computing summaries of string loops in c for better
play

Computing Summaries of String Loops in C for Better Testing and - PowerPoint PPT Presentation

Feb 02, 2024 •227 likes •663 views

Computing Summaries of String Loops in C for Better Testing and Refactoring Timotej Kapus, Oren Ish-Shalom, Shachar Itzhaky, Noam Rinetzky, Cristian Cadar 2 This talk 3 Why? Give clarity to the meaning of loops Refactoring

  1. Computing Summaries of String Loops in C for Better Testing and Refactoring Timotej Kapus, Oren Ish-Shalom, Shachar Itzhaky, Noam Rinetzky, Cristian Cadar

  2. 2

  3. This talk ␣ 3

  4. Why? ● Give clarity to the meaning of loops ● Refactoring ● Program analysis ○ Symbolic execution ● Compiler optimisations 4

  5. Motivation: Refactoring 5

  6. Motivation: Refactoring summary 6

  7. Motivation: Refactoring ● Real examples from and ● C code contains lots of loops replicating libc functions ○ Different handling of edge cases 7

  8. Motivation: Program analysis ● Easier to reason about a known function than an arbitrary loop Example symbolic execution of Two approaches: 1. Unroll loop and gather constraints character by character 2. Model it as in theory of strings 8

  9. Scope: Memoryless Loops ● Loops conforming to an interface: ○ Argument: single pointer to a buffer ○ Returns: pointer to an offset in the buffer ● Only reads the character under current pointer ● Need a vocabulary to express these loops 9

  10. Remember? ␣ 10

  11. In our vocabulary ␣ STRSPN_OPCODE ␣ DATA TERMINATOR RETURN_OPCODE Loop summary! 11

  12. We just used characters! ␣ P \0 F ␣ STRSPN_OPCODE DATA TERMINATOR RETURN_OPCODE Loop summary! 12

  13. Vocabulary for expressing simple loops ● Vocabulary has meaning in an ● and (F) ● Adding a new vocabulary as simple as adding a new 13

  14. Vocabulary for expressing simple loops conditionals string.h functions pointer manipulation ● ● ● ● ● ● ● ● ● ● special ● ● ● 14

  15. Loop Summarisation Find sequences of characters that when executed by our interpreter have the same behaviour as the original loop 15

  16. Counter-example guided synthesis Generate a sequence of characters Loop to fitting all counterexamples summarize Synthesizer Verifier Success Done Fail - generate counterexample 16

  17. Synthesizer Verifier ● Symbolic execution ● Symbolic execution ● Use a symbolic string (program) ○ Bounded equivalence ● Constrain it to be equivalent on checking strings of length ≤ 3 current counterexamples ● Loops in our scope ● Ask an SMT solver for a solution ○ checking lengths ≤ 3 sufficient to show equivalence for any length (proof in the paper) 17

  18. Synthesizer Verifier ● Symbolic execution ● Symbolic execution ● Use a symbolic string (program) ○ Bounded equivalence ● Constrain it to be equivalent on checking strings of length ≤ 3 current counterexamples ● Loops in our scope ● Ask an SMT solver for a solution ○ checking lengths ≤ 3 sufficient to show equivalence for any length (proof in the paper) Single run of symbolic execution 18

  19. Synthesizer Verifier CEX: [] 19

  20. Program: F Synthesizer Verifier CEX: [] 20

  21. Synthesizer Verifier CEX: [] Counterexample: ␣ 21

  22. ␣ Program: P ␣ F Synthesizer Verifier CEX: [ ␣ ] 22

  23. ␣ Synthesizer Verifier CEX: [ ␣ ] Counterexample: 23

  24. ␣ Program: P ␣ F Synthesizer Verifier CEX: [ ␣ ] 24

  25. ␣ Synthesizer Verifier Done! CEX: [ ␣ ] P ␣ F 25

  26. Synthesis Evaluation ● 13 open source programs ● Semi-automatic process ● Extracted 115 loops fitting our scope ● In total 88/115 synthesised 26

  27. 2h/loop synthesis timeout: 77/115 loops 27

  28. Impact of timeout and program size 28

  29. Vocabulary optimisation ● Find a subset of vocabulary that Best performing vocabulary synthesises more loops ● ● Gaussian process optimization ● ● 5 minute timeout ● ● 81/115 loops with 5min timeout ● ● 7 additional loops found with full ● vocabulary and 2h timeout ● 88/115 total 29

  30. Improving symbolic execution ● Use loop summaries to gather more efficient constraints ● Intercept calls to functions and encode them in theory of strings ● Compare with character by character constraints ○ Theory of strings should have an advantage for longer strings ● Implemented in KLEE ● Compared (only) on the loops we extracted 30

  31. Improving symbolic execution 31

  32. Improving symbolic execution 32

  33. Compiler optimisation potential? ● Compare the loop summaries (libc library functions) with compiled loops 33

  34. Refactoring ● Use summaries to create patches and send them to developers ● Developers of , and accepted the patches - for(; *tmp == ' ' || *tmp == '\t'; tmp++){ - } - for(; *tmp == '\n' || *tmp == '\r'; tmp++){ - } /* skip LWS */ + tmp += strspn(tmp, " \t"); + tmp += strspn(tmp, "\n\r"); 34

  35. Conclusion ● Counterexample guided synthesis based technique for summarisation of simple loops in C ● 88/115 loops synthesized ● Applications: ○ Program analysis (symbolic execution) ○ Compiler optimisations ○ Refactoring 35

  36. 36

  37. 2h/loop synthesis timeout: 77/115 loops 37

  38. Loops with a Loops without read from single utility Total loops Inner loops pointer call Read only loops pointer bash 1085 944 438 264 45 diff 186 140 60 40 14 gawk 608 502 210 105 17 git 2904 2598 725 495 108 grep 222 172 72 42 9 m4 328 286 126 78 12 make 334 262 129 102 13 patch 207 172 88 67 20 sed 125 104 35 19 1 ssh 604 544 227 84 12 tar 492 432 155 106 33 torture_test 100 95 39 30 25 wget 228 197 115 83 14 SUM 7423 6448 2419 1515 323 38

  39. Has Goto 2 IOsideeffects 3 Non Pointer Return 74 Return In Loop 70 Too Many Arguments 28 Too Many Return Values 31 SUM 208 39

  40. Impact of timeout and program size - 30s timeout 40

  41. Impact of timeout and program size 41

  42. Impact of timeout and program size 42

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Building Java Programs Chapter 5 Lecture 10: while Loops, Fencepost Loops, and Sentinel Loops

Building Java Programs Chapter 5 Lecture 10: while Loops, Fencepost Loops, and Sentinel Loops

Building Java Programs Chapter 5 Lecture 10: while Loops, Fencepost Loops, and Sentinel Loops reading: 5.1 5.2 1 String methods Method name Description indexOf( str ) index where the start of the given string appears in this string (-1 if

755 views • 41 slides
Gaugino masses from string loops problem: m 1 / 2 = 0 to lowest order generated by string

Gaugino masses from string loops problem: m 1 / 2 = 0 to lowest order generated by string

I. Antoniadis CERN Gaugino masses from string loops problem: m 1 / 2 = 0 to lowest order generated by string loop corrections Framework: type I string theory effective field theory: may be still tree-level closed string gravity

419 views • 14 slides
Objectives Wrap up indefinite loops Text processing, manipulation String operations,

Objectives Wrap up indefinite loops Text processing, manipulation String operations,

Objectives Wrap up indefinite loops Text processing, manipulation String operations, processing, methods Broader Issue: Self-driving cars Feb 15, 2019 Sprenkle - CSCI111 1 Review How do write indefinite loops in Python? Why

475 views • 10 slides
SAMS Programming - Section C Week 2 - Lecture 2: More strings + Nested loops + Style July 12,

SAMS Programming - Section C Week 2 - Lecture 2: More strings + Nested loops + Style July 12,

SAMS Programming - Section C Week 2 - Lecture 2: More strings + Nested loops + Style July 12, 2017 On the menu today Wrap up strings Nested loops Style Wrap up strings String literals string literal x = #FeelTheBern single-quotes

913 views • 68 slides
Computing Summaries for Interprocedural Analysis Ashish Tiwari Tiwari@csl.sri.com Computer

Computing Summaries for Interprocedural Analysis Ashish Tiwari Tiwari@csl.sri.com Computer

Computing Summaries for Interprocedural Analysis Ashish Tiwari Tiwari@csl.sri.com Computer Science Laboratory SRI International Menlo Park CA 94025 http://www.csl.sri.com/tiwari Joint work with Sumit Gulwani, Microsoft Research

373 views • 23 slides
Business Statistics CONTENTS Data summaries Univariate summaries Bivariate summaries

Business Statistics CONTENTS Data summaries Univariate summaries Bivariate summaries

SUMMARIZING DATA Business Statistics CONTENTS Data summaries Univariate summaries Bivariate summaries Statistical summaries Further study DATA SUMMARIES Summarizing data = losing info: so why losing information? to see the essential

606 views • 39 slides
Tutorial 3 Loops Side Effects 1 CS 136 Spring 2020 Tutorial 3 Loops: for loops &

Tutorial 3 Loops Side Effects 1 CS 136 Spring 2020 Tutorial 3 Loops: for loops &

Tutorial 3 Loops Side Effects 1 CS 136 Spring 2020 Tutorial 3 Loops: for loops & while loops Using a loop to solve a problem is called iteration . while is similar to if statements but while repeatedly loops back and

457 views • 8 slides
Loops! Flow of Control: Loops (Savitch, Chapter 4) TOPICS while Loops do while

Loops! Flow of Control: Loops (Savitch, Chapter 4) TOPICS while Loops do while

Loops! Flow of Control: Loops (Savitch, Chapter 4) TOPICS while Loops do while Loops for Loops break Statement continue Statement CS 160, Fall Semester 2012 2 An Example While Loop

446 views • 11 slides
Lecture 12: Iteration and For-Loops (Sections 4.2 and 10.3) CS 1110 Introduction to Computing

Lecture 12: Iteration and For-Loops (Sections 4.2 and 10.3) CS 1110 Introduction to Computing

http://www.cs.cornell.edu/courses/cs1110/2019sp Lecture 12: Iteration and For-Loops (Sections 4.2 and 10.3) CS 1110 Introduction to Computing Using Python [E. Andersen, A. Bracy, D. Gries, L. Lee, S. Marschner, C. Van Loan, W. White] Problem:

838 views • 38 slides
Lecture 11: Iteration and For Loops (Sections 4.2 and 10.3) CS 1110 Introduction to Computing

Lecture 11: Iteration and For Loops (Sections 4.2 and 10.3) CS 1110 Introduction to Computing

http://www.cs.cornell.edu/courses/cs1110/2020sp Lecture 11: Iteration and For Loops (Sections 4.2 and 10.3) CS 1110 Introduction to Computing Using Python [E. Andersen, A. Bracy, D. Fan, D. Gries, L. Lee, S. Marschner, C. Van Loan, W. White]

604 views • 37 slides
Lecture 11: Iteration and For-Loops (Sections 4.2 and 10.3) CS 1110 Introduction to Computing

Lecture 11: Iteration and For-Loops (Sections 4.2 and 10.3) CS 1110 Introduction to Computing

http://www.cs.cornell.edu/courses/cs1110/2018sp Lecture 11: Iteration and For-Loops (Sections 4.2 and 10.3) CS 1110 Introduction to Computing Using Python [E. Andersen, A. Bracy, D. Gries, L. Lee, S. Marschner, C. Van Loan, W. White]

964 views • 41 slides
Lecture 20: While Loops (Sections 7.3, 7.4) CS 1110 Introduction to Computing Using Python [E.

Lecture 20: While Loops (Sections 7.3, 7.4) CS 1110 Introduction to Computing Using Python [E.

http://www.cs.cornell.edu/courses/cs1110/2018sp Lecture 20: While Loops (Sections 7.3, 7.4) CS 1110 Introduction to Computing Using Python [E. Andersen, A. Bracy, D. Gries, L. Lee, S. Marschner, C. Van Loan, W. White] Announcements A3 is

472 views • 22 slides
The Boundary State from Wilson Loops Online Workshop on String Field Theory and Related Aspects

The Boundary State from Wilson Loops Online Workshop on String Field Theory and Related Aspects

The Boundary State from Wilson Loops Online Workshop on String Field Theory and Related Aspects June 2020 Shota Komatsu, IAS Based on two papers to appear. With Yunfeng Jiang, Amit Sever, and Edoardo Vescovi Shota Komatsu, IAS The Boundary

1.05k views • 45 slides
LOOPS Loops Loops Loops! How can we repeat a piece of code without having to write it out over

LOOPS Loops Loops Loops! How can we repeat a piece of code without having to write it out over

Session 6 LOOPS Loops Loops Loops! How can we repeat a piece of code without having to write it out over and over?! With loops! The Game Loop For Loop vs. While Loop For Loops While Loops Start/End are Known Start/End not Always Clear

301 views • 26 slides
Building Java Programs Chapter 5 Lecture 11: while Loops, Fencepost Loops, and Sentinel Loops

Building Java Programs Chapter 5 Lecture 11: while Loops, Fencepost Loops, and Sentinel Loops

Building Java Programs Chapter 5 Lecture 11: while Loops, Fencepost Loops, and Sentinel Loops reading: 5.1 5.2 (Slides adapted from Stuart Reges, Hlne Martin, and Marty Stepp) 1 2 Methods using charAt Write a method

795 views • 20 slides
JS While Loops CS 115 Computing for the Socio-Techno Web Instructor: Brian Brubach Announcements

JS While Loops CS 115 Computing for the Socio-Techno Web Instructor: Brian Brubach Announcements

JS While Loops CS 115 Computing for the Socio-Techno Web Instructor: Brian Brubach Announcements Fill out guest speaker poll Social implications Thurs PM2 Thurs Project meetings Fri Assignment 4 out while statement while

672 views • 15 slides
Gordon Stewart (Princeton), Mahanth Gowda (UIUC), Geoff Mainland (Drexel), Cristina Luengo (UPC),

Gordon Stewart (Princeton), Mahanth Gowda (UIUC), Geoff Mainland (Drexel), Cristina Luengo (UPC),

Gordon Stewart (Princeton), Mahanth Gowda (UIUC), Geoff Mainland (Drexel), Cristina Luengo (UPC), Anton Ekblad (Chalmers), Bozidar Radunovic (MSR), Dimitrios Vytiniotis (MSR) What is ZIRIA* A programming language for bit stream and packet

536 views • 50 slides
An Introduction to Template Metaprogramming Barney Dellar Software Team Lead Toshiba Medical

An Introduction to Template Metaprogramming Barney Dellar Software Team Lead Toshiba Medical

An Introduction to Template Metaprogramming Barney Dellar Software Team Lead Toshiba Medical Visualisation Systems Caveat I decided to do this talk after getting thoroughly lost on the recent talk on SFINAE. I am not an expert on this

757 views • 50 slides
Processes, I/O Multiplexing David Hovemeyer 20 November 2019 David Hovemeyer Computer Systems

Processes, I/O Multiplexing David Hovemeyer 20 November 2019 David Hovemeyer Computer Systems

Processes, I/O Multiplexing David Hovemeyer 20 November 2019 David Hovemeyer Computer Systems Fundamentals: Processes, I/O Multiplexing 20 November 2019 Web server 1 Main web server loop: while (1) { int clientfd = Accept(serverfd, NULL,

547 views • 37 slides
Anne Bracy CS 3410 Computer Science Cornell University The slides are the product of many

Anne Bracy CS 3410 Computer Science Cornell University The slides are the product of many

Anne Bracy CS 3410 Computer Science Cornell University The slides are the product of many rounds of teaching CS 3410 by Professors Weatherspoon, Bala, Bracy, McKee, and Sirer. See P&H 2.8 and 2.12, and A.5-6 compute jump/branch targets

787 views • 44 slides
Verifying Pointer Programs using Graph Grammars Christina Jansen, Joost-Pieter Katoen, Christoph

Verifying Pointer Programs using Graph Grammars Christina Jansen, Joost-Pieter Katoen, Christoph

Verifying Pointer Programs using Graph Grammars Christina Jansen, Joost-Pieter Katoen, Christoph Matheja, Thomas Noll Overview The Abstract Execution Approach Juggrnaut Abstract State Space Pointer-Program 1 1 l r l r completeness

547 views • 31 slides
Manipulating functional dependencies This document contains detailed descriptions of the

Manipulating functional dependencies This document contains detailed descriptions of the

Manipulating functional dependencies This document contains detailed descriptions of the algorithms used to manipulate FDs. Closure of an attribute set Given relation R, attribute set A (subset of R), and an FD set FS over relation R, return A+,

39 views • 3 slides
Truncated Moment Problems with Associated Finite Algebraic Varieties (joint work with Seonguk

Truncated Moment Problems with Associated Finite Algebraic Varieties (joint work with Seonguk

Truncated Moment Problems with Associated Finite Algebraic Varieties (joint work with Seonguk Yoo) Ra ul Curto Helton Workshop, UCSD, October 4, 2010 Dedicated to Bill on the occasion of his 65th birthday! Ra ul Curto (Helton Wrkshp,

811 views • 56 slides
Multiproce cessi sing ng in Athena na I. I. Performance nce study of Athena na event and

Multiproce cessi sing ng in Athena na I. I. Performance nce study of Athena na event and

Multiproce cessi sing ng in Athena na I. I. Performance nce study of Athena na event and job level parallelism on multi-co core systems. II. Performance nce optimizations ns in Athena naMP. 1 Athena multi i jobs Athena MJ - job

1.11k views • 16 slides

More recommend