Filters








12 Hits in 1.5 sec

Symbolic Liveness Analysis of Real-World Software [chapter]

Daniel Schemmel, Julian Büning, Oscar Soria Dustmann, Thomas Noll, Klaus Wehrle
2018 Lecture Notes in Computer Science  
Liveness violation bugs are notoriously hard to detect, especially due to the difficulty inherent in applying formal methods to realworld programs. We present a generic and practically useful liveness property which defines a program as being live as long as it will eventually either consume more input or terminate. We show that this property naturally maps to many different kinds of real-world programs. To demonstrate the usefulness of our liveness property, we also present an algorithm that
more » ... n be efficiently implemented to dynamically find lassos in the target program's state space during Symbolic Execution. This extends Symbolic Execution, a well known dynamic testing technique, to find a new class of program defects, namely liveness violations, while only incurring a small runtime and memory overhead, as evidenced by our evaluation. The implementation of our method found a total of five previously undiscovered software defects in BusyBox and the GNU Coreutils. All five defects have been confirmed and fixed by the respective maintainers after shipping for years, most of them well over a decade.
doi:10.1007/978-3-319-96142-2_27 fatcat:p4w26obtxnafne6jjl6kev7w2u

Artifact for the CAV 2018 Paper: Symbolic Liveness Analysis of Real-World Software [article]

Daniel Schemmel, Julian Büning, Oscar Soria Dustmann, Thomas Noll, Klaus Wehrle
2018 Zenodo  
Liveness violation bugs are notoriously hard to detect, especially due to the difficulty inherent in applying formal methods to real-world programs. We present a generic and practically useful liveness property which defines a program as being live as long as it will eventually either consume more input or terminate. We show that this property naturally maps to many different kinds of real-world programs. To demonstrate the usefulness of our liveness property, we also present an algorithm that
more » ... an be efficiently implemented to dynamically find lassos in the target program's state space during Symbolic Execution. This extends Symbolic Execution, a well known dynamic testing technique, to find a new class of program defects, namely liveness violations, while only incurring a small runtime and memory overhead, as evidenced by our evaluation. The implementation of our method found a total of five previously undiscovered software defects in BusyBox and the GNU Coreutils. All five defects have been confirmed and fixed by the respective maintainers after shipping for years, most of them well over a decade. Artifact To get started, import the VM and increase its memory allowance as high as reasonable on your system before booting the VM. You can find all our artifact files in /home/cav/Desktop/Evaluation/ (a directory placed on the desktop), including our documentation, which is named README.pdf (alternatively available as README.md markdown document). The documentation is also linked from the desktop. Additional information about the VM image is available in the accompanying text document (cav18-SymbolicLivenessAnalysis.txt). Project Repository https://github.com/COMSYS/SymbolicLivenessAnalysis
doi:10.5281/zenodo.5771192 fatcat:swjizh2hkveenfqyr75yibsksq

Scalable Symbolic Execution of Distributed Systems

Raimondas Sasnauskas, Oscar Soria Dustmann, Benjamin Lucien Kaminski, Klaus Wehrle, Carsten Weise, Stefan Kowalewski
2011 2011 31st International Conference on Distributed Computing Systems  
Recent advances in symbolic execution have proposed a number of promising solutions to automatically achieve high-coverage and explore non-determinism during testing. This attractive testing technique of unmodified software assists developers with concrete inputs and deterministic schedules to analyze erroneous program paths. Being able to handle complex systems' software, these tools only consider single software instances and not their distributed execution which forms the core of distributed
more » ... systems. The step to symbolic distributed execution is however steep, posing two core challenges: (1) additional state growth and (2) the state intra-dependencies resulting from communication. In this paper, we present SDE-a novel approach enabling scalable symbolic execution of distributed systems. The key contribution of our work is two-fold. First, we generalize the problem space of SDE and develop an algorithm significantly eliminating redundant states during testing. The key idea is to benefit from the nodes' local communication minimizing the number of states representing the distributed execution. Second, we demonstrate the practical applicability of SDE in testing with three sensornet scenarios running Contiki OS.
doi:10.1109/icdcs.2011.28 dblp:conf/icdcs/SasnauskasDKWWK11 fatcat:dqjzcaisfbb4pctph5wvvx5sti

Symbolic System Time in Distributed Systems Testing

Oscar Soria Dustmann, Raimondas Sasnauskas, Klaus Wehrle
2012 2012 IEEE Fifth International Conference on Software Testing, Verification and Validation  
We propose an extension of symbolic execution of distributed systems to test software parts related to timing. Currently, the execution model is limited to symbolic input for individual nodes, not capturing the important class of timing errors resulting from varying network conditions. In this paper, we introduce symbolic system time in order to systematically find timing-related bugs in distributed systems. Instead of executing time events at a concrete time, we execute them at a set of times
more » ... nd analyse possible event interleavings on demand. We detail on the resulting problem space, discuss possible algorithmic optimisations, and highlight our future research directions.
doi:10.1109/icst.2012.193 dblp:conf/icst/DustmannSW12 fatcat:4t2qax2blrhjpbuqicbcodrvvy

PARTI: a multi-interval theory solver for symbolic execution

Oscar Soria Dustmann, Klaus Wehrle, Cristian Cadar
2018 Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering - ASE 2018  
Symbolic execution is an effective program analysis technique whose scalability largely depends on the ability to quickly solve large numbers of first-order logic queries. We propose an effective general technique for speeding up the solving of queries in the theory of arrays and bit-vectors with a specific structure, while otherwise falling back to a complete solver. The technique has two stages: a learning stage that determines the solution sets of each symbolic variable, and a decision stage
more » ... that uses this information to quickly determine the satisfiability of certain types of queries. The main challenges involve deciding which operators to support and precisely dealing with integer type casts and arithmetic underflow and overflow. We implemented this technique in an incomplete solver called PARTI ("PARtial Theory solver for Intervals"), directly integrating it into the popular KLEE symbolic execution engine. We applied KLEE with PARTI and a state-of-the-art SMT solver to synthetic and real-world benchmarks. We found that PARTI practically does not hurt performance while many times achieving order-of-magnitude speedups. CCS CONCEPTS • Theory of computation → Constraint and logic programming; • Software and its engineering → Software testing and debugging;
doi:10.1145/3238147.3238179 dblp:conf/kbse/DustmannWC18 fatcat:csy3jclrubb7to5xy6givk7eom

Integrating symbolic execution with sensornet simulation for efficient bug finding

Fredrik Österlind, Adam Dunkels, Raimondas Sasnauskas, Oscar Soria Dustmann, Klaus Wehrle
2010 Proceedings of the 8th ACM Conference on Embedded Networked Sensor Systems - SenSys '10  
High-coverage testing of sensornet applications is vital for pre-deployment bug cleansing, but has previously been difficult due to the limited set of available tools. We integrate the KleeNet symbolic execution engine with the COOJA network simulator to allow for straight-forward and intuitive high-coverage testing initiated from a simulation environment. A tight coupling of simulation and testing helps detect, narrow down, and fix complex interaction bugs in an early development phase. We
more » ... nstrate the seamless transition between COOJA simulation and KleeNet symbolic execution. Our framework enables future research in how highcoverage testing tools could be used in cooperation with simulation tools.
doi:10.1145/1869983.1870034 dblp:conf/sensys/OsterlindDSDW10 fatcat:72azuy7invgf3p7hxvz6cehmzm

Masthead

2012 PIK - Praxis der Informationsverarbeitung und Kommunikation  
Soria Dustmann Effizientes Auffinden von Fehlern in Verteilten Systemen mit Symbolischer Ausführung 289 Alois Potton Das Review 309  ...  von Suchodoletz A Practical Approach to System Preservation Workflows 269 Beiträge von KuVS Preisträgern Ralph Lange Scalable Management of Trajectories and Context Model Descriptions 281 Oscar  ... 
doi:10.1515/pik-2012-masthead4 fatcat:jfftzrgtszajvn3ckvif54ljmi

Estimating the number of remaining links in traceability recovery

Davide Falessi, Massimiliano Di Penta, Gerardo Canfora, Giovanni Cantone
2016 Empirical Software Engineering  
Soria Dustmann, Klaus Wehrle, and Cristian Cadar -RWTH Aachen University, Germany; Imperial College London, UK . .  ...  Presenters: Benoit Baudry, Vincent Massol, and Oscar Luis Vera Pérez. • Re-Engineering Software Variability into Software Product Lines.  ... 
doi:10.1007/s10664-016-9460-6 fatcat:zwg7g4zphrb5tfro767hu2oc5m

Report from Dagstuhl Seminar 14442 Symbolic Execution and Constraint Solving

Cristian Cadar, Vijay Ganesh, Raimondas Sasnauskas, Koushik Sen
unpublished
(RWTH Aachen University, DE)Creative Commons BY 3.0 Unported license © Oscar Soria Dustmann License Willem Visser (Stellenbosch University -Matieland, ZA) Creative Commons BY 3.0 Unported license  ...  Joint work of Hillery, Ben; Mercer, Eric; Rungta, Neha; Person, Suzette Neha Rungta (NASA -Moffett Field, US) License Creative Commons BY 3.0 Unported license © Neha Rungta Oscar Soria Dustmann  ... 
fatcat:gcfdyfgmf5hrremjjwd2buskvy

Integration testing of protocol implementations using symbolic distributed execution

Raimondas Sasnauskas, Philipp Kaiser, Russ Lucas Jukic, Klaus Wehrle
2012 2012 20th IEEE International Conference on Network Protocols (ICNP)  
We also thank Vitaly Chipounov and Oscar Soria Dustmann for helping us to improve the quality of the paper. This work is partly supported by DFG UMIC research cluster of RWTH Aachen University.  ... 
doi:10.1109/icnp.2012.6459940 dblp:conf/icnp/SasnauskasKJW12 fatcat:amcerirhqfcjnhgp3ocx4rehym

Covrig: a framework for the analysis of code, test, and coverage evolution in real software

Paul Marinescu, Petr Hosek, Cristian Cadar
2014 Proceedings of the 2014 International Symposium on Software Testing and Analysis - ISSTA 2014  
ACKNOWLEDGEMENTS We thank our anonymous reviewers for their constructive comments, and Oscar Soria Dustmann and Hristina Palikareva for their careful proofreading of the text.  ... 
doi:10.1145/2610384.2610419 dblp:conf/issta/MarinescuHC14 fatcat:pabsfaoydbg4jbrt6as7msiwf4

Globalizing Domain-Specific Languages (Dagstuhl Seminar 14412) Optimal Algorithms and Proofs (Dagstuhl Seminar 14421) Modeling, Verification, and Control of Complex Systems for Energy Networks (Dagstuhl Seminar 14441) Symbolic Execution and Constraint Solving (Dagstuhl Seminar 14442)

Luc De Raedt, Siegfried Nijssen, Barry O'sullivan, Michele, Betty Cheng, Benoit Combemale, Robert France, Jean-Marc Jézéquel, Bernhard Rumpe, Olaf Beyersdorff, Edward Hirsch, Jan Krajíček (+9 others)
2014 Constraints   unpublished
Soria Dustmann (RWTH Aachen University, DE)Creative Commons BY 3.0 Unported license © Oscar Soria Dustmann License 4 4 1 1 4 4 1 1 4 4 1 1 4 4 1 1 -Constraints, Optimization  ...  Soria Dustmann . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110 Symbolic Execution and Model Counting Willem Visser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  ... 
fatcat:zxrfsk6qcjharpg4vb5hosp4bu