Quantitative program analysis is an emerging area with applications to software reliability, quantitative information flow, side-channel detection and attack synthesis. Recently, quantitative program analysis techniques based on symbolic execution and model counting constraint solvers has been applied to quantifying information leakage due to side-channels. In this talk, I will discuss the application of quantitative program analysis techniques to automated synthesis of adaptive side-channel attacks that recover secret values. Attack synthesis techniques iteratively generate inputs which, when fed to code that accesses the secret, reveal partial information about the secret based on the side-channel observations, reducing the remaining uncertainty about the secret in each attack step. I will discuss how symbolic execution can be used to extract path constraints, automata-based model counting can be used to estimate probabilities of execution paths, and meta-heuristics can be used to maximize information gain based on entropy in order to minimize the number of synthesized attack steps.
In the second part of the talk, I will focus on automated program repair techniques. Despite significant advances in automatic program repair (APR) techniques over the past decade, practical deployment remains an elusive goal. One of the important challenges in this regard is the general inability of current APR techniques to produce patches that require edits in multiple locations, i.e., multi-hunk patches. I will discuss recently proposed APR techniques that generalize single-hunk repair techniques to include an important class of multi-hunk bugs, namely bugs that may require applying a substantially similar patch at a number of locations.