125,043 research outputs found
A Survey of Symbolic Execution Techniques
Many security and software testing applications require checking whether
certain properties of a program hold for any possible usage scenario. For
instance, a tool for identifying software vulnerabilities may need to rule out
the existence of any backdoor to bypass a program's authentication. One
approach would be to test the program using different, possibly random inputs.
As the backdoor may only be hit for very specific program workloads, automated
exploration of the space of possible inputs is of the essence. Symbolic
execution provides an elegant solution to the problem, by systematically
exploring many possible execution paths at the same time without necessarily
requiring concrete inputs. Rather than taking on fully specified input values,
the technique abstractly represents them as symbols, resorting to constraint
solvers to construct actual instances that would cause property violations.
Symbolic execution has been incubated in dozens of tools developed over the
last four decades, leading to major practical breakthroughs in a number of
prominent software reliability applications. The goal of this survey is to
provide an overview of the main ideas, challenges, and solutions developed in
the area, distilling them for a broad audience.
The present survey has been accepted for publication at ACM Computing
Surveys. If you are considering citing this survey, we would appreciate if you
could use the following BibTeX entry: http://goo.gl/Hf5FvcComment: This is the authors pre-print copy. If you are considering citing
this survey, we would appreciate if you could use the following BibTeX entry:
http://goo.gl/Hf5Fv
Validating specifications of dynamic systems using automated reasoning techniques
In this paper, we propose a new approach to validating formal specifications of observable behavior of discrete dynamic systems. By observable behavior we mean system behavior as observed by users or other systems in the environment of the system. Validation of a formal specification of an informal domain tries to answer the question whether the specification actually describes the intended domain. This differs from the verification problem, which deals with the correspondence between formal objects, e.g. between a formal specification of a system and an implementation of it. We consider formal specifications of object-oriented dynamic systems that are subject to static and dynamic integrity constraints. To validate that such a specification expresses the intended behavior, we propose to use a tool that can answer reachability queries. In a reachability query we ask whether the system can evolve from one state into another without violating the integrity constraints. If the query is answered positively, the system should exhibit an example path between the states; if the answer is negative, the system should explain why this is so. An example path produced by the tool can be used to produce scenarios for presentations of system behavior, but can also be used as a basis for acceptance testing. In this paper, we discuss the use of planning and theoremproving techniques to answer such queries, and illustrate the use of reachability queries in the context of information system development
Contingency-Constrained Unit Commitment with Post-Contingency Corrective Recourse
We consider the problem of minimizing costs in the generation unit commitment
problem, a cornerstone in electric power system operations, while enforcing an
N-k-e reliability criterion. This reliability criterion is a generalization of
the well-known - criterion, and dictates that at least
fraction of the total system demand must be met following the failures of
or fewer system components. We refer to this problem as the
Contingency-Constrained Unit Commitment problem, or CCUC. We present a
mixed-integer programming formulation of the CCUC that accounts for both
transmission and generation element failures. We propose novel cutting plane
algorithms that avoid the need to explicitly consider an exponential number of
contingencies. Computational studies are performed on several IEEE test systems
and a simplified model of the Western US interconnection network, which
demonstrate the effectiveness of our proposed methods relative to current
state-of-the-art
SDPNAL+: A Matlab software for semidefinite programming with bound constraints (version 1.0)
SDPNAL+ is a {\sc Matlab} software package that implements an augmented
Lagrangian based method to solve large scale semidefinite programming problems
with bound constraints. The implementation was initially based on a majorized
semismooth Newton-CG augmented Lagrangian method, here we designed it within an
inexact symmetric Gauss-Seidel based semi-proximal ADMM/ALM (alternating
direction method of multipliers/augmented Lagrangian method) framework for the
purpose of deriving simpler stopping conditions and closing the gap between the
practical implementation of the algorithm and the theoretical algorithm. The
basic code is written in {\sc Matlab}, but some subroutines in C language are
incorporated via Mex files. We also design a convenient interface for users to
input their SDP models into the solver. Numerous problems arising from
combinatorial optimization and binary integer quadratic programming problems
have been tested to evaluate the performance of the solver. Extensive numerical
experiments conducted in [Yang, Sun, and Toh, Mathematical Programming
Computation, 7 (2015), pp. 331--366] show that the proposed method is quite
efficient and robust, in that it is able to solve 98.9\% of the 745 test
instances of SDP problems arising from various applications to the accuracy of
in the relative KKT residual
- …