combining Symbolic States Examples of Conditioning Uninterpreted Constant Values Summary and Other Work Symbolic Execution and Theorem Proving “Execution” of the program, but where all unknown and input values are represented by symbolic values. Program Source x y z x 0 y 0 z 0 x := z; z 0 y 0 z 0 z 0 + z 0 y := x + z; z 0 z 0 Theorem Proving Does y==2*z ? From the symbolic state, this is true if: z 0 + z 0 = 2 z 0 Is x < y ? True if z 0 < 2 z 0 . Chris Fox, University of Essex A Conditioned Program Slicer

  58. Background Symbolic Execution and Theorem Proving Program Conditioning Combining Symbolic States Examples of Conditioning Uninterpreted Constant Values Summary and Other Work Symbolic Execution and Theorem Proving “Execution” of the program, but where all unknown and input values are represented by symbolic values. Program Source x y z x 0 y 0 z 0 x := z; z 0 y 0 z 0 z 0 + z 0 y := x + z; z 0 z 0 Theorem Proving Does y==2*z ? From the symbolic state, this is true if: z 0 + z 0 = 2 z 0 Is x < y ? True if z 0 < 2 z 0 . What if z is negative? Chris Fox, University of Essex A Conditioned Program Slicer

  59. Background Symbolic Execution and Theorem Proving Program Conditioning Combining Symbolic States Examples of Conditioning Uninterpreted Constant Values Summary and Other Work Combining Symbolic States The symbolic executor finds a set of pairs of path conditions and symbolic states . Chris Fox, University of Essex A Conditioned Program Slicer

  60. Background Symbolic Execution and Theorem Proving Program Conditioning Combining Symbolic States Examples of Conditioning Uninterpreted Constant Values Summary and Other Work Combining Symbolic States The symbolic executor finds a set of pairs of path conditions and symbolic states . When encountering a condition if ( p ) s else t , each ( path = ⇒ state ) pair is replaced by the results of: Chris Fox, University of Essex A Conditioned Program Slicer

  61. Background Symbolic Execution and Theorem Proving Program Conditioning Combining Symbolic States Examples of Conditioning Uninterpreted Constant Values Summary and Other Work Combining Symbolic States The symbolic executor finds a set of pairs of path conditions and symbolic states . When encountering a condition if ( p ) s else t , each ( path = ⇒ state ) pair is replaced by the results of: symbolically execution s in the context of path ∪ { p } ; 1 Chris Fox, University of Essex A Conditioned Program Slicer

  62. Background Symbolic Execution and Theorem Proving Program Conditioning Combining Symbolic States Examples of Conditioning Uninterpreted Constant Values Summary and Other Work Combining Symbolic States The symbolic executor finds a set of pairs of path conditions and symbolic states . When encountering a condition if ( p ) s else t , each ( path = ⇒ state ) pair is replaced by the results of: symbolically execution s in the context of path ∪ { p } ; 1 symbolically execution t in the context of path ∪ {¬ p } ; 2 Chris Fox, University of Essex A Conditioned Program Slicer

  63. Background Symbolic Execution and Theorem Proving Program Conditioning Combining Symbolic States Examples of Conditioning Uninterpreted Constant Values Summary and Other Work Combining Symbolic States The symbolic executor finds a set of pairs of path conditions and symbolic states . When encountering a condition if ( p ) s else t , each ( path = ⇒ state ) pair is replaced by the results of: symbolically execution s in the context of path ∪ { p } ; 1 symbolically execution t in the context of path ∪ {¬ p } ; 2 With while loops present additional complexities. Chris Fox, University of Essex A Conditioned Program Slicer

  64. Background Symbolic Execution and Theorem Proving Program Conditioning Combining Symbolic States Examples of Conditioning Uninterpreted Constant Values Summary and Other Work Combining Symbolic States The symbolic executor finds a set of pairs of path conditions and symbolic states . When encountering a condition if ( p ) s else t , each ( path = ⇒ state ) pair is replaced by the results of: symbolically execution s in the context of path ∪ { p } ; 1 symbolically execution t in the context of path ∪ {¬ p } ; 2 With while loops present additional complexities. We have chosen to implement a conservative approximation. Chris Fox, University of Essex A Conditioned Program Slicer

  65. Background Symbolic Execution and Theorem Proving Program Conditioning Combining Symbolic States Examples of Conditioning Uninterpreted Constant Values Summary and Other Work Uninterpreted Constant Values A variable v is assigned a unique, uninterpreted constant value in the following circumstances: Chris Fox, University of Essex A Conditioned Program Slicer

  66. Background Symbolic Execution and Theorem Proving Program Conditioning Combining Symbolic States Examples of Conditioning Uninterpreted Constant Values Summary and Other Work Uninterpreted Constant Values A variable v is assigned a unique, uninterpreted constant value in the following circumstances: Initial value Chris Fox, University of Essex A Conditioned Program Slicer

  67. Background Symbolic Execution and Theorem Proving Program Conditioning Combining Symbolic States Examples of Conditioning Uninterpreted Constant Values Summary and Other Work Uninterpreted Constant Values A variable v is assigned a unique, uninterpreted constant value in the following circumstances: Initial value When v is referenced prior to being assigned a value Chris Fox, University of Essex A Conditioned Program Slicer

  68. Background Symbolic Execution and Theorem Proving Program Conditioning Combining Symbolic States Examples of Conditioning Uninterpreted Constant Values Summary and Other Work Uninterpreted Constant Values A variable v is assigned a unique, uninterpreted constant value in the following circumstances: Initial value When v is referenced prior to being assigned a value, it is given a unique, uninterpreted constant value, v 0 . Chris Fox, University of Essex A Conditioned Program Slicer

  69. Background Symbolic Execution and Theorem Proving Program Conditioning Combining Symbolic States Examples of Conditioning Uninterpreted Constant Values Summary and Other Work Uninterpreted Constant Values A variable v is assigned a unique, uninterpreted constant value in the following circumstances: Initial value When v is referenced prior to being assigned a value, it is given a unique, uninterpreted constant value, v 0 . Input value Chris Fox, University of Essex A Conditioned Program Slicer

  70. Background Symbolic Execution and Theorem Proving Program Conditioning Combining Symbolic States Examples of Conditioning Uninterpreted Constant Values Summary and Other Work Uninterpreted Constant Values A variable v is assigned a unique, uninterpreted constant value in the following circumstances: Initial value When v is referenced prior to being assigned a value, it is given a unique, uninterpreted constant value, v 0 . Input value When v receives a value in an input ( scanf ) statement Chris Fox, University of Essex A Conditioned Program Slicer

  71. Background Symbolic Execution and Theorem Proving Program Conditioning Combining Symbolic States Examples of Conditioning Uninterpreted Constant Values Summary and Other Work Uninterpreted Constant Values A variable v is assigned a unique, uninterpreted constant value in the following circumstances: Initial value When v is referenced prior to being assigned a value, it is given a unique, uninterpreted constant value, v 0 . Input value When v receives a value in an input ( scanf ) statement, it is given a unique, uninterpreted constant value, v n . Chris Fox, University of Essex A Conditioned Program Slicer

  72. Background Symbolic Execution and Theorem Proving Program Conditioning Combining Symbolic States Examples of Conditioning Uninterpreted Constant Values Summary and Other Work Uninterpreted Constant Values A variable v is assigned a unique, uninterpreted constant value in the following circumstances: Initial value When v is referenced prior to being assigned a value, it is given a unique, uninterpreted constant value, v 0 . Input value When v receives a value in an input ( scanf ) statement, it is given a unique, uninterpreted constant value, v n . Within loops Chris Fox, University of Essex A Conditioned Program Slicer

  73. Background Symbolic Execution and Theorem Proving Program Conditioning Combining Symbolic States Examples of Conditioning Uninterpreted Constant Values Summary and Other Work Uninterpreted Constant Values A variable v is assigned a unique, uninterpreted constant value in the following circumstances: Initial value When v is referenced prior to being assigned a value, it is given a unique, uninterpreted constant value, v 0 . Input value When v receives a value in an input ( scanf ) statement, it is given a unique, uninterpreted constant value, v n . Within loops When v is assigned a value within a loop body Chris Fox, University of Essex A Conditioned Program Slicer

  74. Background Symbolic Execution and Theorem Proving Program Conditioning Combining Symbolic States Examples of Conditioning Uninterpreted Constant Values Summary and Other Work Uninterpreted Constant Values A variable v is assigned a unique, uninterpreted constant value in the following circumstances: Initial value When v is referenced prior to being assigned a value, it is given a unique, uninterpreted constant value, v 0 . Input value When v receives a value in an input ( scanf ) statement, it is given a unique, uninterpreted constant value, v n . Within loops When v is assigned a value within a loop body, we associate the variable with an uninterpreted value v p Chris Fox, University of Essex A Conditioned Program Slicer

  75. Background Symbolic Execution and Theorem Proving Program Conditioning Combining Symbolic States Examples of Conditioning Uninterpreted Constant Values Summary and Other Work Uninterpreted Constant Values A variable v is assigned a unique, uninterpreted constant value in the following circumstances: Initial value When v is referenced prior to being assigned a value, it is given a unique, uninterpreted constant value, v 0 . Input value When v receives a value in an input ( scanf ) statement, it is given a unique, uninterpreted constant value, v n . Within loops When v is assigned a value within a loop body, we associate the variable with an uninterpreted value v p , conceptually on the penultimate execution of the loop Chris Fox, University of Essex A Conditioned Program Slicer

  76. Background Symbolic Execution and Theorem Proving Program Conditioning Combining Symbolic States Examples of Conditioning Uninterpreted Constant Values Summary and Other Work Uninterpreted Constant Values A variable v is assigned a unique, uninterpreted constant value in the following circumstances: Initial value When v is referenced prior to being assigned a value, it is given a unique, uninterpreted constant value, v 0 . Input value When v receives a value in an input ( scanf ) statement, it is given a unique, uninterpreted constant value, v n . Within loops When v is assigned a value within a loop body, we associate the variable with an uninterpreted value v p , conceptually on the penultimate execution of the loop, then we symbolically execute the loop body once to “approximate” the final symbolic values. Chris Fox, University of Essex A Conditioned Program Slicer

  77. Background Conditional Statements Program Conditioning Conditioned “if” Examples of Conditioning While Loops Summary and Other Work Conditioned “while” Symbolic States and Path Conditions x = y + 1; Chris Fox, University of Essex A Conditioned Program Slicer

  78. Background Conditional Statements Program Conditioning Conditioned “if” Examples of Conditioning While Loops Summary and Other Work Conditioned “while” Symbolic States and Path Conditions x = y + 1; (path condition = ⇒ symbolic state) {⊤ = ⇒ ( x = y 0 + 1) } Chris Fox, University of Essex A Conditioned Program Slicer

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

W ELCOME LaPorte High School Class of 2021 Once a Slicer, Always a Slicer What does

W ELCOME LaPorte High School Class of 2021 Once a Slicer, Always a Slicer What does

W ELCOME LaPorte High School Class of 2021 Once a Slicer, Always a Slicer What does College and Career Ready mean and why is CCR important? Planning for life after high school Understanding your interests, skills, and goals

340 views • 17 slides
SEDA: An Architecture for Well- Conditioned Scalable Internet Services Overview What does

SEDA: An Architecture for Well- Conditioned Scalable Internet Services Overview What does

CS533 Concepts of Operating Systems Jonathan Walpole SEDA: An Architecture for Well- Conditioned Scalable Internet Services Overview What does well-conditioned mean? Internet service architectures - thread per request - thread pools - event

534 views • 28 slides
Probability of any given neighbourhood of root, conditioned on the root, conditioned on the tree

Probability of any given neighbourhood of root, conditioned on the root, conditioned on the tree

Probability of any given neighbour- hood of the Probability of any given neighbourhood of root, conditioned on the root, conditioned on the tree being the tree being infinite infinite Moumanti Podder Moumanti Podder Courant Institute

1.12k views • 83 slides
CS4102 Algorithms Fall 2018 Warm up In Season 9 Episode 7 The Slicer of the hit 90s TV

CS4102 Algorithms Fall 2018 Warm up In Season 9 Episode 7 The Slicer of the hit 90s TV

CS4102 Algorithms Fall 2018 Warm up In Season 9 Episode 7 The Slicer of the hit 90s TV show Seinfeld , George discovers that, years prior, he had a heated argument with his new boss, Mr. Kruger. This argument ended in George throwing

602 views • 32 slides
The well -being of man. . .is morally and spiritually conditioned by a principle confirmed by

The well -being of man. . .is morally and spiritually conditioned by a principle confirmed by

The well -being of man. . .is morally and spiritually conditioned by a principle confirmed by divinely imposed sanctions. Now this principle holds good generally in all nations of every age. But its operation has often been obscured to

95 views • 6 slides
Sentiment Expression Conditioned by Affective Transitions and Social Forces Moritz Sudhof Andrs

Sentiment Expression Conditioned by Affective Transitions and Social Forces Moritz Sudhof Andrs

Sentiment Expression Conditioned by Affective Transitions and Social Forces Moritz Sudhof Andrs Gomz Emilsson Andrew L. Maas Christopher Potts KDD 2014 Sentiment Expression Conditioned by Affective Transitions and Social Forces Stanford

501 views • 26 slides
Install Cura IMADE3D Edition Cura IMADE3D Edition is the open source slicer 'Cura 2' with JellyBOX

Install Cura IMADE3D Edition Cura IMADE3D Edition is the open source slicer 'Cura 2' with JellyBOX

Install Cura IMADE3D Edition Cura IMADE3D Edition is the open source slicer 'Cura 2' with JellyBOX profiles conveniently pre-imported. Pick, slice, and print. Table of Contents Installation: Cura IMADE3D Edition Table of Contents Mac PC Linux

319 views • 6 slides
Phonologically Conditioned Allomorphy in the Morphology of Surmiran (Rumantsch) Stephen R.

Phonologically Conditioned Allomorphy in the Morphology of Surmiran (Rumantsch) Stephen R.

Phonologically Conditioned Allomorphy in the Morphology of Surmiran (Rumantsch) Stephen R. Anderson Dept. of Linguistics, Yale University Core Mechanisms of Exponence Workshop Leipzig, January, .

565 views • 8 slides
Some centered random walks on weight lattices conditioned to stay in Weyl chambers Vivien Despax

Some centered random walks on weight lattices conditioned to stay in Weyl chambers Vivien Despax

Context The centered case Some centered random walks on weight lattices conditioned to stay in Weyl chambers Vivien Despax LMPT, Tours Final conference of the Madaca Project Some centered random walks on weight lattices conditioned Context

485 views • 19 slides
Correspondence Analysis of Surveys with Conditioned and Multiple Response Questions Amaya Z

Correspondence Analysis of Surveys with Conditioned and Multiple Response Questions Amaya Z

Correspondence Analysis of Surveys with Conditioned and Multiple Response Questions Amaya Z arraga and Beatriz Goitisolo Department of Econometrics and Statistics. University of Basque Country. Spain First Prev Next Last

580 views • 25 slides
Exponential functionals of conditioned Lvy processes and local time of a diffusion in a Lvy

Exponential functionals of conditioned Lvy processes and local time of a diffusion in a Lvy

Exponential functionals of conditioned Lvy processes and local time of a diffusion in a Lvy environment Conference MADACA Grgoire Vchambre Universit dOrlans June 2016 Introduction Lvy process and exponential functionals

186 views • 16 slides
Implicit Class-Conditioned Domain Alignment for Unsupervised Domain Adaptation 1,2 1,4 Xiang

Implicit Class-Conditioned Domain Alignment for Unsupervised Domain Adaptation 1,2 1,4 Xiang

Implicit Class-Conditioned Domain Alignment for Unsupervised Domain Adaptation 1,2 1,4 Xiang Jiang Qicheng Lao 1,3 1 Stan Matwin Mohammad Havaei 1 Imagia 2 Dalhousie University 3 Polish Academy of Sciences 4 Mila, Universit e de Montr

1.02k views • 43 slides
SEDA: An Architecture for Well-Conditioned, Scalable Internet Services By: Matt Welsh, David

SEDA: An Architecture for Well-Conditioned, Scalable Internet Services By: Matt Welsh, David

SEDA: An Architecture for Well-Conditioned, Scalable Internet Services By: Matt Welsh, David Culler, and Eric Brewer Presenter: Hong Quach Portland State University CS 533 - Fall 2013 Overview Introduction Background and Related

633 views • 36 slides
Nonequilibrium Markov processes conditioned on large deviations Chetrite Raphael Laboratoire

Nonequilibrium Markov processes conditioned on large deviations Chetrite Raphael Laboratoire

Nonequilibrium Markov processes conditioned on large deviations Chetrite Raphael Laboratoire J.A. Dieudonne Nice FRANCE New Frontiers in Non-equilibrium Physics of Glassy Materials Kyoto, JAPAN August 2015 Work with Hugo Touchette

709 views • 36 slides
CHANCE Project - Characterization of conditioned nuclear waste for its safe disposal in Europe D.

CHANCE Project - Characterization of conditioned nuclear waste for its safe disposal in Europe D.

CHANCE Project - Characterization of conditioned nuclear waste for its safe disposal in Europe D. Ricard, H. Tietze-Jaensch, C. Bruggeman, C. Bucur, C. Carasco, G. Genoud, O Gueton, A. Kopp, D. Kikola, W. Kubinski, C. Mathonat, B. Rogiers, J.

713 views • 26 slides
Well Conditioned and Optimally Convergent Extended Finite Elements and Vector Level Sets for

Well Conditioned and Optimally Convergent Extended Finite Elements and Vector Level Sets for

Well Conditioned and Optimally Convergent Extended Finite Elements and Vector Level Sets for Three-Dimensional Crack Propagation K. Agathos 1 G. Ventura 2 E. Chatzi 3 S. P. A. Bordas 1 , 4 , 5 1 Research Unit in Engineering Science Luxembourg

666 views • 35 slides
YHDP Round 3 New Project Application May 6, 2020 Lena McGinn, ICF Jen Best, ICF Introduction

YHDP Round 3 New Project Application May 6, 2020 Lena McGinn, ICF Jen Best, ICF Introduction

YHDP Round 3 New Project Application May 6, 2020 Lena McGinn, ICF Jen Best, ICF Introduction Learning Objectives: Navigate to the project application in e-snaps Complete the application formlets (i.e., screens) Submit the

1.01k views • 51 slides
Caves and Temples of India A talk at the ULT, Sunday 21 st January 2018 The Elephanta Hindu caves

Caves and Temples of India A talk at the ULT, Sunday 21 st January 2018 The Elephanta Hindu caves

Caves and Temples of India A talk at the ULT, Sunday 21 st January 2018 The Elephanta Hindu caves The Kanheri Buddhist cave complex The Gommateshwara statue to Bahubali and its Jain temple The Elephanta caves Gharapuri Island, Mumbai Harbour

876 views • 49 slides
A CHANGING LOS ANGELES: LATINO COMMUNITIES AND OUR ECONOMIC FUTURE MANUEL PASTOR @Prof_MPastor

A CHANGING LOS ANGELES: LATINO COMMUNITIES AND OUR ECONOMIC FUTURE MANUEL PASTOR @Prof_MPastor

2/ 24/ 2017 A CHANGING LOS ANGELES: LATINO COMMUNITIES AND OUR ECONOMIC FUTURE MANUEL PASTOR @Prof_MPastor 02.22.17 1 2/ 24/ 2017 Changing Demographics, California, 19802040 100% 3% 3% 3% 3% 4% 6% 9% 11% 90% 13% Other 14%

494 views • 15 slides
Coninued Claims as a % of the State's Pre-Covid 19 Workforce (as of August 15th) Wyoming North

Coninued Claims as a % of the State's Pre-Covid 19 Workforce (as of August 15th) Wyoming North

10% 12% 14% 16% 18% 20% 0% 2% 4% 6% 8% Idaho South Dakota Alabama Nebraska Utah Arkansas Coninued Claims as a % of the State's Pre-Covid 19 Workforce (as of August 15th) Wyoming North Carolina Missouri Florida Montana Kansas

414 views • 4 slides
Control systems in practice Safety issues in modern railway traffic control 19 September 2008

Control systems in practice Safety issues in modern railway traffic control 19 September 2008

Ansaldo Segnalamento Ferroviario Control systems in practice Safety issues in modern railway traffic control 19 September 2008 Carlo Milani 1 Ansaldo Segnalamento Ferroviario SCC The Ansaldo solution for Supervision System A brief

484 views • 35 slides
Statistical Variability Analysis in 28nm UTBB FD-SOI devices (Highlights from ECSEL JU Way2GoFast

Statistical Variability Analysis in 28nm UTBB FD-SOI devices (Highlights from ECSEL JU Way2GoFast

Statistical Variability Analysis in 28nm UTBB FD-SOI devices (Highlights from ECSEL JU Way2GoFast project) Andr Juge 1 , Plamen Asenov 2 , Thierry Poiroux 3 1 STMicroelectronics, Crolles Site, 850 rue Jean Monnet, 38926 Crolles, France 2

351 views • 13 slides
CO550 Web Applications ASP.NET Core Technical How To Guide Building an ASP.NET Core Web

CO550 Web Applications ASP.NET Core Technical How To Guide Building an ASP.NET Core Web

CO550 Web Applications ASP.NET Core Technical How To Guide Building an ASP.NET Core Web App For this module, the Web Apps CW2 assignment requires you to complete at least some coding within ASP.NET. This presentation outlines the

515 views • 23 slides
Art in the Ancient World LECTURE 6 | Art of the Early Christians A U G G U S T I I N N E E

Art in the Ancient World LECTURE 6 | Art of the Early Christians A U G G U S T I I N N E E

Art in the Ancient World LECTURE 6 | Art of the Early Christians A U G G U S T I I N N E E C O L L E G G E 4 BC birth of Jesus of Nazareth the Incarnation 30 AD death of Jesus of Nazareth the Crucifixion &amp; Resurrection of

225 views • 21 slides

More recommend