optimizing constraint solving to better support symbolic
play

Optimizing Constraint Solving to Better Support Symbolic Execution - PowerPoint PPT Presentation

May 21, 2023 •147 likes •1.07k views

Optimizing Constraint Solving to Better Support Symbolic Execution Ikpeme Erete and Alessandro Orso School of Computer Science College of Computing Georgia Institute of Technology Partially supported by : NSF, IBM, and MSR Background:

  1. Optimizing Constraint Solving to Better Support Symbolic Execution Ikpeme Erete and Alessandro Orso School of Computer Science – College of Computing Georgia Institute of Technology Partially supported by : NSF, IBM, and MSR

  2. Background: Dynamic Symbolic Execution Inputs: a=4, b= 5, c=6, d=1 01. foo(int a, int b, int c, int d) { 02. if (c > a) Executed branches: 03. int e=d+10 04. if (b > 5) 05. // do something Symbolic state: 06. else if (a < e) 07. if (b < c) 08. // do something Path condition (PC): 09. else 10. // do something 11. else DSE: 12. // do something 13. return 14. }

  3. Background: Dynamic Symbolic Execution Inputs: a=4, b= 5, c=6, d=1 01. foo(int a, int b, int c, int d) { 02. if (c > a) Executed branches: 03. int e=d+10 04. if (b > 5) 05. // do something Symbolic state: 06. else if (a < e) a=a 0 , b=b 0 , c=c 0 , d=d 0 07. if (b < c) 08. // do something Path condition (PC): 09. else 10. // do something 11. else DSE: 12. // do something 13. return 14. }

  4. Background: Dynamic Symbolic Execution Inputs: a=4, b= 5, c=6, d=1 01. foo(int a, int b, int c, int d) { 02. if (c > a) Executed branches: 03. int e=d+10 04. if (b > 5) 05. // do something Symbolic state: 06. else if (a < e) a=a 0 , b=b 0 , c=c 0 , d=d 0 07. if (b < c) 08. // do something Path condition (PC): 09. else 10. // do something 11. else DSE: 12. // do something 13. return 14. }

  5. Background: Dynamic Symbolic Execution Inputs: a=4, b= 5, c=6, d=1 01. foo(int a, int b, int c, int d) { 02. if (c > a) 2T, Executed branches: 03. int e=d+10 04. if (b > 5) 05. // do something Symbolic state: 06. else if (a < e) a=a 0 , b=b 0 , c=c 0 , d=d 0 07. if (b < c) 08. // do something Path condition (PC): 09. else 10. // do something 11. else DSE: 12. // do something 13. return 14. }

  6. Background: Dynamic Symbolic Execution Inputs: a=4, b= 5, c=6, d=1 01. foo(int a, int b, int c, int d) { 02. if (c > a) 2T, Executed branches: 03. int e=d+10 04. if (b > 5) 05. // do something Symbolic state: 06. else if (a < e) a=a 0 , b=b 0 , c=c 0 , d=d 0 07. if (b < c) 08. // do something Path condition (PC): 09. else (c 0 > a 0 ) 10. // do something 11. else DSE: 12. // do something 13. return 14. }

  7. Background: Dynamic Symbolic Execution Inputs: a=4, b= 5, c=6, d=1 01. foo(int a, int b, int c, int d) { 02. if (c > a) 2T, Executed branches: 03. int e=d+10 04. if (b > 5) 05. // do something Symbolic state: 06. else if (a < e) a=a 0 , b=b 0 , c=c 0 , d=d 0 07. if (b < c) 08. // do something Path condition (PC): 09. else (c 0 > a 0 ) 10. // do something 11. else DSE: 12. // do something 13. return 14. }

  8. Background: Dynamic Symbolic Execution Inputs: a=4, b= 5, c=6, d=1 01. foo(int a, int b, int c, int d) { 02. if (c > a) 2T, Executed branches: 03. int e=d+10 04. if (b > 5) 05. // do something Symbolic state: 06. else if (a < e) a=a 0 , b=b 0 , c=c 0 , d=d 0 , e=d 0 +10 07. if (b < c) 08. // do something Path condition (PC): 09. else (c 0 > a 0 ) 10. // do something 11. else DSE: 12. // do something 13. return 14. }

  9. Background: Dynamic Symbolic Execution Inputs: a=4, b= 5, c=6, d=1 01. foo(int a, int b, int c, int d) { 02. if (c > a) 2T, Executed branches: 03. int e=d+10 04. if (b > 5) 05. // do something Symbolic state: 06. else if (a < e) a=a 0 , b=b 0 , c=c 0 , d=d 0 , e=d 0 +10 07. if (b < c) 08. // do something Path condition (PC): 09. else (c 0 > a 0 ) 10. // do something 11. else DSE: 12. // do something 13. return 14. }

  10. Background: Dynamic Symbolic Execution Inputs: a=4, b= 5, c=6, d=1 01. foo(int a, int b, int c, int d) { 02. if (c > a) 2T, 4F, Executed branches: 03. int e=d+10 04. if (b > 5) 05. // do something Symbolic state: 06. else if (a < e) a=a 0 , b=b 0 , c=c 0 , d=d 0 , e=d 0 +10 07. if (b < c) 08. // do something Path condition (PC): 09. else (c 0 > a 0 ) 10. // do something 11. else DSE: 12. // do something 13. return 14. }

  11. Background: Dynamic Symbolic Execution Inputs: a=4, b= 5, c=6, d=1 01. foo(int a, int b, int c, int d) { 02. if (c > a) 2T, 4F, Executed branches: 03. int e=d+10 04. if (b > 5) 05. // do something Symbolic state: 06. else if (a < e) a=a 0 , b=b 0 , c=c 0 , d=d 0 , e=d 0 +10 07. if (b < c) 08. // do something Path condition (PC): 09. else (c 0 > a 0 ) Λ (b 0 <= 5) 10. // do something 11. else DSE: 12. // do something 13. return 14. }

  12. Background: Dynamic Symbolic Execution Inputs: a=4, b= 5, c=6, d=1 01. foo(int a, int b, int c, int d) { 02. if (c > a) 2T, 4F, Executed branches: 03. int e=d+10 04. if (b > 5) 05. // do something Symbolic state: 06. else if (a < e) a=a 0 , b=b 0 , c=c 0 , d=d 0 , e=d 0 +10 07. if (b < c) 08. // do something Path condition (PC): 09. else (c 0 > a 0 ) Λ (b 0 <= 5) 10. // do something 11. else DSE: 12. // do something 13. return 14. }

  13. Background: Dynamic Symbolic Execution Inputs: a=4, b= 5, c=6, d=1 01. foo(int a, int b, int c, int d) { 02. if (c > a) 2T, 4F, 6T, Executed branches: 03. int e=d+10 04. if (b > 5) 05. // do something Symbolic state: 06. else if (a < e) a=a 0 , b=b 0 , c=c 0 , d=d 0 , e=d 0 +10 07. if (b < c) 08. // do something Path condition (PC): 09. else (c 0 > a 0 ) Λ (b 0 <= 5) 10. // do something 11. else DSE: 12. // do something 13. return 14. }

  14. Background: Dynamic Symbolic Execution Inputs: a=4, b= 5, c=6, d=1 01. foo(int a, int b, int c, int d) { 02. if (c > a) 2T, 4F, 6T, Executed branches: 03. int e=d+10 04. if (b > 5) 05. // do something Symbolic state: 06. else if (a < e) a=a 0 , b=b 0 , c=c 0 , d=d 0 , e=d 0 +10 07. if (b < c) 08. // do something Path condition (PC): 09. else (c 0 > a 0 ) Λ (b 0 <= 5) Λ (a 0 < d 0 + 10) 10. // do something 11. else DSE: 12. // do something 13. return 14. }

  15. Background: Dynamic Symbolic Execution Inputs: a=4, b= 5, c=6, d=1 01. foo(int a, int b, int c, int d) { 02. if (c > a) 2T, 4F, 6T, Executed branches: 03. int e=d+10 04. if (b > 5) 05. // do something Symbolic state: 06. else if (a < e) a=a 0 , b=b 0 , c=c 0 , d=d 0 , e=d 0 +10 07. if (b < c) 08. // do something Path condition (PC): 09. else (c 0 > a 0 ) Λ (b 0 <= 5) Λ (a 0 < d 0 + 10) 10. // do something 11. else DSE: 12. // do something 13. return 14. }

  16. Background: Dynamic Symbolic Execution Inputs: a=4, b= 5, c=6, d=1 01. foo(int a, int b, int c, int d) { 02. if (c > a) 2T, 4F, 6T, 7T Executed branches: 03. int e=d+10 04. if (b > 5) 05. // do something Symbolic state: 06. else if (a < e) a=a 0 , b=b 0 , c=c 0 , d=d 0 , e=d 0 +10 07. if (b < c) 08. // do something Path condition (PC): 09. else (c 0 > a 0 ) Λ (b 0 <= 5) Λ (a 0 < d 0 + 10) 10. // do something 11. else DSE: 12. // do something 13. return 14. }

  17. Background: Dynamic Symbolic Execution Inputs: a=4, b= 5, c=6, d=1 01. foo(int a, int b, int c, int d) { 02. if (c > a) 2T, 4F, 6T, 7T Executed branches: 03. int e=d+10 04. if (b > 5) 05. // do something Symbolic state: 06. else if (a < e) a=a 0 , b=b 0 , c=c 0 , d=d 0 , e=d 0 +10 07. if (b < c) 08. // do something Path condition (PC): 09. else (c 0 > a 0 ) Λ (b 0 <= 5) Λ (a 0 < d 0 + 10) Λ (b 0 < c 0 ) 10. // do something 11. else DSE: 12. // do something 13. return 14. }

  18. Background: Dynamic Symbolic Execution Inputs: a=4, b= 5, c=6, d=1 01. foo(int a, int b, int c, int d) { 02. if (c > a) 2T, 4F, 6T, 7T Executed branches: 03. int e=d+10 04. if (b > 5) 05. // do something Symbolic state: 06. else if (a < e) a=a 0 , b=b 0 , c=c 0 , d=d 0 , e=d 0 +10 07. if (b < c) 08. // do something Path condition (PC): 09. else (c 0 > a 0 ) Λ (b 0 <= 5) Λ (a 0 < d 0 + 10) Λ (b 0 < c 0 ) 10. // do something 11. else DSE: 12. // do something 13. return 14. }

  19. Background: Dynamic Symbolic Execution Inputs: a=4, b= 5, c=6, d=1 01. foo(int a, int b, int c, int d) { 02. if (c > a) 2T, 4F, 6T, 7T Executed branches: 03. int e=d+10 04. if (b > 5) 05. // do something Symbolic state: 06. else if (a < e) a=a 0 , b=b 0 , c=c 0 , d=d 0 , e=d 0 +10 07. if (b < c) 08. // do something Path condition (PC): 09. else (c 0 > a 0 ) Λ (b 0 <= 5) Λ (a 0 < d 0 + 10) Λ (b 0 < c 0 ) 10. // do something 11. else DSE: 12. // do something 13. return 14. }

Recommend

Constraint Solving in Symbolic Execution Cristian Cadar Department of Computing Imperial College

Constraint Solving in Symbolic Execution Cristian Cadar Department of Computing Imperial College

Constraint Solving in Symbolic Execution Cristian Cadar Department of Computing Imperial College London Invited talk at SMT 2015 18 July, San Francisco, CA, USA Dynamic Symbolic Execution Dynamic symbolic execution is a technique for

660 views • 53 slides
Solving Constraint Satisfaction Problems: Arc Consistency and Constraint Propagation Brian

Solving Constraint Satisfaction Problems: Arc Consistency and Constraint Propagation Brian

Solving Constraint Satisfaction Problems: Arc Consistency and Constraint Propagation Brian Williams 16.410 - 13 September 29 th , 2003 Slides adapted from: 6.034 Tomas Lozano Perez and AIMA Stuart Russell &amp; Peter Norvig 1 1 Outline

464 views • 18 slides
Using Interval Constraint Propagation for Pseudo- Boolean Constraint Solving

Using Interval Constraint Propagation for Pseudo- Boolean Constraint Solving

Using Interval Constraint Propagation for Pseudo- Boolean Constraint Solving Albert-Ludwigs-Universitt Freiburg Karsten Scheibler, Bernd Becker Chair of Computer Architecture FMCAD 2014 PB Constraints PB Constraints: 2 x 1 + 4 x 2 + x 3

1.12k views • 23 slides
Symbolic Verification in Synchronous Constraint Programming (Work in progress) Synchronous

Symbolic Verification in Synchronous Constraint Programming (Work in progress) Synchronous

Symbolic Verification in Synchronous Constraint Programming (Work in progress) Synchronous workshop 2003 Christophe Mauras Christophe.Mauras@univ-nantes.fr Irin/Universit e de Nantes Overview From Symbolic Simulation to Constraint

388 views • 19 slides
Solving Sudoku Puzzles Constraint propagation, Graph traversal, and Backtracking Constraint

Solving Sudoku Puzzles Constraint propagation, Graph traversal, and Backtracking Constraint

Solving Sudoku Puzzles Constraint propagation, Graph traversal, and Backtracking Constraint Satisfaction Given some constraints, can I find a solution? e.g. Given the contents of my fridge, is there a nutritious dinner to be made?

790 views • 13 slides
Solving Mazes Constraint propagation, Graph traversal, and Backtracking Constraint Satisfaction

Solving Mazes Constraint propagation, Graph traversal, and Backtracking Constraint Satisfaction

Solving Mazes Constraint propagation, Graph traversal, and Backtracking Constraint Satisfaction Given some constraints, can I find a solution? e.g. Given the contents of my fridge, is there a nutritious dinner to be made? e.g. Can we

487 views • 14 slides
A Constraint-Solving Approach to Faust Program Type Checking Constraint Programming Meets

A Constraint-Solving Approach to Faust Program Type Checking Constraint Programming Meets

A Constraint-Solving Approach to Faust Program Type Checking Constraint Programming Meets Verification 2014 Workhsop Imr Frotier de la Messelire 1 , Pierre Jouvelot 1 , Jean-Pierre Talpin 2 1 MINES ParisTech, PSL Research University 2 INRIA

620 views • 26 slides
FINITE DOMAIN Constraint / Bits PROBLEM SOLVING relation lost Large CNF Problem

FINITE DOMAIN Constraint / Bits PROBLEM SOLVING relation lost Large CNF Problem

FINITE DOMAIN Constraint / Bits PROBLEM SOLVING relation lost Large CNF Problem Constraint Model Encoding CNF (hard) Model CSP solving SAT solving Direct Model Satisfied Solution Decoding Translate Solution assignment

218 views • 20 slides
MODELLING AND SOLVING SCHEDULING PROBLEMS USING CONSTRAINT PROGRAMMING CONSTRAINT PROGRAMMING Two

MODELLING AND SOLVING SCHEDULING PROBLEMS USING CONSTRAINT PROGRAMMING CONSTRAINT PROGRAMMING Two

Roman Bartk (Charles University in Prague, Czech Republic) y g p MODELLING AND SOLVING SCHEDULING PROBLEMS USING CONSTRAINT PROGRAMMING CONSTRAINT PROGRAMMING Two worlds Two worlds planning vs. scheduling planning is about finding

189 views • 15 slides
Constraint Solving via Fractional Edge Covers Martin Grohe and D aniel Marx

Constraint Solving via Fractional Edge Covers Martin Grohe and D aniel Marx

Constraint Solving via Fractional Edge Covers Martin Grohe and D aniel Marx Humboldt-Universit at zu Berlin Institut f ur Informatik Symposium on Discrete Algorithms (SODA) 2006 January 22, 2006 Constraint Solving via Fractional Edge

1.51k views • 30 slides
Introduction to Constraint Programming Combinatorial Problem Solving (CPS) Enric Rodr

Introduction to Constraint Programming Combinatorial Problem Solving (CPS) Enric Rodr

Introduction to Constraint Programming Combinatorial Problem Solving (CPS) Enric Rodr guez-Carbonell (based on materials by Javier Larrosa) February 11, 2020 Constraint Satisfaction Problem A constraint satisfaction problem (CSP) is a

940 views • 34 slides
Constraint Solving via Fractional Edge Covers D aniel Marx Joint work with Martin Grohe

Constraint Solving via Fractional Edge Covers D aniel Marx Joint work with Martin Grohe

Constraint Solving via Fractional Edge Covers D aniel Marx Joint work with Martin Grohe Humboldt-Universit at zu Berlin Institut f ur Informatik MathCSP Workshop March 22, 2006, Oxford Constraint Solving via Fractional Edge Covers

963 views • 48 slides
Tutorial on Gecode Constraint Programming Combinatorial Problem Solving (CPS) Enric Rodr

Tutorial on Gecode Constraint Programming Combinatorial Problem Solving (CPS) Enric Rodr

Tutorial on Gecode Constraint Programming Combinatorial Problem Solving (CPS) Enric Rodr guez-Carbonell March 3, 2020 Gecode Gecode is environment for developing constraint-programming based progs open source: extensible, easily

595 views • 44 slides
Outline What is a Constraint ? What is a Global Constraint ? Examples of Global

Outline What is a Constraint ? What is a Global Constraint ? Examples of Global

I nterest of Global Constraints for Modeling and Solving Eric Bourreau, Franois Laburthe BOUYGUES e lab St-Quentin-en-Yvelines - FRANCE { ebourrea;flaburth} @challenger.bouygues.fr 1 Outline What is a Constraint ? What is a

492 views • 8 slides
Enhancing Reuse of Constraint Solutions to Improve Symbolic Execution Xiangyang Jia (Wuhan

Enhancing Reuse of Constraint Solutions to Improve Symbolic Execution Xiangyang Jia (Wuhan

Enhancing Reuse of Constraint Solutions to Improve Symbolic Execution Xiangyang Jia (Wuhan University) Carlo Ghezzi (Politecnico di Milano) Shi Ying (Wuhan University) Outline Motivation Logical Basis of our Approach GreenTrie

589 views • 36 slides
Side Channel Analysis Using a Model Counting Constraint Solver and Symbolic Execution Tevfik

Side Channel Analysis Using a Model Counting Constraint Solver and Symbolic Execution Tevfik

Side Channel Analysis Using a Model Counting Constraint Solver and Symbolic Execution Tevfik Bultan Computer Science Department University of California, Santa Barbara (UCSB) Joint work with: Abdulbaki Aydin, Lucas Bang, UCSB Corina

1.1k views • 91 slides
A GPU Implementation of Large Neighborhood Search for Solving Constraint Optimization Problems .

A GPU Implementation of Large Neighborhood Search for Solving Constraint Optimization Problems .

A GPU Implementation of Large Neighborhood Search for Solving Constraint Optimization Problems . Campeotto 1 , 2 A. Dovier 1 . Fioretto 1 , 2 E. Pontelli 2 F F 1. Univ. of Udine 2. New Mexico State University Prague, August 22nd, 2014 F.

837 views • 40 slides
Exploring the Use of GPUs in Constraint Solving A Preliminary Investigation Federico Campeotto 1 ,

Exploring the Use of GPUs in Constraint Solving A Preliminary Investigation Federico Campeotto 1 ,

Exploring the Use of GPUs in Constraint Solving A Preliminary Investigation Federico Campeotto 1 , 2 Alessandro Dal Pal` u 3 Agostino Dovier 1 Ferdinando Fioretto 1 , 2 Enrico Pontelli 2 1. Universit` a di Udine 2. New Mexico State University

797 views • 42 slides
Solving Constraint Satisfaction Problems (CSPs) using Search CPSC 322 CSP 2 Textbook Poole and

Solving Constraint Satisfaction Problems (CSPs) using Search CPSC 322 CSP 2 Textbook Poole and

Solving Constraint Satisfaction Problems (CSPs) using Search CPSC 322 CSP 2 Textbook Poole and Mackworth: Sections 4.3-4.4 Lecturer: Alan Mackworth October 1, 2012 Lecture Overview Constraint Satisfaction Problems (CSPs): Definition

415 views • 38 slides
Wrapping up CP course, lecture 11 Constraint programming is a problem-solving technique for

Wrapping up CP course, lecture 11 Constraint programming is a problem-solving technique for

Wrapping up CP course, lecture 11 Constraint programming is a problem-solving technique for combinatorial problems that works by incorporating constraints into a programming environment. (after Apt 2003) S E N D + M O R E M O N E Y

812 views • 36 slides
Re Relational Con Constraint So Solving ng in in SMT SMT Paul Meng , Andrew Reynolds, Cesare

Re Relational Con Constraint So Solving ng in in SMT SMT Paul Meng , Andrew Reynolds, Cesare

Re Relational Con Constraint So Solving ng in in SMT SMT Paul Meng , Andrew Reynolds, Cesare Tinelli, Clark Barrett Midwest Verification Day September 2018 Re Relational Re Reasoning Many problems can be modeled relationally

750 views • 53 slides
Solving Very Hard Problems: Cube-and-Conquer, a Hybrid SAT Solving Method Marijn J.H. Heule

Solving Very Hard Problems: Cube-and-Conquer, a Hybrid SAT Solving Method Marijn J.H. Heule

Solving Very Hard Problems: Cube-and-Conquer, a Hybrid SAT Solving Method Marijn J.H. Heule Joint work with Armin Biere, Oliver Kullmann, and Victor W. Marek Parallel Constraint Reasoning August 6, 2017 1/19 Satisfiability (SAT) Solving Has

463 views • 31 slides
Real-time constraint solving (with OptaPlanner) by Geoffrey De Smet OptaPlanner lead A

Real-time constraint solving (with OptaPlanner) by Geoffrey De Smet OptaPlanner lead A

Real-time constraint solving (with OptaPlanner) by Geoffrey De Smet OptaPlanner lead A dierent kind of decisions? Find optimal solution and scale out for an NP-complete problem? Is P = NP? Unresolved since 1971 1 000 000 $ reward since

576 views • 32 slides
Chapter 1: Constraints What are they, what do they do and what can I use them for. 1

Chapter 1: Constraints What are they, what do they do and what can I use them for. 1

Constraint Logic Programming Chapter 1: Constraints What are they, what do they do and what can I use them for. 1 Constraints What are constraints? Modelling problems Constraint solving Tree constraints Other constraint

205 views • 19 slides

More recommend