40,917 research outputs found
A Survey of Symbolic Execution Techniques
Many security and software testing applications require checking whether
certain properties of a program hold for any possible usage scenario. For
instance, a tool for identifying software vulnerabilities may need to rule out
the existence of any backdoor to bypass a program's authentication. One
approach would be to test the program using different, possibly random inputs.
As the backdoor may only be hit for very specific program workloads, automated
exploration of the space of possible inputs is of the essence. Symbolic
execution provides an elegant solution to the problem, by systematically
exploring many possible execution paths at the same time without necessarily
requiring concrete inputs. Rather than taking on fully specified input values,
the technique abstractly represents them as symbols, resorting to constraint
solvers to construct actual instances that would cause property violations.
Symbolic execution has been incubated in dozens of tools developed over the
last four decades, leading to major practical breakthroughs in a number of
prominent software reliability applications. The goal of this survey is to
provide an overview of the main ideas, challenges, and solutions developed in
the area, distilling them for a broad audience.
The present survey has been accepted for publication at ACM Computing
Surveys. If you are considering citing this survey, we would appreciate if you
could use the following BibTeX entry: http://goo.gl/Hf5FvcComment: This is the authors pre-print copy. If you are considering citing
this survey, we would appreciate if you could use the following BibTeX entry:
http://goo.gl/Hf5Fv
Statistical inference for the mean outcome under a possibly non-unique optimal treatment strategy
We consider challenges that arise in the estimation of the mean outcome under
an optimal individualized treatment strategy defined as the treatment rule that
maximizes the population mean outcome, where the candidate treatment rules are
restricted to depend on baseline covariates. We prove a necessary and
sufficient condition for the pathwise differentiability of the optimal value, a
key condition needed to develop a regular and asymptotically linear (RAL)
estimator of the optimal value. The stated condition is slightly more general
than the previous condition implied in the literature. We then describe an
approach to obtain root- rate confidence intervals for the optimal value
even when the parameter is not pathwise differentiable. We provide conditions
under which our estimator is RAL and asymptotically efficient when the mean
outcome is pathwise differentiable. We also outline an extension of our
approach to a multiple time point problem. All of our results are supported by
simulations.Comment: Published at http://dx.doi.org/10.1214/15-AOS1384 in the Annals of
Statistics (http://www.imstat.org/aos/) by the Institute of Mathematical
Statistics (http://www.imstat.org
Average Rate of Downlink Heterogeneous Cellular Networks over Generalized Fading Channels - A Stochastic Geometry Approach
In this paper, we introduce an analytical framework to compute the average
rate of downlink heterogeneous cellular networks. The framework leverages
recent application of stochastic geometry to other-cell interference modeling
and analysis. The heterogeneous cellular network is modeled as the
superposition of many tiers of Base Stations (BSs) having different transmit
power, density, path-loss exponent, fading parameters and distribution, and
unequal biasing for flexible tier association. A long-term averaged maximum
biased-received-power tier association is considered. The positions of the BSs
in each tier are modeled as points of an independent Poisson Point Process
(PPP). Under these assumptions, we introduce a new analytical methodology to
evaluate the average rate, which avoids the computation of the Coverage
Probability (Pcov) and needs only the Moment Generating Function (MGF) of the
aggregate interference at the probe mobile terminal. The distinguishable
characteristic of our analytical methodology consists in providing a tractable
and numerically efficient framework that is applicable to general fading
distributions, including composite fading channels with small- and mid-scale
fluctuations. In addition, our method can efficiently handle correlated
Log-Normal shadowing with little increase of the computational complexity. The
proposed MGF-based approach needs the computation of either a single or a
two-fold numerical integral, thus reducing the complexity of Pcov-based
frameworks, which require, for general fading distributions, the computation of
a four-fold integral.Comment: Accepted for publication in IEEE Transactions on Communications, to
appea
Defending Elections Against Malicious Spread of Misinformation
The integrity of democratic elections depends on voters' access to accurate
information. However, modern media environments, which are dominated by social
media, provide malicious actors with unprecedented ability to manipulate
elections via misinformation, such as fake news. We study a zero-sum game
between an attacker, who attempts to subvert an election by propagating a fake
new story or other misinformation over a set of advertising channels, and a
defender who attempts to limit the attacker's impact. Computing an equilibrium
in this game is challenging as even the pure strategy sets of players are
exponential. Nevertheless, we give provable polynomial-time approximation
algorithms for computing the defender's minimax optimal strategy across a range
of settings, encompassing different population structures as well as models of
the information available to each player. Experimental results confirm that our
algorithms provide near-optimal defender strategies and showcase variations in
the difficulty of defending elections depending on the resources and knowledge
available to the defender.Comment: Full version of paper accepted to AAAI 201
An empirical investigation into branch coverage for C programs using CUTE and AUSTIN
Automated test data generation has remained a topic of considerable interest for several decades because it lies at the heart of attempts to automate the process of Software Testing. This paper reports the results of an empirical study using the dynamic symbolic-execution tool. CUTE, and a search based tool, AUSTIN on five non-trivial open source applications. The aim is to provide practitioners with an assessment of what can be achieved by existing techniques with little or no specialist knowledge and to provide researchers with baseline data against which to measure subsequent work. To achieve this, each tool is applied 'as is', with neither additional tuning nor supporting harnesses and with no adjustments applied to the subject programs under test. The mere fact that these tools can be applied 'out of the box' in this manner reflects the growing maturity of Automated test data generation. However, as might be expected, the study reveals opportunities for improvement and suggests ways to hybridize these two approaches that have hitherto been developed entirely independently. (C) 2010 Elsevier Inc. All rights reserved
- …