来源:计算机科学与技术学院

2013.1.4 Prof. Wei Le Segmented Symbolic Analysis

来源:计算机科学技术系发布时间:2012-12-18浏览次数:314

报告题目:Segmented Symbolic Analysis

报告人:Prof. Wei Le

主持人:徐立华

时间:201314日(星期五)下午1

地点:闵行校区信息楼629

报告摘要: Symbolic analysis is indispensable for software tools that require program semantic information at compile time. However, determining symbolic values for program variables related to loops and library calls is challenging as the computation and data related to loops can have an statically unknown bound, and the source code of a library is typically not available at compile time. In this talk, I will present segmented symbolic analysis, a hybrid technique that enables fully automatic symbolic analysis even for traditionally challenging code of library calls and loops. The novelties of the work are threefold: 1) we flexibly weave symbolic and concrete executions on the selected parts of the program based on demand; 2) dynamic executions are performed on the unit tests constructed from the code segments to infer program semantics needed by static analysis; and 3) the dynamic information from multiple runs is aggregated via regression analysis. We developed the Helium framework, consisting of a static component that performs symbolic analysis and partitions a program, a dynamic analysis that synthesizes unit tests and automatically infers symbolic values for program variables, and a protocol that enables static and dynamic analyses to be run interactively and concurrently. Our experimental results show that by handling loops and library calls that a traditional symbolic analysis cannot process, segmented symbolic analysis detected 5 times more buffer overflows. The technique is scalable to real-world programs such as putty, tightvnc and snort.

Note: this work has been recently accepted by the top software engineering conference ICSE 2013.

报告人简介: Wei Le is an assistant professor at the PhD program in Computing and Information Sciences at the Rochester Institute of Technology. Wei received her Ph.D. in Computer Science from the University of Virginia in December 2010. Her research focuses on developing automatic, practical solutions for improving software performance, reliability and security, covering the areas of software engineering, systems and programming languages. Wei received the best presentation award at the 16th ACM SIGSOFT International Symposium on the Foundation of Software Engineering and is a recipient of a Google Anita Borg Memorial Scholarship and the Google Research Awards.