Towards Symbolic Execution in Erlang

The final publication is available at Springer via http://dx.doi.org/10.1007/978-3-662-46823-4_28The concurrent functional language Erlang [1] has a number of distinguishing features, like dynamic typing, concurrency via asynchronous message passing or hot code loading, that make it especially appropriate for distributed, faulttolerant, soft real-time applications. The success of Erlang is witnessed by the increasing number of its industrial applications. For instance, Erlang has been used to implement Facebook’s chat back-end, the mobile application Whatsapp or Twitterfall—a service to view trends and patterns from Twitter—, to name a few. The success of the language, however, also requires the development of powerful testing and verification techniques. Symbolic execution is at the core of many program analysis and transformation techniques, like partial evaluation, test-case generation or model checking. In this paper, we introduce a symbolic execution technique for Erlang. We discuss how both an overapproximation and an underapproximation of the concrete semantics can be obtained. We illustrate our approach through some examples. To the best of our knowledge, this is the first attempt to formalize symbolic execution in the context of this language, where previous approaches have only considered exploring different schedulings but have not dealt with symbolic data. More details can be found in the companion technical reportThis work has been partially supported by the Spanish Ministerio de Economía y Competitividad (Secretaría de Estado de Investigación, Desarrollo e Innovación) under grant TIN2013-44742-C4-1-R and by the Generalitat Valenciana under grant PROMETEO/2011/052.Vidal Oriola, GF. (2015). Towards Symbolic Execution in Erlang. En Perspectives of System Informatics. Springer. 351-360. https://doi.org/10.1007/978-3-662-46823-4_28S35136

Concolic Execution and Test Case Generation in Prolog

The final publication is available at Springer via http://dx.doi.org/10.1007/978-3-319-17822-6_10Symbolic execution extends concrete execution by allowing symbolic input data and then exploring all feasible execution paths. It has been defined and used in the context of many different programming languages and paradigms. A symbolic execution engine is at the heart of many program analysis and transformation techniques, like partial evaluation, test case generation or model checking, to name a few. Despite its relevance, traditional symbolic execution also suffers from several drawbacks. For instance, the search space is usually huge (often infinite) even for the simplest programs. Also, symbolic execution generally computes an overapproximation of the concrete execution space, so that false positives may occur. In this paper, we propose the use of a variant of symbolic execution, called concolic execution, for test case generation in Prolog. Our technique aims at full statement coverage. We argue that this technique computes an underapproximation of the concrete execution space (thus avoiding false positives) and scales up better to medium and large Prolog applications.This work has been partially supported by the EU (FEDER) and the Spanish Ministerio de Economía y Competitividad (Secretaría de Estado de Investigación, Desarrollo e Innovación) under grant TIN2013-44742-C4-1-R and by the Generalitat Valenciana under grant PROMETEO/2011/052.Vidal Oriola, GF. (2015). Concolic Execution and Test Case Generation in Prolog. En Logic-Based Program Synthesis and Transformation. Springer. 167-181. https://doi.org/10.1007/978-3-319-17822-6_10S167181Albert, E., Arenas, P., Gómez-Zamalloa, M., Rojas, J.M.: Test case generation by symbolic execution: basic concepts, a CLP-based instance, and actor-based concurrency. In: Bernardo, M., Damiani, F., Hähnle, R., Johnsen, E.B., Schaefer, I. (eds.) SFM 2014. LNCS, vol. 8483, pp. 263–309. Springer, Heidelberg (2014)Belli, F., Jack, O.: Implementation-based analysis and testing of Prolog programs. In: ISSTA, pp. 70–80. ACM (1993)Clarke, L.A.: A program testing system. In: Proceedings of the 1976 Annual Conference (ACM’76), Houston, pp. 488–491 (1976)De Schreye, D., Glück, R., Jørgensen, J., Leuschel, M., Martens, B., Sørensen, M.H.: Conjunctive partial deduction: foundations, control, algorithms, and experiments. J. Log. Program. 41(2&3), 231–277 (1999)Giesl, J., Ströder, T., Schneider-Kamp, P., Emmes, F., Fuhs, C.: Symbolic evaluation graphs and term rewriting: a general methodology for analyzing logic programs. In: PPDP’12, pp. 1–12. ACM (2012)Godefroid, P., Klarlund, N., Sen, K.: DART: directed automated random testing. In: Proceedings of PLDI’05, pp. 213–223. ACM (2005)Godefroid, P., Levin, M.Y., Molnar, D.A.: Sage: whitebox fuzzing for security testing. Commun. ACM 55(3), 40–44 (2012)Gómez-Zamalloa, M., Albert, E., Puebla, G.: Test case generation for object-oriented imperative languages in CLP. TPLP 10(4–6), 659–674 (2010)King, J.C.: Symbolic execution and program testing. Commun. ACM 19(7), 385–394 (1976)Leuschel, M.: The DPPD (Dozens of Problems for Partial Deduction) Library of Benchmarks. http://www.ecs.soton.ac.uk/mal/systems/dppd.html (2007)Lloyd, J.W.: Foundations of Logic Programming, 2nd edn. Springer, Berlin (1987)Lloyd, J.W., Shepherdson, J.C.: Partial evaluation in logic programming. J. Log. Program. 11, 217–242 (1991)Martens, B., Gallagher, J.: Ensuring global termination of partial deduction while allowing flexible polyvariance. In: Proceedings of ICLP’95, pp. 597–611. MIT Press (1995)Pasareanu, C.S., Rungta, N.: Symbolic PathFinder: symbolic execution of Java bytecode. In: Pecheur, C., Andrews, J., Di Nitto, E. (eds.) ASE, pp. 179–180. ACM (2010)Rojas, J.M., Gómez-Zamalloa, M.: A framework for guided test case generation in constraint logic programming. In: Albert, E. (ed.) Proceedings of LOPSTR. LNCS, vol. 7844, pp. 176–193. Springer, Heidelberg (2013)Sen, K., Marinov, D., Agha, G.: CUTE: a concolic unit testing engine for C. In: Proceedings of ESEC/SIGSOFT FSE 2005, pp. 263–272. ACM (2005)Ströder, T., Emmes, F., Schneider-Kamp, P., Giesl, J., Fuhs, C.: A linear operational semantics for termination and complexity analysis of $$\sf ISO$$ $$\sf Prolog$$ . In: Vidal, G. (ed.) LOPSTR’11. LNCS, vol. 7225, pp. 237–252. Springer, Heidelberg (2012

Fast Offline Partial Evaluation of Logic Programs

One of the most important challenges in partial evaluation is the design of automatic methods for ensuring the termination of the process. In this work, we introduce sufficient conditions for the strong (i.e., independent of a computation rule) termination and quasitermination of logic programs which rely on the construction of size-change graphs. We then present a fast binding-time analysis that takes the output of the termination analysis and annotates logic programs so that partial evaluation terminates. In contrast to previous approaches, the new binding-time analysis is conceptually simpler and considerably faster, scaling to medium-sized or even large examples. © 2014 Elsevier Inc. All rights reserved.This work has been partially supported by the Spanish Ministerio de Ciencia e Innovacion under grant TIN2008-06622-C03-02 and by the Generalitat Valenciana under grant PROMETEO/2011/052.Leuschel, M.; Vidal Oriola, GF. (2014). Fast Offline Partial Evaluation of Logic Programs. Information and Computation. 235:70-97. https://doi.org/10.1016/j.ic.2014.01.005S709723

A Framework for Computing Finite SLD Trees

The search space of SLD resolution, usually represented by means of a so-called SLD tree, is often infinite. However, there are many applications that must deal with possibly infinite SLD trees, like partial evaluation or some static analyses. In this context, being able to construct a finite representation of an infinite SLD tree becomes useful. In this work, we introduce a framework to construct a finite data structure representing the (possibly infinite) SLD derivations for a goal. This data structure, called closed SLD tree, is built using four basic operations: unfolding, flattening, splitting, and subsumption. We prove some basic properties for closed SLD trees, namely that both computed answers and calls are preserved. We present a couple of simple strategies for constructing closed SLD trees with different levels of abstraction, together with some examples of its application. Finally, we illustrate the viability of our approach by introducing a test case generator based on exploring closed SLD trees.This work has been partially supported by the EU (FEDER) and the Spanish Ministerio de Economia y Competitividad (Secretaria de Estado de Investigacion, Desarrollo e Innovacion) under grant TIN2013-44742-C4-1-R and by the Generalitat Valenciana under grant PROMETEO/2011/052.Nishid, N.; Vidal Oriola, GF. (2015). A Framework for Computing Finite SLD Trees. Journal of Logical and Algebraic Methods in Programming. 84(2):197-217. https://doi.org/10.1016/j.jlamp.2014.11.006S19721784

Reversible Term Rewriting

Essentially, in a reversible programming language, for each forward computation step from state S to state S', there exists a constructive and deterministic method to go backwards from state S' to state S. Besides its theoretical interest, reversible computation is a fundamental concept which is relevant in many different areas like cellular automata, bidirectional program transformation, or quantum computing, to name a few. In this paper, we focus on term rewriting, a computation model that underlies most rule-based programming languages. In general, term rewriting is not reversible, even for injective functions; namely, given a rewrite step t1 -> t2, we do not always have a decidable and deterministic method to get t1 from t2. Here, we introduce a conservative extension of term rewriting that becomes reversible. Furthermore, we also define a transformation to make a rewrite system reversible using standard term rewriting.This work has been partially supported by the EU (FEDER) and the Spanish Ministerio de Economía y Competitividad (MINECO) under grant TIN2013-44742-C4-1-R, by the Generalitat Valenciana under grant PROMETEO-II/2015/013 (SmartLogic) and by the COST Action IC 1405 on Reversible Computation. A. Palacios was partially supported by the the EU (FEDER) and the Spanish Ayudas para contratos predoctorales para la formación de doctores de la Sec. Estado de Investigación, Desarrollo e Innovación del MINECO under FPI grant BES-2014-069749. Part of this research was done while the second and third authors were visiting Nagoya University; they gratefully acknowledge their hospitality.Nishida, N.; Palacios Corella, A.; Vidal Oriola, GF.; Nishida (2016). Reversible Term Rewriting. Schloss Dagstuhl-Leibniz-Zentrum für Informatik GmbH, Dagstuhl Publishing. https://doi.org/10.4230/LIPIcs.FSCD.2016.28

Las listas intensionales

En este vídeo se presentan las listas intensionales, una estructura de datos muy usada en los lenguajes de programación funcional y que permite definir funciones de manera muy compacta.https://media.upv.es/player/?id=bcd0be11-021e-11e6-851a-656f7e06a374Vidal Oriola, GF. (2016). Las listas intensionales. http://hdl.handle.net/10251/63595DE

El tipo lista

En este vídeo se introduce el tipo lista, uno de los más empleados en el contexto de los lenguajes de programación funcional.https://media.upv.es/player/?id=88593dc0-20b8-11e6-acdb-7ff9538171bfVidal Oriola, GF. (2016). El tipo lista. http://hdl.handle.net/10251/64146DE

Árboles SLD en programación lógica

En este vídeo se introduce el concepto de árbol SLD en el contexto de la programación lógica. Dado un programa lógico y un objetivo, su ejecución consiste en construir el árbol SLD asociado empleando una cierta estrategia de búsqueda. Por tanto, resulta esencial saber construir los árboles SLD para entender la ejecución de un programa lógico.https://media.upv.es/player/?id=79fcd420-6248-11e8-aab9-a1a4e108f2abVidal Oriola, GF. (2018). Árboles SLD en programación lógica. http://hdl.handle.net/10251/104348DE

El esquema MapReduce

En este vídeo se introduce el conocido como esquema MapReduce. Aunque su origen se puede encontrar en el ámbito de los lenguajes de programación funcional, su uso se ha extendido a otros contextos y lenguajes de programación.https://media.upv.es/player/?id=bcd10c30-021e-11e6-851a-656f7e06a374Vidal Oriola, GF. (2016). El esquema MapReduce. http://hdl.handle.net/10251/66716DE

Iteradores y compresores

En este vídeo se presentan dos tipos de funciones específicas de los lenguajes funcionales, los iteradores y los compresores. Estas funciones nos permiten definir nuevas funciones de manera muy compacta y elegante.https://media.upv.es/player/?id=bcd13340-021e-11e6-851a-656f7e06a374Vidal Oriola, GF. (2016). Iteradores y compresores. http://hdl.handle.net/10251/63612DE