30,526 research outputs found
Polytool: polynomial interpretations as a basis for termination analysis of Logic programs
Our goal is to study the feasibility of porting termination analysis
techniques developed for one programming paradigm to another paradigm. In this
paper, we show how to adapt termination analysis techniques based on polynomial
interpretations - very well known in the context of term rewrite systems (TRSs)
- to obtain new (non-transformational) ter- mination analysis techniques for
definite logic programs (LPs). This leads to an approach that can be seen as a
direct generalization of the traditional techniques in termination analysis of
LPs, where linear norms and level mappings are used. Our extension general-
izes these to arbitrary polynomials. We extend a number of standard concepts
and results on termination analysis to the context of polynomial
interpretations. We also propose a constraint-based approach for automatically
generating polynomial interpretations that satisfy the termination conditions.
Based on this approach, we implemented a new tool, called Polytool, for
automatic termination analysis of LPs
A Survey of Symbolic Execution Techniques
Many security and software testing applications require checking whether
certain properties of a program hold for any possible usage scenario. For
instance, a tool for identifying software vulnerabilities may need to rule out
the existence of any backdoor to bypass a program's authentication. One
approach would be to test the program using different, possibly random inputs.
As the backdoor may only be hit for very specific program workloads, automated
exploration of the space of possible inputs is of the essence. Symbolic
execution provides an elegant solution to the problem, by systematically
exploring many possible execution paths at the same time without necessarily
requiring concrete inputs. Rather than taking on fully specified input values,
the technique abstractly represents them as symbols, resorting to constraint
solvers to construct actual instances that would cause property violations.
Symbolic execution has been incubated in dozens of tools developed over the
last four decades, leading to major practical breakthroughs in a number of
prominent software reliability applications. The goal of this survey is to
provide an overview of the main ideas, challenges, and solutions developed in
the area, distilling them for a broad audience.
The present survey has been accepted for publication at ACM Computing
Surveys. If you are considering citing this survey, we would appreciate if you
could use the following BibTeX entry: http://goo.gl/Hf5FvcComment: This is the authors pre-print copy. If you are considering citing
this survey, we would appreciate if you could use the following BibTeX entry:
http://goo.gl/Hf5Fv
Test Case Generation for Object-Oriented Imperative Languages in CLP
Testing is a vital part of the software development process. Test Case
Generation (TCG) is the process of automatically generating a collection of
test cases which are applied to a system under test. White-box TCG is usually
performed by means of symbolic execution, i.e., instead of executing the
program on normal values (e.g., numbers), the program is executed on symbolic
values representing arbitrary values. When dealing with an object-oriented (OO)
imperative language, symbolic execution becomes challenging as, among other
things, it must be able to backtrack, complex heap-allocated data structures
should be created during the TCG process and features like inheritance, virtual
invocations and exceptions have to be taken into account. Due to its inherent
symbolic execution mechanism, we pursue in this paper that Constraint Logic
Programming (CLP) has a promising unexploited application field in TCG. We will
support our claim by developing a fully CLP-based framework to TCG of an OO
imperative language, and by assessing it on a corresponding implementation on a
set of challenging Java programs. A unique characteristic of our approach is
that it handles all language features using only CLP and without the need of
developing specific constraint operators (e.g., to model the heap)
Inference of termination conditions for numerical loops
We present a new approach to termination analysis of numerical computations
in logic programs. Traditional approaches fail to analyse them due to non
well-foundedness of the integers. We present a technique that allows to
overcome these difficulties. Our approach is based on transforming a program in
way that allows integrating and extending techniques originally developed for
analysis of numerical computations in the framework of query-mapping pairs with
the well-known framework of acceptability. Such an integration not only
contributes to the understanding of termination behaviour of numerical
computations, but also allows to perform a correct analysis of such
computations automatically, thus, extending previous work on a
constraints-based approach to termination. In the last section of the paper we
discuss possible extensions of the technique, including incorporating general
term orderings.Comment: Presented at WST200
Enhancing Reuse of Constraint Solutions to Improve Symbolic Execution
Constraint solution reuse is an effective approach to save the time of
constraint solving in symbolic execution. Most of the existing reuse approaches
are based on syntactic or semantic equivalence of constraints; e.g. the Green
framework is able to reuse constraints which have different representations but
are semantically equivalent, through canonizing constraints into syntactically
equivalent normal forms. However, syntactic/semantic equivalence is not a
necessary condition for reuse--some constraints are not syntactically or
semantically equivalent, but their solutions still have potential for reuse.
Existing approaches are unable to recognize and reuse such constraints.
In this paper, we present GreenTrie, an extension to the Green framework,
which supports constraint reuse based on the logical implication relations
among constraints. GreenTrie provides a component, called L-Trie, which stores
constraints and solutions into tries, indexed by an implication partial order
graph of constraints. L-Trie is able to carry out logical reduction and logical
subset and superset querying for given constraints, to check for reuse of
previously solved constraints. We report the results of an experimental
assessment of GreenTrie against the original Green framework, which shows that
our extension achieves better reuse of constraint solving result and saves
significant symbolic execution time.Comment: this paper has been submitted to conference ISSTA 201
A Symbolic Execution Algorithm for Constraint-Based Testing of Database Programs
In so-called constraint-based testing, symbolic execution is a common
technique used as a part of the process to generate test data for imperative
programs. Databases are ubiquitous in software and testing of programs
manipulating databases is thus essential to enhance the reliability of
software. This work proposes and evaluates experimentally a symbolic ex-
ecution algorithm for constraint-based testing of database programs. First, we
describe SimpleDB, a formal language which offers a minimal and well-defined
syntax and seman- tics, to model common interaction scenarios between pro-
grams and databases. Secondly, we detail the proposed al- gorithm for symbolic
execution of SimpleDB models. This algorithm considers a SimpleDB program as a
sequence of operations over a set of relational variables, modeling both the
database tables and the program variables. By inte- grating this relational
model of the program with classical static symbolic execution, the algorithm
can generate a set of path constraints for any finite path to test in the
control- flow graph of the program. Solutions of these constraints are test
inputs for the program, including an initial content for the database. When the
program is executed with respect to these inputs, it is guaranteed to follow
the path with re- spect to which the constraints were generated. Finally, the
algorithm is evaluated experimentally using representative SimpleDB models.Comment: 12 pages - preliminary wor
- …