Title: On the Use of Over-Approximate Analysis in Support of Software Development and Testing

Date: Friday, 6 August, 2021

Time: 13:00 - 14:30 ET

Location (Virtual): https://bluejeans.com/414570710/3881

Richard Rutledge

PhD Student

School of Computer Science

Georgia Institute of Technology

Committee:

Dr. Alessandro Orso (Advisor) - School of Computer Science, Georgia Institute of Technology

Dr. Milos Prvulovic - School of Computer Science, Georgia Institute of Technology

Dr. Qirun Zhang - School of Computer Science, Georgia Institute of Technology

Dr. Vivek Sarkar - Chair, School of Computer Science, Georgia Institute of Technology

Dr. Spencer Rugaber - College of Computing, Georgia Institute of Technology

Abstract:

The effectiveness of dynamic program analyses, such as profiling and memory-leak detection, crucially depend on the quality of the test inputs. However, adequate sets of inputs are rarely available. Existing automated input generation techniques can help but tend to be either too expensive or ineffective.  For example, traditional symbolic execution scales poorly to real-world programs and random input generation may never reach deep states within the program.  

For scalable, effective automated input generation that can better support dynamic analysis, I propose an approach that extends traditional symbolic execution by targeting increasingly small fragments of a program. The approach starts by generating inputs for the whole program and progressively introduces additional un-constrained state until it reaches a given program coverage objective. This approach is applicable to any client dynamic analysis requiring high coverage that is also tolerant of over-approximated program behavior--behavior that cannot occur on a complete execution.

To assess the effectiveness of my approach, I applied it to two client techniques. The first technique infers the actual path taken by a program execution by observing the CPU's electromagnetic emanations and requires inputs to train a model that can recognize subpaths. The second technique performs automated regression testing by identifying behavioral differences between two program versions and requires inputs to perform differential testing.

In the proposal, I will also discuss future research directions, including additional empirical evaluations and the investigation of additional client analyses that could benefit from my approach.