Symbolic execution of complex program driven by machine learning based constraint solving

Induction is a powerful method that can be used to prove the total correctness of program loops. Unfortunately the induction proving process in an interactive theorem prover is often very cumbersome. In particular it can be difficult to find the right induction formula. We describe a method for generalising induction formulae by analysing a symbolic proof attempt in a semi-interactive first-order theorem prover. Based on the proof attempt we introduce universally quantified variables, meta-variables and sets of constraints on these. The constraints describe the conditions for a successful proof. By the help of examples, we outline some classes of problems and their associated constraint solutions, and possible ways to automate the constraint solving.

Download Full-text

Path-oriented test data generation using symbolic execution and constraint solving techniques

Proceedings of the Second International Conference on Software Engineering and Formal Methods, 2004. SEFM 2004. ◽

10.1109/sefm.2004.1347528 ◽

2004 ◽

Cited By ~ 10

Author(s):

Jian Zhang ◽

Chen Xu ◽

Xiaoliang Wang

Keyword(s):

Test Data ◽

Symbolic Execution ◽

Constraint Solving ◽

Test Data Generation ◽

Data Generation

Download Full-text

WaveFunctionCollapse: Content Generation via Constraint Solving and Machine Learning

IEEE Transactions on Games ◽

10.1109/tg.2021.3076368 ◽

2021 ◽

pp. 1-1

Author(s):

Isaac Karth ◽

Adam Marshall Smith

Keyword(s):

Machine Learning ◽

Constraint Solving ◽

Content Generation

Download Full-text

Diversifying Focused Testing for Unit Testing

ACM Transactions on Software Engineering and Methodology ◽

10.1145/3447265 ◽

2021 ◽

Vol 30 (4) ◽

pp. 1-24

Author(s):

Héctor D. Menéndez ◽

Gunel Jahangirova ◽

Federica Sarro ◽

Paolo Tonella ◽

David Clark

Keyword(s):

Search Algorithm ◽

Symbolic Execution ◽

Specific Area ◽

Test Suite ◽

Constraint Solving ◽

Test Case ◽

Unit Testing ◽

Bug Detection ◽

Mutation Score ◽

The Given

Software changes constantly, because developers add new features or modifications. This directly affects the effectiveness of the test suite associated with that software, especially when these new modifications are in a specific area that no test case covers. This article tackles the problem of generating a high-quality test suite to cover repeatedly a given point in a program, with the ultimate goal of exposing faults possibly affecting the given program point. Both search-based software testing and constraint solving offer ready, but low-quality, solutions to this: Ideally, a maximally diverse covering test set is required, whereas search and constraint solving tend to generate test sets with biased distributions. Our approach, Diversified Focused Testing (DFT), uses a search strategy inspired by GödelTest. We artificially inject parameters into the code branching conditions and use a bi-objective search algorithm to find diverse inputs by perturbing the injected parameters, while keeping the path conditions still satisfiable. Our results demonstrate that our technique, DFT, is able to cover a desired point in the code at least 90% of the time. Moreover, adding diversity improves the bug detection and the mutation killing abilities of the test suites. We show that DFT achieves better results than focused testing, symbolic execution, and random testing by achieving from 3% to 70% improvement in mutation score and up to 100% improvement in fault detection across 105 software subjects.

Download Full-text

On Characteristics of Symbolic Execution in the Problem of Assessing the Quality of Obfuscating Transformations

Modeling and Analysis of Information Systems ◽

10.18255/1818-1015-2021-1-38-51 ◽

2021 ◽

Vol 28 (1) ◽

pp. 38-51

Author(s):

Petr D. Borisov ◽

Yury V. Kosolapov

Keyword(s):

Machine Learning ◽

Dynamic Characteristics ◽

Symbolic Execution ◽

Specific Class ◽

Static Characteristics ◽

Learning Methods ◽

Static And Dynamic Characteristics ◽

Machine Learning Methods ◽

Relevant Task

Obfuscation is used to protect programs from analysis and reverse engineering. There are theoretically effective and resistant obfuscation methods, but most of them are not implemented in practice yet. The main reasons are large overhead for the execution of obfuscated code and the limitation of application only to a specific class of programs. On the other hand, a large number of obfuscation methods have been developed that are applied in practice. The existing approaches to the assessment of such obfuscation methods are based mainly on the static characteristics of programs. Therefore, the comprehensive (taking into account the dynamic characteristics of programs) justification of their effectiveness and resistance is a relevant task. It seems that such a justification can be made using machine learning methods, based on feature vectors that describe both static and dynamic characteristics of programs. In this paper, it is proposed to build such a vector on the basis of characteristics of two compared programs: the original and obfuscated, original and deobfuscated, obfuscated and deobfuscated. In order to obtain the dynamic characteristics of the program, a scheme based on a symbolic execution is constructed and presented in this paper. The choice of the symbolic execution is justified by the fact that such characteristics can describe the difficulty of comprehension of the program in dynamic analysis. The paper proposes two implementations of the scheme: extended and simplified. The extended scheme is closer to the process of analyzing a program by an analyst, since it includes the steps of disassembly and translation into intermediate code, while in the simplified scheme these steps are excluded. In order to identify the characteristics of symbolic execution that are suitable for assessing the effectiveness and resistance of obfuscation based on machine learning methods, experiments with the developed schemes were carried out. Based on the obtained results, a set of suitable characteristics is determined.

Download Full-text