Symbolic Execution and Quantitative Reasoning [electronic resource] : Applications to Software Safety and Security / by Corina S. Păsăreanu.
By: Păsăreanu, Corina S [author.].
Contributor(s): SpringerLink (Online service).
Material type: BookSeries: Synthesis Lectures on Software Engineering: Publisher: Cham : Springer International Publishing : Imprint: Springer, 2020Edition: 1st ed. 2020.Description: IX, 65 p. online resource.Content type: text Media type: computer Carrier type: online resourceISBN: 9783031025518.Subject(s): Engineering | Mathematics | Computer science | Software engineering | Technology and Engineering | Mathematics | Computer Science | Software EngineeringAdditional physical formats: Printed edition:: No title; Printed edition:: No title; Printed edition:: No titleDDC classification: 620 Online resources: Click here to access onlineAcknowledgments -- Introduction -- Symbolic Execution: The Basics -- Symbolic Complexity Analysis -- Probabilistic Reasoning -- Side-Channel Analysis -- Conclusion and Directions for the Future -- Bibliography -- Author's Biography.
This book reviews recent advances in symbolic execution and its probabilistic variant and discusses how they can be used to ensure the safety and security of software systems. Symbolic execution is a systematic program analysis technique which explores multiple program behaviors all at once by collecting and solving symbolic constraints collected from the branching conditions in the program. The obtained solutions can be used as test inputs that execute feasible program paths. Symbolic execution has found many applications in various domains, such as security, smartphone applications, operating systems, databases, and more recently deep neural networks, uncovering subtle errors and unknown vulnerabilities. We review here the technique has also been extended to reason about algorithmic complexity and resource consumption. Furthermore, symbolic execution has been recently extended with probabilistic reasoning, allowing one to reason about quantitative properties of software systems. The approach computes the conditions to reach target program events of interest and uses model counting to quantify the fraction of the input domain satisfying these conditions thus computing the probability of event occurrence. This probabilistic information can be used for example to compute the reliability of an aircraft controller under different wind conditions (modeled probabilistically) or to quantify the leakage of sensitive data in a software system, using information theory metrics such as Shannon entropy. This book is intended for students and software engineers who are interested in advanced techniques for testing and verifying software systems.
There are no comments for this item.