1 Program Analysis Too Loopy? Set the Loops Aside Eric Larson September 25, 2011 Seattle University.

Slides:



Advertisements
Similar presentations
Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.
Advertisements

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
Chair of Software Engineering From Program slicing to Abstract Interpretation Dr. Manuel Oriol.
SOFTWARE TESTING. INTRODUCTION  Software Testing is the process of executing a program or system with the intent of finding errors.  It involves any.
Chapter 1. The Phases of Software Development. Data Structure 2 Chapter outline  Objectives  Use Javadoc to write a method’s complete specification.
Bouncer securing software by blocking bad input Miguel Castro Manuel Costa, Lidong Zhou, Lintao Zhang, and Marcus Peinado Microsoft Research.
An Object-Oriented Approach to Programming Logic and Design
CS0004: Introduction to Programming Repetition – Do Loops.
In Defense of Unsoundness Ben Livshits, Manu Sridharan, Yannis Smaragdakis, and Ondřej Lhoták.
Repeating Structures Do While Loops. Do While Loop While loops have a test condition before the loop –This means that java will test the condition before.
Precise Inter-procedural Analysis Sumit Gulwani George C. Necula using Random Interpretation presented by Kian Win Ong UC Berkeley.
1 Software Testing and Quality Assurance Lecture 41 – Software Quality Assurance.
Chapter 2: Algorithm Discovery and Design
Chapter 1 Software Development. Copyright © 2005 Pearson Addison-Wesley. All rights reserved. 1-2 Chapter Objectives Discuss the goals of software development.
IMSE Week 18 White Box or Structural Testing Reading:Sommerville (4th edition) ch 22 orPressman (4th edition) ch 16.
Michael Ernst, page 1 Improving Test Suites via Operational Abstraction Michael Ernst MIT Lab for Computer Science Joint.
ECE122 L17: Method Development and Testing April 5, 2007 ECE 122 Engineering Problem Solving with Java Lecture 17 Method Development and Testing.
Chapter 2: Algorithm Discovery and Design
Pointer analysis. Pointer Analysis Outline: –What is pointer analysis –Intraprocedural pointer analysis –Interprocedural pointer analysis Andersen and.
Scalable and Flexible Static Analysis of Flight-Critical Software Guillaume P. Brat Arnaud J. Venet Carnegie.
AUTOMATIC CONCOLIC TEST GENERATION WITH VIRTUAL PROTOTYPES FOR POST-SILICON VALIDATION Reviewer: Shin-Yann Ho Instructor: Jie-Hong Jiang.
New Mexico Computer Science For All More Looping in NetLogo Maureen Psaila-Dombrowski.
Fundamentals of Python: From First Programs Through Data Structures
Language Evaluation Criteria
Fundamentals of Python: First Programs
P ARALLEL P ROCESSING I NSTITUTE · F UDAN U NIVERSITY 1.
Testing phases. Test data Inputs which have been devised to test the system Test cases Inputs to test the system and the predicted outputs from these.
Chapter 2: Algorithm Discovery and Design Invitation to Computer Science, C++ Version, Third Edition.
Invitation to Computer Science, Java Version, Second Edition.
1 A Static Analysis Approach for Automatically Generating Test Cases for Web Applications Presented by: Beverly Leung Fahim Rahman.
Programming with App Inventor Computing Institute for K-12 Teachers Summer 2012 Workshop.
Dynamic Analysis of Multithreaded Java Programs Dr. Abhik Roychoudhury National University of Singapore.
Software Development. Software Developers Refresher A person or organization that designs software and writes the programs. Software development is the.
Introduction to Software Testing. Types of Software Testing Unit Testing Strategies – Equivalence Class Testing – Boundary Value Testing – Output Testing.
Security - Why Bother? Your projects in this class are not likely to be used for some critical infrastructure or real-world sensitive data. Why should.
Testing Testing Techniques to Design Tests. Testing:Example Problem: Find a mode and its frequency given an ordered list (array) of with one or more integer.
Software Testing Yonsei University 2 nd Semester, 2014 Woo-Cheol Kim.
Advanced Computer Architecture Lab University of Michigan USENIX Security ’03 Slide 1 High Coverage Detection of Input-Related Security Faults Eric Larson.
Chapter 5 Control Structure (Repetition). Objectives In this chapter, you will: Learn about repetition (looping) control structures Explore how to construct.
Introduction to Problem Solving. Steps in Programming A Very Simplified Picture –Problem Definition & Analysis – High Level Strategy for a solution –Arriving.
Definition of Terms Software/Programs Programs that directs the operation of a computer system Set of instructions Codes Programming Process of planning,
An Object-Oriented Approach to Programming Logic and Design Fourth Edition Chapter 4 Looping.
Today’s Agenda  Reminder: HW #1 Due next class  Quick Review  Input Space Partitioning Software Testing and Maintenance 1.
Reasoning about programs March CSE 403, Winter 2011, Brun.
Static Program Analysis of Embedded Software Ramakrishnan Venkitaraman Graduate Student, Computer Science Advisor: Dr. Gopal Gupta
Page 1 5/2/2007  Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk  Arnaud Venet Kestrel Technology.
Symbolic Execution with Abstract Subsumption Checking Saswat Anand College of Computing, Georgia Institute of Technology Corina Păsăreanu QSS, NASA Ames.
1 A Plethora of Paths Eric Larson May 18, 2009 Seattle University.
1-1 Software Development Objectives: Discuss the goals of software development Identify various aspects of software quality Examine two development life.
An Undergraduate Course on Software Bug Detection Tools and Techniques Eric Larson Seattle University March 3, 2006.
Gordana Rakić, Zoran Budimac
School of Computer Science & Information Technology G6DICP - Lecture 6 Errors, bugs and debugging.
UniTesK Test Suite Architecture Igor Bourdonov Alexander Kossatchev Victor Kuliamin Alexander Petrenko.
Static Techniques for V&V. Hierarchy of V&V techniques Static Analysis V&V Dynamic Techniques Model Checking Simulation Symbolic Execution Testing Informal.
Flow of Control: Loops Module 4. Objectives Design a loop Use while, do, and for in a program Use the for-each with enumerations Use assertion checks.
/ PSWLAB Evidence-Based Analysis and Inferring Preconditions for Bug Detection By D. Brand, M. Buss, V. C. Sreedhar published in ICSM 2007.
Chapter 2: Algorithm Discovery and Design Invitation to Computer Science.
Testing Programs with Loops CSIS 1595: Fundamentals of Programming and Problem Solving 1.
Finding bugs with a constraint solver daniel jackson. mandana vaziri mit laboratory for computer science issta 2000.
An Offline Approach for Whole-Program Paths Analysis using Suffix Arrays G. Pokam, F. Bodin.
SOFTWARE TESTING LECTURE 9. OBSERVATIONS ABOUT TESTING “ Testing is the process of executing a program with the intention of finding errors. ” – Myers.
Testing and Debugging PPT By :Dr. R. Mall.
Reasoning about code CSE 331 University of Washington.
High Coverage Detection of Input-Related Security Faults
Learning to Program in Python
Jim Fawcett CSE776 – Design Patterns Summer 2003
SUDS: An Infrastructure for Creating Bug Detection Tools
Java Programming Loops
Control Structure Testing
Java Programming Loops
Presentation transcript:

1 Program Analysis Too Loopy? Set the Loops Aside Eric Larson September 25, 2011 Seattle University

Loops are Important! Virtually every program has loops. 2

3 Path Based Analysis Many bug detection / testing techniques involve traversing different paths within a unit (often a function).  Symbolic execution  Test generation A key issue: Loops introduce a large, possibly infinite, number of paths. A BC D G EF

How to Handle Loops? Restrict the number of iterations in the loop to some small subset.  May miss bugs that only surface on a particular number of iterations. Restrict the analysis time: stop analysis after n paths or x seconds.  The traversal order of paths is important to make sure all regions of the code are exercised. Compute loop post-conditions. Detect and handle loops that meet particular pattern(s). 4

Interprocedural Summaries PREfix* uses symbolic execution to find common C/C++ coding mistakes. For function calls:  The called function is analyzed first.  A model or summary is created that captures the functionality of the called function.  The model replaces the function call eliminating the need for interprocedural path analysis. Can a similar approach be used for loops? 5 *Bush, Pincus, and Sielaff. A static analyzer for finding dynamic programming errors. Software – Practice and Experience

Research Study Explores … Explores:  The number of paths in each loop.  The number of paths if loops are analyzed separately.  An analysis of how often loops contained certain constructs or properties. Analyzed 15 different C programs containing 1,091 loops. Implemented using an extension to GrammaTech’s CodeSurfer. 6

Number of Paths in Each Loop 7 Program Most Paths in Loop Number of Paths k> 10k bc betaftpd diff find flex ft ghttpd gzip indent 30,352, ks othello space sudoku 10, thttpd 5, yacr TOTAL30,352, %45.1%6.2%2.2%0.3%

Analyzing Loops Separately 8 Program Paths (loops traversed at most once) Paths (loops analyzed separately) Total Outside Loops Inside Loops bc 949,34656,96556, betaftpd 45,69242,31542, diff3 572,71840,96639,7351,231 find 1,966,7701,804,3701,803, flex 7.40E E+11 1,398 ft 10, ghttpd 9,6791,1561,07581 gzip 3.05E E indent 9.82E E+11 30,421,708 ks 24, othello 13,38213,20113, space 6,2272,0111, sudoku 1.94E+0921,21610,09911,117 thttpd 2.84E E+10 10,345 yacr2 2,249,0483,1041,5751,529

Loop Characteristics Loop breakdown:  Array traversals48.7%  Data structure traversals14.8%  Sentinel loops4.5%  Input sentinel loops2.7%  Other29.3% Hard to analyze constructs:  24.2% of loops contained an alternate exit (beyond the normal stopping condition).  57.6% of loops contained a function call. 9

Conclusion Most loops have very few paths. Separating loops from complex functions does not reduce complexity.  Most complex functions have complexity both inside and outside loops. Future Work:  Analyze loops in different languages such as C++ or Java.  Implement symbolic execution where loops are analyzed separately. 10

Questions? 11

Discussion The handling of loops is not given full treatment in many software bug detection research papers. More broadly, is a function an appropriate unit of analysis in symbolic execution (and other forms of program analysis)? 12

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.