1 / 16

Looper: Lightweight Detection of Infinite Loops at Runtime Presenter: M. Amin Alipour

Looper: Lightweight Detection of Infinite Loops at Runtime Presenter: M. Amin Alipour Software Design Laboratory http://asd.cs.mtu.edu malipour@mtu.edu. Outline. Problem Statement Motivating Example Basic Idea Solution in More Detail. Problem statement.

syuhas
Download Presentation

Looper: Lightweight Detection of Infinite Loops at Runtime Presenter: M. Amin Alipour

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Looper: Lightweight Detection of Infinite Loops at Runtime Presenter: M. Amin Alipour Software Design Laboratory http://asd.cs.mtu.edu malipour@mtu.edu

  2. Outline • Problem Statement • Motivating Example • Basic Idea • Solution in More Detail

  3. Problem statement • Dynamic Detection of Non-Terminating Loops • When a program does not responding if user knows whether it is in an infinite loop or making progress, she can decide to force the program to quit or wait and let it finishes its job.

  4. Example • Main() { • x = foo(); • y = bar(); • while (x != 3 && y > 0) { • x = (x * x + 2) % 10; • y++; • } • } • This program will loop forever if foo() returns 6 and bar() returns 1.

  5. Basic Idea • Assumption: • User Invokes the Looper when the program is unresponsive. • Dynamic Instrumentation of running code • Concolic Execution of program • Basic Invariant Generation • Construct non-terminating arguments • Checking the argument with SMT solver

  6. Example • while (x != 3 && y > 0) { • x = (x * x + 2) % 10; • y++; • } • Assume Looper starts with x=8 and y=52 • The symbolic execution treats variables x and y as symbolic inputs and infers that: • Starting X=8 and y>0 , after iteration: x-->6 and y-->y+1 (It abstracts y and concretizes x ) • Starting X=6 and y>0, after iteration x-->8 and y-->y+1. • It infers that these iterations follow each other and x will never be 3 and y will be positive, and the loop will run forever. • Main() { • x = foo(); • y = bar(); • while (x != 3 && y > 0) { • x = (x * x + 2) % 10; • y++; • } • } • This program will loop forever if foo() returns 6 and bar() returns 1.

  7. Mathematizations • Assume M0,c is initial concrete program state model • Looper symbolically executes the program in parallel with one full concrete execution. • After iteration 1 • It produces M1,Symbolic memory map after 1st iteration • Produces path constraint Φ1 path constraint of execution path π1 • It tries to prove Φ1==>Φ1[M1] is tautology (done by an SMT solver)

  8. General Formula • Main() { • x = foo(); • y = bar(); • while (x != 3 && y > 0) { • x = (x * x + 2) % 10; • y++; • } • } • This program will loop forever if foo() returns 6 and bar() returns 1. • After iteration k • It produces Mk,Symbolic memory map after 1st iteration • Produces pah constraint Φk path constraint of execution path πk • It tries to prove Λi Є [1,k] (Φi==>VjЄ [1,k]Φ j[Mj]) is tautology (done by an SMT solver) • If it fails to prove after some fixed number it reports cannot conclude

  9. Another example

  10. Step 1 • Abstract variable index • Attempt Non-termination proof • Symbolic Execution X

  11. Step 3-5 • Attempt for Non-termination proof fails for these steps, for example: • Symbolic Execution X

  12. Step 6 • It proves Non-termination! • Symbolic Execution results M1

  13. Programming Model and Concrete Semantics • P::= Stmt* • Stmt::= [l:] S • S::= lhs=e | if p goto l’ | HALT • e::= v | c| e op e • p::= v comp v

  14. Instrumentation

  15. Instrumentation-cntd

  16. References • . Burnim, J., N. Jalbert, C. Sterigou, and K. Sen .“Looper: Lightweight Detection of Infinite Loops at Runtime ” Proc. 24th IEEE/ACM nternational Conference on Automated Software Engineering , Nov 2009. • Sen, K., Marinov, D., and Agha, G. 2005. CUTE: a concolic unit testing engine for C. In Proceedings of the 10th European Software Engineering Conference Held Jointly with 13th ACM SIGSOFT international Symposium on Foundations of Software Engineering (Lisbon, Portugal, September 05 - 09, 2005).

More Related