SlideShare a Scribd company logo

Visualizing Symbolic Execution with Bokeh

Download as PPTX, PDF
Asankhaya Sharma
Asankhaya Sharma

Exploring symbolic execution using Bokeh, a Python based framework for data visualization.

Technology
1 of 23
Visualizing Symbolic Execution with Bokeh Asankhaya Sharma SRC:CLR
Symbolic Execution (SE) • Analyzing a program to determine what inputs cause each part of a program to execute [Wikipedia] • The idea – Execute the program with an input – Build a symbolic formula during execution which captures the path taken by the input through the program 10 June 2015 PyData Singapore 2
Path Condition (PC) int max(int x, int y, int z){ int m = x; if(y>m && y>z) m = y; else if(z>m) m = z; return m; } max(1,3,2) = 3 Inputs: x0,y0,z0 PC: true PC: m0=x0 PC: m0=x0∧y0>m0∧y0>z0 ∧m1=y0 Output: m1 10 June 2015 PyData Singapore 3
10 June 2015 PyData Singapore 4 m = x m = y y>m && y>z z > m m = z return m true m=x …∧y>m∧y>z …∧¬(y>m∧y>z) …∧z>m …∧¬(z>m) …∧m=z …∧m=y Execution Tree
Path Exploration PC: m0=x0∧y0>m0∧y0>z0∧m1=y0 PC1: y0>x0∧y0>z0∧3=y0 Negate first constraint PC2: y0<=x0∧y0>z0∧3=y0 Check satisfiability using a constraint solver New Inputs: x0=3, y0=3, z0=2 Repeat SE with new inputs 10 June 2015 PyData Singapore 5
Why is SE useful? • Automated Fuzzing • Test Case Generation • Debugging Error Traces • Program Analysis • … 10 June 2015 PyData Singapore 6
Bottlenecks • Path Explosion – Loops and recursion – Unbounded number of paths in a program • Constraint Solving – int is easy but what about other data types floats, strings, bit vectors etc. – Handling data structures with pointers 10 June 2015 PyData Singapore 7
Exploiting Undefined Behaviors for Efficient Symbolic Execution [ICSE 14] 10 June 2015 PyData Singapore 8
Demo 1 • Symbolic execution with Pathgrind – fuzz/fuzz.py 10 June 2015 PyData Singapore 9
Bokeh • Bo(w)-Ke(ttle) 10 June 2015 PyData Singapore 10
10 June 2015 PyData Singapore 11
Demo 2 • Plotting with Bokeh – Line Plot – Scatter Plot – Bokeh Server 10 June 2015 PyData Singapore 12
Visualizing SE • Time Taken – Generate path conditions (path exploration) – Generate new inputs (by solving constraints) 10 June 2015 PyData Singapore 13
Demo 3 • Pathgrind + Bokeh = Visualize SE – fuzz/plotfuzz.py 10 June 2015 PyData Singapore 14
10 June 2015 PyData Singapore 15
All paths are not equal • Use Levenshtein distance to measure the similarity between the path conditions when represented as strings • Scatter plot of similarity using Bokeh 10 June 2015 PyData Singapore 16
10 June 2015 PyData Singapore 17
Optimization for SE • Prune paths that are >90% similar – As measured using Levenshtein edit distance 10 June 2015 PyData Singapore 18
10 June 2015 PyData Singapore 19
10 June 2015 PyData Singapore 20
Take Away • Symbolic Execution • Using Bokeh to Visualize SE • Identify Optimizations for SE • Future – Statically Sampling of Paths – Probabilistic Analysis 10 June 2015 PyData Singapore 21
We are hiring … Shape the future of software security at SourceClear. By joining our team, you can help define the way modern developers identify and fix vulnerabilities in their code. Check out https://jobs.lever.co/sourceclear 10 June 2015 PyData Singapore 22
Thank You! • Questions? • Contact – Twitter: @asankhaya • Links – Source Code: https://github.com/codelion/pathgrind – Slides: http://asankhaya.github.io/ppt/PyDataSing.pptx 10 June 2015 PyData Singapore 23

Recommended

Space complexity
Space complexitySpace complexity
Space complexity
Bhanusree Koduru
 
Radix Sort
Radix SortRadix Sort
Radix Sort
Tirth Dave
 
Data Structure Radix Sort
Data Structure Radix SortData Structure Radix Sort
Data Structure Radix Sort
Bhavik Vashi
 
[Question Paper] Object Oriented Programming with C++ (Old Course) [April / 2...
[Question Paper] Object Oriented Programming with C++ (Old Course) [April / 2...[Question Paper] Object Oriented Programming with C++ (Old Course) [April / 2...
[Question Paper] Object Oriented Programming with C++ (Old Course) [April / 2...
Mumbai B.Sc.IT Study
 
Linked List Implementation of Queue in C
Linked List Implementation of Queue in CLinked List Implementation of Queue in C
Linked List Implementation of Queue in C
Kasun Ranga Wijeweera
 
Lecture02
Lecture02Lecture02
Lecture02
Rudy Martinez
 
Information security Seminar #3
Information security Seminar #3 Information security Seminar #3
Information security Seminar #3
Alexander Kolybelnikov
 
[Question Paper] Advanced Java (Old Syllabus) [April / 2013]
[Question Paper] Advanced Java (Old Syllabus) [April / 2013][Question Paper] Advanced Java (Old Syllabus) [April / 2013]
[Question Paper] Advanced Java (Old Syllabus) [April / 2013]
Mumbai B.Sc.IT Study
 

Recommended

Space complexity
Space complexitySpace complexity
Space complexity
Bhanusree Koduru
 
Radix Sort
Radix SortRadix Sort
Radix Sort
Tirth Dave
 
Data Structure Radix Sort
Data Structure Radix SortData Structure Radix Sort
Data Structure Radix Sort
Bhavik Vashi
 
[Question Paper] Object Oriented Programming with C++ (Old Course) [April / 2...
[Question Paper] Object Oriented Programming with C++ (Old Course) [April / 2...[Question Paper] Object Oriented Programming with C++ (Old Course) [April / 2...
[Question Paper] Object Oriented Programming with C++ (Old Course) [April / 2...
Mumbai B.Sc.IT Study
 
Linked List Implementation of Queue in C
Linked List Implementation of Queue in CLinked List Implementation of Queue in C
Linked List Implementation of Queue in C
Kasun Ranga Wijeweera
 
Lecture02
Lecture02Lecture02
Lecture02
Rudy Martinez
 
Information security Seminar #3
Information security Seminar #3 Information security Seminar #3
Information security Seminar #3
Alexander Kolybelnikov
 
[Question Paper] Advanced Java (Old Syllabus) [April / 2013]
[Question Paper] Advanced Java (Old Syllabus) [April / 2013][Question Paper] Advanced Java (Old Syllabus) [April / 2013]
[Question Paper] Advanced Java (Old Syllabus) [April / 2013]
Mumbai B.Sc.IT Study
 
Pert analysis
Pert analysisPert analysis
Pert analysis
Hashamuddin Yaakob
 
Cpmprt
CpmprtCpmprt
Cpmprt
Shakti Ranjan
 
Programing Slicing and Its applications
Programing Slicing and Its applicationsPrograming Slicing and Its applications
Programing Slicing and Its applications
Ankur Jain
 
Spm ap-network model-
Spm ap-network model-Spm ap-network model-
Spm ap-network model-
Kanchana Devi
 
4.9 cpm network calculations
4.9 cpm network calculations4.9 cpm network calculations
4.9 cpm network calculations
Vishal Tidake
 
13 lecture project management
13 lecture project management13 lecture project management
13 lecture project management
Ahmad Basim Hamza
 
Spm
SpmSpm
Spm
debarati roy
 
Lec 09 network scheduling_techniques
Lec 09 network scheduling_techniquesLec 09 network scheduling_techniques
Lec 09 network scheduling_techniques
SAJID ALI RUK
 
Realistic road path reconstruction from GIS data
Realistic road path reconstruction from GIS dataRealistic road path reconstruction from GIS data
Realistic road path reconstruction from GIS data
hanguyenhoang
 
SPM presentation extra material-Lect 9and 10.pptx
SPM presentation extra material-Lect 9and 10.pptxSPM presentation extra material-Lect 9and 10.pptx
SPM presentation extra material-Lect 9and 10.pptx
MuhammadAbubakar114879
 
Gantt PERT and CPM
Gantt PERT and CPMGantt PERT and CPM
Gantt PERT and CPM
Gurbakash Phonsa
 
Abhik-Satish-dagstuhl
Abhik-Satish-dagstuhlAbhik-Satish-dagstuhl
Abhik-Satish-dagstuhl
Abhik Roychoudhury
 
Three-point estimation technique for software development
Three-point estimation technique for software developmentThree-point estimation technique for software development
Three-point estimation technique for software development
Sakir Temel
 
Online_Examination
Online_ExaminationOnline_Examination
Online_Examination
Rupam Dey
 
Demonstration on extending_the_pageview_feature_to_page_section_based_present...
Demonstration on extending_the_pageview_feature_to_page_section_based_present...Demonstration on extending_the_pageview_feature_to_page_section_based_present...
Demonstration on extending_the_pageview_feature_to_page_section_based_present...
Fajar Purnama
 
Project Management Techniques
Project Management TechniquesProject Management Techniques
Project Management Techniques
project management
 
Syam critical path cpa
Syam critical path cpaSyam critical path cpa
Syam critical path cpa
syamputra
 
Per tand project crashing
Per tand project crashingPer tand project crashing
Per tand project crashing
Harinadh Karimikonda
 
Project management@ ppt doms
Project management@ ppt doms Project management@ ppt doms
Project management@ ppt doms
Babasab Patil
 
Time Series With OrientDB - Fosdem 2015
Time Series With OrientDB - Fosdem 2015Time Series With OrientDB - Fosdem 2015
Time Series With OrientDB - Fosdem 2015
wolf4ood
 
9 types of people you find on your team
9 types of people you find on your team9 types of people you find on your team
9 types of people you find on your team
Asankhaya Sharma
 
Design and Implementation of the Security Graph Language
Design and Implementation of the Security Graph LanguageDesign and Implementation of the Security Graph Language
Design and Implementation of the Security Graph Language
Asankhaya Sharma
 

More Related Content

Similar to Visualizing Symbolic Execution with Bokeh

13 lecture project management
13 lecture project management13 lecture project management
13 lecture project management
Ahmad Basim Hamza
 
Realistic road path reconstruction from GIS data
Realistic road path reconstruction from GIS dataRealistic road path reconstruction from GIS data
Realistic road path reconstruction from GIS data
hanguyenhoang
 
Online_Examination
Online_ExaminationOnline_Examination
Online_Examination
Rupam Dey
 
Syam critical path cpa
Syam critical path cpaSyam critical path cpa
Syam critical path cpa
syamputra
 

Similar to Visualizing Symbolic Execution with Bokeh (20)

Pert analysis
Pert analysisPert analysis
Pert analysis
 
Cpmprt
CpmprtCpmprt
Cpmprt
 
Programing Slicing and Its applications
Programing Slicing and Its applicationsPrograming Slicing and Its applications
Programing Slicing and Its applications
 
Spm ap-network model-
Spm ap-network model-Spm ap-network model-
Spm ap-network model-
 
4.9 cpm network calculations
4.9 cpm network calculations4.9 cpm network calculations
4.9 cpm network calculations
 
13 lecture project management
13 lecture project management13 lecture project management
13 lecture project management
 
Spm
SpmSpm
Spm
 
Lec 09 network scheduling_techniques
Lec 09 network scheduling_techniquesLec 09 network scheduling_techniques
Lec 09 network scheduling_techniques
 
Realistic road path reconstruction from GIS data
Realistic road path reconstruction from GIS dataRealistic road path reconstruction from GIS data
Realistic road path reconstruction from GIS data
 
SPM presentation extra material-Lect 9and 10.pptx
SPM presentation extra material-Lect 9and 10.pptxSPM presentation extra material-Lect 9and 10.pptx
SPM presentation extra material-Lect 9and 10.pptx
 
Gantt PERT and CPM
Gantt PERT and CPMGantt PERT and CPM
Gantt PERT and CPM
 
Abhik-Satish-dagstuhl
Abhik-Satish-dagstuhlAbhik-Satish-dagstuhl
Abhik-Satish-dagstuhl
 
Three-point estimation technique for software development
Three-point estimation technique for software developmentThree-point estimation technique for software development
Three-point estimation technique for software development
 
Online_Examination
Online_ExaminationOnline_Examination
Online_Examination
 
Demonstration on extending_the_pageview_feature_to_page_section_based_present...
Demonstration on extending_the_pageview_feature_to_page_section_based_present...Demonstration on extending_the_pageview_feature_to_page_section_based_present...
Demonstration on extending_the_pageview_feature_to_page_section_based_present...
 
Project Management Techniques
Project Management TechniquesProject Management Techniques
Project Management Techniques
 
Syam critical path cpa
Syam critical path cpaSyam critical path cpa
Syam critical path cpa
 
Per tand project crashing
Per tand project crashingPer tand project crashing
Per tand project crashing
 
Project management@ ppt doms
Project management@ ppt doms Project management@ ppt doms
Project management@ ppt doms
 
Time Series With OrientDB - Fosdem 2015
Time Series With OrientDB - Fosdem 2015Time Series With OrientDB - Fosdem 2015
Time Series With OrientDB - Fosdem 2015
 

More from Asankhaya Sharma

Design and Implementation of the Security Graph Language
Design and Implementation of the Security Graph LanguageDesign and Implementation of the Security Graph Language
Design and Implementation of the Security Graph Language
Asankhaya Sharma
 
Specifying compatible sharing in data structures
Specifying compatible sharing in data structuresSpecifying compatible sharing in data structures
Specifying compatible sharing in data structures
Asankhaya Sharma
 
Exploiting undefined behaviors for efficient symbolic execution
Exploiting undefined behaviors for efficient symbolic executionExploiting undefined behaviors for efficient symbolic execution
Exploiting undefined behaviors for efficient symbolic execution
Asankhaya Sharma
 
DIDAR: Database Intrusion Detection with Automated Recovery
DIDAR: Database Intrusion Detection with Automated RecoveryDIDAR: Database Intrusion Detection with Automated Recovery
DIDAR: Database Intrusion Detection with Automated Recovery
Asankhaya Sharma
 
Developer-focused Software Security
Developer-focused Software SecurityDeveloper-focused Software Security
Developer-focused Software Security
Asankhaya Sharma
 
Certified Reasoning for Automated Verification
Certified Reasoning for Automated VerificationCertified Reasoning for Automated Verification
Certified Reasoning for Automated Verification
Asankhaya Sharma
 

More from Asankhaya Sharma (13)

9 types of people you find on your team
9 types of people you find on your team9 types of people you find on your team
9 types of people you find on your team
 
Design and Implementation of the Security Graph Language
Design and Implementation of the Security Graph LanguageDesign and Implementation of the Security Graph Language
Design and Implementation of the Security Graph Language
 
Securing Open Source Code in Enterprise
Securing Open Source Code in EnterpriseSecuring Open Source Code in Enterprise
Securing Open Source Code in Enterprise
 
Secure Software Development
Secure Software DevelopmentSecure Software Development
Secure Software Development
 
Verified Subtyping with Traits and Mixins
Verified Subtyping with Traits and MixinsVerified Subtyping with Traits and Mixins
Verified Subtyping with Traits and Mixins
 
Specifying compatible sharing in data structures
Specifying compatible sharing in data structuresSpecifying compatible sharing in data structures
Specifying compatible sharing in data structures
 
Exploiting undefined behaviors for efficient symbolic execution
Exploiting undefined behaviors for efficient symbolic executionExploiting undefined behaviors for efficient symbolic execution
Exploiting undefined behaviors for efficient symbolic execution
 
DIDAR: Database Intrusion Detection with Automated Recovery
DIDAR: Database Intrusion Detection with Automated RecoveryDIDAR: Database Intrusion Detection with Automated Recovery
DIDAR: Database Intrusion Detection with Automated Recovery
 
Developer-focused Software Security
Developer-focused Software SecurityDeveloper-focused Software Security
Developer-focused Software Security
 
Crafting a Successful Engineering Career
Crafting a Successful Engineering CareerCrafting a Successful Engineering Career
Crafting a Successful Engineering Career
 
Certified Reasoning for Automated Verification
Certified Reasoning for Automated VerificationCertified Reasoning for Automated Verification
Certified Reasoning for Automated Verification
 
Last Days of Academy
Last Days of AcademyLast Days of Academy
Last Days of Academy
 
SayCheese Ad
SayCheese AdSayCheese Ad
SayCheese Ad
 

Recently uploaded

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 

Recently uploaded (20)

Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 

Visualizing Symbolic Execution with Bokeh

  • 1. Visualizing Symbolic Execution with Bokeh Asankhaya Sharma SRC:CLR
  • 2. Symbolic Execution (SE) • Analyzing a program to determine what inputs cause each part of a program to execute [Wikipedia] • The idea – Execute the program with an input – Build a symbolic formula during execution which captures the path taken by the input through the program 10 June 2015 PyData Singapore 2
  • 3. Path Condition (PC) int max(int x, int y, int z){ int m = x; if(y>m && y>z) m = y; else if(z>m) m = z; return m; } max(1,3,2) = 3 Inputs: x0,y0,z0 PC: true PC: m0=x0 PC: m0=x0∧y0>m0∧y0>z0 ∧m1=y0 Output: m1 10 June 2015 PyData Singapore 3
  • 4. 10 June 2015 PyData Singapore 4 m = x m = y y>m && y>z z > m m = z return m true m=x …∧y>m∧y>z …∧¬(y>m∧y>z) …∧z>m …∧¬(z>m) …∧m=z …∧m=y Execution Tree
  • 5. Path Exploration PC: m0=x0∧y0>m0∧y0>z0∧m1=y0 PC1: y0>x0∧y0>z0∧3=y0 Negate first constraint PC2: y0<=x0∧y0>z0∧3=y0 Check satisfiability using a constraint solver New Inputs: x0=3, y0=3, z0=2 Repeat SE with new inputs 10 June 2015 PyData Singapore 5
  • 6. Why is SE useful? • Automated Fuzzing • Test Case Generation • Debugging Error Traces • Program Analysis • … 10 June 2015 PyData Singapore 6
  • 7. Bottlenecks • Path Explosion – Loops and recursion – Unbounded number of paths in a program • Constraint Solving – int is easy but what about other data types floats, strings, bit vectors etc. – Handling data structures with pointers 10 June 2015 PyData Singapore 7
  • 8. Exploiting Undefined Behaviors for Efficient Symbolic Execution [ICSE 14] 10 June 2015 PyData Singapore 8
  • 9. Demo 1 • Symbolic execution with Pathgrind – fuzz/fuzz.py 10 June 2015 PyData Singapore 9
  • 10. Bokeh • Bo(w)-Ke(ttle) 10 June 2015 PyData Singapore 10
  • 11. 10 June 2015 PyData Singapore 11
  • 12. Demo 2 • Plotting with Bokeh – Line Plot – Scatter Plot – Bokeh Server 10 June 2015 PyData Singapore 12
  • 13. Visualizing SE • Time Taken – Generate path conditions (path exploration) – Generate new inputs (by solving constraints) 10 June 2015 PyData Singapore 13
  • 14. Demo 3 • Pathgrind + Bokeh = Visualize SE – fuzz/plotfuzz.py 10 June 2015 PyData Singapore 14
  • 15. 10 June 2015 PyData Singapore 15
  • 16. All paths are not equal • Use Levenshtein distance to measure the similarity between the path conditions when represented as strings • Scatter plot of similarity using Bokeh 10 June 2015 PyData Singapore 16
  • 17. 10 June 2015 PyData Singapore 17
  • 18. Optimization for SE • Prune paths that are >90% similar – As measured using Levenshtein edit distance 10 June 2015 PyData Singapore 18
  • 19. 10 June 2015 PyData Singapore 19
  • 20. 10 June 2015 PyData Singapore 20
  • 21. Take Away • Symbolic Execution • Using Bokeh to Visualize SE • Identify Optimizations for SE • Future – Statically Sampling of Paths – Probabilistic Analysis 10 June 2015 PyData Singapore 21
  • 22. We are hiring … Shape the future of software security at SourceClear. By joining our team, you can help define the way modern developers identify and fix vulnerabilities in their code. Check out https://jobs.lever.co/sourceclear 10 June 2015 PyData Singapore 22
  • 23. Thank You! • Questions? • Contact – Twitter: @asankhaya • Links – Source Code: https://github.com/codelion/pathgrind – Slides: http://asankhaya.github.io/ppt/PyDataSing.pptx 10 June 2015 PyData Singapore 23