2,461 research outputs found
A strategy for automatically generating programs in the lucid programming language
A strategy for automatically generating and verifying simple computer programs is described. The programs are specified by a precondition and a postcondition in predicate calculus. The programs generated are in the Lucid programming language, a high-level, data-flow language known for its attractive mathematical properties and ease of program verification. The Lucid programming is described, and the automatic program generation strategy is described and applied to several example problems
Relational Symbolic Execution
Symbolic execution is a classical program analysis technique used to show
that programs satisfy or violate given specifications. In this work we
generalize symbolic execution to support program analysis for relational
specifications in the form of relational properties - these are properties
about two runs of two programs on related inputs, or about two executions of a
single program on related inputs. Relational properties are useful to formalize
notions in security and privacy, and to reason about program optimizations. We
design a relational symbolic execution engine, named RelSym which supports
interactive refutation, as well as proving of relational properties for
programs written in a language with arrays and for-like loops
A Survey of Symbolic Execution Techniques
Many security and software testing applications require checking whether
certain properties of a program hold for any possible usage scenario. For
instance, a tool for identifying software vulnerabilities may need to rule out
the existence of any backdoor to bypass a program's authentication. One
approach would be to test the program using different, possibly random inputs.
As the backdoor may only be hit for very specific program workloads, automated
exploration of the space of possible inputs is of the essence. Symbolic
execution provides an elegant solution to the problem, by systematically
exploring many possible execution paths at the same time without necessarily
requiring concrete inputs. Rather than taking on fully specified input values,
the technique abstractly represents them as symbols, resorting to constraint
solvers to construct actual instances that would cause property violations.
Symbolic execution has been incubated in dozens of tools developed over the
last four decades, leading to major practical breakthroughs in a number of
prominent software reliability applications. The goal of this survey is to
provide an overview of the main ideas, challenges, and solutions developed in
the area, distilling them for a broad audience.
The present survey has been accepted for publication at ACM Computing
Surveys. If you are considering citing this survey, we would appreciate if you
could use the following BibTeX entry: http://goo.gl/Hf5FvcComment: This is the authors pre-print copy. If you are considering citing
this survey, we would appreciate if you could use the following BibTeX entry:
http://goo.gl/Hf5Fv
Locksynth: Deriving Synchronization Code for Concurrent Data Structures with ASP
We present Locksynth, a tool that automatically derives synchronization
needed for destructive updates to concurrent data structures that involve a
constant number of shared heap memory write operations. Locksynth serves as the
implementation of our prior work on deriving abstract synchronization code.
Designing concurrent data structures involves inferring correct synchronization
code starting with a prior understanding of the sequential data structure's
operations. Further, an understanding of shared memory model and the
synchronization primitives is also required. The reasoning involved
transforming a sequential data structure into its concurrent version can be
performed using Answer Set Programming and we mechanized our approach in
previous work. The reasoning involves deduction and abduction that can be
succinctly modeled in ASP. We assume that the abstract sequential code of the
data structure's operations is provided, alongside axioms that describe
concurrent behavior. This information is used to automatically derive
concurrent code for that data structure, such as dictionary operations for
linked lists and binary search trees that involve a constant number of
destructive update operations. We also are able to infer the correct set of
locks (but not code synthesis) for external height-balanced binary search trees
that involve left/right tree rotations. Locksynth performs the analyses
required to infer correct sets of locks and as a final step, also derives the
C++ synchronization code for the synthesized data structures. We also provide a
performance analysis of the C++ code synthesized by Locksynth with the
hand-crafted versions available from the Synchrobench microbenchmark suite. To
the best of our knowledge, our tool is the first to employ ASP as a backend
reasoner to perform concurrent data structure synthesis
- …