extending dynamic constraint detection with disjunctive
play

Extending Dynamic Constraint Detection with Disjunctive Constraints - PowerPoint PPT Presentation

Sep 05, 2022 •212 likes •500 views

Extending Dynamic Constraint Detection with Disjunctive Constraints Nadya Kuzmina John Paul Ruben Gamboa James Caldwell University of Wyoming Dynamic Constraint Detection Fixed grammar of universal properties. Serves well for the

  1. Extending Dynamic Constraint Detection with Disjunctive Constraints Nadya Kuzmina John Paul Ruben Gamboa James Caldwell University of Wyoming

  2. Dynamic Constraint Detection � Fixed grammar of universal properties. � Serves well for the discovery of a well-defined set of problem-specific, but program- independent properties. � Does not allow to capture the logic of a particular program. � Goal: enable constraint detection to capture the subtle essential properties of a program under analysis.

  3. State Space Partitioning Technique (SSPT) � Combines static and dynamic program analysis. � Automatically specializes the language of constraint detection. � Adds program-specific disjunctive properties.

  4. Introduction: State Space Partitions State space: − ≤ < 31 31 { x , y 2 x , y 2 } Three disjoint subspaces, or abstract states : P , P , P 1 2 3

  5. Types of Disjunctive Constraints � Object Invariant ¬ ∨ � Properties a and b are mutually exclusive: ¬ a b � Use cases for a method m s ∨ � Method m was called when abstract states s or w hold: w � Transitions between abstract states induced by a method p ⇒ m , q � p is an abstract state on variables at precondition of m � q is a disjunction of abstract states on variables at postcondition of m p ⇒ � Daikon-inferred implications for a method m , t � p is an abstract state on variables at precondition of m � t is an instantiated template

  6. The Calculator Example

  7. State Spaces for the Calculator Example Π ≡ { P , P } 1 1 2 ≡ P newNumber 1 ≡ ¬ P newNumber 2 Π ≡ { Q , Q , Q } 2 1 2 3 ≡ Q adding 1 ≡ ¬ ∧ Q adding subtractin g 2 ≡ ¬ ∧ ¬ Q adding subtractin g 3

  8. Constraints for Calculator Π ≡ { Q , Q , Q } Π ≡ { P , P } 2 1 2 3 1 1 2 ≡ Q adding ≡ P newNumber 1 1 ≡ ¬ ∧ Q adding subtractin g ≡ ¬ 2 P newNumber 2 ≡ ¬ ∧ ¬ Q adding subtractin g 3

  9. SSPT:Overview � Form disjoint partitions of the state spaces of the program variables involved in expressing the i f - t hen- el se tests. Π ≡ i f ( addi ng) { Q , Q , Q } 2 1 2 3 ≡ Q adding … 1 ≡ ¬ ∧ Q adding subtractin g el se i f ( subt r act i ng) 2 ≡ ¬ ∧ ¬ Q adding subtractin g 3 …

  10. SSPT: Hypothesized Constraints Π = Let { P , P , ..., P } 1 2 n � Preconditions: ∨ ∨ ∨ P P ... P 1 2 n ⇒ ∨ ∈ � Postconditions: P P P , i , j , k [ 1 .. n ] i j k � Object invariants: check whether the tests of the corresponding i f - t hen- el se statement are mutually exclusive. � For the Calculator example ∧ ¬ ∨ i f ( addi ng) ( adding subtractin g ) … ¬ ∧ ∨ ( adding subtractin g ) el se i f ( subt r act i ng) ¬ ∧ ¬ ( adding subtractin g ) …

  11. SSPT: Constraint Approximation Algorithm Π = � Let { P , P , P } 1 2 3 ∈ � Notation: for i [ 1 .. 3 ] pre P - abstract state over variable values at precondition P i i post P P - abstract state over variable values at postcondition i i

  12. SSPT: Constraint Approximation Algorithm

  13. SSPT: Constraint Approximation Algorithm Intuition behind the algorithm: Let i = 1 and after step 2, let S = {1, 3}. ⇒ ¬ ⇒ ¬ Then, are consistent with pre post pre post P P and P P 1 1 1 3 the observed data. is true by construction. ∨ ∨ post post post P P P 1 2 3 ⇒ The transition follows by propositional pre post P P 1 2 logic.

  14. ContExt: Implementation � Lightweight static analysis of Java source code for abstract state extraction. � Dynamic analysis tasks are delegated to Daikon. � ContExt combines the constraints inferred by our approach with those inferred by Daikon in its output.

  15. Transitional Constraint Inference � A splitting condition (splitter) is a boolean expression in terms of some program variables. � Let T be a program point which has all the variables involved in a splitter a . � a partitions the data trace into two mutually exclusive subsets: : contains the data values that satisfy a � T a : contains the data values on which a does not � T ¬ a Π hold. pre P i � Each abstract state from a space is used as a splitter on the data trace at postcondition program points of the enclosing class. pre post P P i j � Convenient checks when and both hold.

  16. Limitations � Our approach is primarily a dynamic analysis. � The reported constraints are unsound. � Potentially stronger constraints are reported. � Increase in the number of accidental constraints reported and loss of precision. � Given the same test suite, our approach may not infer some unconditional constraints that Daikon would. � Requires the presence of source code. � The technique has been applied to only one class at a time.

  17. Evaluation Challenge � Quantitative measurement of the quality of inferred constraints is challenging. � Propose a methodology for a quantitative evaluation of constraint inference techniques based on a modeling language Alloy. � Concentrate on recall. � Apply it to comparatively evaluate Daikon and ContExt on two examples.

  18. Evaluation Methodology

  19. Case Study 1: Puzzle � The Puzzle class represents an environment with an agent.

  20. Puzzle Specification

  21. Puzzle Evaluation

  22. Case Study 2: Employee Example

  23. Related Work � Csallner et al. employ a dynamic symbolic execution technique to obtain program-specific constraints. � performs symbolic execution over an existing test suite. � Engler et al. and Yang et al. focus on recovering a relatively small number of error-revealing properties. � Dallmaier et al. use a combination of static and dynamic analysis to construct state machines that represent an object’s behavior in terms of its inspector and mutator methods. � Arumuga Nainar et al. are interested in finding relevant boolean formulae. � The formulae partition the program state space into only two subspaces, one in which a bug is exibited, and the other one in which it is not.

  24. Conclusions � State Space Partitioning Technique combines lightweight static and dynamic analysis to provide for the inference of program-specific disjunctive properties. � Proposed an evaluation methodology for the quality of inferred constraints based on the Alloy modeling language.

  25. Comparative Complexity � Generalized disjunctive template: k , where k is the number of hypothesized � 2 non-disjunctive constraints.

  26. Comparative Complexity P Number of program points in the target program. C Number of hypothesized constraints at a program point. L Number of data samples observed. � Daikon (approximated with those of the simple incremental algorithm) : � Space complexity: S = O(P * C) � Time complexity: T = O (P * C * L)

  27. Comparative Complexity P Number of program points in the target program. C Number of hypothesized constraints at a program point. L Number of data samples observed. m Number of class-scoped partitions. n The maximum number of states per class-scoped partition. � ContExt: ′ ′ = = + � P m * n * P , C m * n C ′ ′ = = + � Space complexity: S O( P * C ) O ( mnP * ( mn C )) ′ ′ = = + � Time complexity: T O ( P * C * L ) O ( mnP * ( mn C ) * L )

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

New verifiable sufficient conditions for metric subregularity of constraint systems with

New verifiable sufficient conditions for metric subregularity of constraint systems with

New verifiable sufficient conditions for metric subregularity of constraint systems with application to disjunctive programs Michal Cervinka , Based on the joint work with Mat Benko and Tim Hoheisel Institute of

558 views • 21 slides
Extending a Compiler Backend for Complete Memory Error Detection Norman A. Rink and Jeronimo

Extending a Compiler Backend for Complete Memory Error Detection Norman A. Rink and Jeronimo

Extending a Compiler Backend for Complete Memory Error Detection Norman A. Rink and Jeronimo Castrillon Technische Universitt Dresden Automotive Safety &amp; Security 2017 30 May 2017 Stuttgart Outline 1. Motivation 2. Error detection,

573 views • 23 slides
Open, extensible dynamic programming systems or just how deep is the dynamic rabbit hole?

Open, extensible dynamic programming systems or just how deep is the dynamic rabbit hole?

DLS, Portland, 2006 10 23 Open, extensible dynamic programming systems or just how deep is the dynamic rabbit hole? Ian Piumarta Viewpoints Research Institute ian@squeakland.org dynamic dynamic? data? extending objects

719 views • 42 slides
Dominance Detection Methods for Lookahead Constraint Solvers I. Razgon and A. Meisels -1-

Dominance Detection Methods for Lookahead Constraint Solvers I. Razgon and A. Meisels -1-

Dominance Detection Methods for Lookahead Constraint Solvers I. Razgon and A. Meisels -1- Contents 1. Problem Presentation 2. Algorithms 3. Preliminary results and further investigation 4. Related work 5. Conclusion -2- Future

257 views • 12 slides
Extending TVM with Dynamic Execution Jared Roesch and Haichen Shen Outline Motivation for

Extending TVM with Dynamic Execution Jared Roesch and Haichen Shen Outline Motivation for

Extending TVM with Dynamic Execution Jared Roesch and Haichen Shen Outline Motivation for Dynamism Representing Dynamism Executing Dynamism Evaluation Dynamic Neural Networks Networks are exhibiting more and more

1.08k views • 50 slides
Symmetry Detection and Exploitation in Constraint Programming Chris Mears June, 2008 Chris

Symmetry Detection and Exploitation in Constraint Programming Chris Mears June, 2008 Chris

Introduction Automatic Symmetry Detection Symmetry Exploitation Conclusion Symmetry Detection and Exploitation in Constraint Programming Chris Mears June, 2008 Chris Mears Symmetry Detection and Exploitation in Constraint Programming

973 views • 56 slides
Justifications in Constraint Handling Paper: Thom Frhwirth Rules for Logical Retraction in

Justifications in Constraint Handling Paper: Thom Frhwirth Rules for Logical Retraction in

Justifications in Constraint Handling Paper: Thom Frhwirth Rules for Logical Retraction in Dynamic Presentation: Daniel Gall October 10, 2017 Algorithms Page 2 Justifications in Constraint Handling Rules for Logical Retraction in Dynamic

1.09k views • 41 slides
Detection of Gauss Markov Random Fields under Routing Energy Constraint A. Anandkumar 1 L. Tong 1

Detection of Gauss Markov Random Fields under Routing Energy Constraint A. Anandkumar 1 L. Tong 1

Detection of Gauss Markov Random Fields under Routing Energy Constraint A. Anandkumar 1 L. Tong 1 A. Swami 2 1 School of Electrical and Computer Engineering Cornell University, Ithaca, NY 14853 2 Army Research Laboratory, Adelphi MD 20783

860 views • 58 slides
Recent Developments in Disjunctive Programming Egon Balas Carnegie Mellon University Recent

Recent Developments in Disjunctive Programming Egon Balas Carnegie Mellon University Recent

Recent Developments in Disjunctive Programming Egon Balas Carnegie Mellon University Recent Developments in Disjunctive Programming 01.09.17 1 / 56 Recent Developments in Disjunctive Programming 1. Background and basic results 2.

886 views • 56 slides
Extending ns Extending ns In OTcl In C++ Debugging Padma Haldar USC/ISI 1 2 ns

Extending ns Extending ns In OTcl In C++ Debugging Padma Haldar USC/ISI 1 2 ns

Outline Extending ns Extending ns In OTcl In C++ Debugging Padma Haldar USC/ISI 1 2 ns Directory Structure Extending ns in OTcl ns-allinone If you dont want to compile source your changes in your sim Tcl8.3 TK8.3

303 views • 9 slides
Copying Subgraphs MDE Extending GT within Model Repositories Case Study Example Models

Copying Subgraphs MDE Extending GT within Model Repositories Case Study Example Models

Introduction Context Copying Subgraphs MDE Extending GT within Model Repositories Case Study Example Models Consistency Constraint Plain SDM Trfo Pieter van Gorp, Story Diagrams Control Flow Hans Schippers, Primitives for Model Dirk

712 views • 37 slides
Generating Model Transformations for Mending Dynamic Constraint Violations in Cyber Physical

Generating Model Transformations for Mending Dynamic Constraint Violations in Cyber Physical

Arizona s First University. Generating Model Transformations for Mending Dynamic Constraint Violations in Cyber Physical Systems Sean Whitsitt and Jonathan Sprinkle Introduction: Cyber Physical Systems Electrical and Computer Engineering

599 views • 23 slides
Android 292 Jrme Pilliet Universit Paris-Est Marne-la-Valle Forewords Dynamic languages

Android 292 Jrme Pilliet Universit Paris-Est Marne-la-Valle Forewords Dynamic languages

Android 292 Jrme Pilliet Universit Paris-Est Marne-la-Valle Forewords Dynamic languages Semantic determined at runtime Smartphone / Tablet Constraint memory Constraint computing power Android and Dalvik OS most used Java

468 views • 28 slides
WEM Reform: Constraint Development Responsibilities PSO-WG Meeting 3 February 2019 1

WEM Reform: Constraint Development Responsibilities PSO-WG Meeting 3 February 2019 1

WEM Reform: Constraint Development Responsibilities PSO-WG Meeting 3 February 2019 1 Constraint technical framework Constraint Limit advice equations 2. Constraint formulation 1. Power system 3. Constraint model library 4. Dispatch

523 views • 12 slides
Inter-procedural Control Flow Analysis Using Constraint-based Approach cs6463 1 The Dynamic

Inter-procedural Control Flow Analysis Using Constraint-based Approach cs6463 1 The Dynamic

Inter-procedural Control Flow Analysis Using Constraint-based Approach cs6463 1 The Dynamic Dispatch Problem Which function is called by p(x)? int myFunc ( int (*p)(int), ) { return p(x); } P is a function pointer. What

364 views • 20 slides
Overlapping Communities in Dynamic Networks: Their Detection and Mobile Applications Nam P .

Overlapping Communities in Dynamic Networks: Their Detection and Mobile Applications Nam P .

Overlapping Communities in Dynamic Networks: Their Detection and Mobile Applications Nam P . Nguyen, Thang N. Dinh, Sindhura Tokala, My T. Thai Department of Computer and Information Science and Engineering, University of Florida, USA

1.46k views • 87 slides
An Empirical Comparison of Automated Generation and Classification Techniques for

An Empirical Comparison of Automated Generation and Classification Techniques for

An Empirical Comparison of Automated Generation and Classification Techniques for Object-Oriented Unit Testing Marcelo dAmorim (UIUC) Carlos Pacheco (MIT) Tao Xie (NCSU) Darko Marinov (UIUC) Michael D. Ernst (MIT) Automated Software

513 views • 33 slides
Automatic Generation of Program Specifications Jeremy Nimmer MIT Lab for Computer Science

Automatic Generation of Program Specifications Jeremy Nimmer MIT Lab for Computer Science

Automatic Generation of Program Specifications Jeremy Nimmer MIT Lab for Computer Science http://pag.lcs.mit.edu/ Joint work with Michael Ernst Jeremy Nimmer, page 1 Synopsis Specifications are useful for many tasks Use of specifications

485 views • 29 slides
DySy Dynamic Symbolic Execution for Invariant Inference April 28th 2009 Lukas Schwab

DySy Dynamic Symbolic Execution for Invariant Inference April 28th 2009 Lukas Schwab

Seminar in Software Engineering DySy Dynamic Symbolic Execution for Invariant Inference April 28th 2009 Lukas Schwab lschwab@student.ethz.ch The authors Christoph Csallner - College of Computing, Georgia Tech Nikolai Tillmann -

750 views • 25 slides
DySy: Dynamic Symbolic Execution for Invariant Inference C. Csallner N. Tillmann Y.

DySy: Dynamic Symbolic Execution for Invariant Inference C. Csallner N. Tillmann Y.

DySy: Dynamic Symbolic Execution for Invariant Inference C. Csallner N. Tillmann Y. Smaragdakis Marc Egg Invariant Inference Object top() { if(Empty) return null; return theArray[topOfStack]; } Invariant Inference Tool

465 views • 20 slides
Method Specifications using primitive data x = 6 x {2, 5, 30} x &lt; y y = 5x + 10 z =

Method Specifications using primitive data x = 6 x {2, 5, 30} x &lt; y y = 5x + 10 z =

Detecting Anomalies Andreas Zeller 1 Whats abnormal? Suppose we determine common properties of all passing runs. Now we examine a run which fails the test. Any difference in properties correlates with failure and is likely to

460 views • 14 slides
An integrated approach to P systems formal verification Marian Gheorghe 1,2 , Florentin Ipate 2 ,

An integrated approach to P systems formal verification Marian Gheorghe 1,2 , Florentin Ipate 2 ,

An integrated approach to P systems formal verification Marian Gheorghe 1,2 , Florentin Ipate 2 , Raluca Lefticaru 2 , Ciprian Dragomir 1 1 University of Sheffield 2 University of Pitesti Summary Integrated formal verification approach

497 views • 16 slides
Specific Assertions on Internal States Yingfei Xiong, Dan Hao, Lu Zhang, Tao Zhu, Muyao Zhu,

Specific Assertions on Internal States Yingfei Xiong, Dan Hao, Lu Zhang, Tao Zhu, Muyao Zhu,

PEKING UNIVERSITY Inner Oracles: Input- Specific Assertions on Internal States Yingfei Xiong, Dan Hao, Lu Zhang, Tao Zhu, Muyao Zhu, Tian Lan Peking University, China 2015 PEKING How a Test Detects a Bug UNIVERSITY Test Input Trigger a

381 views • 16 slides
Substra: a Framework for Automatic Generation of Integration Tests Hai Yuan Tao Xie Department of

Substra: a Framework for Automatic Generation of Integration Tests Hai Yuan Tao Xie Department of

Computer Science Substra: a Framework for Automatic Generation of Integration Tests Hai Yuan Tao Xie Department of Computer Science North Carolina State University, USA http://ase.csc.ncsu.edu/ 1 Motivation Software components

406 views • 22 slides

More recommend