Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSV 889: Concurrent Software Verification Subodh Sharma Indian Institute of Technology Delhi State merging, Concolic Execution.

Published byMarian Page Modified over 8 years ago

Similar presentations

Presentation on theme: "CSV 889: Concurrent Software Verification Subodh Sharma Indian Institute of Technology Delhi State merging, Concolic Execution."— Presentation transcript:

1 CSV 889: Concurrent Software Verification Subodh Sharma Indian Institute of Technology Delhi State merging, Concolic Execution

2 Concolic Execution Works well on interprocedural bugs, use of library calls

3 Concolic Execution Falls back on concrete values when – Non linear arithmetic – pointers pointing to input values

4 Concolic execution with dynamic data No way to know whether a->c is overwritten. With initial random values, Concolic falls back to concrete values

5 Nonlinear arithmetic

6 Problems with Concolic Testing Limited exploration when decision procedures encounter: – Floats, nonlinear arithmetic, 3 rd party components – symbolic pointers

7 Symbolic Execution with Concurrency Scheduling explosion - an additional headache Solution: Check for feasible interleavings under a “causal model”

8 Example Symbolic execution of a path along with the schedule Does there exist a bad schedule?

9 Example Lamport’s HB Causality -- Respect read-after-write pairs to the same shared var. Not sufficient to expose the error

10 Solution: Allow all interleavings As long as they follow SC semantics What happens in our running example?

11 Preliminaries Concurrent program P: finite set of threads, finite set of shared vars SV Each thread t i has finite set of local vars LV i Symbolic execution trace: where

12 Preliminaries Symbolic execution trace: where action:, assert(c) state is a map s: V -> Val

13 Sym. Exec. of Example

14 Concurrent Trace Program CTP of : Feasible linearization of

15 CSSA – Concurrent SSA

16

17 SAT Encoding based on CSSA

18 Path Constraints

19 Property Constraints HB Constraints

20 PO Ordering

21 VD Constraints

22 Phi Constraints

23 CSSA Encoding

24 Context bounding What is a context and a context switch? Context bounding – restrict the number of context switches allowed! In our example: What happens when we bound the contexts to 1? What happens when it is increased to 2?

25 CTP with Context Bounding For this to happen, we change the HB definition slightly

26 Acknowledgements

Download ppt "CSV 889: Concurrent Software Verification Subodh Sharma Indian Institute of Technology Delhi State merging, Concolic Execution."

Similar presentations

Dataflow Analysis for Datarace-Free Programs (ESOP 11) Arnab De Joint work with Deepak DSouza and Rupesh Nasre Indian Institute of Science, Bangalore.

Dataflow Analysis for Datarace-Free Programs (ESOP 11) Arnab De Joint work with Deepak DSouza and Rupesh Nasre Indian Institute of Science, Bangalore.
Bounded Model Checking of Concurrent Data Types on Relaxed Memory Models: A Case Study Sebastian Burckhardt Rajeev Alur Milo M. K. Martin Department of.

Bounded Model Checking of Concurrent Data Types on Relaxed Memory Models: A Case Study Sebastian Burckhardt Rajeev Alur Milo M. K. Martin Department of.
Modular and Verified Automatic Program Repair Francesco Logozzo, Thomas Ball RiSE - Microsoft Research Redmond.

Modular and Verified Automatic Program Repair Francesco Logozzo, Thomas Ball RiSE - Microsoft Research Redmond.
Openflow App Testing Chao SHI, Stephen Duraski. Motivation Network is still a complex stuff ! o Distributed mechanism o Complex protocol o Large state.

Openflow App Testing Chao SHI, Stephen Duraski. Motivation Network is still a complex stuff ! o Distributed mechanism o Complex protocol o Large state.
Finding bugs: Analysis Techniques & Tools Symbolic Execution & Constraint Solving CS161 Computer Security Cho, Chia Yuan.

Finding bugs: Analysis Techniques & Tools Symbolic Execution & Constraint Solving CS161 Computer Security Cho, Chia Yuan.
Masahiro Fujita Yoshihisa Kojima University of Tokyo May 2, 2008

Masahiro Fujita Yoshihisa Kojima University of Tokyo May 2, 2008
Symbolic Execution with Mixed Concrete-Symbolic Solving

Symbolic Execution with Mixed Concrete-Symbolic Solving
Satisfiability Modulo Theories (An introduction)

Satisfiability Modulo Theories (An introduction)
The complexity of predicting atomicity violations Azadeh Farzan Univ of Toronto P. Madhusudan Univ of Illinois at Urbana Champaign.

The complexity of predicting atomicity violations Azadeh Farzan Univ of Toronto P. Madhusudan Univ of Illinois at Urbana Champaign.
Architecture-aware Analysis of Concurrent Software Rajeev Alur University of Pennsylvania Amir Pnueli Memorial Symposium New York University, May 2010.

Architecture-aware Analysis of Concurrent Software Rajeev Alur University of Pennsylvania Amir Pnueli Memorial Symposium New York University, May 2010.
An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.

An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Enforcing Concurrent Temporal Behaviors Doron Peled, Dept. of CS University of Warwick.

Enforcing Concurrent Temporal Behaviors Doron Peled, Dept. of CS University of Warwick.
1 Symbolic Execution for Model Checking and Testing Corina Păsăreanu (Kestrel) Joint work with Sarfraz Khurshid (MIT) and Willem Visser (RIACS)

1 Symbolic Execution for Model Checking and Testing Corina Păsăreanu (Kestrel) Joint work with Sarfraz Khurshid (MIT) and Willem Visser (RIACS)
1/20 Generalized Symbolic Execution for Model Checking and Testing Charngki PSWLAB Generalized Symbolic Execution for Model Checking and Testing.

1/20 Generalized Symbolic Execution for Model Checking and Testing Charngki PSWLAB Generalized Symbolic Execution for Model Checking and Testing.
Symbolic execution © Marcelo d’Amorim 2010.

Symbolic execution © Marcelo d’Amorim 2010.
Iterative Context Bounding for Systematic Testing of Multithreaded Programs Madan Musuvathi Shaz Qadeer Microsoft Research.

Iterative Context Bounding for Systematic Testing of Multithreaded Programs Madan Musuvathi Shaz Qadeer Microsoft Research.
Poirot – A Concurrency Sleuth Shaz Qadeer Research in Software Engineering Microsoft Research.

Poirot – A Concurrency Sleuth Shaz Qadeer Research in Software Engineering Microsoft Research.
Proofs from Tests Nels E. Beckman Aditya V. Nori Sriram K. Rajamani Robert J. Simmons Carnegie Mellon UniversityMicrosoft Research India Carnegie Mellon.

Proofs from Tests Nels E. Beckman Aditya V. Nori Sriram K. Rajamani Robert J. Simmons Carnegie Mellon UniversityMicrosoft Research India Carnegie Mellon.
Theoretical Program Checking Greg Bronevetsky. Background The field of Program Checking is about 13 years old. Pioneered by Manuel Blum, Hal Wasserman,

Theoretical Program Checking Greg Bronevetsky. Background The field of Program Checking is about 13 years old. Pioneered by Manuel Blum, Hal Wasserman,

Similar presentations

Ads by Google