19,191 research outputs found
A demand-driven solver for constraint-based control flow analysis
This thesis develops a demand driven solver for constraint based control flow analysis. Our approach is modular, flow-sensitive and scaling. It allows to efficiently construct the interprocedural control flow graph (ICFG) for object-oriented languages. The analysis is based on the formal semantics of a Java-like language. It is proven to be correct with respect to this semantics. The base algorithms are given and we evaluate the applicability of our approach
to real world programs. Construction of the ICFG is a key problem for the translation and optimization of object-oriented languages. The more accurate
these graphs are, the more applicable, precise and faster are these analyses. While most present techniques are flow-insensitive, we present a flow-sensitive approach that is scalable. The analysis result is twofold. On the one hand, it allows to identify and delete uncallable methods, thus minimizing the program\u27;s
footprint. This is especially important in the setting of embedded systems, where usually memory resources are quite expensive. On the other hand, the interprocedural control flow graph generated is much more precise than those generated with present techniques. This allows for increased accuracy when performing data flow analyses. Also this aspect is important for embedded systems, as more precise analyses allow the compiler to apply better optimizations, resulting in smaller and/or faster programs. Experimental results are given that demonstrate the applicability and scalability of the analysis.Diese Arbeit entwickelt einen Bedarf-gesteuerten Löser fĂŒr Constraint- basierte KontrollfluĂanalyse. Unser Ansatz ist modular, fluĂ-sensitiv and skaliert. Er erlaubt das effiziente Konstruieren des interprozeduralen KontrollfluĂgraphen fuer objektorientierte Programmiersprachen. Die Analyse basiert auf der formalen Semantik einer Java-Ă€hnlichen Sprache und wird als korrekt bezĂŒglich dieser Semantik bewiesen. Wir prĂ€sentieren die grundlegenden Algorithmen und belegen die Anwendbarkeit unseres Ansatzes auf realistische Programme. Die Konstruktion des interprozeduralen KontrollfluĂgraphen ist ein SchlĂŒsselproblem bei der Ăbersetzung und Optimierung objekt- orientierter Programmiersprachen. Je genauer diese Graphen sind, desto prĂ€ziser und schneller sind darauf arbeitende DatenfluĂ-Analysen. WĂ€hrend die meisten heute verbreiteten Techniken fluĂ-insensitiv sind, prĂ€sentieren wir einen skalierbaren fluĂ-sensitiven Ansatz. Unsere Analyse hat zwei Hauptergebnisse. Einerseits erlaubt sie, nicht erreichbare Methoden zu identifizieren und zu löschen, wodurch die GröĂe des erzeugten Programmes reduziert wird. Dies ist besonders fĂŒr eingebettete Systeme wichtig, bei denen zusĂ€tzlicher Speicherplatz teuer ist. Andererseits ist der mit unserem Ansatz berechnete interprozedurale KontrollfluĂgraph wesentlich genauer als der von derzeitigen Techniken berechnete Graph. Dieser prĂ€zisere Graph erlaubt eine gröĂere Genauigkeit bei DatenfluĂanalysen. Auch dieser Aspekt ist fĂŒr eingebettete Systeme von groĂer Bedeutung, da prĂ€zisere Analysen bessere Optimierungen erlauben. Hierdurch wird das erzeugte Programm kleiner und/oder schneller. Experimentelle Ergebnisse belegen die Anwendbarkeit und Skalierbarkeit unserer Analyse
Using Feature Models for Distributed Deployment in Extended Smart Home Architecture
Nowadays, smart home is extended beyond the house itself to encompass
connected platforms on the Cloud as well as mobile personal devices. This Smart
Home Extended Architecture (SHEA) helps customers to remain in touch with their
home everywhere and any time. The endless increase of connected devices in the
home and outside within the SHEA multiplies the deployment possibilities for
any application. Therefore, SHEA should be taken from now as the actual target
platform for smart home application deployment. Every home is different and
applications offer different services according to customer preferences. To
manage this variability, we extend the feature modeling from software product
line domain with deployment constraints and we present an example of a model
that could address this deployment challenge
Towards Smart Hybrid Fuzzing for Smart Contracts
Smart contracts are Turing-complete programs that are executed across a
blockchain network. Unlike traditional programs, once deployed they cannot be
modified. As smart contracts become more popular and carry more value, they
become more of an interesting target for attackers. In recent years, smart
contracts suffered major exploits, costing millions of dollars, due to
programming errors. As a result, a variety of tools for detecting bugs has been
proposed. However, majority of these tools often yield many false positives due
to over-approximation or poor code coverage due to complex path constraints.
Fuzzing or fuzz testing is a popular and effective software testing technique.
However, traditional fuzzers tend to be more effective towards finding shallow
bugs and less effective in finding bugs that lie deeper in the execution. In
this work, we present CONFUZZIUS, a hybrid fuzzer that combines evolutionary
fuzzing with constraint solving in order to execute more code and find more
bugs in smart contracts. Evolutionary fuzzing is used to exercise shallow parts
of a smart contract, while constraint solving is used to generate inputs which
satisfy complex conditions that prevent the evolutionary fuzzing from exploring
deeper paths. Moreover, we use data dependency analysis to efficiently generate
sequences of transactions, that create specific contract states in which bugs
may be hidden. We evaluate the effectiveness of our fuzzing strategy, by
comparing CONFUZZIUS with state-of-the-art symbolic execution tools and
fuzzers. Our evaluation shows that our hybrid fuzzing approach produces
significantly better results than state-of-the-art symbolic execution tools and
fuzzers
SmartUnit: Empirical Evaluations for Automated Unit Testing of Embedded Software in Industry
In this paper, we aim at the automated unit coverage-based testing for
embedded software. To achieve the goal, by analyzing the industrial
requirements and our previous work on automated unit testing tool CAUT, we
rebuild a new tool, SmartUnit, to solve the engineering requirements that take
place in our partner companies. SmartUnit is a dynamic symbolic execution
implementation, which supports statement, branch, boundary value and MC/DC
coverage. SmartUnit has been used to test more than one million lines of code
in real projects. For confidentiality motives, we select three in-house real
projects for the empirical evaluations. We also carry out our evaluations on
two open source database projects, SQLite and PostgreSQL, to test the
scalability of our tool since the scale of the embedded software project is
mostly not large, 5K-50K lines of code on average. From our experimental
results, in general, more than 90% of functions in commercial embedded software
achieve 100% statement, branch, MC/DC coverage, more than 80% of functions in
SQLite achieve 100% MC/DC coverage, and more than 60% of functions in
PostgreSQL achieve 100% MC/DC coverage. Moreover, SmartUnit is able to find the
runtime exceptions at the unit testing level. We also have reported exceptions
like array index out of bounds and divided-by-zero in SQLite. Furthermore, we
analyze the reasons of low coverage in automated unit testing in our setting
and give a survey on the situation of manual unit testing with respect to
automated unit testing in industry.Comment: In Proceedings of 40th International Conference on Software
Engineering: Software Engineering in Practice Track, Gothenburg, Sweden, May
27-June 3, 2018 (ICSE-SEIP '18), 10 page
Graphical Models for Optimal Power Flow
Optimal power flow (OPF) is the central optimization problem in electric
power grids. Although solved routinely in the course of power grid operations,
it is known to be strongly NP-hard in general, and weakly NP-hard over tree
networks. In this paper, we formulate the optimal power flow problem over tree
networks as an inference problem over a tree-structured graphical model where
the nodal variables are low-dimensional vectors. We adapt the standard dynamic
programming algorithm for inference over a tree-structured graphical model to
the OPF problem. Combining this with an interval discretization of the nodal
variables, we develop an approximation algorithm for the OPF problem. Further,
we use techniques from constraint programming (CP) to perform interval
computations and adaptive bound propagation to obtain practically efficient
algorithms. Compared to previous algorithms that solve OPF with optimality
guarantees using convex relaxations, our approach is able to work for arbitrary
distribution networks and handle mixed-integer optimization problems. Further,
it can be implemented in a distributed message-passing fashion that is scalable
and is suitable for "smart grid" applications like control of distributed
energy resources. We evaluate our technique numerically on several benchmark
networks and show that practical OPF problems can be solved effectively using
this approach.Comment: To appear in Proceedings of the 22nd International Conference on
Principles and Practice of Constraint Programming (CP 2016
- âŠ