Proteus: computing disjunctive loop summary via path dependency analysis

@article{Xie2016ProteusCD,
  title={Proteus: computing disjunctive loop summary via path dependency analysis},
  author={Xiaofei Xie and Bihuan Chen and Yang Liu and Wei Le and Xiaohong Li},
  journal={Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering},
  year={2016}
}
  • Xiaofei Xie, Bihuan Chen, Xiaohong Li
  • Published 1 November 2016
  • Computer Science
  • Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering
Loops are challenging structures for program analysis, especially when loops contain multiple paths with complex interleaving executions among these paths. In this paper, we first propose a classification of multi-path loops to understand the complexity of the loop execution, which is based on the variable updates on the loop conditions and the execution order of the loop paths. Secondly, we propose a loop analysis framework, named Proteus, which takes a loop program and a set of variables of… 
View on ACM
dl.acm.org
33 Citations
Highly Influential Citations
2
Background Citations
15
Methods Citations
9
Results Citations
1

Figures and Tables from this paper

33 Citations

Citation Type

Citation Type

Automatic Loop Summarization via Path Dependency Analysis
TLDR
A loop analysis framework, named Proteus, which takes a loop program and a set of variables of interest as inputs and summarizes path-sensitive loop effects on the variables ofinterest, and can significantly outperform the state-of-the-art tools for loop program verification.
Loopster: static loop termination analysis
TLDR
A novel approach to decide the termination for loops based on path termination analysis and path dependency reasoning, named Loopster, which is effective in a majority of loops with better accuracy and 20 ×+ performance improvement compared to the state-of-the-art tools.
Inferring Loop Invariants for Multi-Path Loops
TLDR
This paper uses Path Dependency Automaton (PDA) to model loops and proposes an algorithm to infer state invariants of the PDA and construct loop invariants from state invariant, which is remarkably more effective and efficient than several state-of-the-art approaches, especially on loops with multiple paths.
Loop Path Reduction by State Pruning
  • Jianxiong Gao, S. Lumetta
  • Computer Science
    2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE)
  • 2018
TLDR
This paper proposes a new path exploration method that reduces the number of states needed to achieve high coverage by first prioritizing states, and then pruning the states that do not contribute to code coverage.
Dynamic Symbolic Execution with Descriptive and Prescriptive Relations
TLDR
This thesis proposes a conceptual framework for a comparative analysis of program analysis techniques, and uses it to define proposed techniques in this thesis to support Dynamic Symbolic Execution (DSE), and suggests enhancing fault detection effectiveness of DSE, in the context of functional testing, by using domain specific relations that prescribe how inputs and outputs should be related.
Static loop analysis and its applications
TLDR
In the research, a deep analysis is performed and a classification according to the complexity of the loops is proposed, and techniques for analyzing and summarizing different loops are proposed.
Static loop analysis and its applications
TLDR
In the research, a deep analysis is performed and a classification according to the complexity of the loops is proposed, and techniques for analyzing and summarizing different loops are proposed.
SymJEx: symbolic execution on the GraalVM
TLDR
This paper presents a novel symbolic execution engine called SymJEx, implemented on top of the multi-language Java Virtual Machine GraalVM, which uses the Graal compiler's intermediate representation to derive and evaluate path conditions, allowingGraalVM users to leverage the engine to improve software quality.
PBLInv: Postcondition-based Loop Invariant Learning for C Programs
TLDR
PBLInv, a postcondition-based approach to generate loop invariants for C programs with the machine learning method, generates the postcondition for a loop program automatically and learns classifiers as the updated candidate loop invariant with the Kernel Support Vector Machine (KSVM) method iteratively.
XSTRESSOR : Automatic Generation of Large-Scale Worst-Case Test Inputs by Inferring Path Conditions
TLDR
This paper presents XSTRESSOR, a tool that is able to generate test inputs that can run specific loops in a program with the worst-case complexity in a large scale and avoids the scaling problem of prior techniques by limiting full-blown symbolic execution and run-time calls to constraint solver to small scale tests.
...
1
2
3
4
...

References

SHOWING 1-10 OF 65 REFERENCES
S-looper: automatic summarization for multipath string loops
TLDR
This paper proposes an approach, named S-Looper, to automatically summarize a type of loops related to a string traversal that can contain multiple paths, and the branch conditions in the loop can be related to string content.
Automatic partial loop summarization in dynamic test generation
TLDR
This work investigates the use of simple loop-guard pattern-matching rules to automatically guess an input constraint defining the number of iterations of input-dependent loops during dynamic symbolic execution, and introduces new constraints representing pre and post loop conditions.
A Fast and Precise Static Loop Analysis Based on Abstract Interpretation, Program Slicing and Polytope Models
TLDR
This paper proposes a framework for a static loop analysis based on Abstract Interpretation, a theory of a sound approximation of program semantics, and introduces a novel polytope-based loop evaluation that further significantly reduces the analysis time.
Loop summarization using state and transition invariants
TLDR
Algorithms for program abstraction based on the principle of loop summarization are presented, which, unlike traditional program approximation approaches, does not employ iterative fixpoint computation, but instead computes symbolic abstract transformers with respect to a set of abstract domains.
Loop-extended symbolic execution on binary programs
Mixed concrete and symbolic execution is an important technique for finding and understanding software bugs, including security-relevant ones. However, existing symbolic execution techniques are
Characteristic studies of loop problems for structural test generation via symbolic execution
TLDR
Two-phase characteristic studies identify that bounded iteration and heuristics are effective in addressing loop problems when used properly and identify challenges faced by these techniques and provide guidelines for effectively addressing these challenges.
Control-flow refinement and progress invariants for bound analysis
TLDR
This paper describes two techniques, control-flow refinement and progress invariants, that together enable estimation of precise bounds for procedures with nested and multi-path loops, and presents an algorithm that uses progress invariant to compute precise limits for nested loops.
Guided Static Analysis
TLDR
guided static analysis is introduced, a framework for controlling the exploration of the state-space of a program by applying standard static-analysis techniques to a sequence of modified versions of the analyzed program, and does not require any modifications to existing analysis techniques, and thus can be easily integrated into existingstatic-analysis tools.
Proving Safety with Trace Automata and Bounded Model Checking
TLDR
This work presents a technique that uses trace automata to eliminate redundant executions after performing loop acceleration, and implements the analysis as a source-to-source transformation, and presents experimental results showing the applicability of the technique.
The reachability-bound problem
TLDR
The approach to solving the reachability-bound problem brings together two different techniques for reasoning about loops in an effective manner, including an abstract-interpretation based iterative technique for computing precise disjunctive invariants and a non-iterative proof-rules based technique that takes over the role of doing inductive reasoning.
...
1
2
3
4
5
...