6,477 research outputs found
Automatic Repair of Infinite Loops
Research on automatic software repair is concerned with the development of
systems that automatically detect and repair bugs. One well-known class of bugs
is the infinite loop. Every computer programmer or user has, at least once,
experienced this type of bug. We state the problem of repairing infinite loops
in the context of test-suite based software repair: given a test suite with at
least one failing test, generate a patch that makes all test cases pass.
Consequently, repairing infinites loop means having at least one test case that
hangs by triggering the infinite loop. Our system to automatically repair
infinite loops is called . We develop a technique to manipulate
loops so that one can dynamically analyze the number of iterations of loops;
decide to interrupt the loop execution; and dynamically examine the state of
the loop on a per-iteration basis. Then, in order to synthesize a new loop
condition, we encode this set of program states as a code synthesis problem
using a technique based on Satisfiability Modulo Theory (SMT). We evaluate our
technique on seven seeded-bugs and on seven real-bugs. is able to
repair all of them, within seconds up to one hour on a standard laptop
configuration
Experiments with a Convex Polyhedral Analysis Tool for Logic Programs
Convex polyhedral abstractions of logic programs have been found very useful
in deriving numeric relationships between program arguments in order to prove
program properties and in other areas such as termination and complexity
analysis. We present a tool for constructing polyhedral analyses of
(constraint) logic programs. The aim of the tool is to make available, with a
convenient interface, state-of-the-art techniques for polyhedral analysis such
as delayed widening, narrowing, "widening up-to", and enhanced automatic
selection of widening points. The tool is accessible on the web, permits user
programs to be uploaded and analysed, and is integrated with related program
transformations such as size abstractions and query-answer transformation. We
then report some experiments using the tool, showing how it can be conveniently
used to analyse transition systems arising from models of embedded systems, and
an emulator for a PIC microcontroller which is used for example in wearable
computing systems. We discuss issues including scalability, tradeoffs of
precision and computation time, and other program transformations that can
enhance the results of analysis.Comment: Paper presented at the 17th Workshop on Logic-based Methods in
Programming Environments (WLPE2007
A Survey of Symbolic Execution Techniques
Many security and software testing applications require checking whether
certain properties of a program hold for any possible usage scenario. For
instance, a tool for identifying software vulnerabilities may need to rule out
the existence of any backdoor to bypass a program's authentication. One
approach would be to test the program using different, possibly random inputs.
As the backdoor may only be hit for very specific program workloads, automated
exploration of the space of possible inputs is of the essence. Symbolic
execution provides an elegant solution to the problem, by systematically
exploring many possible execution paths at the same time without necessarily
requiring concrete inputs. Rather than taking on fully specified input values,
the technique abstractly represents them as symbols, resorting to constraint
solvers to construct actual instances that would cause property violations.
Symbolic execution has been incubated in dozens of tools developed over the
last four decades, leading to major practical breakthroughs in a number of
prominent software reliability applications. The goal of this survey is to
provide an overview of the main ideas, challenges, and solutions developed in
the area, distilling them for a broad audience.
The present survey has been accepted for publication at ACM Computing
Surveys. If you are considering citing this survey, we would appreciate if you
could use the following BibTeX entry: http://goo.gl/Hf5FvcComment: This is the authors pre-print copy. If you are considering citing
this survey, we would appreciate if you could use the following BibTeX entry:
http://goo.gl/Hf5Fv
Taming Numbers and Durations in the Model Checking Integrated Planning System
The Model Checking Integrated Planning System (MIPS) is a temporal least
commitment heuristic search planner based on a flexible object-oriented
workbench architecture. Its design clearly separates explicit and symbolic
directed exploration algorithms from the set of on-line and off-line computed
estimates and associated data structures. MIPS has shown distinguished
performance in the last two international planning competitions. In the last
event the description language was extended from pure propositional planning to
include numerical state variables, action durations, and plan quality objective
functions. Plans were no longer sequences of actions but time-stamped
schedules. As a participant of the fully automated track of the competition,
MIPS has proven to be a general system; in each track and every benchmark
domain it efficiently computed plans of remarkable quality. This article
introduces and analyzes the most important algorithmic novelties that were
necessary to tackle the new layers of expressiveness in the benchmark problems
and to achieve a high level of performance. The extensions include critical
path analysis of sequentially generated plans to generate corresponding optimal
parallel plans. The linear time algorithm to compute the parallel plan bypasses
known NP hardness results for partial ordering by scheduling plans with respect
to the set of actions and the imposed precedence relations. The efficiency of
this algorithm also allows us to improve the exploration guidance: for each
encountered planning state the corresponding approximate sequential plan is
scheduled. One major strength of MIPS is its static analysis phase that grounds
and simplifies parameterized predicates, functions and operators, that infers
knowledge to minimize the state description length, and that detects domain
object symmetries. The latter aspect is analyzed in detail. MIPS has been
developed to serve as a complete and optimal state space planner, with
admissible estimates, exploration engines and branching cuts. In the
competition version, however, certain performance compromises had to be made,
including floating point arithmetic, weighted heuristic search exploration
according to an inadmissible estimate and parameterized optimization
Learning the dynamics and time-recursive boundary detection of deformable objects
We propose a principled framework for recursively segmenting deformable objects across a sequence
of frames. We demonstrate the usefulness of this method on left ventricular segmentation across a cardiac
cycle. The approach involves a technique for learning the system dynamics together with methods of
particle-based smoothing as well as non-parametric belief propagation on a loopy graphical model capturing
the temporal periodicity of the heart. The dynamic system state is a low-dimensional representation
of the boundary, and the boundary estimation involves incorporating curve evolution into recursive state
estimation. By formulating the problem as one of state estimation, the segmentation at each particular
time is based not only on the data observed at that instant, but also on predictions based on past and future
boundary estimates. Although the paper focuses on left ventricle segmentation, the method generalizes
to temporally segmenting any deformable object
- …