A Survey of Symbolic Execution Techniques

Many security and software testing applications require checking whether certain properties of a program hold for any possible usage scenario. For instance, a tool for identifying software vulnerabilities may need to rule out the existence of any backdoor to bypass a program's authentication. One approach would be to test the program using different, possibly random inputs. As the backdoor may only be hit for very specific program workloads, automated exploration of the space of possible inputs is of the essence. Symbolic execution provides an elegant solution to the problem, by systematically exploring many possible execution paths at the same time without necessarily requiring concrete inputs. Rather than taking on fully specified input values, the technique abstractly represents them as symbols, resorting to constraint solvers to construct actual instances that would cause property violations. Symbolic execution has been incubated in dozens of tools developed over the last four decades, leading to major practical breakthroughs in a number of prominent software reliability applications. The goal of this survey is to provide an overview of the main ideas, challenges, and solutions developed in the area, distilling them for a broad audience. The present survey has been accepted for publication at ACM Computing Surveys. If you are considering citing this survey, we would appreciate if you could use the following BibTeX entry: http://goo.gl/Hf5FvcComment: This is the authors pre-print copy. If you are considering citing this survey, we would appreciate if you could use the following BibTeX entry: http://goo.gl/Hf5Fv

Graphical statistics to explore the natural and anthropogenic processes influencing the inorganic quality of drinking water, ground water and surface water

Plots of cumulative distribution functions (CDF) are a simple but powerful exploratory data analysis (EDA) tool to evaluate and compare statistical data distributions. Here, empirical CDF plots are used to compare results of four large (476 to 884 samples) national- to continental-scale inorganic water chemistry data sets: (1) European surface water, (2) European tap water, (3) European bottled waters as a proxy for groundwater and (4) Norwegian crystalline bedrock rock groundwater, all analysed at the same laboratory, albeit at different times. For many parameters (e.g., Ba, Cl-, K, SO4 2-) median values and ranges are, given the differing origins and, in some cases, treatment processes of the waters, surprisingly comparable. Unusually high concentrations of some other elements (e.g., B, Be, Br, Cs, F-, Ge, Li, Rb, Te and Zr) appear to be characteristic of deeper-seated, mature groundwaters. Other influences that can be inferred include contamination from well construction or plumbing materials (Cu, Pb, Zn – in tap waters, bottled waters and Norwegian groundwaters), water treatment (Fe, Mn – in tap- and Norwegian groundwater), bottle materials (Sb - bottled waters). The empirical CDF plots also reveal analytical issues for some elements (excessive rounding, element interferences). The best reference for natural and uncontaminated ’water’ is probably provided by the mineral water samples, representing ’deep groundwater’ at the European scale

Towards Statistical Prioritization for Software Product Lines Testing

Software Product Lines (SPL) are inherently difficult to test due to the combinatorial explosion of the number of products to consider. To reduce the number of products to test, sampling techniques such as combinatorial interaction testing have been proposed. They usually start from a feature model and apply a coverage criterion (e.g. pairwise feature interaction or dissimilarity) to generate tractable, fault-finding, lists of configurations to be tested. Prioritization can also be used to sort/generate such lists, optimizing coverage criteria or weights assigned to features. However, current sampling/prioritization techniques barely take product behavior into account. We explore how ideas of statistical testing, based on a usage model (a Markov chain), can be used to extract configurations of interest according to the likelihood of their executions. These executions are gathered in featured transition systems, compact representation of SPL behavior. We discuss possible scenarios and give a prioritization procedure illustrated on an example.Comment: Extended version published at VaMoS '14 (http://dx.doi.org/10.1145/2556624.2556635

Expert-based development of a standard in CO2 sequestration monitoring technology

Bureau of Economic Geolog

A Reduced Semantics for Deciding Trace Equivalence

Many privacy-type properties of security protocols can be modelled using trace equivalence properties in suitable process algebras. It has been shown that such properties can be decided for interesting classes of finite processes (i.e., without replication) by means of symbolic execution and constraint solving. However, this does not suffice to obtain practical tools. Current prototypes suffer from a classical combinatorial explosion problem caused by the exploration of many interleavings in the behaviour of processes. M\"odersheim et al. have tackled this problem for reachability properties using partial order reduction techniques. We revisit their work, generalize it and adapt it for equivalence checking. We obtain an optimisation in the form of a reduced symbolic semantics that eliminates redundant interleavings on the fly. The obtained partial order reduction technique has been integrated in a tool called APTE. We conducted complete benchmarks showing dramatic improvements.Comment: Accepted for publication in LMC

Automated Test Input Generation for Android: Are We There Yet?

Mobile applications, often simply called "apps", are increasingly widespread, and we use them daily to perform a number of activities. Like all software, apps must be adequately tested to gain confidence that they behave correctly. Therefore, in recent years, researchers and practitioners alike have begun to investigate ways to automate apps testing. In particular, because of Android's open source nature and its large share of the market, a great deal of research has been performed on input generation techniques for apps that run on the Android operating systems. At this point in time, there are in fact a number of such techniques in the literature, which differ in the way they generate inputs, the strategy they use to explore the behavior of the app under test, and the specific heuristics they use. To better understand the strengths and weaknesses of these existing approaches, and get general insight on ways they could be made more effective, in this paper we perform a thorough comparison of the main existing test input generation tools for Android. In our comparison, we evaluate the effectiveness of these tools, and their corresponding techniques, according to four metrics: code coverage, ability to detect faults, ability to work on multiple platforms, and ease of use. Our results provide a clear picture of the state of the art in input generation for Android apps and identify future research directions that, if suitably investigated, could lead to more effective and efficient testing tools for Android

Research methodology in montanistic tourism

Research methodology in montanistic tourism involves the archival research and study of special literature, surface and underground field survey, the analysis of findings of rock fragments, mineral composition, traces of metallurgical processes, fragments of pottery, etc. A separate problem is the study and evaluation of the development of mining and post-mining landscapes, focusing on the entire supply chain of resource industries and their impact on the cultural development of the country