7 research outputs found
Cause Clue Clauses: Error Localization using Maximum Satisfiability
Much effort is spent everyday by programmers in trying to reduce long,
failing execution traces to the cause of the error. We present a new algorithm
for error cause localization based on a reduction to the maximal satisfiability
problem (MAX-SAT), which asks what is the maximum number of clauses of a
Boolean formula that can be simultaneously satisfied by an assignment. At an
intuitive level, our algorithm takes as input a program and a failing test, and
comprises the following three steps. First, using symbolic execution, we encode
a trace of a program as a Boolean trace formula which is satisfiable iff the
trace is feasible. Second, for a failing program execution (e.g., one that
violates an assertion or a post-condition), we construct an unsatisfiable
formula by taking the trace formula and additionally asserting that the input
is the failing test and that the assertion condition does hold at the end.
Third, using MAX-SAT, we find a maximal set of clauses in this formula that can
be satisfied together, and output the complement set as a potential cause of
the error. We have implemented our algorithm in a tool called bug-assist for C
programs. We demonstrate the surprising effectiveness of the tool on a set of
benchmark examples with injected faults, and show that in most cases,
bug-assist can quickly and precisely isolate the exact few lines of code whose
change eliminates the error. We also demonstrate how our algorithm can be
modified to automatically suggest fixes for common classes of errors such as
off-by-one.Comment: The pre-alpha version of the tool can be downloaded from
http://bugassist.mpi-sws.or
Towards Better Static Analysis Security Testing Methodologies
Software vulnerabilities have been a significant attack surface used in cyberattacks, which
have been escalating recently. Software vulnerabilities have caused substantial damage,
and thus there are many techniques to guard against them. Nevertheless, detecting and
eliminating software vulnerabilities from the source code is the best and most effective solution
in terms of protection and cost. Static Analysis Security Testing (SAST) tools spot
vulnerabilities and help programmers to remove the vulnerabilities. The fundamental problem
is that modern software continues to evolve and shift, making detecting vulnerabilities
more difficult. Hence, this thesis takes a step toward highlighting the features required to
be present in the SAST tools to address software vulnerabilities in modern software. The
thesis’s end goal is to introduce SAST methods and tools to detect the dominant type of
software vulnerabilities in modern software. The investigation first focuses on state-of-theart
SAST tools when working with large-scale modern software. The research examines
how different state-of-the-art SAST tools react to different types of warnings over time,
and measures SAST tools precision of different types of warnings. The study presumption
is that the SAST tools’ precision can be obtained from studying real-world projects’ history
and SAST tools that generated warnings over time. The empirical analysis in this
study then takes a further step to look at the problem from a different angle, starting at
the real-world vulnerabilities detected by individuals and published in well-known vulnerabilities
databases. Android application vulnerabilities are used as an example of modern
software vulnerabilities. This study aims to measure the recall of SAST tools when they
work with modern software vulnerabilities and understand how software vulnerabilities
manifest in the real world. We find that buffer errors that belong to the input validation
and representation class of vulnerability dominate modern software. Also, we find that
studied state-of-the-art SAST tools failed to identify real-world vulnerabilities. To address
the issue of detecting vulnerabilities in modern software, we introduce two methodologies.
The first methodology is a coarse-grain method that targets helping taint static analysis
methods to tackle two aspects of the complexity of modern software. One aspect is that
one vulnerability can be scattered across different languages in a single application making
the analysis harder to achieve. The second aspect is that the number of sources and
sinks is high and increasing over time, which can be hard for taint analysis to cover such
a high number of sources and sinks. We implement the proposed methodology in a tool
called Source Sink (SoS) that filters out the source and sink pairs that do not have feasible
paths. Then, another fine-grain methodology focuses on discovering buffer errors that
occur in modern software. The method performs taint analysis to examine the reachability
between sources and sinks and looks for "validators" that validates the untrusted input.
We implemented methodology in a tool called Buffer Error Finder (BEFinder)
Adaptive Modeling and Distribution of Large Natural Scenes
This thesis deals with the modeling and the interactive streaming of large natural 3D scenes. We aim at providing techniques to allow the remote walkthrough of users in a natural 3D scene ensuring botanical coherency and interactivity.First, we provide a compact and progressive representation for botanically realistic plant models. The topological structure and the geometry of the plants are represented by generalized cylinders. We provide a multi-resolution compression scheme, based on standardization and instantiation, on difference-based decorrelation, and on entropy coding. Then, we study efficient transmission of these 3D objects. The proposed packetization scheme works for any multi-resolution 3D representation. We validate our packetization schemes with extensive experiments over a WAN (Wide Area Network), with and without congestion control (Datagram Congestion Control Protocol). Finally, we address issues on streaming at the scene-level. We optimize the viewpoint culling requests on server-side by providing an adapted datastructure and we prepare the ground for our further work on scalability and deployment of distributed 3D streaming systems
Modélisation et distribution adaptatives de grandes scènes naturelles
Cette thèse traite de la modélisation et la diffusion de grandes scènes 3D naturelles. Nous visons à fournir des techniques pour permettre à des utilisateurs de naviguer à distance dans une scène 3D naturelle, tout en assurant la cohérence botanique et l'interactivité. Tout d'abord, nous fournissons une technique de compression multi-résolution, fondée sur la normalisation, l'instanciation, la décorrélation, et sur le codage entropique des informations géometriques pour des modèles de plantes. Ensuite, nous étudions la transmission efficace de ces objets 3D. L'algorithme de paquétisation proposé fonctionne pour la plupart des représentations multi-résolution d'objet 3D. Nous validons les techniques de paquétisation par des expériences sur un WAN (Wide Area Network), avec et sans contrôle de congestion (Datagram Congestion Control Protocol). Enfin, nous abordons les questions du streaming au niveau de la scène. Nous optimisons le traitement des requêtes du côté serveur en fournissant une structure de données adaptée et nous préparons le terrain pour nos travaux futurs sur l'évolutivité et le déploiement de systèmes distribués de streaming 3D. ABSTRACT : This thesis deals with the modeling and the interactive streaming of large natural 3D scenes. We aim at providing techniques to allow the remote walkthrough of users in a natural 3D scene ensuring botanical coherency and interactivity.First, we provide a compact and progressive representation for botanically realistic plant models. The topological structure and the geometry of the plants are represented by generalized cylinders. We provide a multi-resolution compression scheme, based on standardization and instantiation, on difference-based decorrelation, and on entropy coding. Then, we study efficient transmission of these 3D objects. The proposed packetization scheme works for any multi-resolution 3D representation. We validate our packetization schemes with extensive experiments over a WAN (Wide Area Network), with and without congestion control (Datagram Congestion Control Protocol). Finally, we address issues on streaming at the scene-level. We optimize the viewpoint culling requests on server-side by providing an adapted datastructure and we prepare the ground for our further work on scalability and deployment of distributed 3D streaming systems