Cause Clue Clauses: Error Localization using Maximum Satisfiability

Much effort is spent everyday by programmers in trying to reduce long, failing execution traces to the cause of the error. We present a new algorithm for error cause localization based on a reduction to the maximal satisfiability problem (MAX-SAT), which asks what is the maximum number of clauses of a Boolean formula that can be simultaneously satisfied by an assignment. At an intuitive level, our algorithm takes as input a program and a failing test, and comprises the following three steps. First, using symbolic execution, we encode a trace of a program as a Boolean trace formula which is satisfiable iff the trace is feasible. Second, for a failing program execution (e.g., one that violates an assertion or a post-condition), we construct an unsatisfiable formula by taking the trace formula and additionally asserting that the input is the failing test and that the assertion condition does hold at the end. Third, using MAX-SAT, we find a maximal set of clauses in this formula that can be satisfied together, and output the complement set as a potential cause of the error. We have implemented our algorithm in a tool called bug-assist for C programs. We demonstrate the surprising effectiveness of the tool on a set of benchmark examples with injected faults, and show that in most cases, bug-assist can quickly and precisely isolate the exact few lines of code whose change eliminates the error. We also demonstrate how our algorithm can be modified to automatically suggest fixes for common classes of errors such as off-by-one.Comment: The pre-alpha version of the tool can be downloaded from http://bugassist.mpi-sws.or

Towards Better Static Analysis Security Testing Methodologies

Software vulnerabilities have been a significant attack surface used in cyberattacks, which have been escalating recently. Software vulnerabilities have caused substantial damage, and thus there are many techniques to guard against them. Nevertheless, detecting and eliminating software vulnerabilities from the source code is the best and most effective solution in terms of protection and cost. Static Analysis Security Testing (SAST) tools spot vulnerabilities and help programmers to remove the vulnerabilities. The fundamental problem is that modern software continues to evolve and shift, making detecting vulnerabilities more difficult. Hence, this thesis takes a step toward highlighting the features required to be present in the SAST tools to address software vulnerabilities in modern software. The thesis’s end goal is to introduce SAST methods and tools to detect the dominant type of software vulnerabilities in modern software. The investigation first focuses on state-of-theart SAST tools when working with large-scale modern software. The research examines how different state-of-the-art SAST tools react to different types of warnings over time, and measures SAST tools precision of different types of warnings. The study presumption is that the SAST tools’ precision can be obtained from studying real-world projects’ history and SAST tools that generated warnings over time. The empirical analysis in this study then takes a further step to look at the problem from a different angle, starting at the real-world vulnerabilities detected by individuals and published in well-known vulnerabilities databases. Android application vulnerabilities are used as an example of modern software vulnerabilities. This study aims to measure the recall of SAST tools when they work with modern software vulnerabilities and understand how software vulnerabilities manifest in the real world. We find that buffer errors that belong to the input validation and representation class of vulnerability dominate modern software. Also, we find that studied state-of-the-art SAST tools failed to identify real-world vulnerabilities. To address the issue of detecting vulnerabilities in modern software, we introduce two methodologies. The first methodology is a coarse-grain method that targets helping taint static analysis methods to tackle two aspects of the complexity of modern software. One aspect is that one vulnerability can be scattered across different languages in a single application making the analysis harder to achieve. The second aspect is that the number of sources and sinks is high and increasing over time, which can be hard for taint analysis to cover such a high number of sources and sinks. We implement the proposed methodology in a tool called Source Sink (SoS) that filters out the source and sink pairs that do not have feasible paths. Then, another fine-grain methodology focuses on discovering buffer errors that occur in modern software. The method performs taint analysis to examine the reachability between sources and sinks and looks for "validators" that validates the untrusted input. We implemented methodology in a tool called Buffer Error Finder (BEFinder)

Adaptive Modeling and Distribution of Large Natural Scenes

This thesis deals with the modeling and the interactive streaming of large natural 3D scenes. We aim at providing techniques to allow the remote walkthrough of users in a natural 3D scene ensuring botanical coherency and interactivity.First, we provide a compact and progressive representation for botanically realistic plant models. The topological structure and the geometry of the plants are represented by generalized cylinders. We provide a multi-resolution compression scheme, based on standardization and instantiation, on difference-based decorrelation, and on entropy coding. Then, we study efficient transmission of these 3D objects. The proposed packetization scheme works for any multi-resolution 3D representation. We validate our packetization schemes with extensive experiments over a WAN (Wide Area Network), with and without congestion control (Datagram Congestion Control Protocol). Finally, we address issues on streaming at the scene-level. We optimize the viewpoint culling requests on server-side by providing an adapted datastructure and we prepare the ground for our further work on scalability and deployment of distributed 3D streaming systems

Modélisation et distribution adaptatives de grandes scènes naturelles

Cette thèse traite de la modélisation et la diffusion de grandes scènes 3D naturelles. Nous visons à fournir des techniques pour permettre à des utilisateurs de naviguer à distance dans une scène 3D naturelle, tout en assurant la cohérence botanique et l'interactivité. Tout d'abord, nous fournissons une technique de compression multi-résolution, fondée sur la normalisation, l'instanciation, la décorrélation, et sur le codage entropique des informations géometriques pour des modèles de plantes. Ensuite, nous étudions la transmission efficace de ces objets 3D. L'algorithme de paquétisation proposé fonctionne pour la plupart des représentations multi-résolution d'objet 3D. Nous validons les techniques de paquétisation par des expériences sur un WAN (Wide Area Network), avec et sans contrôle de congestion (Datagram Congestion Control Protocol). Enfin, nous abordons les questions du streaming au niveau de la scène. Nous optimisons le traitement des requêtes du côté serveur en fournissant une structure de données adaptée et nous préparons le terrain pour nos travaux futurs sur l'évolutivité et le déploiement de systèmes distribués de streaming 3D. ABSTRACT : This thesis deals with the modeling and the interactive streaming of large natural 3D scenes. We aim at providing techniques to allow the remote walkthrough of users in a natural 3D scene ensuring botanical coherency and interactivity.First, we provide a compact and progressive representation for botanically realistic plant models. The topological structure and the geometry of the plants are represented by generalized cylinders. We provide a multi-resolution compression scheme, based on standardization and instantiation, on difference-based decorrelation, and on entropy coding. Then, we study efficient transmission of these 3D objects. The proposed packetization scheme works for any multi-resolution 3D representation. We validate our packetization schemes with extensive experiments over a WAN (Wide Area Network), with and without congestion control (Datagram Congestion Control Protocol). Finally, we address issues on streaming at the scene-level. We optimize the viewpoint culling requests on server-side by providing an adapted datastructure and we prepare the ground for our further work on scalability and deployment of distributed 3D streaming systems