optimizing constraint solving to better support symbolic
play

Optimizing Constraint Solving to Better Support Symbolic Execution - PowerPoint PPT Presentation

May 21, 2023 •147 likes •1.07k views

Optimizing Constraint Solving to Better Support Symbolic Execution Ikpeme Erete and Alessandro Orso School of Computer Science College of Computing Georgia Institute of Technology Partially supported by : NSF, IBM, and MSR Background:

  1. Optimizing Constraint Solving to Better Support Symbolic Execution Ikpeme Erete and Alessandro Orso School of Computer Science – College of Computing Georgia Institute of Technology Partially supported by : NSF, IBM, and MSR

  2. Background: Dynamic Symbolic Execution Inputs: a=4, b= 5, c=6, d=1 01. foo(int a, int b, int c, int d) { 02. if (c > a) Executed branches: 03. int e=d+10 04. if (b > 5) 05. // do something Symbolic state: 06. else if (a < e) 07. if (b < c) 08. // do something Path condition (PC): 09. else 10. // do something 11. else DSE: 12. // do something 13. return 14. }

  3. Background: Dynamic Symbolic Execution Inputs: a=4, b= 5, c=6, d=1 01. foo(int a, int b, int c, int d) { 02. if (c > a) Executed branches: 03. int e=d+10 04. if (b > 5) 05. // do something Symbolic state: 06. else if (a < e) a=a 0 , b=b 0 , c=c 0 , d=d 0 07. if (b < c) 08. // do something Path condition (PC): 09. else 10. // do something 11. else DSE: 12. // do something 13. return 14. }

  4. Background: Dynamic Symbolic Execution Inputs: a=4, b= 5, c=6, d=1 01. foo(int a, int b, int c, int d) { 02. if (c > a) Executed branches: 03. int e=d+10 04. if (b > 5) 05. // do something Symbolic state: 06. else if (a < e) a=a 0 , b=b 0 , c=c 0 , d=d 0 07. if (b < c) 08. // do something Path condition (PC): 09. else 10. // do something 11. else DSE: 12. // do something 13. return 14. }

  5. Background: Dynamic Symbolic Execution Inputs: a=4, b= 5, c=6, d=1 01. foo(int a, int b, int c, int d) { 02. if (c > a) 2T, Executed branches: 03. int e=d+10 04. if (b > 5) 05. // do something Symbolic state: 06. else if (a < e) a=a 0 , b=b 0 , c=c 0 , d=d 0 07. if (b < c) 08. // do something Path condition (PC): 09. else 10. // do something 11. else DSE: 12. // do something 13. return 14. }

  6. Background: Dynamic Symbolic Execution Inputs: a=4, b= 5, c=6, d=1 01. foo(int a, int b, int c, int d) { 02. if (c > a) 2T, Executed branches: 03. int e=d+10 04. if (b > 5) 05. // do something Symbolic state: 06. else if (a < e) a=a 0 , b=b 0 , c=c 0 , d=d 0 07. if (b < c) 08. // do something Path condition (PC): 09. else (c 0 > a 0 ) 10. // do something 11. else DSE: 12. // do something 13. return 14. }

  7. Background: Dynamic Symbolic Execution Inputs: a=4, b= 5, c=6, d=1 01. foo(int a, int b, int c, int d) { 02. if (c > a) 2T, Executed branches: 03. int e=d+10 04. if (b > 5) 05. // do something Symbolic state: 06. else if (a < e) a=a 0 , b=b 0 , c=c 0 , d=d 0 07. if (b < c) 08. // do something Path condition (PC): 09. else (c 0 > a 0 ) 10. // do something 11. else DSE: 12. // do something 13. return 14. }

  8. Background: Dynamic Symbolic Execution Inputs: a=4, b= 5, c=6, d=1 01. foo(int a, int b, int c, int d) { 02. if (c > a) 2T, Executed branches: 03. int e=d+10 04. if (b > 5) 05. // do something Symbolic state: 06. else if (a < e) a=a 0 , b=b 0 , c=c 0 , d=d 0 , e=d 0 +10 07. if (b < c) 08. // do something Path condition (PC): 09. else (c 0 > a 0 ) 10. // do something 11. else DSE: 12. // do something 13. return 14. }

  9. Background: Dynamic Symbolic Execution Inputs: a=4, b= 5, c=6, d=1 01. foo(int a, int b, int c, int d) { 02. if (c > a) 2T, Executed branches: 03. int e=d+10 04. if (b > 5) 05. // do something Symbolic state: 06. else if (a < e) a=a 0 , b=b 0 , c=c 0 , d=d 0 , e=d 0 +10 07. if (b < c) 08. // do something Path condition (PC): 09. else (c 0 > a 0 ) 10. // do something 11. else DSE: 12. // do something 13. return 14. }

  10. Background: Dynamic Symbolic Execution Inputs: a=4, b= 5, c=6, d=1 01. foo(int a, int b, int c, int d) { 02. if (c > a) 2T, 4F, Executed branches: 03. int e=d+10 04. if (b > 5) 05. // do something Symbolic state: 06. else if (a < e) a=a 0 , b=b 0 , c=c 0 , d=d 0 , e=d 0 +10 07. if (b < c) 08. // do something Path condition (PC): 09. else (c 0 > a 0 ) 10. // do something 11. else DSE: 12. // do something 13. return 14. }

  11. Background: Dynamic Symbolic Execution Inputs: a=4, b= 5, c=6, d=1 01. foo(int a, int b, int c, int d) { 02. if (c > a) 2T, 4F, Executed branches: 03. int e=d+10 04. if (b > 5) 05. // do something Symbolic state: 06. else if (a < e) a=a 0 , b=b 0 , c=c 0 , d=d 0 , e=d 0 +10 07. if (b < c) 08. // do something Path condition (PC): 09. else (c 0 > a 0 ) Λ (b 0 <= 5) 10. // do something 11. else DSE: 12. // do something 13. return 14. }

  12. Background: Dynamic Symbolic Execution Inputs: a=4, b= 5, c=6, d=1 01. foo(int a, int b, int c, int d) { 02. if (c > a) 2T, 4F, Executed branches: 03. int e=d+10 04. if (b > 5) 05. // do something Symbolic state: 06. else if (a < e) a=a 0 , b=b 0 , c=c 0 , d=d 0 , e=d 0 +10 07. if (b < c) 08. // do something Path condition (PC): 09. else (c 0 > a 0 ) Λ (b 0 <= 5) 10. // do something 11. else DSE: 12. // do something 13. return 14. }

  13. Background: Dynamic Symbolic Execution Inputs: a=4, b= 5, c=6, d=1 01. foo(int a, int b, int c, int d) { 02. if (c > a) 2T, 4F, 6T, Executed branches: 03. int e=d+10 04. if (b > 5) 05. // do something Symbolic state: 06. else if (a < e) a=a 0 , b=b 0 , c=c 0 , d=d 0 , e=d 0 +10 07. if (b < c) 08. // do something Path condition (PC): 09. else (c 0 > a 0 ) Λ (b 0 <= 5) 10. // do something 11. else DSE: 12. // do something 13. return 14. }

  14. Background: Dynamic Symbolic Execution Inputs: a=4, b= 5, c=6, d=1 01. foo(int a, int b, int c, int d) { 02. if (c > a) 2T, 4F, 6T, Executed branches: 03. int e=d+10 04. if (b > 5) 05. // do something Symbolic state: 06. else if (a < e) a=a 0 , b=b 0 , c=c 0 , d=d 0 , e=d 0 +10 07. if (b < c) 08. // do something Path condition (PC): 09. else (c 0 > a 0 ) Λ (b 0 <= 5) Λ (a 0 < d 0 + 10) 10. // do something 11. else DSE: 12. // do something 13. return 14. }

  15. Background: Dynamic Symbolic Execution Inputs: a=4, b= 5, c=6, d=1 01. foo(int a, int b, int c, int d) { 02. if (c > a) 2T, 4F, 6T, Executed branches: 03. int e=d+10 04. if (b > 5) 05. // do something Symbolic state: 06. else if (a < e) a=a 0 , b=b 0 , c=c 0 , d=d 0 , e=d 0 +10 07. if (b < c) 08. // do something Path condition (PC): 09. else (c 0 > a 0 ) Λ (b 0 <= 5) Λ (a 0 < d 0 + 10) 10. // do something 11. else DSE: 12. // do something 13. return 14. }

  16. Background: Dynamic Symbolic Execution Inputs: a=4, b= 5, c=6, d=1 01. foo(int a, int b, int c, int d) { 02. if (c > a) 2T, 4F, 6T, 7T Executed branches: 03. int e=d+10 04. if (b > 5) 05. // do something Symbolic state: 06. else if (a < e) a=a 0 , b=b 0 , c=c 0 , d=d 0 , e=d 0 +10 07. if (b < c) 08. // do something Path condition (PC): 09. else (c 0 > a 0 ) Λ (b 0 <= 5) Λ (a 0 < d 0 + 10) 10. // do something 11. else DSE: 12. // do something 13. return 14. }

  17. Background: Dynamic Symbolic Execution Inputs: a=4, b= 5, c=6, d=1 01. foo(int a, int b, int c, int d) { 02. if (c > a) 2T, 4F, 6T, 7T Executed branches: 03. int e=d+10 04. if (b > 5) 05. // do something Symbolic state: 06. else if (a < e) a=a 0 , b=b 0 , c=c 0 , d=d 0 , e=d 0 +10 07. if (b < c) 08. // do something Path condition (PC): 09. else (c 0 > a 0 ) Λ (b 0 <= 5) Λ (a 0 < d 0 + 10) Λ (b 0 < c 0 ) 10. // do something 11. else DSE: 12. // do something 13. return 14. }

  18. Background: Dynamic Symbolic Execution Inputs: a=4, b= 5, c=6, d=1 01. foo(int a, int b, int c, int d) { 02. if (c > a) 2T, 4F, 6T, 7T Executed branches: 03. int e=d+10 04. if (b > 5) 05. // do something Symbolic state: 06. else if (a < e) a=a 0 , b=b 0 , c=c 0 , d=d 0 , e=d 0 +10 07. if (b < c) 08. // do something Path condition (PC): 09. else (c 0 > a 0 ) Λ (b 0 <= 5) Λ (a 0 < d 0 + 10) Λ (b 0 < c 0 ) 10. // do something 11. else DSE: 12. // do something 13. return 14. }

  19. Background: Dynamic Symbolic Execution Inputs: a=4, b= 5, c=6, d=1 01. foo(int a, int b, int c, int d) { 02. if (c > a) 2T, 4F, 6T, 7T Executed branches: 03. int e=d+10 04. if (b > 5) 05. // do something Symbolic state: 06. else if (a < e) a=a 0 , b=b 0 , c=c 0 , d=d 0 , e=d 0 +10 07. if (b < c) 08. // do something Path condition (PC): 09. else (c 0 > a 0 ) Λ (b 0 <= 5) Λ (a 0 < d 0 + 10) Λ (b 0 < c 0 ) 10. // do something 11. else DSE: 12. // do something 13. return 14. }

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Constraint Solving in Symbolic Execution Cristian Cadar Department of Computing Imperial College

Constraint Solving in Symbolic Execution Cristian Cadar Department of Computing Imperial College

Constraint Solving in Symbolic Execution Cristian Cadar Department of Computing Imperial College London Invited talk at SMT 2015 18 July, San Francisco, CA, USA Dynamic Symbolic Execution Dynamic symbolic execution is a technique for

660 views • 53 slides
Solving Constraint Satisfaction Problems: Arc Consistency and Constraint Propagation Brian

Solving Constraint Satisfaction Problems: Arc Consistency and Constraint Propagation Brian

Solving Constraint Satisfaction Problems: Arc Consistency and Constraint Propagation Brian Williams 16.410 - 13 September 29 th , 2003 Slides adapted from: 6.034 Tomas Lozano Perez and AIMA Stuart Russell &amp; Peter Norvig 1 1 Outline

464 views • 18 slides
Using Interval Constraint Propagation for Pseudo- Boolean Constraint Solving

Using Interval Constraint Propagation for Pseudo- Boolean Constraint Solving

Using Interval Constraint Propagation for Pseudo- Boolean Constraint Solving Albert-Ludwigs-Universitt Freiburg Karsten Scheibler, Bernd Becker Chair of Computer Architecture FMCAD 2014 PB Constraints PB Constraints: 2 x 1 + 4 x 2 + x 3

1.12k views • 23 slides
Symbolic Verification in Synchronous Constraint Programming (Work in progress) Synchronous

Symbolic Verification in Synchronous Constraint Programming (Work in progress) Synchronous

Symbolic Verification in Synchronous Constraint Programming (Work in progress) Synchronous workshop 2003 Christophe Mauras Christophe.Mauras@univ-nantes.fr Irin/Universit e de Nantes Overview From Symbolic Simulation to Constraint

388 views • 19 slides
Solving Sudoku Puzzles Constraint propagation, Graph traversal, and Backtracking Constraint

Solving Sudoku Puzzles Constraint propagation, Graph traversal, and Backtracking Constraint

Solving Sudoku Puzzles Constraint propagation, Graph traversal, and Backtracking Constraint Satisfaction Given some constraints, can I find a solution? e.g. Given the contents of my fridge, is there a nutritious dinner to be made?

790 views • 13 slides
Solving Mazes Constraint propagation, Graph traversal, and Backtracking Constraint Satisfaction

Solving Mazes Constraint propagation, Graph traversal, and Backtracking Constraint Satisfaction

Solving Mazes Constraint propagation, Graph traversal, and Backtracking Constraint Satisfaction Given some constraints, can I find a solution? e.g. Given the contents of my fridge, is there a nutritious dinner to be made? e.g. Can we

487 views • 14 slides
A Constraint-Solving Approach to Faust Program Type Checking Constraint Programming Meets

A Constraint-Solving Approach to Faust Program Type Checking Constraint Programming Meets

A Constraint-Solving Approach to Faust Program Type Checking Constraint Programming Meets Verification 2014 Workhsop Imr Frotier de la Messelire 1 , Pierre Jouvelot 1 , Jean-Pierre Talpin 2 1 MINES ParisTech, PSL Research University 2 INRIA

620 views • 26 slides
FINITE DOMAIN Constraint / Bits PROBLEM SOLVING relation lost Large CNF Problem

FINITE DOMAIN Constraint / Bits PROBLEM SOLVING relation lost Large CNF Problem

FINITE DOMAIN Constraint / Bits PROBLEM SOLVING relation lost Large CNF Problem Constraint Model Encoding CNF (hard) Model CSP solving SAT solving Direct Model Satisfied Solution Decoding Translate Solution assignment

218 views • 20 slides
MODELLING AND SOLVING SCHEDULING PROBLEMS USING CONSTRAINT PROGRAMMING CONSTRAINT PROGRAMMING Two

MODELLING AND SOLVING SCHEDULING PROBLEMS USING CONSTRAINT PROGRAMMING CONSTRAINT PROGRAMMING Two

Roman Bartk (Charles University in Prague, Czech Republic) y g p MODELLING AND SOLVING SCHEDULING PROBLEMS USING CONSTRAINT PROGRAMMING CONSTRAINT PROGRAMMING Two worlds Two worlds planning vs. scheduling planning is about finding

189 views • 15 slides
Constraint Solving via Fractional Edge Covers Martin Grohe and D aniel Marx

Constraint Solving via Fractional Edge Covers Martin Grohe and D aniel Marx

Constraint Solving via Fractional Edge Covers Martin Grohe and D aniel Marx Humboldt-Universit at zu Berlin Institut f ur Informatik Symposium on Discrete Algorithms (SODA) 2006 January 22, 2006 Constraint Solving via Fractional Edge

1.51k views • 30 slides
Introduction to Constraint Programming Combinatorial Problem Solving (CPS) Enric Rodr

Introduction to Constraint Programming Combinatorial Problem Solving (CPS) Enric Rodr

Introduction to Constraint Programming Combinatorial Problem Solving (CPS) Enric Rodr guez-Carbonell (based on materials by Javier Larrosa) February 11, 2020 Constraint Satisfaction Problem A constraint satisfaction problem (CSP) is a

940 views • 34 slides
Constraint Solving via Fractional Edge Covers D aniel Marx Joint work with Martin Grohe

Constraint Solving via Fractional Edge Covers D aniel Marx Joint work with Martin Grohe

Constraint Solving via Fractional Edge Covers D aniel Marx Joint work with Martin Grohe Humboldt-Universit at zu Berlin Institut f ur Informatik MathCSP Workshop March 22, 2006, Oxford Constraint Solving via Fractional Edge Covers

963 views • 48 slides
Tutorial on Gecode Constraint Programming Combinatorial Problem Solving (CPS) Enric Rodr

Tutorial on Gecode Constraint Programming Combinatorial Problem Solving (CPS) Enric Rodr

Tutorial on Gecode Constraint Programming Combinatorial Problem Solving (CPS) Enric Rodr guez-Carbonell March 3, 2020 Gecode Gecode is environment for developing constraint-programming based progs open source: extensible, easily

595 views • 44 slides
Outline What is a Constraint ? What is a Global Constraint ? Examples of Global

Outline What is a Constraint ? What is a Global Constraint ? Examples of Global

I nterest of Global Constraints for Modeling and Solving Eric Bourreau, Franois Laburthe BOUYGUES e lab St-Quentin-en-Yvelines - FRANCE { ebourrea;flaburth} @challenger.bouygues.fr 1 Outline What is a Constraint ? What is a

492 views • 8 slides
Enhancing Reuse of Constraint Solutions to Improve Symbolic Execution Xiangyang Jia (Wuhan

Enhancing Reuse of Constraint Solutions to Improve Symbolic Execution Xiangyang Jia (Wuhan

Enhancing Reuse of Constraint Solutions to Improve Symbolic Execution Xiangyang Jia (Wuhan University) Carlo Ghezzi (Politecnico di Milano) Shi Ying (Wuhan University) Outline Motivation Logical Basis of our Approach GreenTrie

589 views • 36 slides
Side Channel Analysis Using a Model Counting Constraint Solver and Symbolic Execution Tevfik

Side Channel Analysis Using a Model Counting Constraint Solver and Symbolic Execution Tevfik

Side Channel Analysis Using a Model Counting Constraint Solver and Symbolic Execution Tevfik Bultan Computer Science Department University of California, Santa Barbara (UCSB) Joint work with: Abdulbaki Aydin, Lucas Bang, UCSB Corina

1.1k views • 91 slides
The MariaDB/MySQL Query Executor In-depth Presented by: Timour Katchaounov Optimizer team: Igor

The MariaDB/MySQL Query Executor In-depth Presented by: Timour Katchaounov Optimizer team: Igor

The MariaDB/MySQL Query Executor In-depth Presented by: Timour Katchaounov Optimizer team: Igor Babaev, Sergey Petrunia, Timour Katchaounov Outline What's IN What's NOT IN Query engine architecture Query optimization Execution model

630 views • 19 slides
TensorFlow Extended (TFX) An End-to-End ML Platform Clemens Mewald TensorFlow Extended (TFX): An

TensorFlow Extended (TFX) An End-to-End ML Platform Clemens Mewald TensorFlow Extended (TFX): An

TensorFlow Extended (TFX) An End-to-End ML Platform Clemens Mewald TensorFlow Extended (TFX): An End-to-End ML Platform Integrated Frontend for Job Management, Monitoring, Debugging, Data/Model/Evaluation Visualization Shared Configuration

1.83k views • 129 slides
Federal Estate Tax Law 2015 Law Offices of Robert E. Danielson Robert E. Danielson, Esq. 65

Federal Estate Tax Law 2015 Law Offices of Robert E. Danielson Robert E. Danielson, Esq. 65

Federal Estate Tax Law 2015 Law Offices of Robert E. Danielson Robert E. Danielson, Esq. 65 West Commercial Street, Suite 106 Portland, Maine 04101 www.danielsonlawoffice.com Overview Current State of the Law Final Portability

319 views • 20 slides
Accelerating Spark Workloads using GPUs Rajesh Bordawekar, Minsik Cho, Wei Tan, Benjamin Herta,

Accelerating Spark Workloads using GPUs Rajesh Bordawekar, Minsik Cho, Wei Tan, Benjamin Herta,

Accelerating Spark Workloads using GPUs Rajesh Bordawekar, Minsik Cho, Wei Tan, Benjamin Herta, Vladimir Zolotov, Alexei Lvov, Liana Fong, and David Kung IBM T. J. Watson Research Center 1 GPU Integration Issues Outline Spark Background

327 views • 21 slides
United States Court of Appeals for the Federal Circuit 2007-1184 AKIRA AKAZAWA and PALM CREST,

United States Court of Appeals for the Federal Circuit 2007-1184 AKIRA AKAZAWA and PALM CREST,

United States Court of Appeals for the Federal Circuit 2007-1184 AKIRA AKAZAWA and PALM CREST, INC., Plaintiffs-Appellants, v. LINK NEW TECHNOLOGY INTERNATIONAL, INC., Defendant-Appellee. R. Joseph Trojan, Trojan Law Offices, of Beverly

98 views • 9 slides
Financial Planning Alace 2015 ours What this session will cover ours Wont do: Will do:

Financial Planning Alace 2015 ours What this session will cover ours Wont do: Will do:

ours ours Financial Planning Alace 2015 ours What this session will cover ours Wont do: Will do: Provide financial or Making good pension choices tax advice Key financial planning Look at individual needs, principles

360 views • 32 slides
HDFC Equity Savings Fund 10% to 35% 15% to 40% (An open ended scheme investing in equity,

HDFC Equity Savings Fund 10% to 35% 15% to 40% (An open ended scheme investing in equity,

Tax efficient The best of three asset classes returns # Unhedged Debt Equity HDFC Equity Savings Fund 10% to 35% 15% to 40% (An open ended scheme investing in equity, arbitrage and debt) Arbitrage 25% to 75% This product is suitable for

572 views • 28 slides
William Hill PLC Bond Investor Presentation May 2013 Disclaimer THIS DOCUMENT IS NOT FOR

William Hill PLC Bond Investor Presentation May 2013 Disclaimer THIS DOCUMENT IS NOT FOR

William Hill PLC Bond Investor Presentation May 2013 Disclaimer THIS DOCUMENT IS NOT FOR PUBLICATION, RELEASE OR DISTRIBUTION IN AND MAY NOT BE TAKEN OR TRANSMITTED INTO THE UNITED STATES OF AMERICA, CANADA, JAPAN, SOUTH AFRICA OR AUSTRALIA AND

638 views • 26 slides

More recommend