and its use in software analysis
play

and its Use in Software Analysis Florian Zuleger, TU Vienna FMCAD, - PowerPoint PPT Presentation

Dec 13, 2023 •353 likes •511 views

On the Concept of Variable Roles and its Use in Software Analysis Florian Zuleger, TU Vienna FMCAD, Portland, 23.10.2013 Joint work with Yulia Demyanova, Helmut Veith, TU Vienna Variable Roles Intuitively, variable roles are patterns of how

  1. On the Concept of Variable Roles and its Use in Software Analysis Florian Zuleger, TU Vienna FMCAD, Portland, 23.10.2013 Joint work with Yulia Demyanova, Helmut Veith, TU Vienna

  2. Variable Roles Intuitively, variable roles are patterns of how variables are used by programmers Ex. 1 Ex. 2 Ex. 3 int i = 0; int x = 2 * y ; int x = y << 1; while ( i < n) { x , y are linear x , y are bitvectors a[ i ] = 0; variables i ++; } Ex. 5 Ex. 4 int i = open(path, flags); int i = getchar(); i is a loop iterator i is an array index i is a file descriptor i is a character Florian Zuleger 2

  3. Outline 1. Choice and Formalisation 2. Experimental Validation 3. Discussion: Uses of Variable Roles Florian Zuleger 3

  4. Variable Role Informal Definition SYNT CONST not assigned any value in the program CONST ASSIGN assigned only numeric literals or CONST ASSIGN variables COUNTER only incremented/decremented or assigned zero LINEAR assigned only linear combinations of LINEAR variables BOOL assigned only zero, one, BOOL variables or boolean expressions INPUT variable is passed to a function by reference at least one BRANCH COND occurs in the condition of if statement at least once BITVECTOR occurs in a bitwise operation or assigned the result of a bitwise operation at least once UNRESOLVED assigned the value of a pointer dereference CHAR assigned only character literals, CHAR variables or initialised in a specific library function (e.g. getchar) LOOP ITERATOR occurs in the condition of the loop iterator and must be assigned in the loop body Florian Zuleger 4

  5. Choice and Formalisation • Roles were chosen studying 5.2 KLOC code from Cbench benchmark (standard C programs): – Goal: find the smallest set of roles to classify every occurring variable – Restriction to the types int, float, and char • Standard dataflow analysis serves as 1) definition and 2) algorithm to compute variable roles. Florian Zuleger 5

  6. Role Definition: Example LINEAR: greatest fixed point int n =0; int y = x ; Iterations: while( x ){ 0:{ x , y , n } 1:{ y , n } 2:{ n } n = n +1; x = x &( x -1); } BITVECTOR: one pass “all variables in bitvector operations”: { x } Florian Zuleger 6

  7. Implementation • Prototype built on top of clang • Flow-insensitive analysis (analysis requires only the AST) • Trade-of between cost and precision: – Interprocedural analysis – No pointer analysis implemented • Systematic study of (syntactic) usage patterns of variables Florian Zuleger 7

  8. Outline 1. Choice and Formalisation 2. Experimental Validation 3. Discussion: Uses of Variable Roles Florian Zuleger 8

  9. Experiment How to validate that our definition of variable roles is useful? Opportunity: • SVCOMP (Competition on Software Verification) contains files in different categories • Files classified by human expert Experiment: Can the relative frequencies of the variable roles replace the human expert in the classification of the files into competition categories? Florian Zuleger 9

  10. SVCOMP'13 benchmark 90 80 70 60 50 boolean flag 40 branch condition counter 30 input 20 bitvector unresolved assignment 10 array index loop iterator 0 Florian Zuleger 10 loop iterator array index unresolved assignment bitvector input counter branch condition boolean flag

  11. Experiment: Results • Multiclass vector support machine • Output: probability of membership in category • Random selection of training set Training set Correct classification (in %) (% of all files) 1. probability 1.+2. probability 90 84.06 97.10 80 85.19 94.07 70 83.80 92.02 60 80.23 92.02 50 81.40 91.46 Florian Zuleger 11

  12. Outline 1. Choice and Formalisation 2. Experimental Validation 3. Discussion: Uses of Variable Roles Florian Zuleger 12

  13. Variable Roles in Program Analysis Reviewer: „ How can variable roles help to avoid plane crashes ?“ Many program analysis tools treat a program as a formula and program analysis as constraint solving → tools work the same for obfuscated code?? Our vision: variable roles enable a systematic study of heuristics in program anlaysis and help to understand the strength of program analysis tools Florian Zuleger 13

  14. Envisioned Uses of Variable Roles • Program analysis tools: selection of predicates or abstract domains guided by variable roles (e.g. in ASTREÉ) • Quantitative characteristics on software verification benchmarks → Explaining the results • Building a portfolio-solver Florian Zuleger 14

  15. Conclusion Variable Roles have predictive power. Work in progress, your feedback is very welcome! Future Work: • Extract roles from variable names / comments • Explore connection to types Florian Zuleger 15

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Static (Software) Analysis Dagstuhl 16172: Machine Learning for Dynamic Software Analysis Reiner

Static (Software) Analysis Dagstuhl 16172: Machine Learning for Dynamic Software Analysis Reiner

Static (Software) Analysis Dagstuhl 16172: Machine Learning for Dynamic Software Analysis Reiner Hhnle Software Engineering Group Department of Computer Science Technische Universitt Darmstadt http://www.se.tu-darmstadt.de/

239 views • 23 slides
Chapter 1 Software Engineering Principles The Software Life Cycle Problem analysis

Chapter 1 Software Engineering Principles The Software Life Cycle Problem analysis

Chapter 1 Software Engineering Principles The Software Life Cycle Problem analysis Requirements elicitation Software specification High- and low-level design Implementation Testing and Verification Delivery

847 views • 51 slides
AnaPAON4 : Analysis software for PAON4 JSkyMap : Map making and simulation software suit

AnaPAON4 : Analysis software for PAON4 JSkyMap : Map making and simulation software suit

BAORadio / PAON4 c++ software suite R. Ansari 21 cm Cosmology workshop &amp; Tianlai collaboration meeting Xingchen Tianyuan Hotel, Pingtang, Guizhou , China September 2018 AnaPAON4 : Analysis software for PAON4 JSkyMap : Map making and

268 views • 15 slides
ICS 221: Software Analysis and Testing Debra J. Richardson Fall 2002 ICS 221 Software

ICS 221: Software Analysis and Testing Debra J. Richardson Fall 2002 ICS 221 Software

ICS 221: Software Analysis and Testing Debra J. Richardson Fall 2002 ICS 221 Software Analysis &amp; Testing 11/26/02: #1 The Importance of Testing: the Ariane 501 explosion On 4 June 1996, about 40 seconds after initiation of the

627 views • 48 slides
CalME Design and Analysis Software for Pavement Design and Analysis, and Analysis of HVS Results

CalME Design and Analysis Software for Pavement Design and Analysis, and Analysis of HVS Results

CalME Design and Analysis Software for Pavement Design and Analysis, and Analysis of HVS Results Presented by D Jones, UCPRC Prepared by J Harvey, UCPRC On behalf of many at UCPRC, Dynatest, CSIR and other collaborators around the world

913 views • 42 slides
Protocol Analysis 17-654/17-764 Analysis of Software Artifacts Kevin Bierhoff Take-Aways

Protocol Analysis 17-654/17-764 Analysis of Software Artifacts Kevin Bierhoff Take-Aways

Protocol Analysis 17-654/17-764 Analysis of Software Artifacts Kevin Bierhoff Take-Aways Protocols define temporal ordering of events Can often be captured with state machines Protocol analysis needs to pay attention to

602 views • 33 slides
Software Test and Analysis Software Test and Analysis in a Nutshell (c) 2007 Mauro Pezz &amp;

Software Test and Analysis Software Test and Analysis in a Nutshell (c) 2007 Mauro Pezz &amp;

Software Test and Analysis Software Test and Analysis in a Nutshell (c) 2007 Mauro Pezz &amp; Michal Young Ch 1, slide 1 Learning objectives Learning objectives View the big picture'' of software quality in View the big picture

453 views • 22 slides
The missing link in dynamic software analysis Symposium on Software Performance This research was

The missing link in dynamic software analysis Symposium on Software Performance This research was

Design for Diagnosability Fast and efficient operational time series storage: The missing link in dynamic software analysis Symposium on Software Performance This research was in part funded by Bavarian Ministry of Economic Affairs and Media,

487 views • 14 slides
Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis

Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis

Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis of Programs with Dynamic Memory Mihaela Sighireanu IRIF, University Paris Diderot &amp; CNRS VTSA 2015 1 / 99 Static Analysis Establish

2.15k views • 186 slides
Dynamic Analysis 17-654/17-754: Analysis of Software Artifacts Jonathan Aldrich Part 1:

Dynamic Analysis 17-654/17-754: Analysis of Software Artifacts Jonathan Aldrich Part 1:

Dynamic Analysis 17-654/17-754: Analysis of Software Artifacts Jonathan Aldrich Part 1: Performance Analysis Your boss tells you, make it run faster. What do you do?

530 views • 3 slides
Naval Center for Cost Analysis Software Resource Data Report (SRDR) Analysis August 2013 Dataset

Naval Center for Cost Analysis Software Resource Data Report (SRDR) Analysis August 2013 Dataset

Naval Center for Cost Analysis Software Resource Data Report (SRDR) Analysis August 2013 Dataset Presented by: Nicholas Lanham June 10-13, 2014 1 Purpose To analyze software productivity and growth relationships when compared to several

511 views • 21 slides
Spatial Analysis 3D Software tools for point pattern analysis in the nervous system (and

Spatial Analysis 3D Software tools for point pattern analysis in the nervous system (and

Spatial Analysis 3D Software tools for point pattern analysis in the nervous system (and beyond) Benjamin Reese Neuroscience Research Institute and Department of Psychology University of California at Santa Barbara The mature retina

800 views • 44 slides
History of S and R More software is available then ever before (with some thoughts for the

History of S and R More software is available then ever before (with some thoughts for the

Statistical Software Today History of S and R More software is available then ever before (with some thoughts for the future) for data analysis, &amp; much of it is good. The S software was written by and for Bell Labs statistics

369 views • 5 slides
Software lifecycle lifecycle (simplified) (simplified) Software Problem

Software lifecycle lifecycle (simplified) (simplified) Software Problem

Software lifecycle lifecycle (simplified) (simplified) Software Problem statement requirements analysis 1. Domain analysis 2. System Design 3. Programming (implementing the design) 4. Includes fixing syntax and

404 views • 18 slides
Static and dynamic verification Software inspections Concerned with analysis of the static

Static and dynamic verification Software inspections Concerned with analysis of the static

1 Static and dynamic verification Software inspections Concerned with analysis of the static system representation to discover problems (static verification) May be supplement by tool-based document and code analysis Software

430 views • 12 slides
Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis

Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis

Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis of Programs with Dynamic Memory Mihaela Sighireanu IRIF, University Paris Diderot &amp; CNRS VTSA 2015 1 / 149 Outline Introduction 1 Formal

861 views • 68 slides
Data Scientists in Software Teams: State of Art and Challenges [IEEE Transactions on Software

Data Scientists in Software Teams: State of Art and Challenges [IEEE Transactions on Software

Data Scientists in Software Teams: State of Art and Challenges [IEEE Transactions on Software Engineering, ICSE 2018 Journal First] Miryung Kim University of California, Los Angeles Thomas Zimmermann, Rob DeLine, and Andrew Begel Microsoft

247 views • 23 slides
Statically Inferring Performance Properties of Software Configurations Chi Li , Shu Wang, Henry

Statically Inferring Performance Properties of Software Configurations Chi Li , Shu Wang, Henry

Statically Inferring Performance Properties of Software Configurations Chi Li , Shu Wang, Henry Hoffmann, Shan Lu Configurations Explosion Tianyin Xu, Long Jin, Xuepeng Fan, Yuanyuan Zhou, Shankar Pasupathy, and Rukma Talwadker . Hey, You Have

891 views • 37 slides
Ads networks are following you, follow them back (The web is even worse than you thought) Quinn

Ads networks are following you, follow them back (The web is even worse than you thought) Quinn

Ads networks are following you, follow them back (The web is even worse than you thought) Quinn Norton - @quinnnorton Rapha el Vinot - @rafi0t https://www.circl.lu 2018-03-15 Who are we Quinn Norton Rapha el Vinot Freelance

532 views • 26 slides
Session 22 Intra Server Control 1 Lecture Objectives Understand the differences between a

Session 22 Intra Server Control 1 Lecture Objectives Understand the differences between a

Session 22 Intra-server Control Session 22 Intra Server Control 1 Lecture Objectives Understand the differences between a server side forward and a redirect Understand the differences between an include and a forward and when

308 views • 6 slides
Ac#ve Learning Machine Learning 10-601B Batch/Passive Learning

Ac#ve Learning Machine Learning 10-601B Batch/Passive Learning

Ac#ve Learning Machine Learning 10-601B Batch/Passive Learning Training data are collected at once and available to learner as a batch Ac#ve

859 views • 31 slides
Compsci 201 201 More Sorti ting, B Backtra ktracking Par art 1 1 of of 4 Susan Rodger

Compsci 201 201 More Sorti ting, B Backtra ktracking Par art 1 1 of of 4 Susan Rodger

Compsci 201 201 More Sorti ting, B Backtra ktracking Par art 1 1 of of 4 Susan Rodger April 3, 2020 4/3/2020 Compsci 201, Spring 2020 1 T is for Alan Turing, Turing Test, Turing award From WWII to philosophy to math to

943 views • 80 slides
Today Final Presentation Ubiquitous Computing Project Report Paper Presentations

Today Final Presentation Ubiquitous Computing Project Report Paper Presentations

Today Final Presentation Ubiquitous Computing Project Report Paper Presentations TDA471 07 11 28- 1 07 11 28- 2 Final Presentation Exhibition Part December 19 Display your prototype 9-16 Should be testable

357 views • 8 slides
Data and Analysis Note 9 Data Acquisition and Annotation Alex Simpson Note 9 Data acquisition

Data and Analysis Note 9 Data Acquisition and Annotation Alex Simpson Note 9 Data acquisition

Inf1B, Data &amp; Analysis, 2008 9.1 / 24 Informatics 1B, 2008 School of Informatics, University of Edinburgh Data and Analysis Note 9 Data Acquisition and Annotation Alex Simpson Note 9 Data acquisition and annotation Inf1B, Data &amp;

257 views • 24 slides

More recommend