Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi...

82
Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based Analyses Jason Belt and Robby Kansas State University Xianghua Deng Pennsylvania State University - Harrisburg Support US National Science Foundation (NSF) Air Force Office of Scientific Research (AFOSR) Rockwell Collins Tuesday, September 15

Transcript of Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi...

Page 1: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Sireum/Topi LDPA Lightweight Semi-decision Procedure for

Optimizing Symbolic Execution-based Analyses

Jason Belt and RobbyKansas State University

Xianghua DengPennsylvania State University - Harrisburg

Support

US National Science Foundation (NSF)Air Force Office of Scientific Research (AFOSR)Rockwell Collins

Tuesday, September 15

Page 2: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Software Verification

VerificationEngine

SoftwareArtifacts Report

Tuesday, September 15

Page 3: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

• has gained renewed interest in recent years

• in contrast to testing, it can reason about unknown values

Symbolic Execution

SymExeEngine

SoftwareArtifacts Report

Tuesday, September 15

Page 4: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Symbolic Execution

SymExeEngine

SoftwareArtifacts Report

DecisionProcedures

Tuesday, September 15

Page 5: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Kiasan

Kiasan.java(+ JML)

SMT Solver(CVC3/Yices)

Tuesday, September 15

Page 6: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Kiasan

Kiasan.java(+ JML)

SMT Solver(CVC3/Yices)

• a symbolic virtual machine for Java

• checks

• uncaught exceptions, assertions and contracts

• generates

• counter examples, test cases, coverage information, etc.

Tuesday, September 15

Page 7: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Kiasan

Kiasan.java(+ JML)

SMT Solver(CVC3/Yices)

Tuesday, September 15

Page 8: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

SMT Solvers

• made significant impact on software verification (not only for SymExe)

• ... but difficult to leverage application-specific knowledge for optimizations

• well-defined API

• ... but designed as a black-box

SMT Solver(CVC3/Yices)

Tuesday, September 15

Page 9: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Observations

• ... in some cases, the SMT solver used may take up to 50% - 80% of Kiasan’s overall execution time

• for scalar constraints

• can this be improved?

• creating application-specific SMT solver requires significant investments

Kiasan

SMT Solver

Tuesday, September 15

Page 10: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

The LDP ApproachSymExeEngine

DecisionProcedures

LDP

• LDP sits in the middle of SymExe and DP

• decides some constraints quickly

• delegate to DP for other constraints

• ... and learn DP answers for future decisions

Tuesday, September 15

Page 11: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

LDP: Design Goals

• quick decisions

• guideline: linear time and space complexity

• ... implies incompleteness

• sound

• allowed to delegate to DP

• i.e., LDP is a semi-decision procedure

Tuesday, September 15

Page 12: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

SymExe [King:ACM76]

void foo(int x, int y,int z) { z = x + y; if (z > 0){ z++; } }

Tuesday, September 15

Page 13: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

x ! !, y ! ", z ! #, $ = { } void foo(int x, int y,int z) { z = x + y; if (z > 0){ z++; } }

SymExe [King:ACM76]

Tuesday, September 15

Page 14: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

x ! !, y ! ", z ! #, $ = { }

x ! !, y ! ", z ! #, $ = {# = ! + " }

z = x + y;

void foo(int x, int y,int z) { z = x + y; if (z > 0){ z++; } }

SymExe [King:ACM76]

Tuesday, September 15

Page 15: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

x ! !, y ! ", z ! #, $ = { }

x ! !, y ! ", z ! #, $ = {# = ! + " }

x ! !, y ! ", z ! #, $ = {# = ! + ", # > 0 }

z > 0

void foo(int x, int y,int z) { z = x + y; if (z > 0){ z++; } }

SymExe [King:ACM76]

Tuesday, September 15

Page 16: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

x ! !, y ! ", z ! #, $ = { }

x ! !, y ! ", z ! #, $ = {# = ! + " }

x ! !, y ! ", z ! #, $ = {# = ! + ", # > 0 }

x ! !, y ! ", z ! #’, $ = {# = ! + ", # > 0, #’ = # + 1 }

z++;

void foo(int x, int y,int z) { z = x + y; if (z > 0){ z++; } }

SymExe [King:ACM76]

Tuesday, September 15

Page 17: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

x ! !, y ! ", z ! #, $ = { }

x ! !, y ! ", z ! #, $ = {# = ! + " }

x ! !, y ! ", z ! #, $ = {# = ! + ", # > 0 }

x ! !, y ! ", z ! #’, $ = {# = ! + ", # > 0, #’ = # + 1 }

x ! !, y ! ", z ! #, $ = {# = ! + ", # % 0 }

!(z > 0)

void foo(int x, int y,int z) { z = x + y; if (z > 0){ z++; } }

SymExe [King:ACM76]

Tuesday, September 15

Page 18: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

x ! !, y ! ", z ! #, $ = { }

x ! !, y ! ", z ! #, $ = {# = ! + " }

x ! !, y ! ", z ! #, $ = {# = ! + ", # > 0 }

x ! !, y ! ", z ! #’, $ = {# = ! + ", # > 0, #’ = # + 1 }

x ! !, y ! ", z ! #, $ = {# = ! + ", # % 0 }

x ! !, y ! ", z ! #, $ = {# = ! + ", # % 0 }

skip

void foo(int x, int y,int z) { z = x + y; if (z > 0){ z++; } }

SymExe [King:ACM76]

Tuesday, September 15

Page 19: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

x ! !, y ! ", z ! #, $ = { } void foo(int x, int y,int z) { z = x + y; if (z > 0){ z++; } } x ! !, y ! ", z ! #, $ = {# = ! + " }

x ! !, y ! ", z ! #, $ = {# = ! + ", # > 0 }

x ! !, y ! ", z ! #’, $ = {# = ! + ", # > 0, #’ = # + 1 }

x ! !, y ! ", z ! #, $ = {# = ! + ", # % 0 }

x ! !, y ! ", z ! #, $ = {# = ! + ", # % 0 }

…symbolic execution characterizes (theoretically) infinite number of real executions!

SymExe [King:ACM76]

Tuesday, September 15

Page 20: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Test Case Generation

x ! !, y ! ", z ! #, $ = { } void foo(int x, int y,int z) { z = x + y; if (z > 0){ z++; } } x ! !, y ! ", z ! #, $ = {# = ! + " }

x ! !, y ! ", z ! #, $ = {# = ! + ", # > 0 }

x ! !, y ! ", z ! #’, $ = {# = ! + ", # > 0, #’ = # + 1 }

x ! !, y ! ", z ! #, $ = {# = ! + ", # % 0 }

x ! !, y ! ", z ! #, $ = {# = ! + ", # % 0 }

x=-1, y=2, z=2

x=-1, y=2, z=2

Solving the constraintof each path’s Φ to generate a test case

... the explored computation tree can be directly leveraged for test case generation!Tuesday, September 15

Page 21: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

x ! !, y ! ", z ! #, $ = { } void foo(int x, int y,int z) { z = x + y; if (z > 0){ z++; } } x ! !, y ! ", z ! #, $ = {# = ! + " }

x ! !, y ! ", z ! #, $ = {# = ! + ", # > 0 }

x ! !, y ! ", z ! #’, $ = {# = ! + ", # > 0, #’ = # + 1 }

x ! !, y ! ", z ! #, $ = {# = ! + ", # % 0 }

x ! !, y ! ", z ! #, $ = {# = ! + ", # % 0 }

x=-1, y=0, z=-1

x=-1, y=0, z=-1

Solving the constraintof each path’s Φ to generate a test case

Test Case Generation

... the explored computation tree can be directly leveraged for test case generation!Tuesday, September 15

Page 22: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Kiasan: ObservationsForms of constraints in PC (due to bytecode)

• Symbol/Constant Constraints

• Symbol/Symbol Constraints

• Symbol/Binary Expression Constraint

α �� c where �� ∈ {<,≤,=, �=,≥, >}c �� α where �� ∈ {<,≤,=, �=,≥, >}

αi �� αj where �� ∈ {<,≤,=, �=,≥, >}

αi = c � αj where � ∈ {+,−, ∗, /}, orαi = αj � c where � ∈ {+,−, ∗, /}, orαk = αi � αj where � ∈ {+,−, ∗, /}.

Tuesday, September 15

Page 23: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Kiasan: ObservationsForms of constraints in PC (due to bytecode)

• Symbol/Constant Constraints

• Symbol/Symbol Constraints

• Symbol/Binary Expression Constraint

α �� c where �� ∈ {<,≤,=, �=,≥, >}c �� α where �� ∈ {<,≤,=, �=,≥, >}

αi �� αj where �� ∈ {<,≤,=, �=,≥, >}

αi = c � αj where � ∈ {+,−, ∗, /}, orαi = αj � c where � ∈ {+,−, ∗, /}, orαk = αi � αj where � ∈ {+,−, ∗, /}.

... PC will only contain conjunctionsTuesday, September 15

Page 24: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

LDP: API

• LDP maintains information in tables, etc.

• initially empty

• query: lookup tables to see whether stored information is enough to decide validity of the branch condition

• if not, delegate to DP

• update: when delegation happens, update tables with answer from DP

T F

Tuesday, September 15

Page 25: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

LDP: Query Results

T F

Tuesday, September 15

Page 26: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

LDP: Query Results

T F

valid

Tuesday, September 15

Page 27: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

LDP: Query Results

T F

valid

T F

unsat

Tuesday, September 15

Page 28: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

LDP: Query Results

T F

valid

T F

unsat

T F

both sat

Tuesday, September 15

Page 29: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

LDP: Query Results

T F

valid

T F

unsat

T F

both sat unknown

T F

delegate

Tuesday, September 15

Page 30: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

LDP: Update

• does not need to update for valid and unsat results

• LDP already has the necessary information to make a precise decision

T F

valid

T F

unsatPC

PC

PC

PC

Tuesday, September 15

Page 31: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

LDP: Update

• When the decision is delegated to DP

• T: update LDP tables to include the fact that the branching condition holds

• F: update LDP tables to include the fact that the branching condition does not hold

unknown

T FPC + ¬bcPC + bc

PC

Tuesday, September 15

Page 32: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

LDP: Update

• Similar to unknown

• T: update LDP tables to include the fact that the branching condition holds

• F: update LDP tables to include the fact that the branching condition does not hold

T F

both sat

PC + ¬bcPC + bc

PC

Tuesday, September 15

Page 33: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Model-Based Engineering

^{ LT -> // query^[ (EQ, ^{ CLT->UNSAT, CEQ->UNSAT, CGT->VALID }),

(GE, ^{ CLT->UNSAT, CEQ->UNSAT, CGT->LE }), ...],... };

^{ LT -> // update^[ ..., (CGT, ^{ CLT -> ^[ store(LT) ],

CGE -> ^[ drop(GT), store(GE) ]},(CLE, ^{ CLT -> ^[ drop(LE), store(LT) ],

CGE -> ^[ compare(EQ) ?^[ drop(LE), store(EQ) ] :^[ store(GE) ] ] }, ...],

... };

Pilar Model

Tuesday, September 15

Page 34: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

^{ LT -> // query^[ (EQ, ^{ CLT->UNSAT, CEQ->UNSAT, CGT->VALID }),

(GE, ^{ CLT->UNSAT, CEQ->UNSAT, CGT->LE }), ...],... };

^{ LT -> // update^[ ..., (CGT, ^{ CLT -> ^[ store(LT) ],

CGE -> ^[ drop(GT), store(GE) ]},(CLE, ^{ CLT -> ^[ drop(LE), store(LT) ],

CGE -> ^[ compare(EQ) ?^[ drop(LE), store(EQ) ] :^[ store(GE) ] ] }, ...],

... };

Model-Based Engineering

Java Code View

Tuesday, September 15

Page 35: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

^{ LT -> // query^[ (EQ, ^{ CLT->UNSAT, CEQ->UNSAT, CGT->VALID }),

(GE, ^{ CLT->UNSAT, CEQ->UNSAT, CGT->LE }), ...],... };

^{ LT -> // update^[ ..., (CGT, ^{ CLT -> ^[ store(LT) ],

CGE -> ^[ drop(GT), store(GE) ]},(CLE, ^{ CLT -> ^[ drop(LE), store(LT) ],

CGE -> ^[ compare(EQ) ?^[ drop(LE), store(EQ) ] :^[ store(GE) ] ] }, ...],

... };

Model-Based Engineering

Latex View

Tuesday, September 15

Page 36: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Symbol/Constant Query Rulesα < c ?

C Test Result Value Example #

C=

c < C(α) UNSAT

✲d��

c< ❝

1

c = C(α) UNSAT

✲d��

c, d< ❝

2

c > C(α) VALID

✲d��

c< ❝

3

C≥

c < C(α) UNSAT

✲d� >

c< ❝

4

c = C(α) UNSAT

✲d� >

c, d< ❝

5

c > C(α) C≤?

✲d� >

c< ❝

6

C>

c < C(α) UNSAT

✲d❝ >

c< ❝

7

c = C(α) UNSAT

✲d❝ >

c, d< ❝

8

c > C(α) C≤?

✲d❝ >

c< ❝

9

C≤

c < C(α) UNKNOWN

✲d

< �c

< ❝10

c = C(α) UNKNOWN

✲d

< �c, d

< ❝11

c > C(α) VALID

✲d

< �c

< ❝12

C<

c < C(α) UNKNOWN

✲d

< ❝c

< ❝13

c = C(α) VALID

✲d

< ❝c, d

< ❝14

c > C(α) VALID

✲d

< ❝c

< ❝15

• stored as mappings from symbols to constants

Tuesday, September 15

Page 37: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

constraint from SymExe e.g. x < 3

Symbol/Constant Query Rulesα < c ?

C Test Result Value Example #

C=

c < C(α) UNSAT

✲d��

c< ❝

1

c = C(α) UNSAT

✲d��

c, d< ❝

2

c > C(α) VALID

✲d��

c< ❝

3

C≥

c < C(α) UNSAT

✲d� >

c< ❝

4

c = C(α) UNSAT

✲d� >

c, d< ❝

5

c > C(α) C≤?

✲d� >

c< ❝

6

C>

c < C(α) UNSAT

✲d❝ >

c< ❝

7

c = C(α) UNSAT

✲d❝ >

c, d< ❝

8

c > C(α) C≤?

✲d❝ >

c< ❝

9

C≤

c < C(α) UNKNOWN

✲d

< �c

< ❝10

c = C(α) UNKNOWN

✲d

< �c, d

< ❝11

c > C(α) VALID

✲d

< �c

< ❝12

C<

c < C(α) UNKNOWN

✲d

< ❝c

< ❝13

c = C(α) VALID

✲d

< ❝c, d

< ❝14

c > C(α) VALID

✲d

< ❝c

< ❝15

• stored as mappings from symbols to constants

Tuesday, September 15

Page 38: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Symbol/Constant Query Rulesα < c ?

C Test Result Value Example #

C=

c < C(α) UNSAT

✲d��

c< ❝

1

c = C(α) UNSAT

✲d��

c, d< ❝

2

c > C(α) VALID

✲d��

c< ❝

3

C≥

c < C(α) UNSAT

✲d� >

c< ❝

4

c = C(α) UNSAT

✲d� >

c, d< ❝

5

c > C(α) C≤?

✲d� >

c< ❝

6

C>

c < C(α) UNSAT

✲d❝ >

c< ❝

7

c = C(α) UNSAT

✲d❝ >

c, d< ❝

8

c > C(α) C≤?

✲d❝ >

c< ❝

9

C≤

c < C(α) UNKNOWN

✲d

< �c

< ❝10

c = C(α) UNKNOWN

✲d

< �c, d

< ❝11

c > C(α) VALID

✲d

< �c

< ❝12

C<

c < C(α) UNKNOWN

✲d

< ❝c

< ❝13

c = C(α) VALID

✲d

< ❝c, d

< ❝14

c > C(α) VALID

✲d

< ❝c

< ❝15

Symbol/Constant map notation

• stored as mappings from symbols to constants

Tuesday, September 15

Page 39: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

comparator indicates type of comparison the map is storing

Symbol/Constant Query Rules• stored as mappings from

symbols to constants

α < c ?

C Test Result Value Example #

C=

c < C(α) UNSAT

✲d��

c< ❝

1

c = C(α) UNSAT

✲d��

c, d< ❝

2

c > C(α) VALID

✲d��

c< ❝

3

C≥

c < C(α) UNSAT

✲d� >

c< ❝

4

c = C(α) UNSAT

✲d� >

c, d< ❝

5

c > C(α) C≤?

✲d� >

c< ❝

6

C>

c < C(α) UNSAT

✲d❝ >

c< ❝

7

c = C(α) UNSAT

✲d❝ >

c, d< ❝

8

c > C(α) C≤?

✲d❝ >

c< ❝

9

C≤

c < C(α) UNKNOWN

✲d

< �c

< ❝10

c = C(α) UNKNOWN

✲d

< �c, d

< ❝11

c > C(α) VALID

✲d

< �c

< ❝12

C<

c < C(α) UNKNOWN

✲d

< ❝c

< ❝13

c = C(α) VALID

✲d

< ❝c, d

< ❝14

c > C(α) VALID

✲d

< ❝c

< ❝15

Tuesday, September 15

Page 40: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

comparison of passed in constant with the

mapped value

Symbol/Constant Query Rules• stored as mappings from

symbols to constants

α < c ?

C Test Result Value Example #

C=

c < C(α) UNSAT

✲d��

c< ❝

1

c = C(α) UNSAT

✲d��

c, d< ❝

2

c > C(α) VALID

✲d��

c< ❝

3

C≥

c < C(α) UNSAT

✲d� >

c< ❝

4

c = C(α) UNSAT

✲d� >

c, d< ❝

5

c > C(α) C≤?

✲d� >

c< ❝

6

C>

c < C(α) UNSAT

✲d❝ >

c< ❝

7

c = C(α) UNSAT

✲d❝ >

c, d< ❝

8

c > C(α) C≤?

✲d❝ >

c< ❝

9

C≤

c < C(α) UNKNOWN

✲d

< �c

< ❝10

c = C(α) UNKNOWN

✲d

< �c, d

< ❝11

c > C(α) VALID

✲d

< �c

< ❝12

C<

c < C(α) UNKNOWN

✲d

< ❝c

< ❝13

c = C(α) VALID

✲d

< ❝c, d

< ❝14

c > C(α) VALID

✲d

< ❝c

< ❝15

Tuesday, September 15

Page 41: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

LDP’s return value

Symbol/Constant Query Rules• stored as mappings from

symbols to constants

α < c ?

C Test Result Value Example #

C=

c < C(α) UNSAT

✲d��

c< ❝

1

c = C(α) UNSAT

✲d��

c, d< ❝

2

c > C(α) VALID

✲d��

c< ❝

3

C≥

c < C(α) UNSAT

✲d� >

c< ❝

4

c = C(α) UNSAT

✲d� >

c, d< ❝

5

c > C(α) C≤?

✲d� >

c< ❝

6

C>

c < C(α) UNSAT

✲d❝ >

c< ❝

7

c = C(α) UNSAT

✲d❝ >

c, d< ❝

8

c > C(α) C≤?

✲d❝ >

c< ❝

9

C≤

c < C(α) UNKNOWN

✲d

< �c

< ❝10

c = C(α) UNKNOWN

✲d

< �c, d

< ❝11

c > C(α) VALID

✲d

< �c

< ❝12

C<

c < C(α) UNKNOWN

✲d

< ❝c

< ❝13

c = C(α) VALID

✲d

< ❝c, d

< ❝14

c > C(α) VALID

✲d

< ❝c

< ❝15

Tuesday, September 15

Page 42: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Symbol/Constant Query Rules• stored as mappings from

symbols to constants• search is performed in a

predefined order

α < c ?

C Test Result Value Example #

C=

c < C(α) UNSAT

✲d��

c< ❝

1

c = C(α) UNSAT

✲d��

c, d< ❝

2

c > C(α) VALID

✲d��

c< ❝

3

C≥

c < C(α) UNSAT

✲d� >

c< ❝

4

c = C(α) UNSAT

✲d� >

c, d< ❝

5

c > C(α) C≤?

✲d� >

c< ❝

6

C>

c < C(α) UNSAT

✲d❝ >

c< ❝

7

c = C(α) UNSAT

✲d❝ >

c, d< ❝

8

c > C(α) C≤?

✲d❝ >

c< ❝

9

C≤

c < C(α) UNKNOWN

✲d

< �c

< ❝10

c = C(α) UNKNOWN

✲d

< �c, d

< ❝11

c > C(α) VALID

✲d

< �c

< ❝12

C<

c < C(α) UNKNOWN

✲d

< ❝c

< ❝13

c = C(α) VALID

✲d

< ❝c, d

< ❝14

c > C(α) VALID

✲d

< ❝c

< ❝15

Tuesday, September 15

Page 43: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Symbol/Constant Query Rules• stored as mappings from

symbols to constants• search is performed in a

predefined order

α < c ?

C Test Result Value Example #

C=

c < C(α) UNSAT

✲d��

c< ❝

1

c = C(α) UNSAT

✲d��

c, d< ❝

2

c > C(α) VALID

✲d��

c< ❝

3

C≥

c < C(α) UNSAT

✲d� >

c< ❝

4

c = C(α) UNSAT

✲d� >

c, d< ❝

5

c > C(α) C≤?

✲d� >

c< ❝

6

C>

c < C(α) UNSAT

✲d❝ >

c< ❝

7

c = C(α) UNSAT

✲d❝ >

c, d< ❝

8

c > C(α) C≤?

✲d❝ >

c< ❝

9

C≤

c < C(α) UNKNOWN

✲d

< �c

< ❝10

c = C(α) UNKNOWN

✲d

< �c, d

< ❝11

c > C(α) VALID

✲d

< �c

< ❝12

C<

c < C(α) UNKNOWN

✲d

< ❝c

< ❝13

c = C(α) VALID

✲d

< ❝c, d

< ❝14

c > C(α) VALID

✲d

< ❝c

< ❝15

Tuesday, September 15

Page 44: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Symbol/Constant Query Rules• stored as mappings from

symbols to constants• search is performed in a

predefined order

α < c ?

C Test Result Value Example #

C=

c < C(α) UNSAT

✲d��

c< ❝

1

c = C(α) UNSAT

✲d��

c, d< ❝

2

c > C(α) VALID

✲d��

c< ❝

3

C≥

c < C(α) UNSAT

✲d� >

c< ❝

4

c = C(α) UNSAT

✲d� >

c, d< ❝

5

c > C(α) C≤?

✲d� >

c< ❝

6

C>

c < C(α) UNSAT

✲d❝ >

c< ❝

7

c = C(α) UNSAT

✲d❝ >

c, d< ❝

8

c > C(α) C≤?

✲d❝ >

c< ❝

9

C≤

c < C(α) UNKNOWN

✲d

< �c

< ❝10

c = C(α) UNKNOWN

✲d

< �c, d

< ❝11

c > C(α) VALID

✲d

< �c

< ❝12

C<

c < C(α) UNKNOWN

✲d

< ❝c

< ❝13

c = C(α) VALID

✲d

< ❝c, d

< ❝14

c > C(α) VALID

✲d

< ❝c

< ❝15

Tuesday, September 15

Page 45: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Symbol/Constant Query Rules• stored as mappings from

symbols to constants• search is performed in a

predefined order

α < c ?

C Test Result Value Example #

C=

c < C(α) UNSAT

✲d��

c< ❝

1

c = C(α) UNSAT

✲d��

c, d< ❝

2

c > C(α) VALID

✲d��

c< ❝

3

C≥

c < C(α) UNSAT

✲d� >

c< ❝

4

c = C(α) UNSAT

✲d� >

c, d< ❝

5

c > C(α) C≤?

✲d� >

c< ❝

6

C>

c < C(α) UNSAT

✲d❝ >

c< ❝

7

c = C(α) UNSAT

✲d❝ >

c, d< ❝

8

c > C(α) C≤?

✲d❝ >

c< ❝

9

C≤

c < C(α) UNKNOWN

✲d

< �c

< ❝10

c = C(α) UNKNOWN

✲d

< �c, d

< ❝11

c > C(α) VALID

✲d

< �c

< ❝12

C<

c < C(α) UNKNOWN

✲d

< ❝c

< ❝13

c = C(α) VALID

✲d

< ❝c, d

< ❝14

c > C(α) VALID

✲d

< ❝c

< ❝15

Tuesday, September 15

Page 46: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Symbol/Constant Query Rules• stored as mappings from

symbols to constants• search is performed in a

predefined order

α < c ?

C Test Result Value Example #

C=

c < C(α) UNSAT

✲d��

c< ❝

1

c = C(α) UNSAT

✲d��

c, d< ❝

2

c > C(α) VALID

✲d��

c< ❝

3

C≥

c < C(α) UNSAT

✲d� >

c< ❝

4

c = C(α) UNSAT

✲d� >

c, d< ❝

5

c > C(α) C≤?

✲d� >

c< ❝

6

C>

c < C(α) UNSAT

✲d❝ >

c< ❝

7

c = C(α) UNSAT

✲d❝ >

c, d< ❝

8

c > C(α) C≤?

✲d❝ >

c< ❝

9

C≤

c < C(α) UNKNOWN

✲d

< �c

< ❝10

c = C(α) UNKNOWN

✲d

< �c, d

< ❝11

c > C(α) VALID

✲d

< �c

< ❝12

C<

c < C(α) UNKNOWN

✲d

< ❝c

< ❝13

c = C(α) VALID

✲d

< ❝c, d

< ❝14

c > C(α) VALID

✲d

< ❝c

< ❝15

Tuesday, September 15

Page 47: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Symbol/Constant Query Rules• stored as mappings from

symbols to constants• search is performed in a

predefined order

α < c ?

C Test Result Value Example #

C=

c < C(α) UNSAT

✲d��

c< ❝

1

c = C(α) UNSAT

✲d��

c, d< ❝

2

c > C(α) VALID

✲d��

c< ❝

3

C≥

c < C(α) UNSAT

✲d� >

c< ❝

4

c = C(α) UNSAT

✲d� >

c, d< ❝

5

c > C(α) C≤?

✲d� >

c< ❝

6

C>

c < C(α) UNSAT

✲d❝ >

c< ❝

7

c = C(α) UNSAT

✲d❝ >

c, d< ❝

8

c > C(α) C≤?

✲d❝ >

c< ❝

9

C≤

c < C(α) UNKNOWN

✲d

< �c

< ❝10

c = C(α) UNKNOWN

✲d

< �c, d

< ❝11

c > C(α) VALID

✲d

< �c

< ❝12

C<

c < C(α) UNKNOWN

✲d

< ❝c

< ❝13

c = C(α) VALID

✲d

< ❝c, d

< ❝14

c > C(α) VALID

✲d

< ❝c

< ❝15

Tuesday, September 15

Page 48: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Symbol/Constant Query Rules• stored as mappings from

symbols to constants• search is performed in a

predefined order•BOTH SAT returned when no

mapping is found and the symbol is not associated with another symbol, UNKNOWN otherwise.

α < c ?

C Test Result Value Example #

C=

c < C(α) UNSAT

✲d��

c< ❝

1

c = C(α) UNSAT

✲d��

c, d< ❝

2

c > C(α) VALID

✲d��

c< ❝

3

C≥

c < C(α) UNSAT

✲d� >

c< ❝

4

c = C(α) UNSAT

✲d� >

c, d< ❝

5

c > C(α) C≤?

✲d� >

c< ❝

6

C>

c < C(α) UNSAT

✲d❝ >

c< ❝

7

c = C(α) UNSAT

✲d❝ >

c, d< ❝

8

c > C(α) C≤?

✲d❝ >

c< ❝

9

C≤

c < C(α) UNKNOWN

✲d

< �c

< ❝10

c = C(α) UNKNOWN

✲d

< �c, d

< ❝11

c > C(α) VALID

✲d

< �c

< ❝12

C<

c < C(α) UNKNOWN

✲d

< ❝c

< ❝13

c = C(α) VALID

✲d

< ❝c, d

< ❝14

c > C(α) VALID

✲d

< ❝c

< ❝15

Tuesday, September 15

Page 49: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

• Example query• Example query• Example queryx < 5 with PC = {0 ≤ x ≤ 3}

Symbol/Constant Query Rulesα < c ?

C Test Result Value Example #

C=

c < C(α) UNSAT

✲d��

c< ❝

1

c = C(α) UNSAT

✲d��

c, d< ❝

2

c > C(α) VALID

✲d��

c< ❝

3

C≥

c < C(α) UNSAT

✲d� >

c< ❝

4

c = C(α) UNSAT

✲d� >

c, d< ❝

5

c > C(α) C≤?

✲d� >

c< ❝

6

C>

c < C(α) UNSAT

✲d❝ >

c< ❝

7

c = C(α) UNSAT

✲d❝ >

c, d< ❝

8

c > C(α) C≤?

✲d❝ >

c< ❝

9

C≤

c < C(α) UNKNOWN

✲d

< �c

< ❝10

c = C(α) UNKNOWN

✲d

< �c, d

< ❝11

c > C(α) VALID

✲d

< �c

< ❝12

C<

c < C(α) UNKNOWN

✲d

< ❝c

< ❝13

c = C(α) VALID

✲d

< ❝c, d

< ❝14

c > C(α) VALID

✲d

< ❝c

< ❝15

Tuesday, September 15

Page 50: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

• Example query

C= does not contain a mapping for x

• Example query• Example queryx < 5 with PC = {0 ≤ x ≤ 3}

Symbol/Constant Query Rulesα < c ?

C Test Result Value Example #

C=

c < C(α) UNSAT

✲d��

c< ❝

1

c = C(α) UNSAT

✲d��

c, d< ❝

2

c > C(α) VALID

✲d��

c< ❝

3

C≥

c < C(α) UNSAT

✲d� >

c< ❝

4

c = C(α) UNSAT

✲d� >

c, d< ❝

5

c > C(α) C≤?

✲d� >

c< ❝

6

C>

c < C(α) UNSAT

✲d❝ >

c< ❝

7

c = C(α) UNSAT

✲d❝ >

c, d< ❝

8

c > C(α) C≤?

✲d❝ >

c< ❝

9

C≤

c < C(α) UNKNOWN

✲d

< �c

< ❝10

c = C(α) UNKNOWN

✲d

< �c, d

< ❝11

c > C(α) VALID

✲d

< �c

< ❝12

C<

c < C(α) UNKNOWN

✲d

< ❝c

< ❝13

c = C(α) VALID

✲d

< ❝c, d

< ❝14

c > C(α) VALID

✲d

< ❝c

< ❝15

Tuesday, September 15

Page 51: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

• Example query

found

x < 5 with PC = {0 ≤ x ≤ 3}

x ≥ 0

Symbol/Constant Query Rulesα < c ?

C Test Result Value Example #

C=

c < C(α) UNSAT

✲d��

c< ❝

1

c = C(α) UNSAT

✲d��

c, d< ❝

2

c > C(α) VALID

✲d��

c< ❝

3

C≥

c < C(α) UNSAT

✲d� >

c< ❝

4

c = C(α) UNSAT

✲d� >

c, d< ❝

5

c > C(α) C≤?

✲d� >

c< ❝

6

C>

c < C(α) UNSAT

✲d❝ >

c< ❝

7

c = C(α) UNSAT

✲d❝ >

c, d< ❝

8

c > C(α) C≤?

✲d❝ >

c< ❝

9

C≤

c < C(α) UNKNOWN

✲d

< �c

< ❝10

c = C(α) UNKNOWN

✲d

< �c, d

< ❝11

c > C(α) VALID

✲d

< �c

< ❝12

C<

c < C(α) UNKNOWN

✲d

< ❝c

< ❝13

c = C(α) VALID

✲d

< ❝c, d

< ❝14

c > C(α) VALID

✲d

< ❝c

< ❝15

Tuesday, September 15

Page 52: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

• Example query

5 > 0, indicates LDP needs to check if an upper bound exists

x < 5 with PC = {0 ≤ x ≤ 3}

C≤?

Symbol/Constant Query Rulesα < c ?

C Test Result Value Example #

C=

c < C(α) UNSAT

✲d��

c< ❝

1

c = C(α) UNSAT

✲d��

c, d< ❝

2

c > C(α) VALID

✲d��

c< ❝

3

C≥

c < C(α) UNSAT

✲d� >

c< ❝

4

c = C(α) UNSAT

✲d� >

c, d< ❝

5

c > C(α) C≤?

✲d� >

c< ❝

6

C>

c < C(α) UNSAT

✲d❝ >

c< ❝

7

c = C(α) UNSAT

✲d❝ >

c, d< ❝

8

c > C(α) C≤?

✲d❝ >

c< ❝

9

C≤

c < C(α) UNKNOWN

✲d

< �c

< ❝10

c = C(α) UNKNOWN

✲d

< �c, d

< ❝11

c > C(α) VALID

✲d

< �c

< ❝12

C<

c < C(α) UNKNOWN

✲d

< ❝c

< ❝13

c = C(α) VALID

✲d

< ❝c, d

< ❝14

c > C(α) VALID

✲d

< ❝c

< ❝15

Tuesday, September 15

Page 53: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

• Example query

found

x < 5 with PC = {0 ≤ x ≤ 3}

x ≤ 3

Symbol/Constant Query Rulesα < c ?

C Test Result Value Example #

C=

c < C(α) UNSAT

✲d��

c< ❝

1

c = C(α) UNSAT

✲d��

c, d< ❝

2

c > C(α) VALID

✲d��

c< ❝

3

C≥

c < C(α) UNSAT

✲d� >

c< ❝

4

c = C(α) UNSAT

✲d� >

c, d< ❝

5

c > C(α) C≤?

✲d� >

c< ❝

6

C>

c < C(α) UNSAT

✲d❝ >

c< ❝

7

c = C(α) UNSAT

✲d❝ >

c, d< ❝

8

c > C(α) C≤?

✲d❝ >

c< ❝

9

C≤

c < C(α) UNKNOWN

✲d

< �c

< ❝10

c = C(α) UNKNOWN

✲d

< �c, d

< ❝11

c > C(α) VALID

✲d

< �c

< ❝12

C<

c < C(α) UNKNOWN

✲d

< ❝c

< ❝13

c = C(α) VALID

✲d

< ❝c, d

< ❝14

c > C(α) VALID

✲d

< ❝c

< ❝15

Tuesday, September 15

Page 54: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

• Example query

5 > 3 so LDP returns VALID

x < 5 with PC = {0 ≤ x ≤ 3}

Symbol/Constant Query Rulesα < c ?

C Test Result Value Example #

C=

c < C(α) UNSAT

✲d��

c< ❝

1

c = C(α) UNSAT

✲d��

c, d< ❝

2

c > C(α) VALID

✲d��

c< ❝

3

C≥

c < C(α) UNSAT

✲d� >

c< ❝

4

c = C(α) UNSAT

✲d� >

c, d< ❝

5

c > C(α) C≤?

✲d� >

c< ❝

6

C>

c < C(α) UNSAT

✲d❝ >

c< ❝

7

c = C(α) UNSAT

✲d❝ >

c, d< ❝

8

c > C(α) C≤?

✲d❝ >

c< ❝

9

C≤

c < C(α) UNKNOWN

✲d

< �c

< ❝10

c = C(α) UNKNOWN

✲d

< �c, d

< ❝11

c > C(α) VALID

✲d

< �c

< ❝12

C<

c < C(α) UNKNOWN

✲d

< ❝c

< ❝13

c = C(α) VALID

✲d

< ❝c, d

< ❝14

c > C(α) VALID

✲d

< ❝c

< ❝15

Tuesday, September 15

Page 55: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Symbol/Constant Update Rules

α < c !C Update Rules #

C≥F) α ≥ c→ C≥[α �→ c] 1T) α < c→ C<[α �→ c] 2

C>F) α ≥ c→ C>[α �→ ⊥], C≥[α �→ c] 3T) α < c→ C<[α �→ c] 4

C≤F) α ≥ c→

if c = C≤(α)then C=[α �→ c]else C>[α �→ ⊥], C≥[α �→ c]

5

T) α < c→ C≤[α �→ ⊥], C<[α �→ c] 6

C<F) α ≥ c→ C>[α �→ ⊥], C≥[α �→ c] 7T) α < c→ C<[α �→ c] 8

• for UNKNOWN decisions, LDP returns an explanation of how the decision was made

Tuesday, September 15

Page 56: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Symbol/Constant Update Rules

α < c !C Update Rules #

C≥F) α ≥ c→ C≥[α �→ c] 1T) α < c→ C<[α �→ c] 2

C>F) α ≥ c→ C>[α �→ ⊥], C≥[α �→ c] 3T) α < c→ C<[α �→ c] 4

C≤F) α ≥ c→

if c = C≤(α)then C=[α �→ c]else C>[α �→ ⊥], C≥[α �→ c]

5

T) α < c→ C≤[α �→ ⊥], C<[α �→ c] 6

C<F) α ≥ c→ C>[α �→ ⊥], C≥[α �→ c] 7T) α < c→ C<[α �→ c] 8

• for UNKNOWN decisions, LDP returns an explanation of how the decision was made

constraint to add to PC

Tuesday, September 15

Page 57: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Symbol/Constant Update Rules

α < c !C Update Rules #

C≥F) α ≥ c→ C≥[α �→ c] 1T) α < c→ C<[α �→ c] 2

C>F) α ≥ c→ C>[α �→ ⊥], C≥[α �→ c] 3T) α < c→ C<[α �→ c] 4

C≤F) α ≥ c→

if c = C≤(α)then C=[α �→ c]else C>[α �→ ⊥], C≥[α �→ c]

5

T) α < c→ C≤[α �→ ⊥], C<[α �→ c] 6

C<F) α ≥ c→ C>[α �→ ⊥], C≥[α �→ c] 7T) α < c→ C<[α �→ c] 8

• for UNKNOWN decisions, LDP returns an explanation of how the decision was made

mapping used to make the decision

Tuesday, September 15

Page 58: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Symbol/Constant Update Rules

α < c !C Update Rules #

C≥F) α ≥ c→ C≥[α �→ c] 1T) α < c→ C<[α �→ c] 2

C>F) α ≥ c→ C>[α �→ ⊥], C≥[α �→ c] 3T) α < c→ C<[α �→ c] 4

C≤F) α ≥ c→

if c = C≤(α)then C=[α �→ c]else C>[α �→ ⊥], C≥[α �→ c]

5

T) α < c→ C≤[α �→ ⊥], C<[α �→ c] 6

C<F) α ≥ c→ C>[α �→ ⊥], C≥[α �→ c] 7T) α < c→ C<[α �→ c] 8

• for UNKNOWN decisions, LDP returns an explanation of how the decision was made

update rule for the original constraint

Tuesday, September 15

Page 59: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Symbol/Constant Update Rules

α < c !C Update Rules #

C≥F) α ≥ c→ C≥[α �→ c] 1T) α < c→ C<[α �→ c] 2

C>F) α ≥ c→ C>[α �→ ⊥], C≥[α �→ c] 3T) α < c→ C<[α �→ c] 4

C≤F) α ≥ c→

if c = C≤(α)then C=[α �→ c]else C>[α �→ ⊥], C≥[α �→ c]

5

T) α < c→ C≤[α �→ ⊥], C<[α �→ c] 6

C<F) α ≥ c→ C>[α �→ ⊥], C≥[α �→ c] 7T) α < c→ C<[α �→ c] 8

• for UNKNOWN decisions, LDP returns an explanation of how the decision was made

update rule for the negated constraint

Tuesday, September 15

Page 60: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Symbol/Constant Update Rules

α < c !C Update Rules #

C≥F) α ≥ c→ C≥[α �→ c] 1T) α < c→ C<[α �→ c] 2

C>F) α ≥ c→ C>[α �→ ⊥], C≥[α �→ c] 3T) α < c→ C<[α �→ c] 4

C≤F) α ≥ c→

if c = C≤(α)then C=[α �→ c]else C>[α �→ ⊥], C≥[α �→ c]

5

T) α < c→ C≤[α �→ ⊥], C<[α �→ c] 6

C<F) α ≥ c→ C>[α �→ ⊥], C≥[α �→ c] 7T) α < c→ C<[α �→ c] 8

• e.g. update context with and PC = {0 ≤ x ≤ 3}x < 3

Tuesday, September 15

Page 61: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Symbol/Constant Update Rules

α < c !C Update Rules #

C≥F) α ≥ c→ C≥[α �→ c] 1T) α < c→ C<[α �→ c] 2

C>F) α ≥ c→ C>[α �→ ⊥], C≥[α �→ c] 3T) α < c→ C<[α �→ c] 4

C≤F) α ≥ c→

if c = C≤(α)then C=[α �→ c]else C>[α �→ ⊥], C≥[α �→ c]

5

T) α < c→ C≤[α �→ ⊥], C<[α �→ c] 6

C<F) α ≥ c→ C>[α �→ ⊥], C≥[α �→ c] 7T) α < c→ C<[α �→ c] 8

• e.g. update context with and

Original Constraint: x < 3 Mapping used:

LDP’s Return Value

PC = {0 ≤ x ≤ 3}x < 3

C≤

Tuesday, September 15

Page 62: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Symbol/Constant Update Rules

α < c !C Update Rules #

C≥F) α ≥ c→ C≥[α �→ c] 1T) α < c→ C<[α �→ c] 2

C>F) α ≥ c→ C>[α �→ ⊥], C≥[α �→ c] 3T) α < c→ C<[α �→ c] 4

C≤F) α ≥ c→

if c = C≤(α)then C=[α �→ c]else C>[α �→ ⊥], C≥[α �→ c]

5

T) α < c→ C≤[α �→ ⊥], C<[α �→ c] 6

C<F) α ≥ c→ C>[α �→ ⊥], C≥[α �→ c] 7T) α < c→ C<[α �→ c] 8

• e.g. update context with and

Original Constraint: x < 3 Mapping used:

PC = {0 ≤ x ≤ 3}x < 3

C≤

LDP’s Return Value

Mapping used to make decision

Tuesday, September 15

Page 63: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Symbol/Constant Update Rules

α < c !C Update Rules #

C≥F) α ≥ c→ C≥[α �→ c] 1T) α < c→ C<[α �→ c] 2

C>F) α ≥ c→ C>[α �→ ⊥], C≥[α �→ c] 3T) α < c→ C<[α �→ c] 4

C≤F) α ≥ c→

if c = C≤(α)then C=[α �→ c]else C>[α �→ ⊥], C≥[α �→ c]

5

T) α < c→ C≤[α �→ ⊥], C<[α �→ c] 6

C<F) α ≥ c→ C>[α �→ ⊥], C≥[α �→ c] 7T) α < c→ C<[α �→ c] 8

• e.g. update context with and

Original Constraint: x < 3 Mapping used:

PC = {0 ≤ x ≤ 3}x < 3

C≤

LDP’s Return Valueoriginal constraintchosen by SymExe

Tuesday, September 15

Page 64: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Symbol/Constant Update Rules

α < c !C Update Rules #

C≥F) α ≥ c→ C≥[α �→ c] 1T) α < c→ C<[α �→ c] 2

C>F) α ≥ c→ C>[α �→ ⊥], C≥[α �→ c] 3T) α < c→ C<[α �→ c] 4

C≤F) α ≥ c→

if c = C≤(α)then C=[α �→ c]else C>[α �→ ⊥], C≥[α �→ c]

5

T) α < c→ C≤[α �→ ⊥], C<[α �→ c] 6

C<F) α ≥ c→ C>[α �→ ⊥], C≥[α �→ c] 7T) α < c→ C<[α �→ c] 8

• e.g. update context with and

Original Constraint: x < 3 Mapping used:

PC = {0 ≤ x ≤ 3}x < 3

C≤

Yields...

PC � = {0 ≤ x < 3}

LDP’s Return Value

Tuesday, September 15

Page 65: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Symbol/Constant Update Rules

α < c !C Update Rules #

C≥F) α ≥ c→ C≥[α �→ c] 1T) α < c→ C<[α �→ c] 2

C>F) α ≥ c→ C>[α �→ ⊥], C≥[α �→ c] 3T) α < c→ C<[α �→ c] 4

C≤F) α ≥ c→

if c = C≤(α)then C=[α �→ c]else C>[α �→ ⊥], C≥[α �→ c]

5

T) α < c→ C≤[α �→ ⊥], C<[α �→ c] 6

C<F) α ≥ c→ C>[α �→ ⊥], C≥[α �→ c] 7T) α < c→ C<[α �→ c] 8

• e.g. update context with and

Original Constraint: x < 3 Mapping used:

PC = {0 ≤ x ≤ 3}

C≤

x ≥ 3

LDP’s Return Valuenegated constraintchosen by SymExe

Tuesday, September 15

Page 66: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Symbol/Constant Update Rules

α < c !C Update Rules #

C≥F) α ≥ c→ C≥[α �→ c] 1T) α < c→ C<[α �→ c] 2

C>F) α ≥ c→ C>[α �→ ⊥], C≥[α �→ c] 3T) α < c→ C<[α �→ c] 4

C≤F) α ≥ c→

if c = C≤(α)then C=[α �→ c]else C>[α �→ ⊥], C≥[α �→ c]

5

T) α < c→ C≤[α �→ ⊥], C<[α �→ c] 6

C<F) α ≥ c→ C>[α �→ ⊥], C≥[α �→ c] 7T) α < c→ C<[α �→ c] 8

• e.g. update context with and

Original Constraint: x < 3 Mapping used:

PC = {0 ≤ x ≤ 3}

C≤

Yields...

x ≥ 3

LDP’s Return Value

PC � = {x == 3}

Tuesday, September 15

Page 67: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Symbol/Constant Update Rules

α < c !C Update Rules #

C≥F) α ≥ c→ C≥[α �→ c] 1T) α < c→ C<[α �→ c] 2

C>F) α ≥ c→ C>[α �→ ⊥], C≥[α �→ c] 3T) α < c→ C<[α �→ c] 4

C≤F) α ≥ c→

if c = C≤(α)then C=[α �→ c]else C>[α �→ ⊥], C≥[α �→ c]

5

T) α < c→ C≤[α �→ ⊥], C<[α �→ c] 6

C<F) α ≥ c→ C>[α �→ ⊥], C≥[α �→ c] 7T) α < c→ C<[α �→ c] 8

• e.g. update context with and

Original Constraint: x < 3 Mapping used:

PC = {0 ≤ x ≤ 3}

C≤

Yields...

x ≥ 3

LDP’s Return Value

... LDP was able to infer x is a constant

PC � = {x == 3}

Tuesday, September 15

Page 68: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Other Techniques and Optimizations

• constant propagation

• when a symbol is known to be equal to a constant, concrete executions take place

• symbol representatives

• expression caching

• non-strict inequalities on integers

• customized union-find algorithms, etc.

Tuesday, September 15

Page 69: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Experimental Results

0

0.2

0.4

0.6

0.8

Without LDP With LDP

0.51

0.78

Array.partition

seco

nds

0

2.75

5.50

8.25

11.00

Without LDP With LDP

2.07

10.86

Sort.insertionSort

seco

nds

0

15

30

45

60

Without LDP With LDP

5.86

51.34

Sort.selectionSort

seco

nds

0

2,000

4,000

6,000

8,000

Without LDP With LDP428.20

7,008.26

DisjSets.Find

seco

nds

1.5x 5.2x

8.8x 16.4x~2 hours

~7 minutes

Tuesday, September 15

Page 70: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Experimental Results

0

30

60

90

120

Without LDP With LDP

85.24111.58

AvlTree.find

seco

nds

0

27.5

55.0

82.5

110.0

Without LDP With LDP

78.44102.84

AvlTree.put

seco

nds

0

55

110

165

220

Without LDP With LDP

170.39217.90

TreeMap.find

seco

nds

0

150

300

450

600

Without LDP With LDP

460.51570.27

TreeMap.put

seco

nds

1.3x 1.3x

1.3x 1.2x

Tuesday, September 15

Page 71: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Array Accesses void foo(int[] a) {

...for (int i = 0; i < a.length; i++) {

...

...}...

}

Tuesday, September 15

Page 72: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Array Accesses void foo(int[] a) {

// for (int i = 0; i < a.length; i++) {

...

...}...

}

PC = {α ≥ 0}

arrays must have positive length

Tuesday, September 15

Page 73: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Array Accesses void foo(int[] a) {

// for (int i = 0; i < a.length; i++) {

...

...}//

}

PC = {α ≥ 0}

exploring false branch during 1st iteration

PC = {α ≥ 0 && 0 ≥ α} ≡{ α == 0}

Tuesday, September 15

Page 74: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Array Accesses void foo(int[] a) {

// for (int i = 0; i < a.length; i++) {

//...

}...

}

PC = {α ≥ 0}

exploring true branch during 1st iteration

PC = {α ≥ 0, i == 0, 0 < α} ≡{ α ≥ 1, i == 0}

Tuesday, September 15

Page 75: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Array Accesses void foo(int[] a) {

// for (int i = 0; i < a.length; i++) {

//...

}//

}

PC = {α ≥ 0}

exploring false branch during 2nd iteration

PC = {α ≥ 1, 1 ≥ α} ≡{ α == 1}

PC = {α ≥ 0, i == 0, 0 < α} ≡{ α ≥ 1, i == 0}

Tuesday, September 15

Page 76: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Array Accesses void foo(int[] a) {

// for (int i = 0; i < a.length; i++) {

//...

}//

}

PC = {α ≥ 0}

PC = {α ≥ 1, 1 ≥ α} ≡{ α == 1}

PC = {α ≥ 0, i == 0, 0 < α} ≡{ α ≥ 1, i == 0}

Observation #1LDP infers the length of the array is always concrete once the loop exits

Tuesday, September 15

Page 77: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Array Accesses void foo(int[] a) {

// for (int i = 0; i < a.length; i++) {

//...

}//

}

PC = {α ≥ 0}

PC = {α ≥ 1, 1 ≥ α} ≡{ α == 1}

Observation #2if foo is an array sorting algorithm, LDP will cache the sorted elements

PC = {α ≥ 0, i == 0, 0 < α} ≡{ α ≥ 1, i == 0}

Tuesday, September 15

Page 78: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Classes of Behaviors Benefited by using LDP• array accesses

• iteration over array indices

• bound checking

• ...

• in general, scalar comparisons

• contract checking

• “redundancy” of code and specificationTuesday, September 15

Page 79: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Related Work• Many SymExe work uses some expression

caching and decision procedure by simple constraint pattern matching

• lack of systematic investigation on these simple optimizations and their impacts

• Interval Analysis

• LDP also reasons about disequalities

• Term rewriting

• Constant Propagation

• Cone of influence, etc.Tuesday, September 15

Page 80: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Conclusion

• LDP is a fast lightweight inference/caching semi-decision procedure for scalar constraints

• has been shown to provide significant performance increases for certain classes of programs

• yields negligible overhead on classes of programs it isn’t designed to benefit

Tuesday, September 15

Page 81: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Future Work• integration with Microsoft’s Z3 solver

• expand experiments

• extend LDP’s inference capability

• performing symbolic arithmetic operations

• addition of non-linear inference techniques (e.g. transitive closure of comparison operators)

• Mechanically proving LDP’s algorithmTuesday, September 15

Page 82: Sireum/Topi LDPpeople.cis.ksu.edu/~belt/reports/ldp-fse09-FINAL.pdf · 2009. 9. 15. · Sireum/Topi LDP A Lightweight Semi-decision Procedure for Optimizing Symbolic Execution-based

Questions ?

Tuesday, September 15


(TOPI 1.4) M

(TOPI 1.4) M

Label Distribution Protocol and Basic MPLS Configuration · LDP Session Protection (2) •MPLS LDP Session Protection uses LDP Targeted Hellos to protect LDP sessions. 22 R1 R2 R3

Label Distribution Protocol and Basic MPLS Configuration · LDP Session Protection (2) •MPLS LDP Session Protection uses LDP Targeted Hellos to protect LDP sessions. 22 R1 R2 R3

LDP Session3 Human_Behavior

LDP Session3 Human_Behavior

Ldp presentation -assessment

Ldp presentation -assessment

NEW Color Now Available! - DoseLogix · 2020. 10. 11. · NEW Color! Topi-CLICK Perl® in RoseQuartz Topi-CLICK Perl® Vaginal Dosing Kit with Snap-on Vaginal Applicator Topi-CLICK

NEW Color Now Available! - DoseLogix · 2020. 10. 11. · NEW Color! Topi-CLICK Perl® in RoseQuartz Topi-CLICK Perl® Vaginal Dosing Kit with Snap-on Vaginal Applicator Topi-CLICK

Magazine LDP

Magazine LDP

LDP Leadership Development Program. LEADERSHIP DEVELOPMENT PROGRAM (LDP)

LDP Leadership Development Program. LEADERSHIP DEVELOPMENT PROGRAM (LDP)

LDP varnish

LDP varnish

LDP Principle Configuration

LDP Principle Configuration

WEEKLY SESSION TOPI S

WEEKLY SESSION TOPI S

LDP & LDP-X - .GLOBALdppumps.global/assets/download/dppumps-ldp-ldp-x-end... · LDP, LDP-X pumps are used primarily for handling clean or slightly abrasive media. The liquid should

LDP & LDP-X - .GLOBALdppumps.global/assets/download/dppumps-ldp-ldp-x-end... · LDP, LDP-X pumps are used primarily for handling clean or slightly abrasive media. The liquid should

LDP Session1: Introduction

LDP Session1: Introduction

LDP Pereira

LDP Pereira

FI, LO Localization Topi... ERP 6

FI, LO Localization Topi... ERP 6

morph-LDP Demo

morph-LDP Demo

© Heikki Topi MSIS 2016 Progress Report ACM Education Council Denver, CO August 24-25, 2015 Heikki Topi, Bentley University.

© Heikki Topi MSIS 2016 Progress Report ACM Education Council Denver, CO August 24-25, 2015 Heikki Topi, Bentley University.

Ldp& Cdp

Ldp& Cdp

LDP Homes 05.04.11

LDP Homes 05.04.11

Le récit des topi pinnuti au pays des tutturreddos 2001.pdf · Le récit des topi pinnuti au pays des tutturreddos Voilà de nouveau les topi en Sardaigne. Pendant Programme du camp

Le récit des topi pinnuti au pays des tutturreddos 2001.pdf · Le récit des topi pinnuti au pays des tutturreddos Voilà de nouveau les topi en Sardaigne. Pendant Programme du camp

By LDP-CRC Udugampola. LDP.......................2.

By LDP-CRC Udugampola. LDP.......................2.