Model-Counting Approaches for Nonlinear Numerical Constraints

被引：22

作者：

Borges, Mateus ^{[1
]}

Phan, Quoc-Sang ^{[2
]}

Filieri, Antonio ^{[1
]}

Pasareanu, Corina S. ^{[2
,3
]}

机构：

[1] Imperial Coll London, London, England

[2] Carnegie Mellon Univ Silicon Valley, Mountain View, CA USA

[3] NASA Ames, Mountain View, CA USA

来源：

NASA FORMAL METHODS (NFM 2017) | 2017年 / 10227卷

基金：

美国国家科学基金会;

关键词：

Model counting modulo theories; Bitvector arithmetic; Nonlinear constraints; Cryptographic functions;

D O I：

10.1007/978-3-319-57288-8_9

中图分类号：

TP39 [计算机的应用];

学科分类号：

081203 ; 0835 ;

摘要：

Model counting is of central importance in quantitative reasoning about systems. Examples include computing the probability that a system successfully accomplishes its task without errors, and measuring the number of bits leaked by a system to an adversary in Shannon entropy. Most previous work in those areas demonstrated their analysis on programs with linear constraints, in which cases model counting is polynomial time. Model counting for nonlinear constraints is notoriously hard, and thus programs with nonlinear constraints are not well-studied. This paper surveys state-of-the-art techniques and tools for model counting with respect to SMT constraints, modulo the bitvector theory, since this theory is decidable, and it can express nonlinear constraints that arise from the analysis of computer programs. We integrate these techniques within the Symbolic Pathfinder platform and evaluate them on difficult nonlinear constraints generated from the analysis of cryptographic functions.

引用

页码：131 / 138

页数：8

共 30 条

[1] Automatic Discovery and Quantification of Information Leaks [J].

Backes, Michael ;

Koepf, Boris ;

Rybalchenko, Andrey .

PROCEEDINGS OF THE 2009 30TH IEEE SYMPOSIUM ON SECURITY AND PRIVACY, 2009, :141-+

[2] String Analysis for Side Channels with Segmented Oracles [J].

Bang, Lucas ;

Aydin, Abdulbaki ;

Phan, Quoc-Sang ;

Pasareanu, Corina S. ;

Bultan, Tevfik .

FSE'16: PROCEEDINGS OF THE 2016 24TH ACM SIGSOFT INTERNATIONAL SYMPOSIUM ON FOUNDATIONS OF SOFTWARE ENGINEERING, 2016, :193-204

[3]

Borges M, 2014, ACM SIGPLAN NOTICES, V49, P123, DOI [10.1145/2594291.2594329, 10.1145/2666356.2594329]

[4] POLYBORI: A framework for Grobner-basis computations with Boolean polynomials [J].

Brickenstein, Michael ;

Dreyer, Alexander .

JOURNAL OF SYMBOLIC COMPUTATION, 2009, 44 (09) :1326-1345

[5]

Brumley D, 2003, USENIX ASSOCIATION PROCEEDINGS OF THE 12TH USENIX SECURITY SYMPOSIUM, P1

[6]

Chakraborty S, 2016, AAAI CONF ARTIF INTE, P3218

[7]

Chistikov Dmitry, 2015, Tools and Algorithms for the Construction and Analysis of Systems. 21st International Conference, TACAS 2015, held as part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2015. Proceedings: LNCS 9035, P320, DOI 10.1007/978-3-662-46681-0_26

[8]

Cimatti A, 2013, LECT NOTES COMPUT SC, V7795, P93

[9] Effective lattice point counting in rational convex polytopes [J].

De Loera, JA ;

Hemmecke, R ;

Tauzer, J ;

Yoshida, R .

JOURNAL OF SYMBOLIC COMPUTATION, 2004, 38 (04) :1273-1302

[10] Z3: An efficient SMT solver [J].

de Moura, Leonardo ;

Bjorner, Nikolaj .

TOOLS AND ALGORITHMS FOR THE CONSTRUCTION AND ANALYSIS OF SYSTEMS, 2008, 4963 :337-340

← 1 2 3 →