inference of necessary field conditions with abstract
play

Inference of Necessary Field Conditions with Abstract Interpretation - PowerPoint PPT Presentation

May 01, 2023 •151 likes •356 views

Inference of Necessary Field Conditions with Abstract Interpretation Mehdi Bouaziz 1 , Francesco Logozzo 2 , Manuel F ahndrich 2 1 Ecole normale sup erieure, Paris, France 2 Microsoft Research, Redmond, WA, USA Tenth Asian Symposium on

  1. Inference of Necessary Field Conditions with Abstract Interpretation Mehdi Bouaziz 1 , Francesco Logozzo 2 , Manuel F¨ ahndrich 2 1 ´ Ecole normale sup´ erieure, Paris, France 2 Microsoft Research, Redmond, WA, USA Tenth Asian Symposium on Programming Languages and Systems December 12, 2012 – Kyoto, Japan

  2. Design by Contract is a programming methodology which systematically requires the programmer to provide contracts (preconditions, postconditions, object invariants) at design time. Mehdi Bouaziz, Francesco Logozzo, Manuel F¨ ahndrich 2/15 Inference of Necessary Field Conditions with Abstract Interpretation

  3. Design by Contract is a programming methodology which systematically requires the programmer to provide contracts (preconditions, postconditions, object invariants) at design time. ◮ allow automatic generation of documentation, ◮ amplify the testing process, ◮ enable assume/guarantee reasoning for static program verification. Mehdi Bouaziz, Francesco Logozzo, Manuel F¨ ahndrich 2/15 Inference of Necessary Field Conditions with Abstract Interpretation

  4. Design by Contract: Example public class Person { private readonly string Name; private readonly JobTitle JobTitle; public Person(string name, JobTitle jobTitle) { Contract.Requires(jobTitle != null && name != null); this.Name = name; this.JobTitle = jobTitle; } private void ObjectInvariant() { Contract.Invariant(this.Name != null); Contract.Invariant(this.JobTitle != null); } public string GetFullName() { if (this.JobTitle != null) return string.Format("{0}�({1})", PrettyPrint(this.Name), this.JobTitle.ToString())); return PrettyPrint(this.Name); } public string PrettyPrint(string s) { Contract.Requires(s != null); Contract.Ensures(Contract.Result<string>() != null); // ... } } Mehdi Bouaziz, Francesco Logozzo, Manuel F¨ ahndrich 3/15 Inference of Necessary Field Conditions with Abstract Interpretation

  5. Design by Contract: Dream and Reality PL designer dream: the programmer provides sufficient contracts for all the methods and all the classes; a static verifier leverages them to prove the program correctness. Mehdi Bouaziz, Francesco Logozzo, Manuel F¨ ahndrich 4/15 Inference of Necessary Field Conditions with Abstract Interpretation

  6. Design by Contract: Dream and Reality PL designer dream: the programmer provides sufficient contracts for all the methods and all the classes; a static verifier leverages them to prove the program correctness. Reality: ◮ the PL or the programming environment does not support contracts: the programmer use non-contract checks on input parameters/fields, unexploitable by a static analyzer, ◮ the program is only partially annotated, ◮ the programmer thinks that some contracts are obvious, ◮ the provided contracts are too weak. Mehdi Bouaziz, Francesco Logozzo, Manuel F¨ ahndrich 4/15 Inference of Necessary Field Conditions with Abstract Interpretation

  7. Design by Contract: Dream and Reality PL designer dream: the programmer provides sufficient contracts for all the methods and all the classes; a static verifier leverages them to prove the program correctness. Reality: ◮ the PL or the programming environment does not support contracts: the programmer use non-contract checks on input parameters/fields, unexploitable by a static analyzer, ◮ the program is only partially annotated, ◮ the programmer thinks that some contracts are obvious, ◮ the provided contracts are too weak. Solution: Inference! Mehdi Bouaziz, Francesco Logozzo, Manuel F¨ ahndrich 4/15 Inference of Necessary Field Conditions with Abstract Interpretation

  8. Contract Inference By abstract interpretation: ◮ Postconditions ◮ Preconditions [Cousot Cousot Logozzo 10] [Cousot Cousot F¨ ahndrich Logozzo 13] Works well! Mehdi Bouaziz, Francesco Logozzo, Manuel F¨ ahndrich 5/15 Inference of Necessary Field Conditions with Abstract Interpretation

  9. Contract Inference By abstract interpretation: ◮ Postconditions ◮ Preconditions [Cousot Cousot Logozzo 10] [Cousot Cousot F¨ ahndrich Logozzo 13] Works well! ◮ Object invariants Class-Level Modular Analysis [Logozzo 03] Brittle! Mehdi Bouaziz, Francesco Logozzo, Manuel F¨ ahndrich 5/15 Inference of Necessary Field Conditions with Abstract Interpretation

  10. Class-Level Modular Analysis Fixpoint characterization of the invariant: � � I = s 〚 c 〛 ⊔ s 〚 m 〛 ( I ) c ∈ Constrs m ∈ Methods Mehdi Bouaziz, Francesco Logozzo, Manuel F¨ ahndrich 6/15 Inference of Necessary Field Conditions with Abstract Interpretation

  11. Class-Level Modular Analysis: Example public class Person { private readonly string Name; private readonly JobTitle JobTitle; public Person(string name, JobTitle jobTitle) { Contract.Requires(jobTitle != null && name != null); this.Name = name; this.JobTitle = jobTitle; } public string GetFullName() { if (this.JobTitle != null) return string.Format("{0}�({1})", PrettyPrint(this.Name), this.JobTitle.ToString())); return PrettyPrint(this.Name); } public int BaseSalary() { return this.JobTitle.BaseSalary; } public string PrettyPrint(string s) { Contract.Requires(s != null); // ... } } I 0 = � Name �→ NN , JobTitle �→ NN � Mehdi Bouaziz, Francesco Logozzo, Manuel F¨ ahndrich 7/15 Inference of Necessary Field Conditions with Abstract Interpretation

  12. Class-Level Modular Analysis: Example, constructor added public class Person { private readonly string Name; private readonly JobTitle JobTitle; public Person(string name, JobTitle jobTitle) { Contract.Requires(jobTitle != null && name != null); this.Name = name; this.JobTitle = jobTitle; } public Person(string name) { Contract.Requires(name != null); this.Name = name; } public string GetFullName() { if (this.JobTitle != null) return string.Format("{0}�({1})", PrettyPrint(this.Name), this.JobTitle.ToString())); return PrettyPrint(this.Name); } public int BaseSalary() { return this.JobTitle.BaseSalary; } } I 1 = � Name �→ NN , JobTitle �→ T � Mehdi Bouaziz, Francesco Logozzo, Manuel F¨ ahndrich 8/15 Inference of Necessary Field Conditions with Abstract Interpretation

  13. Our Solution: Backward Inference of Necessary Conditions Necessary conditions: properties that should hold on the object fields; if violated, an error will definitely occur. Mehdi Bouaziz, Francesco Logozzo, Manuel F¨ ahndrich 9/15 Inference of Necessary Field Conditions with Abstract Interpretation

  14. Our Solution: Backward Inference of Necessary Conditions Necessary conditions: properties that should hold on the object fields; if violated, an error will definitely occur. Goal-directed backward interprocedural propagation of potentially failing assertions. ◮ push assertions that cannot be proven to method entry points (necessary precondition inference [Cousot Cousot Logozzo 10]) ◮ keep those involving private fields ◮ propagate them to the constructors ◮ generate an abstract error trace Mehdi Bouaziz, Francesco Logozzo, Manuel F¨ ahndrich 9/15 Inference of Necessary Field Conditions with Abstract Interpretation

  15. Backward Inference of Necessary Conditions: Example public class Person { private readonly string Name; private readonly JobTitle JobTitle; public Person(string name, JobTitle jobTitle) { Contract.Requires(jobTitle != null && name != null); this.Name = name; this.JobTitle = jobTitle; } public Person(string name) { Contract.Requires(name != null); this.Name = name; } public string GetFullName() { if (this.JobTitle != null) return string.Format("{0}�({1})", PrettyPrint(this.Name), this.JobTitle.ToString())); return PrettyPrint(this.Name); } public int BaseSalary() { return this.JobTitle.BaseSalary; } } I 2 = � Name �→ NN , JobTitle �→ NN � Mehdi Bouaziz, Francesco Logozzo, Manuel F¨ ahndrich 10/15 Inference of Necessary Field Conditions with Abstract Interpretation

  16. The algorithm Result : A necessary condition I ∗ on object fields while true do φ ← true foreach m ∈ M do if ¬ cccheck ( m , out ¯ a ) then // Strengthen precondition and invariant � φ P , φ I � ← π 2 ( I ( m )(¯ a )) Pre m ← Pre m ∧ φ P φ ← φ ∧ φ I end end if φ = true then break // no change on I F , we are done else I F ← I F ∧ φ end end foreach c ∈ C do if ¬ cccheck ( c , out ¯ a ) then // Strengthen the precondition Pre c ← Pre c ∧ π 1 ( I ( c )(¯ a )) end end Mehdi Bouaziz, Francesco Logozzo, Manuel F¨ ahndrich 11/15 Inference of Necessary Field Conditions with Abstract Interpretation

  17. Special Case: Readonly Fields Restricted to readonly fields, the necessary condition inference algorithm gives object invariants after the first iteration of the main loop. Mehdi Bouaziz, Francesco Logozzo, Manuel F¨ ahndrich 12/15 Inference of Necessary Field Conditions with Abstract Interpretation

  18. Experiments We ran cccheck on .Net Framework libraries, with: (BR) object invariant inference disabled; (NCR) object invariant inference enabled for readonly fields only; (NC1) object invariant inference enabled for all fields, with the constraint of analyzing every method only once; (CLMAR) forward class-level modular analysis enabled for readonly fields only. Mehdi Bouaziz, Francesco Logozzo, Manuel F¨ ahndrich 13/15 Inference of Necessary Field Conditions with Abstract Interpretation

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Fields Organizational Strategies readings: From Object to Field Field Conditions by Stan Allen

Fields Organizational Strategies readings: From Object to Field Field Conditions by Stan Allen

Fields Organizational Strategies readings: From Object to Field Field Conditions by Stan Allen Andrea Bagniewski Aya Jazaierly Field Conditions - form - rethinking the part-to-whole problem - reacting to Deconstructivism - in opposition to

524 views • 16 slides
Background Magnetic Field and Kink and Torus Instabilities Y. Liu 1 ABSTRACT Using a Potential

Background Magnetic Field and Kink and Torus Instabilities Y. Liu 1 ABSTRACT Using a Potential

Background Magnetic Field and Kink and Torus Instabilities Y. Liu 1 ABSTRACT Using a Potential Field Source Surface model (PFSS), we study profile of magnetic field overlying erupted filaments. The filaments studied here were re- ported to

517 views • 8 slides
ACMS 20340 Statistics for Life Sciences Chapter 15: Inference in Practice Inference in Practice

ACMS 20340 Statistics for Life Sciences Chapter 15: Inference in Practice Inference in Practice

ACMS 20340 Statistics for Life Sciences Chapter 15: Inference in Practice Inference in Practice Recall the simple conditions for inference about a population mean: Known standard deviation Sample obtained randomly Normally

534 views • 30 slides
Probability, Statistics and Inference Probability : an abstract mathematical framework for

Probability, Statistics and Inference Probability : an abstract mathematical framework for

Mathematical Tools for Neural and Cognitive Science Fall semester, 2017 Probability, Statistics and Inference Probability : an abstract mathematical framework for describing random quantities (e.g., measurements) Statistics : use of

505 views • 29 slides
Variational Mean Field Variational Mean Field for Graphical Models for Graphical Models

Variational Mean Field Variational Mean Field for Graphical Models for Graphical Models

Variational Mean Field Variational Mean Field for Graphical Models for Graphical Models CS/CNS/EE 155 Baback Moghaddam Machine Learning Group baback @ jpl.nasa.gov Approximate Inference Approximate Inference Consider general UGs ( i.e.,

382 views • 37 slides
Section 4: Statistics and Inference Probability : an abstract mathematical framework for

Section 4: Statistics and Inference Probability : an abstract mathematical framework for

Mathematical Tools for Neural and Cognitive Science Fall semester, 2016 Section 4: Statistics and Inference Probability : an abstract mathematical framework for describing random quantities (e.g. measurements) Statistics : use of probability

529 views • 25 slides
Prescription for e.m. field calculations P. Piot, PHYS 571 Fall 2007 Boundary conditions I

Prescription for e.m. field calculations P. Piot, PHYS 571 Fall 2007 Boundary conditions I

Prescription for e.m. field calculations P. Piot, PHYS 571 Fall 2007 Boundary conditions I Electric field components z z S Magnetic field components end plates Proof: start with what we had last lesson P. Piot, PHYS 571

547 views • 15 slides
@ Estimating uncertainty in real-world conditions using Bayesian inference Max Sklar Foursquare

@ Estimating uncertainty in real-world conditions using Bayesian inference Max Sklar Foursquare

Reading into Scarce Data @ Estimating uncertainty in real-world conditions using Bayesian inference Max Sklar Foursquare Engineer @maxsklar We're talking about this problem: - When do I have enough data to be confident in my answer? -

427 views • 23 slides
Optimal Continuous DR-Submodular Maximization and Applications to Provable Mean Field Inference

Optimal Continuous DR-Submodular Maximization and Applications to Provable Mean Field Inference

Optimal Continuous DR-Submodular Maximization and Applications to Provable Mean Field Inference Yatao (An) Bian, Joachim M. Buhmann, Andreas Krause ETH Zurich Motivation and Background Product recommendation Given a parameterized submodular

420 views • 5 slides
All of The Above Presents December 2017 Predictions for Jon Wood Field Current Conditions at

All of The Above Presents December 2017 Predictions for Jon Wood Field Current Conditions at

All of The Above Presents December 2017 Predictions for Jon Wood Field Current Conditions at Jon Wood Field (Jet Stream data by www.weatherstreet.com) You are Here Forecast for Jon Wood Field (Weather forecast data by www.wunderground.com)

823 views • 35 slides
Bayesian networks Independence Bayesian networks Markov conditions Inference by

Bayesian networks Independence Bayesian networks Markov conditions Inference by

Bayesian networks Independence Bayesian networks Markov conditions Inference by enumeration rejection sampling Gibbs sampler Independence if P(A=a,B=a) = P(A=a)P(B=b) for all a and b, then we call A and B

733 views • 19 slides
Particle in a static E-field Consider a charge particle q interacting with a E-field E =E x .

Particle in a static E-field Consider a charge particle q interacting with a E-field E =E x .

Particle in a static E-field Consider a charge particle q interacting with a E-field E =E x . Particles initial conditions p (t=0)=p 0 y. The Lorentz force is: integrate So that total energy a time t is: P. Piot,

542 views • 7 slides
Assessing Translations: How Different Checking Procedures Compare Under Field Conditions Gijs van

Assessing Translations: How Different Checking Procedures Compare Under Field Conditions Gijs van

Assessing Translations: How Different Checking Procedures Compare Under Field Conditions Gijs van Houten, International Survey Methodologist Danielle Cuddington, Research Analyst Katie Simmons, Associate Director, Research Steve Schwarzer,

530 views • 14 slides
Inference of Field Initialization Fausto Spoto and Michael D. Ernst University of Verona, Italy

Inference of Field Initialization Fausto Spoto and Michael D. Ernst University of Verona, Italy

Inference of Field Initialization Fausto Spoto and Michael D. Ernst University of Verona, Italy &amp; University of Washington, USA Honolulu, May 25, 2011, ICSE 1 / 8 Clever tracking of windows by name (from a real story) public class MyWindow

674 views • 48 slides
Update on LUTS/BPH (Clinical field surgical) Pusan National University Hospital Lee Wan

Update on LUTS/BPH (Clinical field surgical) Pusan National University Hospital Lee Wan

Update on LUTS/BPH (Clinical field surgical) Pusan National University Hospital Lee Wan Contents q AUA abstract review q EAU abstract review q Recent Journal review AUA Abstract q AUA BPH session: Surgical Therapy and New Technology (40) -

365 views • 25 slides
The boundary conditions 3. In our case the boundaries are straight lines, connected at the

The boundary conditions 3. In our case the boundaries are straight lines, connected at the

1. We have now derived numerical approximations that allow us to update the flow field in time, in the DNS of Multiphase Flows interior of the domain. Before we can do a specific problem we need to include boundary conditions. Direct

427 views • 7 slides
Joint ICTP-IAEA Workshop on the Evaluation of Nuclear Joint ICTP-IAEA Workshop on the Evaluation

Joint ICTP-IAEA Workshop on the Evaluation of Nuclear Joint ICTP-IAEA Workshop on the Evaluation

Joint ICTP-IAEA Workshop on the Evaluation of Nuclear Joint ICTP-IAEA Workshop on the Evaluation of Nuclear Reaction Data for Applications Reaction Data for Applications 2-13 Oct 2017, ICTP, Trieste, Italy 2-13 Oct 2017, ICTP, Trieste, Italy

410 views • 23 slides
Informatik II Ubung 11 FS 2019 1 Program Today Last Week: BFS with Lazy Deletion 1

Informatik II Ubung 11 FS 2019 1 Program Today Last Week: BFS with Lazy Deletion 1

Informatik II Ubung 11 FS 2019 1 Program Today Last Week: BFS with Lazy Deletion 1 Adjacency List in Java, continued 2 Repetition of Lecture 3 Dijkstras Algorithm Bellman-Ford Algorithm In-Class-Exercise (theoretical) 4

778 views • 49 slides
Graph &amp; Tree Search and Traversals Algorithms Mark Redekopp David Kempe Sandra Batista 2

Graph &amp; Tree Search and Traversals Algorithms Mark Redekopp David Kempe Sandra Batista 2

1 CSCI 104 Graph &amp; Tree Search and Traversals Algorithms Mark Redekopp David Kempe Sandra Batista 2 RECURSIVE TREE TRAVERSALS 3 Guiding Recursive Principle f(n) f(n-1) 1 0 1 2 3 4 A useful principle when trying to 50 51

1.08k views • 90 slides
Josh Bloch Charlie Garrod 17-214 1 Administrivia Homework 1 feedback in your GitHub

Josh Bloch Charlie Garrod 17-214 1 Administrivia Homework 1 feedback in your GitHub

Principles of Software Construction: Objects, Design, and Concurrency Part 1: Designing classes Introduction to design patterns Josh Bloch Charlie Garrod 17-214 1 Administrivia Homework 1 feedback in your GitHub repository Homework 2

785 views • 57 slides
Testing Time and Concurrency with Rx Tamir Dresher (@tamir_dresher) Senior Software Architect J

Testing Time and Concurrency with Rx Tamir Dresher (@tamir_dresher) Senior Software Architect J

Testing Time and Concurrency with Rx Tamir Dresher (@tamir_dresher) Senior Software Architect J 1 1 About Me @tamir_dresher tamirdr@codevalue.net http://www.TamirDresher.com. Author of Rx.NET in Action (manning publications)

965 views • 51 slides
Object-oriented Programming Objects: marry data with related methods Specifying a class

Object-oriented Programming Objects: marry data with related methods Specifying a class

Object-oriented Programming Objects: marry data with related methods Specifying a class does not create any objects No memory allocation (or almost none) An object is an instance of a particular class There can be many

298 views • 11 slides
Variable (1 of 2) Consists of: Name so we can

Variable (1 of 2) Consists of: Name so we can

2013-09-17 Variable (1 of 2) Consists of: Name so we can refer to its storage loca1on Lecture 2 at lower level converted to

349 views • 6 slides
Classes and Objects EECS1021: Object Oriented Programming: from Sensors to Actuators Winter

Classes and Objects EECS1021: Object Oriented Programming: from Sensors to Actuators Winter

Classes and Objects EECS1021: Object Oriented Programming: from Sensors to Actuators Winter 2019 C HEN -W EI W ANG Where are we? Where will we go? We have developed the Java code solely within main method. In Java: We may define

990 views • 94 slides

More recommend