Asankhaya Sharma, profile picture
Uploaded byAsankhaya Sharma
PPTX, PDF848 views

Visualizing Symbolic Execution with Bokeh

This document discusses visualizing symbolic execution using Bokeh. Symbolic execution analyzes programs by executing them with symbolic inputs to build path conditions capturing execution paths. Path conditions can be explored to generate new test inputs. Bokeh can be used to visualize symbolic execution by plotting path conditions, inputs, and similarities between paths. This helps optimize symbolic execution by pruning similar paths. Demos show visualizing a program's symbolic execution using Pathgrind and Bokeh.

Downloaded 15 times
Visualizing Symbolic Execution with Bokeh Asankhaya Sharma SRC:CLR
Symbolic Execution (SE) • Analyzing a program to determine what inputs cause each part of a program to execute [Wikipedia] • The idea – Execute the program with an input – Build a symbolic formula during execution which captures the path taken by the input through the program 10 June 2015 PyData Singapore 2
Path Condition (PC) int max(int x, int y, int z){ int m = x; if(y>m && y>z) m = y; else if(z>m) m = z; return m; } max(1,3,2) = 3 Inputs: x0,y0,z0 PC: true PC: m0=x0 PC: m0=x0∧y0>m0∧y0>z0 ∧m1=y0 Output: m1 10 June 2015 PyData Singapore 3
10 June 2015 PyData Singapore 4 m = x m = y y>m && y>z z > m m = z return m true m=x …∧y>m∧y>z …∧¬(y>m∧y>z) …∧z>m …∧¬(z>m) …∧m=z …∧m=y Execution Tree
Path Exploration PC: m0=x0∧y0>m0∧y0>z0∧m1=y0 PC1: y0>x0∧y0>z0∧3=y0 Negate first constraint PC2: y0<=x0∧y0>z0∧3=y0 Check satisfiability using a constraint solver New Inputs: x0=3, y0=3, z0=2 Repeat SE with new inputs 10 June 2015 PyData Singapore 5
Why is SE useful? • Automated Fuzzing • Test Case Generation • Debugging Error Traces • Program Analysis • … 10 June 2015 PyData Singapore 6
Bottlenecks • Path Explosion – Loops and recursion – Unbounded number of paths in a program • Constraint Solving – int is easy but what about other data types floats, strings, bit vectors etc. – Handling data structures with pointers 10 June 2015 PyData Singapore 7
Exploiting Undefined Behaviors for Efficient Symbolic Execution [ICSE 14] 10 June 2015 PyData Singapore 8
Demo 1 • Symbolic execution with Pathgrind – fuzz/fuzz.py 10 June 2015 PyData Singapore 9
Bokeh • Bo(w)-Ke(ttle) 10 June 2015 PyData Singapore 10
10 June 2015 PyData Singapore 11
Demo 2 • Plotting with Bokeh – Line Plot – Scatter Plot – Bokeh Server 10 June 2015 PyData Singapore 12
Visualizing SE • Time Taken – Generate path conditions (path exploration) – Generate new inputs (by solving constraints) 10 June 2015 PyData Singapore 13
Demo 3 • Pathgrind + Bokeh = Visualize SE – fuzz/plotfuzz.py 10 June 2015 PyData Singapore 14
10 June 2015 PyData Singapore 15
All paths are not equal • Use Levenshtein distance to measure the similarity between the path conditions when represented as strings • Scatter plot of similarity using Bokeh 10 June 2015 PyData Singapore 16
10 June 2015 PyData Singapore 17
Optimization for SE • Prune paths that are >90% similar – As measured using Levenshtein edit distance 10 June 2015 PyData Singapore 18
10 June 2015 PyData Singapore 19
10 June 2015 PyData Singapore 20
Take Away • Symbolic Execution • Using Bokeh to Visualize SE • Identify Optimizations for SE • Future – Statically Sampling of Paths – Probabilistic Analysis 10 June 2015 PyData Singapore 21
We are hiring … Shape the future of software security at SourceClear. By joining our team, you can help define the way modern developers identify and fix vulnerabilities in their code. Check out https://jobs.lever.co/sourceclear 10 June 2015 PyData Singapore 22
Thank You! • Questions? • Contact – Twitter: @asankhaya • Links – Source Code: https://github.com/codelion/pathgrind – Slides: http://asankhaya.github.io/ppt/PyDataSing.pptx 10 June 2015 PyData Singapore 23

More Related Content

PDF
Data Structure Radix Sort
byBhavik Vashi
 
PDF
Linked List Implementation of Queue in C
byKasun Ranga Wijeweera
 
PPTX
Space complexity
byBhanusree Koduru
 
PPT
Information security Seminar #3
byAlexander Kolybelnikov
 
PPTX
Radix Sort
byTirth Dave
 
PDF
[Question Paper] Object Oriented Programming with C++ (Old Course) [April / 2...
byMumbai B.Sc.IT Study
 
PDF
[Question Paper] Advanced Java (Old Syllabus) [April / 2013]
byMumbai B.Sc.IT Study
 
PPTX
Lecture02
byRudy Martinez
 
Data Structure Radix Sort
byBhavik Vashi
 
Linked List Implementation of Queue in C
byKasun Ranga Wijeweera
 
Space complexity
byBhanusree Koduru
 
Information security Seminar #3
byAlexander Kolybelnikov
 
Radix Sort
byTirth Dave
 
[Question Paper] Object Oriented Programming with C++ (Old Course) [April / 2...
byMumbai B.Sc.IT Study
 
[Question Paper] Advanced Java (Old Syllabus) [April / 2013]
byMumbai B.Sc.IT Study
 
Lecture02
byRudy Martinez
 

Similar to Visualizing Symbolic Execution with Bokeh

PDF
Data Analysis and Visualization using Python
byChariza Pladin
 
PDF
Data Visualization in Python
byJagriti Goswami
 
PDF
Plotly dash and data visualisation in Python
byVolodymyr Kazantsev
 
PDF
Introduction to plotting in Python
bybzamecnik
 
PDF
Creative Interactive Browser Visualizations with Bokeh by Bryan Van de ven
byPyData
 
PDF
Run Bokeh in back-end, draw real-time charts to front-end, and make data sc...
byKo Ko
 
PDF
DAVLectuer3 Exploratory data analysis .pdf
byZaheerAbbas82578
 
PDF
PyData London Bokeh Tutorial - Bryan Van de Ven
byPyData
 
PPTX
Data-Visualization-with-Python-4 PPT.ppt
byChiragNahata2
 
PDF
Python bokeh cheat_sheet
byNishant Upadhyay
 
PDF
Anaconda and PyData Solutions
byTravis Oliphant
 
PDF
NSC #2 - D2 06 - Richard Johnson - SAGEly Advice
byNoSuchCon
 
PDF
Evaluating software vulnerabilities using fuzzing methods
byVictor Ionel
 
PPTX
20170927 py data_n3_bokeh_plotly
byAndrey Vykhodtsev
 
PDF
A Data Science Tutorial in Python
byAjay Ohri
 
PDF
PyLadies Seattle - Lessons in Interactive Visualizations
byAmanda Casari
 
PDF
Fast and Scalable Python
byTravis Oliphant
 
PPTX
Py con india 2016
byKaustuv Deolal
 
Data Analysis and Visualization using Python
byChariza Pladin
 
Data Visualization in Python
byJagriti Goswami
 
Plotly dash and data visualisation in Python
byVolodymyr Kazantsev
 
Introduction to plotting in Python
bybzamecnik
 
Creative Interactive Browser Visualizations with Bokeh by Bryan Van de ven
byPyData
 
Run Bokeh in back-end, draw real-time charts to front-end, and make data sc...
byKo Ko
 
DAVLectuer3 Exploratory data analysis .pdf
byZaheerAbbas82578
 
PyData London Bokeh Tutorial - Bryan Van de Ven
byPyData
 
Data-Visualization-with-Python-4 PPT.ppt
byChiragNahata2
 
Python bokeh cheat_sheet
byNishant Upadhyay
 
Anaconda and PyData Solutions
byTravis Oliphant
 
NSC #2 - D2 06 - Richard Johnson - SAGEly Advice
byNoSuchCon
 
Evaluating software vulnerabilities using fuzzing methods
byVictor Ionel
 
20170927 py data_n3_bokeh_plotly
byAndrey Vykhodtsev
 
A Data Science Tutorial in Python
byAjay Ohri
 
PyLadies Seattle - Lessons in Interactive Visualizations
byAmanda Casari
 
Fast and Scalable Python
byTravis Oliphant
 
Py con india 2016
byKaustuv Deolal
 

More from Asankhaya Sharma

PPTX
Developer-focused Software Security
byAsankhaya Sharma
 
PDF
Securing Open Source Code in Enterprise
byAsankhaya Sharma
 
PPT
Crafting a Successful Engineering Career
byAsankhaya Sharma
 
PPTX
Specifying compatible sharing in data structures
byAsankhaya Sharma
 
PPTX
Exploiting undefined behaviors for efficient symbolic execution
byAsankhaya Sharma
 
PPTX
Certified Reasoning for Automated Verification
byAsankhaya Sharma
 
PPTX
Verified Subtyping with Traits and Mixins
byAsankhaya Sharma
 
PDF
Design and Implementation of the Security Graph Language
byAsankhaya Sharma
 
PPTX
Secure Software Development
byAsankhaya Sharma
 
PPT
DIDAR: Database Intrusion Detection with Automated Recovery
byAsankhaya Sharma
 
PDF
9 types of people you find on your team
byAsankhaya Sharma
 
PPT
SayCheese Ad
byAsankhaya Sharma
 
PDF
Last Days of Academy
byAsankhaya Sharma
 
Developer-focused Software Security
byAsankhaya Sharma
 
Securing Open Source Code in Enterprise
byAsankhaya Sharma
 
Crafting a Successful Engineering Career
byAsankhaya Sharma
 
Specifying compatible sharing in data structures
byAsankhaya Sharma
 
Exploiting undefined behaviors for efficient symbolic execution
byAsankhaya Sharma
 
Certified Reasoning for Automated Verification
byAsankhaya Sharma
 
Verified Subtyping with Traits and Mixins
byAsankhaya Sharma
 
Design and Implementation of the Security Graph Language
byAsankhaya Sharma
 
Secure Software Development
byAsankhaya Sharma
 
DIDAR: Database Intrusion Detection with Automated Recovery
byAsankhaya Sharma
 
9 types of people you find on your team
byAsankhaya Sharma
 
SayCheese Ad
byAsankhaya Sharma
 
Last Days of Academy
byAsankhaya Sharma
 

Recently uploaded

PDF
MathML Core in WebKit
byIgalia
 
PPTX
Building Smarter Integrations with MuleSoft_ MCP Server and Cursor in Action ...
byKunal Gupta
 
PPTX
OutSystems ONE 2025-recap presentation.pptx
bymostafaothman27
 
PDF
What's New in PostgreSQL 18 | Mydbops MyWebinar 47
byMydbops
 
PDF
The Future-Ready PMO: Unlocking Project Success with Copilot and AI Innovatio...
byWellingtone
 
PDF
How Tridens DevSecOps Ensures Compliance, Security, and Agility
byTridens
 
PPTX
Assignment Review and Accessibility Audit Findings.pptx
byJulia Undeutsch
 
PDF
GDG Boise - Innovating with Google Cloud Artificial Intelligence
byJoey Brown
 
PDF
WebXR in Android and Linux with OpenXR
byIgalia
 
PDF
FME Realize in the Real World - The Power of Spatial Computing in Action
bySafe Software
 
PDF
Unleash AI power with the Dell Pro 14 Plus - Interactive PDF
byPrincipled Technologies
 
PDF
Q8 DIGITAL IDENTITY HUB - WSO2 Oxygenate Italy 2025
byProfesia Srl, Lynx Group
 
PPTX
UiPath Data Fabric From Data Silos to Unified Flows.pptx
bysuhanisingh58689
 
PDF
UiPath Community Day UNI - Nuevos productos de UiPath.pdf
byfelixluen
 
PDF
A Complete Beginner's Guide to Internet of Things 2025.pdf
bySecuodsoft
 
PDF
The Smol Training Playbook: The Secrets to Building World-Class LLMs
byRazin Mustafiz
 
PDF
How Generative AI Helps US Healthcare Startups Save 40.pdf
byimoliviabennett
 
PDF
Yelp Data Scraping for Local Services Market Insights
bycreativeclicks1733
 
PDF
Embedding sustainability: Tips for ebook and print production - Tech Forum 2025
byBookNet Canada
 
PPTX
DJI Avata 2 Fly More Combo: Experience Immersive FPV Flight
byDronevex
 
MathML Core in WebKit
byIgalia
 
Building Smarter Integrations with MuleSoft_ MCP Server and Cursor in Action ...
byKunal Gupta
 
OutSystems ONE 2025-recap presentation.pptx
bymostafaothman27
 
What's New in PostgreSQL 18 | Mydbops MyWebinar 47
byMydbops
 
The Future-Ready PMO: Unlocking Project Success with Copilot and AI Innovatio...
byWellingtone
 
How Tridens DevSecOps Ensures Compliance, Security, and Agility
byTridens
 
Assignment Review and Accessibility Audit Findings.pptx
byJulia Undeutsch
 
GDG Boise - Innovating with Google Cloud Artificial Intelligence
byJoey Brown
 
WebXR in Android and Linux with OpenXR
byIgalia
 
FME Realize in the Real World - The Power of Spatial Computing in Action
bySafe Software
 
Unleash AI power with the Dell Pro 14 Plus - Interactive PDF
byPrincipled Technologies
 
Q8 DIGITAL IDENTITY HUB - WSO2 Oxygenate Italy 2025
byProfesia Srl, Lynx Group
 
UiPath Data Fabric From Data Silos to Unified Flows.pptx
bysuhanisingh58689
 
UiPath Community Day UNI - Nuevos productos de UiPath.pdf
byfelixluen
 
A Complete Beginner's Guide to Internet of Things 2025.pdf
bySecuodsoft
 
The Smol Training Playbook: The Secrets to Building World-Class LLMs
byRazin Mustafiz
 
How Generative AI Helps US Healthcare Startups Save 40.pdf
byimoliviabennett
 
Yelp Data Scraping for Local Services Market Insights
bycreativeclicks1733
 
Embedding sustainability: Tips for ebook and print production - Tech Forum 2025
byBookNet Canada
 
DJI Avata 2 Fly More Combo: Experience Immersive FPV Flight
byDronevex
 

Visualizing Symbolic Execution with Bokeh

  • 1.
    Visualizing Symbolic Execution withBokeh Asankhaya Sharma SRC:CLR
  • 2.
    Symbolic Execution (SE) •Analyzing a program to determine what inputs cause each part of a program to execute [Wikipedia] • The idea – Execute the program with an input – Build a symbolic formula during execution which captures the path taken by the input through the program 10 June 2015 PyData Singapore 2
  • 3.
    Path Condition (PC) intmax(int x, int y, int z){ int m = x; if(y>m && y>z) m = y; else if(z>m) m = z; return m; } max(1,3,2) = 3 Inputs: x0,y0,z0 PC: true PC: m0=x0 PC: m0=x0∧y0>m0∧y0>z0 ∧m1=y0 Output: m1 10 June 2015 PyData Singapore 3
  • 4.
    10 June 2015PyData Singapore 4 m = x m = y y>m && y>z z > m m = z return m true m=x …∧y>m∧y>z …∧¬(y>m∧y>z) …∧z>m …∧¬(z>m) …∧m=z …∧m=y Execution Tree
  • 5.
    Path Exploration PC: m0=x0∧y0>m0∧y0>z0∧m1=y0 PC1:y0>x0∧y0>z0∧3=y0 Negate first constraint PC2: y0<=x0∧y0>z0∧3=y0 Check satisfiability using a constraint solver New Inputs: x0=3, y0=3, z0=2 Repeat SE with new inputs 10 June 2015 PyData Singapore 5
  • 6.
    Why is SEuseful? • Automated Fuzzing • Test Case Generation • Debugging Error Traces • Program Analysis • … 10 June 2015 PyData Singapore 6
  • 7.
    Bottlenecks • Path Explosion –Loops and recursion – Unbounded number of paths in a program • Constraint Solving – int is easy but what about other data types floats, strings, bit vectors etc. – Handling data structures with pointers 10 June 2015 PyData Singapore 7
  • 8.
    Exploiting Undefined Behaviorsfor Efficient Symbolic Execution [ICSE 14] 10 June 2015 PyData Singapore 8
  • 9.
    Demo 1 • Symbolicexecution with Pathgrind – fuzz/fuzz.py 10 June 2015 PyData Singapore 9
  • 10.
    Bokeh • Bo(w)-Ke(ttle) 10 June2015 PyData Singapore 10
  • 11.
    10 June 2015PyData Singapore 11
  • 12.
    Demo 2 • Plottingwith Bokeh – Line Plot – Scatter Plot – Bokeh Server 10 June 2015 PyData Singapore 12
  • 13.
    Visualizing SE • TimeTaken – Generate path conditions (path exploration) – Generate new inputs (by solving constraints) 10 June 2015 PyData Singapore 13
  • 14.
    Demo 3 • Pathgrind+ Bokeh = Visualize SE – fuzz/plotfuzz.py 10 June 2015 PyData Singapore 14
  • 15.
    10 June 2015PyData Singapore 15
  • 16.
    All paths arenot equal • Use Levenshtein distance to measure the similarity between the path conditions when represented as strings • Scatter plot of similarity using Bokeh 10 June 2015 PyData Singapore 16
  • 17.
    10 June 2015PyData Singapore 17
  • 18.
    Optimization for SE •Prune paths that are >90% similar – As measured using Levenshtein edit distance 10 June 2015 PyData Singapore 18
  • 19.
    10 June 2015PyData Singapore 19
  • 20.
    10 June 2015PyData Singapore 20
  • 21.
    Take Away • SymbolicExecution • Using Bokeh to Visualize SE • Identify Optimizations for SE • Future – Statically Sampling of Paths – Probabilistic Analysis 10 June 2015 PyData Singapore 21
  • 22.
    We are hiring… Shape the future of software security at SourceClear. By joining our team, you can help define the way modern developers identify and fix vulnerabilities in their code. Check out https://jobs.lever.co/sourceclear 10 June 2015 PyData Singapore 22
  • 23.
    Thank You! • Questions? •Contact – Twitter: @asankhaya • Links – Source Code: https://github.com/codelion/pathgrind – Slides: http://asankhaya.github.io/ppt/PyDataSing.pptx 10 June 2015 PyData Singapore 23