a symbolic execution based approach to model
play

A Symbolic Execution-Based Approach to Model Transformation - PowerPoint PPT Presentation

Dec 04, 2022 •16 likes •386 views

A Symbolic Execution-Based Approach to Model Transformation Verification using Structural Contracts Bentley James Oakes McGill University bentley.oakes@mail.mcgill.ca September 4, 2018 1 Introduction 2 Formalization of DSLTrans 3

  1. A Symbolic Execution-Based Approach to Model Transformation Verification using Structural Contracts Bentley James Oakes McGill University bentley.oakes@mail.mcgill.ca September 4, 2018

  2. 1 Introduction 2 Formalization of DSLTrans 3 Transformation Verification using Contracts 4 SyVOLT Tool 5 Conclusion B. Oakes Model Trans. Verification 2 / 37

  3. Outline 1 Introduction 2 Formalization of DSLTrans 3 Transformation Verification using Contracts 4 SyVOLT Tool 5 Conclusion B. Oakes Model Trans. Verification 3 / 37

  4. Motivation Model-driven engineering is crucial for creating and understanding complex systems Goal: Build a model of a system in the most appropriate language(s) for multiple stakeholders Example: A model for simulation/code synthesis/safety analysis of a nuclear reactor (Van Mierlo 2017) Concepts include tanks, pipes, water level, pressure Human-readable, activities possible through model transformation B. Oakes Model Trans. Verification 4 / 37

  5. Model Transformations Problem: Want to have a structured and understandable way to modify/translate/simulate models Solution: Use model transformations , which are composed of rules to manipulate model elements Rules are executed in a particular schedule, and match elements in the input model to produce elements in the output model Issue: Difficult to understand interactions of rules from examining a transformation B. Oakes Model Trans. Verification 5 / 37

  6. Contract Proving Technique Problem: Want to understand how an input model to the transformation relates to the corresponding output model Solution: Verify pre-/post-condition patterns ( structural contracts ) which guarantee relations and traceability between elements if the contract is satisfied “A Family with a father , mother , son and daughter should always produce two Man and two Woman elements connected to a Community .” Result: Combinations of rules where the contract is satisfied , and combinations where the contract is not satisfied Allows the user to better understand the behaviour of the transformation B. Oakes Model Trans. Verification 6 / 37

  7. Research Questions Five research questions answered by the thesis and this presentation: Formalization of DSLTrans transformation language RQ1) How can the DSLTrans language be precisely formalized? Transformation verification using contracts RQ2) How can the infinite execution possibilities of a DSLTrans transformation be represented in an explicit finite set? RQ3) a) How can contracts be proved to be satisfied or non-satisfied on these representations? b) When not satisfied, how do the counter-examples relate to the transformation? Development of the SyVOLT proving tool RQ4) What is the design and work-flow of a contract verification tool? RQ5) What are techniques for improving the scalability of the verification tool? B. Oakes Model Trans. Verification 7 / 37

  8. Outline 1 Introduction 2 Formalization of DSLTrans 3 Transformation Verification using Contracts 4 SyVOLT Tool 5 Conclusion B. Oakes Model Trans. Verification 8 / 37

  9. DSLTrans Overview DSLTrans transformation language was conceived by Barroca et al. (2011), so not a contribution of the thesis Intent was to create a language of limited expressiveness, so that by construction each transformation terminates and is confluent (rules cannot conflict) Rules in DSLTrans are scheduled in layers . Rules are fully applied in one layer before moving on Layered nature crucial for understandability and analysability Rules provide traceability links , to record how elements were built B. Oakes Model Trans. Verification 9 / 37

  10. DSLTrans Semantics Problem: Not all constructs of DSLTrans were formally specified Behaviour defined by implementation Solution: Describe semantics of DSLTrans in a widely-used model transformation formalization Double-pushout approach answers RQ1) How can the DSLTrans language be precisely formalized? Reasons for selecting the double-pushout approach: Provides elegant (and most appropriate) explanation Aligns semantics with other transformation languages Provides rigour for DSLTrans usability and analysability B. Oakes Model Trans. Verification 10 / 37

  11. Rule Matcher and Rewriter The double-pushout approach divides the application of a rule into the matching and rewriting stages Consider a rule which: Matches on a model with a diamond and a circle Replaces the circle with a rounded square Pre-condition/Matcher / LHS Post-condition/Rewriter / RHS B. Oakes Model Trans. Verification 11 / 37

  12. Double-Pushout Approach Arrows are morphisms between components, providing mappings of nodes and edges Element creation is performed through matching and the union operator, termed push-outs B. Oakes Model Trans. Verification 12 / 37

  13. Mass Productions Double-pushout approach allows the creation of elegant mass productions Technique: Combine the matchers and rewriters of multiple rules l k r k l 1 r 1 p 1 : L 1 − K 1 → R 1 p k : L k − K k → R k ← − ← − in 1 . . . in 1 in k R in 1 in k K L L R in k K l r L = L 1 + . . . + L k K = K 1 + . . . + K k R = R 1 + . . . + R k Allows for all rules in a layer to be applied at once, ensuring they cannot interfere with each other B. Oakes Model Trans. Verification 13 / 37

  14. Formalization Contributions Precise semantics provided for all DSLTrans constructs in the double-pushout approach Examination of termination and confluence properties B. Oakes Model Trans. Verification 14 / 37

  15. Outline 1 Introduction 2 Formalization of DSLTrans 3 Transformation Verification using Contracts 4 SyVOLT Tool 5 Conclusion B. Oakes Model Trans. Verification 15 / 37

  16. Contract Proving Results Verification results indicate which combinations of rules ( path conditions ) satisfy or do not satisfy each contract Allows the user to better understand transformation behaviour Reality: Contract should fail, as a rule exists in the transformation such that SpecialFacilities can also be produced Contract: Verification results: a) Name: Neg_SchoolOrdFac Num Succeeded Path Conditions: 6 Num Failed Path Conditions: 3 b) Explaining contract result: Good rules: (Rules in success set and not failure set) dfacilities...OrdinaryFacilityPerson Bad rules: (Rules common to all in failure set) dfacilities...SpecialFacilityPerson “A School will always produce an OrdinaryFacility ” Answers RQ3 b) When not satisfied, how do the counter-examples relate to the transformation? B. Oakes Model Trans. Verification 16 / 37

  17. Path Conditions Contract proof is performed on path conditions , which represent valid combinations of rule applications Record element presence when rules apply First step is to build the path conditions, then the second step is to match the contract onto the path conditions Example: This path condition represents the application of four rules, where each rule has applied at least once Through a formalized abstraction relation , this path condition represents an infinite set of transformation executions Abstracts over rule application multiplicity and element overlap A set of path conditions answers RQ2: How can the infinite execution possibilities of a DSLTrans transformation be represented in an explicit finite set? B. Oakes Model Trans. Verification 17 / 37

  18. Step 1 - Symbolic Execution Path conditions are produced through a symbolic execution of the transformation’s rules, layer-by-layer Rules are classified depending on combination with the path condition Combining the rules and path condition creates new path conditions Final set of path conditions represents all valid transformation executions B. Oakes Model Trans. Verification 18 / 37

  19. Step 2 - Contract Matching After path condition generation, the elements in the contracts are matched against the path conditions to determine contract satisfaction Answers RQ3: a) How can contracts be proven to be sat Issue: In path conditions, unknown whether rule elements overlap or not Major contribution is the “split” morphism for matching contracts and path conditions Allows one contract element to match over multiple path condition elements B. Oakes Model Trans. Verification 19 / 37

  20. Contract Proving Contributions Detailed procedure for building the set of path conditions Technique for matching contracts onto path conditions to determine counter-examples Precise definition for validity of proof result Results of proof on path conditions is related to proof on abstracted transformation executions B. Oakes Model Trans. Verification 20 / 37

  21. Outline 1 Introduction 2 Formalization of DSLTrans 3 Transformation Verification using Contracts 4 SyVOLT Tool 5 Conclusion B. Oakes Model Trans. Verification 21 / 37

  22. SyVOLT Architecture SyVOLT is a tool for contract verification of DSLTrans transformations Major contribution of thesis is on efficiency and applicability to industrial-sized transformations FTG-PM presented answers RQ4) What is the design and work-flow of a contract verification tool? B. Oakes Model Trans. Verification 22 / 37

  23. Efficiency Techniques Thesis presents five case studies ranging from 7 rules to 46 rules To improve the scalability of the tool, three efficiency techniques are presented: Parallelization Slicing Pruning Answers RQ5) What are techniques for improving the scalability of the verification tool? B. Oakes Model Trans. Verification 23 / 37

Recommend

Symbolic Execution: Applications Symbolic execution is widely used in practice. Tools based on

Symbolic Execution: Applications Symbolic execution is widely used in practice. Tools based on

Symbolic Execution: Applications Symbolic execution is widely used in practice. Tools based on symbolic execution have found serious errors and security vulnerabilities in various systems: Network servers File systems Device drivers

733 views • 40 slides
Symbolic execution for binary-level security / 50 3 A number of shades of symbolic execution /

Symbolic execution for binary-level security / 50 3 A number of shades of symbolic execution /

Symbolic execution for binary-level security / 50 3 A number of shades of symbolic execution / / Sbastien Bardin & Richard Bonichon 20180409 CEA LIST 1 1,1,L Model Source qb int foo (int t ) { 0,1,L 0,1,L int y = t * t - 4 * t ;

567 views • 34 slides
Symbolic Execution of Linux binaries About Symbolic Execution Dynamically explore all

Symbolic Execution of Linux binaries About Symbolic Execution Dynamically explore all

A tool for the Symbolic Execution of Linux binaries About Symbolic Execution Dynamically explore all program branches. Inputs are considered symbolic variables. Symbols remain uninstantiated and become constrained at execution

451 views • 24 slides
Symbolic execution as search, and the rise of solvers Search and SMT Symbolic execution is

Symbolic execution as search, and the rise of solvers Search and SMT Symbolic execution is

Symbolic execution as search, and the rise of solvers Search and SMT Symbolic execution is appealingly simple and useful , but computationally expensive ! We will see how the effective use of symbolic execution boils down to a kind of

494 views • 24 slides
Symbolic Execution Emina Torlak emina@cs.washington.edu Outline What is symbolic execution?

Symbolic Execution Emina Torlak emina@cs.washington.edu Outline What is symbolic execution?

CSE 403: Software Engineering, Winter 2016 courses.cs.washington.edu/courses/cse403/16wi/ Symbolic Execution Emina Torlak emina@cs.washington.edu Outline What is symbolic execution? How does it work? State-of-the-art tools 2

637 views • 34 slides
A Visual Approach to Symbolic Execution Nick Pfister - Astrophysics Mentors: Fish Wang,

A Visual Approach to Symbolic Execution Nick Pfister - Astrophysics Mentors: Fish Wang,

A Visual Approach to Symbolic Execution Nick Pfister - Astrophysics Mentors: Fish Wang, Christophe Hauser, Yan Shoshitaishvili Faculty Adviser: Christopher Kruegel Department of Computer Science Our safety depends on software! What happens if

468 views • 16 slides
Demo Symbolic Execution Probabilistic Symbolic Execution (Materials kindly provided by Willem

Demo Symbolic Execution Probabilistic Symbolic Execution (Materials kindly provided by Willem

Demo Symbolic Execution Probabilistic Symbolic Execution (Materials kindly provided by Willem Visser) Docker Image Install Docker Download: https://docs.docker.com/engine/installation/ Check: docker --version

446 views • 10 slides
Learning to Fuzz from Symbolic Execution with Application to Smart Contracts Jingxuan Mislav

Learning to Fuzz from Symbolic Execution with Application to Smart Contracts Jingxuan Mislav

Learning to Fuzz from Symbolic Execution with Application to Smart Contracts Jingxuan Mislav Nodar Petar Martin He Balunovic Ambroladze Tsankov Vechev Random Fuzzing vs. Symbolic Execution Random Fuzzing Symbolic Execution Fast Slow

633 views • 29 slides
Constraint Solving in Symbolic Execution Cristian Cadar Department of Computing Imperial College

Constraint Solving in Symbolic Execution Cristian Cadar Department of Computing Imperial College

Constraint Solving in Symbolic Execution Cristian Cadar Department of Computing Imperial College London Invited talk at SMT 2015 18 July, San Francisco, CA, USA Dynamic Symbolic Execution Dynamic symbolic execution is a technique for

660 views • 53 slides
Symbolic Execution Builds predicates that characterize Conditions for executing paths

Symbolic Execution Builds predicates that characterize Conditions for executing paths

Symbolic Execution Builds predicates that characterize Conditions for executing paths Symbolic Execution and Proof of Effects of the execution on program state Properties Bridges program behavior to logic Finds important

309 views • 6 slides
Symbolic Execution of Maintainer Scripts Nicolas Jeannerod and Ralf Treinen joint work with

Symbolic Execution of Maintainer Scripts Nicolas Jeannerod and Ralf Treinen joint work with

Introduction Symbolic Execution of Scripts Symbolic Execution of Maintainer Scripts Demo Time Detected Bugs Conclusions App Symbolic Execution of Maintainer Scripts Nicolas Jeannerod and Ralf Treinen joint work with Benedikt Becker, Claude

1.71k views • 115 slides
Side Channel Analysis Using a Model Counting Constraint Solver and Symbolic Execution Tevfik

Side Channel Analysis Using a Model Counting Constraint Solver and Symbolic Execution Tevfik

Side Channel Analysis Using a Model Counting Constraint Solver and Symbolic Execution Tevfik Bultan Computer Science Department University of California, Santa Barbara (UCSB) Joint work with: Abdulbaki Aydin, Lucas Bang, UCSB Corina

1.1k views • 91 slides
An Introduction to Dynamic Symbolic Execution and the KLEE Infrastructure Cristian Cadar

An Introduction to Dynamic Symbolic Execution and the KLEE Infrastructure Cristian Cadar

An Introduction to Dynamic Symbolic Execution and the KLEE Infrastructure Cristian Cadar Department of Computing Imperial College London 14 th TAROT Summer School UCL, London, 3 July 2018 Dynamic Symbolic Execution Dynamic symbolic

856 views • 56 slides
Pending Constraints in Symbolic Execution for Better Exploration and Seeding Timotej Kapus Frank

Pending Constraints in Symbolic Execution for Better Exploration and Seeding Timotej Kapus Frank

Pending Constraints in Symbolic Execution for Better Exploration and Seeding Timotej Kapus Frank Busse Cristian Cadar Imperial College London 1 Symbolic Execution Program analysis technique Active research area Used in

1.04k views • 70 slides
Symbolic Execution of Security Protocol Impl.: Handling Cryptographic Primitives Mathy Vanhoef

Symbolic Execution of Security Protocol Impl.: Handling Cryptographic Primitives Mathy Vanhoef

Symbolic Execution of Security Protocol Impl.: Handling Cryptographic Primitives Mathy Vanhoef @vanhoefm USENIX WOOT, Baltimore, US, 14 August 2018 Overview Symbolic Execution 4-way handshake Handling Crypto Results 2 Overview Symbolic

446 views • 41 slides
Generating High Coverage Tests for SystemC Designs Using Symbolic Execution Bin Lin Department

Generating High Coverage Tests for SystemC Designs Using Symbolic Execution Bin Lin Department

Generating High Coverage Tests for SystemC Designs Using Symbolic Execution Bin Lin Department of Computer Science Portland State University 1 Agenda Introduction Related work and Background Our Approach Evaluation

717 views • 32 slides
Chapter 6 Symbolic execution Course Model checking Volker Stolz, Martin Steffen Autumn

Chapter 6 Symbolic execution Course Model checking Volker Stolz, Martin Steffen Autumn

Chapter 6 Symbolic execution Course Model checking Volker Stolz, Martin Steffen Autumn 2019 Section Targets Chapter 6 Symbolic execution Course Model checking Volker Stolz, Martin Steffen Autumn 2019 Chapter 6 Learning

621 views • 47 slides
Symbolic Evaluation/Execution Todays Reading Material L. A. Clarke and D. J. Richardson,

Symbolic Evaluation/Execution Todays Reading Material L. A. Clarke and D. J. Richardson,

Symbolic Evaluation/Execution Todays Reading Material L. A. Clarke and D. J. Richardson, "Applications of Symbolic Evaluation," Journal of Systems and Software, 5 (1), January 1985, pp.15-35. Symbolic Evaluation/Execution

1.07k views • 60 slides
Efficient Symbolic Execution for Software Testing Johannes Kinder Royal Holloway, University of

Efficient Symbolic Execution for Software Testing Johannes Kinder Royal Holloway, University of

Efficient Symbolic Execution for Software Testing Johannes Kinder Royal Holloway, University of London Joint work with: Stefan Bucur, George Candea, Volodymyr Kuznetsov @ EPFL Symbolic Execution Automatically explore program paths

2.34k views • 200 slides
Timotej Kapus Cristian Cadar Imperial College London 1 Symbolic Execution Program

Timotej Kapus Cristian Cadar Imperial College London 1 Symbolic Execution Program

Timotej Kapus Cristian Cadar Imperial College London 1 Symbolic Execution Program analysis technique Active research area Used in industry IntelliTest, SAGE Angr KLOVER 2 Why symbolic execution? No

916 views • 73 slides
Outline Static Analysis: Symbolic Execution and Inductive Verification Methods Overview TDDC90:

Outline Static Analysis: Symbolic Execution and Inductive Verification Methods Overview TDDC90:

Outline Static Analysis: Symbolic Execution and Inductive Verification Methods Overview TDDC90: Software Security Symbolic Execution Ahmed Rezine Hoare Triples and Deductive Reasoning IDA, Linkpings Universitet Hsttermin 2014 Static

373 views • 6 slides
Static Analysis: Symbolic Execution and Inductive Verification Methods TDDC90: Software Security

Static Analysis: Symbolic Execution and Inductive Verification Methods TDDC90: Software Security

Static Analysis: Symbolic Execution and Inductive Verification Methods TDDC90: Software Security Ahmed Rezine IDA, Linkpings Universitet Hsttermin 2020 Outline Overview Symbolic Execution Hoare Triples and Deductive Reasoning Outline

767 views • 33 slides
Enhancing Reuse of Constraint Solutions to Improve Symbolic Execution Xiangyang Jia (Wuhan

Enhancing Reuse of Constraint Solutions to Improve Symbolic Execution Xiangyang Jia (Wuhan

Enhancing Reuse of Constraint Solutions to Improve Symbolic Execution Xiangyang Jia (Wuhan University) Carlo Ghezzi (Politecnico di Milano) Shi Ying (Wuhan University) Outline Motivation Logical Basis of our Approach GreenTrie

589 views • 36 slides
Flip a bit, grab a key: Symbolic execution edition Jasper van Woudenberg @jzvw CTO Riscure

Flip a bit, grab a key: Symbolic execution edition Jasper van Woudenberg @jzvw CTO Riscure

Flip a bit, grab a key: Symbolic execution edition Jasper van Woudenberg @jzvw CTO Riscure North America public Concrete execution r1 = 0xBE; r2 = 0x08 mov r1,r2 add r1,0x10 r1 = 0x18; r2 = 0x08 public 2 Symbolic execution r1 = 0xBE;

470 views • 31 slides

More recommend