assertion driven analyses
play

assertion-driven analyses from compile-time checking to runtime - PowerPoint PPT Presentation

Dec 17, 2022 •371 likes •648 views

assertion-driven analyses from compile-time checking to runtime error recovery sarfraz khurshid the university of texas at austin state of the art in software testing and analysis day, 2008 rutgers university overview programmers have long

  1. assertion-driven analyses from compile-time checking to runtime error recovery sarfraz khurshid the university of texas at austin state of the art in software testing and analysis day, 2008 rutgers university

  2. overview programmers have long used assertions • runtime checks • documentation assertions are lightweight specifications • written using the underlying programming language we envision a much broader use of assertions • developers assert designs • static analyses check conformance to designs • systematic approaches test executable code • runtime checks monitor for erroneous executions • error recovery repairs as desired assertion-driven analyses 2

  3. assertion-based repair [elkarablieh et al ASE’07] an assertion violation indicates a corrupt program state traditional approach to handle an assertion violation: 1. terminate the program 2. debug it (if possible) and re-execute it at times however, terminate/debug/re-boot may not be feasible, e.g., when persistent data is corrupted our approach to handle a violation: 1. repair the state of the program 2. let it continue to execute repair tries to bring the system/data in an acceptable state (possibly without re-booting) to continue execution assertion-driven analyses 3

  4. examples of structurally complex data root 1 accessibility city service camera public 0 3 washington building data-type resolution 2 picture 640 x 480 whitehouse wing west room oval-office assertion-driven analyses 4

  5. structural integrity constraints violation of integrity constraints is a likely form of corruption assertions readily express complex constraints • e.g., a graph traversal that checks for acyclicity in OO programs, repOk predicates express class invariants • good programming practice advocates writing repOk’s enable automated checking, e.g., via test generation can be synthesized, even for complex structures [TACAS’07] assertion-driven analyses 5

  6. repair examples corrupt repaired binary search tree binary search tree 1 4 2 3 2 5 6 5 4 1 3 6 doubly-linked circular list doubly-linked circular list assertion-driven analyses 6

  7. what does repair mean? given a structure s and a repOk where !s.repOk() , generate s’ such that s’.repOk() and s’ is similar to s • similarity is a heuristic notion • worst-case repair may generate a structure quite different from the original one does not aim to generate a structure that a hypothetical correct program would have computed aims to generate a structure that is within an acceptable envelope of computation can be specified using a specification (cf. postconditions) • e.g., the repaired structure contains all data elements reachable from the root of the corrupt structure assertion-driven analyses 7

  8. overview of our repair algorithm uses the violated assertion as a basis of performing repair • executes repOk and monitors its execution to isolate a component that is necessarily corrupt systematically searches a neighborhood of the corrupt structure uses a hybrid form of symbolic execution • treats symbolically only a dynamic subset of all object fields---the remaining fields have concrete values performs efficient and effective repair assertion-driven analyses 8

  9. outline overview background: symbolic execution our approach discussion assertion-driven analyses 9

  10. forward symbolic execution technique for executing a program on symbolic input values • pioneered three decades ago [boyer+75, king76] explore program paths • for each path, build a path condition • check satisfiability of path condition various applications • test generation and program verification traditional use focused on programs with fixed number of integer variables recent generalizations handle more general java/C++ code [khurshid+03, pasareanu+04, visser+04, xie+04, csallner+05, godefroid+05, cadar+05, sen+05] assertion-driven analyses 10

  11. concrete execution path (example) int x, y; x = 1, y = 0 if (x > y) { 1 >? 0 x = x + y; x = 1 + 0 = 1 y = x – y; y = 1 – 0 = 1 x = x – y; x = 1 – 1 = 0 if (x – y > 0) 0 – 1 >? 0 assert(false); } assertion-driven analyses 11

  12. symbolic execution tree (example) x = X, y = Y int x, y; X >? Y if (x > y) { x = x + y; [ X <= Y ] END [ X > Y ] x = X + Y y = x – y; [ X > Y ] y = X + Y – Y = X x = x – y; [ X > Y ] x = X + Y – X = Y if (x – y > 0) [ X > Y ] Y - X >? 0 assert(false); [ X > Y, Y – X <= 0 ] END [ X > Y, Y – X > 0 ] END } assertion-driven analyses 12

  13. outline overview background: symbolic execution our approach discussion assertion-driven analyses 13

  14. algorithm: outline to repair structure s • execute s.repOk() and monitor the execution • note the order in which object fields in s are accessed • when execution evaluates to false, backtrack and modify the value of the last field accessed • modify the value to a new (symbolic) value that is not equal to the original one • re-execute repOk algorithm based on korat [ISSTA’02] and generalized symbolic execution [TACAS’03] assertion-driven analyses 14

  15. algorithm: field value update primitive field • assume field f originally has value v • assign f a symbolic value S • add to path condition the constraint S != v reference field • non-deterministically assign • null (if original value is non-null) • an object of a compatible type already encountered during the current execution (if the field was not originally pointing to this object) • a new object (if the field was not originally pointing to an object different from those previously encountered) assertion-driven analyses 15

  16. illustration: binary tree class BinaryTree { int size; Node root; static class Node { int info; Node left, right; } boolean repOk() { ... } void add(int e) { assert repOk(); ... } } assertion-driven analyses 16

  17. example execution boolean repOk() { T 0 size: 2 if (root == null) return size == 0; // empty tree root Set visited = new HashSet(); N 0 LinkedList workList = new LinkedList(); left visited.add(root); right workList.add(root); N 1 while (!workList.isEmpty()) { Node current = (Node)workList.removeFirst(); if (current.left != null) { if (!visited.add(current.left)) return false; // sharing workList.add(current.left); } if (current.right != null) { if (!visited.add(current.right)) return false; // sharing workList.add(current.right); field accesses: } } [ T 0 .root, N 0 .left, N 0 .right ] if (visited.size() != size) return false; // inconsistent size return true; } assertion-driven analyses 17

  18. repair action backtracking on [ T 0 .root, N 0 .left, N 0 .right ] T 0 size: 2 T 0 N 0 N 1 root root size left right left right N 0 N 0 2 N 1 N 1 null null left right N 1 produces next candidate structure T 0 size: 2 N 1 T 0 N 0 root left right root size left right N 0 null null N 0 2 N 1 null left • which satisfies repOk N 1 assertion-driven analyses 18

  19. implementation written in java has three main components • search • implements systematic backtracking • symbolic execution • implements library classes for hybrid symbolic execution • uses CVC-lite for constraint solving • program instrumentation • translates java bytecode using BCEL and javassist can handle complex structures assertion-driven analyses 19

  20. optimizations e ffi ciency • heuristics e ff ectiveness • preserve reachability of data values • abstraction functions to compare pre/post repair structures usefulness • abstract repair log assertion-driven analyses 20

  21. performance evaluated on a suite of text-book data structures • singly/doubly-linked lists, binary search trees, etc. for a small number of faults (<= 10), algorithm can repair structures with a few hundred nodes in less than 10 sec does not scale to large data structures • but we are working on several optimizations assertion-driven analyses 21

  22. outline overview background: symbolic execution our approach discussion assertion-driven analyses 22

  23. applicability: how hard is it to write assertions? any technique for repair has a cost, e.g., the cost of writing a repair routine correctly assertion-based repair has minimal cost • assertions are written in the programming language • assertion describes what ; repair routine describes how • properties are known at time of implementation but e ffi cient repair routines may not be • e.g., red-black tree invariants are well-known but there are no text-book algorithms to repair them • assertions may already be present in code • e.g., due to systematic testing or defensive programming assertion-driven analyses 23

  24. scalability: how e ffi cient can repair be? repair considers the problem of generating one (large) structure korat [ISSTA’02], TestEra [ASE’01] show feasibility of exhaustive generation of a large number of small structures results from analogous SAT problems indicate repair should be easier than exhaustive generation • finding one solution is easier than model counting [Wei+05] • moreover, w.h.p. we expect the repaired structure to lie in a close neighborhood of the corrupt structure • repair is therefore analogous to finding one solution to a SAT formula that is satisfiable w.h.p. • local search is expected to work well [Hoos99] assertion-driven analyses 24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

8. Assertion Based Design and 8.1 Assertion-based design Assertion Languages Assertions

8. Assertion Based Design and 8.1 Assertion-based design Assertion Languages Assertions

Fachgebiet Rechnersysteme Technische Universitt Verification Technology Darmstadt 8. Assertion-Based Design and Assertion Languages 1 8. Assertion-Based Design and Assertion Languages 3 Fachgebiet Rechnersysteme 8. Assertion Based Design

815 views • 13 slides
Institute for Defense Analyses 4850 Mark Center Drive Alexandria, Virginia 22311-1882

Institute for Defense Analyses 4850 Mark Center Drive Alexandria, Virginia 22311-1882

Institute for Defense Analyses 4850 Mark Center Drive Alexandria, Virginia 22311-1882 Federated Trust Policy Enforcement by Delegated SAML Assertion Pruning C. Chandersekaran William R Simpson Institute for Defense Analyses (IDA) The

148 views • 11 slides
8. Assertion Based Design and Assertion Languages Verification Technology Content 8.1

8. Assertion Based Design and Assertion Languages Verification Technology Content 8.1

8. Assertion-Based Design and Assertion Languages 1 Fachgebiet Rechnersysteme 8. Assertion Based Design and Assertion Languages Verification Technology Content 8.1 Assertion-Based Design 8.2 Introduction to ITL 8.3 Introduction to SVA

856 views • 51 slides
Assertion how to communicate well and improve relationships Sarah Patterson Therapist,

Assertion how to communicate well and improve relationships Sarah Patterson Therapist,

Assertion how to communicate well and improve relationships Sarah Patterson Therapist, Health &amp; Wellbeing Service From Newcastle. For the world. What is assertion? Assertiveness enables us to act in our own best interests, to stand up

368 views • 16 slides
From SDTM to displays, through ADaM &amp; Analyses Results Metadata, a flight on board METADATA

From SDTM to displays, through ADaM &amp; Analyses Results Metadata, a flight on board METADATA

From SDTM to displays, through ADaM &amp; Analyses Results Metadata, a flight on board METADATA Airlines Omar SEFIANI - Stphane BOUGET, Boehringer Ingelheim DH13, PhUSE Barcelona 2016, October, 12 th Outline Background Metadata Driven

683 views • 19 slides
Beyond assertion: setup and teardown UN IT TES TIN G F OR DATA S CIEN CE IN P YTH ON Dibya

Beyond assertion: setup and teardown UN IT TES TIN G F OR DATA S CIEN CE IN P YTH ON Dibya

Beyond assertion: setup and teardown UN IT TES TIN G F OR DATA S CIEN CE IN P YTH ON Dibya Chakravorty Test Automation Engineer The preprocessing function def preprocess(raw_data_file_path, 1,801 201,411 clean_data_file_path

1.21k views • 104 slides
Commitment and implicit assertion Dave Ripley University of Connecticut http://davewripley.rocks

Commitment and implicit assertion Dave Ripley University of Connecticut http://davewripley.rocks

1/ 36 Commitment and implicit assertion Dave Ripley University of Connecticut http://davewripley.rocks De La Salle University April 2015 davewripley@gmail.com Commitment and implicit assertion 2/ 36 From bounds to meaning Commitment

390 views • 36 slides
Chronic Treatment with Medication Assertion: May be unnecessary or even harmful for some

Chronic Treatment with Medication Assertion: May be unnecessary or even harmful for some

Chronic Treatment with Medication Assertion: May be unnecessary or even harmful for some Refutation: Medication Reduces risk of relapse for many but not all Spontaneous remission occurs No current reliable method to

201 views • 5 slides
An Assertion Language for Debugging SDN Applications Ryan Beckett with X. Kelvin Zou,

An Assertion Language for Debugging SDN Applications Ryan Beckett with X. Kelvin Zou,

An Assertion Language for Debugging SDN Applications Ryan Beckett with X. Kelvin Zou, Shuyuan Zhang, Sharad Malik, Jennifer Rexford, David Walker Princeton University 1 Data Plane Verification Controller Find

579 views • 37 slides
Lecture 8/9 : Separation Logic Overview Assertion Logic Semantic Model

Lecture 8/9 : Separation Logic Overview Assertion Logic Semantic Model

CS6202: Advanced Topics in Programming Languages and Systems Lecture 8/9 : Separation Logic Overview Assertion Logic Semantic Model Hoare-style Inference Rules Specification and Annotations Linked List and Segments

1.02k views • 76 slides
Baseline Analyses Using Baseline Analyses Using DBP (2006) &amp; AMP (2008) DBP (2006) &amp; AMP

Baseline Analyses Using Baseline Analyses Using DBP (2006) &amp; AMP (2008) DBP (2006) &amp; AMP

Baseline Analyses Using Baseline Analyses Using DBP (2006) &amp; AMP (2008) DBP (2006) &amp; AMP (2008) Program Data Program Data Steven Braithwait Christensen Associates Energy Consulting Conference Call May 26, 2009 Project Objectives

513 views • 16 slides
Unification in Assertion Checking Over Logical Lattices Ashish Tiwari Tiwari@csl.sri.com

Unification in Assertion Checking Over Logical Lattices Ashish Tiwari Tiwari@csl.sri.com

Unification in Assertion Checking Over Logical Lattices Ashish Tiwari Tiwari@csl.sri.com Computer Science Laboratory SRI International Menlo Park CA 94025 http://www.csl.sri.com/tiwari Joint work with Sumit Gulwani

536 views • 21 slides
SLIDES AGAINST HUMANITY 1 Slides Against Humanity Course/Program: The Basic Course, Public

SLIDES AGAINST HUMANITY 1 Slides Against Humanity Course/Program: The Basic Course, Public

SLIDES AGAINST HUMANITY 1 Slides Against Humanity Course/Program: The Basic Course, Public Speaking, Science Communication Abstract: Research shows that slides which use the assertion-evidence structure (a full-sentence assertion heading

326 views • 4 slides
Toll Schedule Analyses Board Meeting 11-17-16 Overview n Conducted Toll Schedule Analyses per

Toll Schedule Analyses Board Meeting 11-17-16 Overview n Conducted Toll Schedule Analyses per

Toll Schedule Analyses Board Meeting 11-17-16 Overview n Conducted Toll Schedule Analyses per Authority Direction n 2 Public Meetings Dates: w 10/25/16: Destin w 10/27/16: Niceville Presented the various toll discount options Received

431 views • 21 slides
ON THE SYNTAX AND SEMANTICS OF ASSERTION Questioning Speech Acts September 14, 2017 Peter

ON THE SYNTAX AND SEMANTICS OF ASSERTION Questioning Speech Acts September 14, 2017 Peter

Dept. of Linguistics Swarthmore College ON THE SYNTAX AND SEMANTICS OF ASSERTION Questioning Speech Acts September 14, 2017 Peter Klecha the problem with epistemics a performative model assertions biscuits conclusion References THIS

888 views • 65 slides
Analyses of Variance Block 2b Types of analyses 1 way ANOVA For more than 2 levels of a

Analyses of Variance Block 2b Types of analyses 1 way ANOVA For more than 2 levels of a

Analyses of Variance Block 2b Types of analyses 1 way ANOVA For more than 2 levels of a factor between subjects ANCOVA For continuous co-varying factor, between subjects ANOVA for factorial design Multiple factors

700 views • 35 slides
Mod p points on Shimura varieties Mark Kisin Harvard Review of Shimura varieties: Review of

Mod p points on Shimura varieties Mark Kisin Harvard Review of Shimura varieties: Review of

Mod p points on Shimura varieties Mark Kisin Harvard Review of Shimura varieties: Review of Shimura varieties: Let G be a connected reductive group over Q and X a conjugacy class of maps of algebraic groups over R h : S = Res C / R G m G R .

1.86k views • 105 slides
Quantum Structure of HEFT Joan Elias Mir HEFT 2015 - Higgs Effective Field Theory SISSA,

Quantum Structure of HEFT Joan Elias Mir HEFT 2015 - Higgs Effective Field Theory SISSA,

Quantum Structure of HEFT Joan Elias Mir HEFT 2015 - Higgs Effective Field Theory SISSA, Trieste Work in collaboration with J. R. Espinosa A. Pomarol based on arXiv: 1412.7151 For closely related works Alonso, Jenkins, Manohar 1409.0869

848 views • 45 slides
Geology &amp; Tectonics of Geology &amp; Tectonics of N. Pakistan, with Reference to N.

Geology &amp; Tectonics of Geology &amp; Tectonics of N. Pakistan, with Reference to N.

Geology &amp; Tectonics of Geology &amp; Tectonics of N. Pakistan, with Reference to N. Pakistan, with Reference to Kashmir Earthqauke Earthqauke 2005 2005 Kashmir M. Asif Khan M. Asif Khan National Centre of Excellence in Geology

737 views • 39 slides
Rapid photochemical Production of A Ozone at High Concentrations in a Rural Site During Winter

Rapid photochemical Production of A Ozone at High Concentrations in a Rural Site During Winter

Rapid photochemical Production of A Ozone at High Concentrations in a Rural Site During Winter Russ Schnell, Sam Oltmans, and Ryan Neely 1 , Maggie Endres 2 , John Molenar 3 and Allen White 1 1 NOAA, Earth System Research Laboratory, Boulder, CO

247 views • 12 slides
The Future of Mars Exploration Dr. Anita Sengupta Research Professor, University of Southern

The Future of Mars Exploration Dr. Anita Sengupta Research Professor, University of Southern

The Future of Mars Exploration Dr. Anita Sengupta Research Professor, University of Southern California How do we land on Mars? Why Are We so Interested In Mars? Parameter Mars Earth Distance (AU) 1.4 1 The Terrestrial Planets Look Very

492 views • 47 slides
MAY 7, 2019 Alan R. Hill Chairman 3 Richard Young President &amp; CEO Forward-Looking

MAY 7, 2019 Alan R. Hill Chairman 3 Richard Young President &amp; CEO Forward-Looking

MAY 7, 2019 Alan R. Hill Chairman 3 Richard Young President &amp; CEO Forward-Looking Statements All information included in this presentation, including any information as to Terangas future financial or operating performance and other

367 views • 23 slides
Meteorology Iain Darby NAPC/PH-NSIL IAEA International Atomic Energy Agency Good Weather

Meteorology Iain Darby NAPC/PH-NSIL IAEA International Atomic Energy Agency Good Weather

Meteorology Iain Darby NAPC/PH-NSIL IAEA International Atomic Energy Agency Good Weather Information Accurate weather forecasts play a vital role in all aviation activity It is required by law in many countries that aircraft operators

484 views • 12 slides
REVOLUTION REVOLUTION Oklahoma Wind Energy Wind Energy C Conference f Yarbrough Public

REVOLUTION REVOLUTION Oklahoma Wind Energy Wind Energy C Conference f Yarbrough Public

Yarbrough Public School Wind Presentation ~ Wednesday, December 3, 2008 y, , REVOLUTION REVOLUTION Oklahoma Wind Energy Wind Energy C Conference f Yarbrough Public School Wind Presentation ~ Wednesday, December 3, 2008 y, , In The

305 views • 27 slides

More recommend