likely program invariants
play

Likely Program Invariants Michael Ernst, Jake Cockrell, Bill - PowerPoint PPT Presentation

Aug 23, 2023 •47 likes •287 views

Dynamically Detecting Likely Program Invariants Michael Ernst, Jake Cockrell, Bill Griswold (UCSD), and David Notkin University of Washington Department of Computer Science and Engineering http://www.cs.washington.edu/homes/mernst/ Ernst,

  1. Dynamically Detecting Likely Program Invariants Michael Ernst, Jake Cockrell, Bill Griswold (UCSD), and David Notkin University of Washington Department of Computer Science and Engineering http://www.cs.washington.edu/homes/mernst/ Ernst, ICSE 99, page 1

  2. Overview Goal: recover invariants from programs Technique: run the program, examine values Artifact: Daikon • recovered formal specifications Results: • aided in a software modification task • motivation Outline: • techniques • future work Ernst, ICSE 99, page 2

  3. Goal: recover invariants Detect invariants like those in assert statements • x > abs(y) • x = 16*y + 4*z + 3 • array a contains no duplicates • for each node n , n = n.child.parent • graph g is acyclic Ernst, ICSE 99, page 3

  4. Uses for invariants Write better programs [Liskov 86] Documentation Convert to assert Maintain invariants to avoid introducing bugs Validate test suite: value coverage Locate exceptional conditions Higher-level profile-directed compilation [Calder 98] Bootstrap proofs [Wegbreit 74, Bensalem 96] Ernst, ICSE 99, page 4

  5. Experiment 1: recover formal specifications Example: Program 15.1.1 from The Science of Programming [Gries 81] // Sum array b of length n into variable s. i := 0; s := 0; while i  n do { s := s + b [ i ]; i := i +1 } Precondition: n  0 Postcondition: s = (  j : 0  j < n : b [ j ]) Loop invariant: 0  i  n and s = (  j : 0  j < i : b [ j ]) Ernst, ICSE 99, page 5

  6. Test suite for program 15.1.1 100 randomly-generated arrays • Length uniformly distributed from 7 to 13 • Elements uniformly distributed from -100 to 100 Ernst, ICSE 99, page 6

  7. Inferred invariants 15.1.1:::BEGIN (100 samples) N = size(B) (7 values) N in [7..13] (7 values) B (100 values) All elements in [-100..100] (200 values) 15.1.1:::END (100 samples) N = I = N_orig = size(B) (7 values) B = B_orig (100 values) S = sum(B) (96 values) N in [7..13] (7 values) B (100 values) All elements in [-100..100] (200 values) Ernst, ICSE 99, page 7

  8. Inferred loop invariants 15.1.1:::LOOP (1107 samples) N = size(B) (7 values) S = sum(B[0..I-1]) (96 values) N in [7..13] (7 values) I in [0..13] (14 values) I <= N (77 values) B (100 values) All elements in [-100..100] (200 values) B[0..I-1] (985 values) All elements in [-100..100] (200 values) Ernst, ICSE 99, page 8

  9. Ways to obtain invariants • Programmer-supplied • Static analysis: examine the program text [Cousot 77, Gannod 96] • properties are guaranteed to be true • pointers are intractable in practice • Dynamic analysis: run the program Ernst, ICSE 99, page 9

  10. Dynamic invariant detection Original Instrumented program program Data trace Invariants database Detect Instrument Run invariants Test suite Look for patterns in values the program computes: • Instrument the program to write data trace files • Run the program on a test suite • Offline invariant engine reads data trace files, checks for a collection of potential invariants Ernst, ICSE 99, page 10

  11. Running the program Requires a test suite • standard test suites are adequate • relatively insensitive to test suite No guarantee of completeness or soundness • useful nonetheless Ernst, ICSE 99, page 11

  12. Sample invariants x,y,z are variables; a,b,c are constants Numbers: • unary: x = a, a  x  b, x  a (mod b) • n-ary: x  y , x = a y + b z + c, x = max( y , z ) Sequences: • unary: sorted, invariants over all elements • with scalar: membership • with sequence: subsequence, ordering Ernst, ICSE 99, page 12

  13. Checking invariants For each potential invariant: • quickly determine constants (e.g., a and b in y = a x + b) • stop checking once it is falsified This is inexpensive Ernst, ICSE 99, page 13

  14. Performance Runtime growth: • quadratic in number of variables at a program point (linear in number of invariants checked/discovered) • linear in number of samples or values (test suite size) • linear in number of program points Absolute runtime: a few minutes per procedure • 10,000 calls, 70 variables, instrument entry and exit Ernst, ICSE 99, page 14

  15. Statistical checks Check hypothesized distribution To show x  0 for v values of x in range of size r , v   1  probability of no zeroes is  r  1   Range limits (e.g., x  22): • more samples than neighbors (clipped to that value) • same number of samples as neighbors (uniform distribution) Ernst, ICSE 99, page 15

  16. Derived variables Variables not appearing in source text • array: length, sum, min, max • array and scalar: element at index, subarray • number of calls to a procedure Enable inference of more complex relationships Staged derivation and invariant inference • avoid deriving meaningless values • avoid computing tautological invariants Ernst, ICSE 99, page 16

  17. Experiment 2: C code lacking explicit invariants 563-line C program: regexp search & replace [Hutchins 94, Rothermel 98] Task: modify to add Kleene + Use both detected invariants and traditional tools Ernst, ICSE 99, page 17

  18. Experiment 2 invariant uses Contradicted some maintainer expectations anticipated lj < j in makepat Revealed a bug when lastj = *j in stclose , array bounds error Explicated data structures regexp compiled form (a string) Ernst, ICSE 99, page 18

  19. Experiment 2 invariant uses Showed procedures used in limited ways makepat : start = 0 and delim = ’ \ 0’ Demonstrated test suite inadequacy calls( in_set_2 ) = calls( stclose ) Changes in invariants validated program changes plclose : *j  *j orig +2 stclose : *j = *j orig +1 Ernst, ICSE 99, page 19

  20. Experiment 2 conclusions Invariants: • effectively summarize value data • support programmer’s own inferences • lead programmers to think in terms of invariants • provide serendipitous information Useful tools: • trace database (supports queries) • invariant differencer Ernst, ICSE 99, page 20

  21. Future work Logics: • Disjunctions: p = NULL or *p > i • Predicated invariants: if condition then invariant • Temporal invariants • Global invariants (multiple program points) • Existential quantifiers Domains: recursive (pointer-based) data structures • Local invariants • Global invariants: structure [Hendren 92] , value Ernst, ICSE 99, page 21

  22. More future work User interface • control over instrumentation • display and manipulation of invariants Experimental evaluation • apply to a variety of tasks • apply to more and bigger programs • users wanted! (Daikon works on C, C++, Java, Lisp) Ernst, ICSE 99, page 22

  23. Related work Dynamic inference • inductive logic programming [Bratko 93] • program spectra [Reps 97] • finite state machines [Boigelot 97, Cook 98] Static inference [Jeffords 98] • checking specifications [Detlefs 96, Evans 96, Jacobs 98] • specification extension [Givan 96, Hendren 92] • etc. [Henry 90, Ward 96] Ernst, ICSE 99, page 23

  24. Conclusions Dynamic invariant detection is feasible • Prototype implementation Dynamic invariant detection is effective • Two experiments provide preliminary support Dynamic invariant detection is a challenging but promising area for future research Ernst, ICSE 99, page 24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Searching for Program Invariants using Genetic Programming and Mutation Testing Sam Ratcliff,

Searching for Program Invariants using Genetic Programming and Mutation Testing Sam Ratcliff,

Searching for Program Invariants using Genetic Programming and Mutation Testing Sam Ratcliff, David R. White and John A. Clark. The 13th CREST Open Workshop Thursday 12 May 2011 Outline Invariants Using GP to find Invariants Identifying

417 views • 38 slides
Loop invariants &lt;precondition: n&gt;0&gt; int i = 0; while (i &lt; n){ i = i+1; We want to

Loop invariants &lt;precondition: n&gt;0&gt; int i = 0; while (i &lt; n){ i = i+1; We want to

4/23/16 Loop invariants as a way of reasoning about the state of your program Loop invariants &lt;precondition: n&gt;0&gt; int i = 0; while (i &lt; n){ i = i+1; We want to prove: } i==n right after the loop &lt;post condition: i==n&gt;

80 views • 7 slides
Daikon: Dynamic Analysis for Inferring Likely Invariants Reading: Dynamically Discovering Likely

Daikon: Dynamic Analysis for Inferring Likely Invariants Reading: Dynamically Discovering Likely

Daikon: Dynamic Analysis for Inferring Likely Invariants Reading: Dynamically Discovering Likely Program Invariants to Support Program Evolution 17-654/17-765 Analysis of Software Artifacts Jonathan Aldrich What is an Invariant? A

361 views • 22 slides
Leveraging Program Invariants to Promote Population Diversity in Search-Based Automatic Program

Leveraging Program Invariants to Promote Population Diversity in Search-Based Automatic Program

Leveraging Program Invariants to Promote Population Diversity in Search-Based Automatic Program Repair Zhen Yu Ding , Yiwei Lyu , Christopher S. Timperley , Claire Le Goues University of Pittsburgh, Carnegie Mellon

991 views • 64 slides
CS 220: Discrete Structures and their Applications Loop Invariants Chapter 3 in zybooks Program

CS 220: Discrete Structures and their Applications Loop Invariants Chapter 3 in zybooks Program

CS 220: Discrete Structures and their Applications Loop Invariants Chapter 3 in zybooks Program verification How do we know our program works correctly? In this lecture we will focus on a tool for verifying the correctness of programs that

605 views • 25 slides
Decision Tree Based Learning of Program Invariants Deepak DSouza Department of Computer

Decision Tree Based Learning of Program Invariants Deepak DSouza Department of Computer

Floyd-Hoare Style Verification Decision Tree Learning ICE Learning Proofs with Multiple Invariants Decision Tree Based Learning of Program Invariants Deepak DSouza Department of Computer Science and Automation Indian Institute of Science,

648 views • 37 slides
Synthesis of Ranking Functions and Synthesis of Inductive Invariants and Synthesis of

Synthesis of Ranking Functions and Synthesis of Inductive Invariants and Synthesis of

Synthesis of Ranking Functions and Synthesis of Inductive Invariants and Synthesis of Recurrence Sets via Constraint Solving Andreas Podelski January 17, 2012 1 Program Verification and Constraints Reasoning about program

422 views • 28 slides
Fundamentals of Program Analysis + Generation of Linear Prg. Invariants Markus Mller-Olm

Fundamentals of Program Analysis + Generation of Linear Prg. Invariants Markus Mller-Olm

Fundamentals of Program Analysis + Generation of Linear Prg. Invariants Markus Mller-Olm Westflische Wilhelms-Universitt Mnster, Germany 2nd Tutorial of SPP RS3: Reliably Secure Software Systems Schloss Buchenau, September 3-6, 2012

1.74k views • 162 slides
Learning Loop Invariants for Program Verification Xujie Si*, Hanjun Dai*, Mukund Raghothaman,

Learning Loop Invariants for Program Verification Xujie Si*, Hanjun Dai*, Mukund Raghothaman,

Learning Loop Invariants for Program Verification Xujie Si*, Hanjun Dai*, Mukund Raghothaman, Mayur Naik, Le Song University of Pennsylvania Georgia Institute of Technology NeurIPS 2018 Code: https://github.com/PL-ML/code2inv * equal

386 views • 34 slides
Proving invariants: how many times a program should be unfolded ? Paul Caspi, Jan Mik

Proving invariants: how many times a program should be unfolded ? Paul Caspi, Jan Mik

Proving invariants: how many times a program should be unfolded ? Paul Caspi, Jan Mik VERIMAG Grenoble Problem definition 1 A closed system state space S initial state I is a predicate on S transition relation T is a predicate on S

161 views • 13 slides
GENERATING INVARIANTS IN POSITIVE CHARACTERISTIC VISU MAKAM Abstract. The ring of invariants for a

GENERATING INVARIANTS IN POSITIVE CHARACTERISTIC VISU MAKAM Abstract. The ring of invariants for a

GENERATING INVARIANTS IN POSITIVE CHARACTERISTIC VISU MAKAM Abstract. The ring of invariants for a rational representation of a reductive group is finitely generated by the results of Hilbert, Nagata and Haboush. However, the proof is not

482 views • 3 slides
Transition Invariants for Program Termination Andreas Podelski January 9, 2012 Ramseys

Transition Invariants for Program Termination Andreas Podelski January 9, 2012 Ramseys

Transition Invariants for Program Termination Andreas Podelski January 9, 2012 Ramseys theorem every infinite complete graph that is colored with finitely many colors contains a monochrome infinite complete subgraph termination a program P

550 views • 27 slides
Local invariants of maps between 3-manifolds Victor Goryunov University of Liverpool Conference

Local invariants of maps between 3-manifolds Victor Goryunov University of Liverpool Conference

Introduction Generic critical value sets Integer invariants mod2 invariants Local invariants of maps between 3-manifolds Victor Goryunov University of Liverpool Conference Legacy of Vladimir Arnold Fields Institute, Toronto 25 November

1.37k views • 84 slides
Cheeger-Gromov L 2 -invariants of 3-manifolds Geunho Lim Indiana University Bloomington

Cheeger-Gromov L 2 -invariants of 3-manifolds Geunho Lim Indiana University Bloomington

Cheeger-Gromov L 2 -invariants of 3-manifolds Geunho Lim Indiana University Bloomington limg@iu.edu L 2 -invariants Topological Definition of L 2 -invariants, (2) (M, ) M is a closed (4k-1)-manifold. : 1 ( M) G is

805 views • 3 slides
Quickly Detecting Relevant Program Invariants Michael Ernst, Adam Czeisler, Bill Griswold

Quickly Detecting Relevant Program Invariants Michael Ernst, Adam Czeisler, Bill Griswold

Quickly Detecting Relevant Program Invariants Michael Ernst, Adam Czeisler, Bill Griswold (UCSD), and David Notkin University of Washington http://www.cs.washington.edu/homes/mernst/daikon Michael Ernst, page 1 Overview Goal: improve

776 views • 32 slides
Data Invariants, Abstraction and Refinement Liam OConnor University of Edinburgh LFCS (and

Data Invariants, Abstraction and Refinement Liam OConnor University of Edinburgh LFCS (and

Data Invariants and ADTs Validation Data Refinement Administrivia Software System Design and Implementation Data Invariants, Abstraction and Refinement Liam OConnor University of Edinburgh LFCS (and UNSW) Term 2 2020 1 Data Invariants

1.07k views • 68 slides
Environmental Analysis &amp; Decision-Making Region 6 Roundtable February 22-23, 2018

Environmental Analysis &amp; Decision-Making Region 6 Roundtable February 22-23, 2018

Environmental Analysis &amp; Decision-Making Region 6 Roundtable February 22-23, 2018 Portland, OR Abbreviated Agenda: 10:00 a.m. Welcome and Meeting Overview 10:20 a.m. National Overview and Introduction of EADM Effort Chris French

275 views • 9 slides
Prelim 2 Review Spring 2019 Exam Info 4/21/19 Prelim 2 Review 2 What is on the Exam?

Prelim 2 Review Spring 2019 Exam Info 4/21/19 Prelim 2 Review 2 What is on the Exam?

CS 1110 Prelim 2 Review Spring 2019 Exam Info 4/21/19 Prelim 2 Review 2 What is on the Exam? Questions from the following topics: Iteration and Lists, Dictionaries, Tuples Nested lists, nested loops Recursion Classes &amp;

765 views • 39 slides
Instructional Design: Practice Problems in Open Textbooks August 27, 2020 Presenters: Julie

Instructional Design: Practice Problems in Open Textbooks August 27, 2020 Presenters: Julie

Instructional Design: Practice Problems in Open Textbooks August 27, 2020 Presenters: Julie Maier &amp; JR Dingwall Moderators: Alan Levine &amp; Clint Lalonde Thank you! Title or Statement Title or Statement Questions?

430 views • 10 slides
El Paso County, Texas Preliminary Flood Insurance Rate Map and Rio Grande Levee System Larry

El Paso County, Texas Preliminary Flood Insurance Rate Map and Rio Grande Levee System Larry

El Paso County, Texas Preliminary Flood Insurance Rate Map and Rio Grande Levee System Larry Voice, FEMA FEMA Mitigation August 26, 2020 Study Overview El El Paso Paso County Flood Risk Study: County Flood Risk Study: County-wide update

291 views • 17 slides
Page 1 1 Midterm Topics Reading: Today H1, P1, H2, P2 FCG Chapter 11 pp 209-214

Page 1 1 Midterm Topics Reading: Today H1, P1, H2, P2 FCG Chapter 11 pp 209-214

University of British Columbia News CPSC 314 Computer Graphics extra lab coverage: Mon 12-2, Wed 2-4 May-June 2005 P2 demo slot signup sheet Tamara Munzner handing back H1 today well try to get H2 back tomorrow Compositing,

298 views • 19 slides
Lecture 23: Decision Trees Decision trees Prof. Julia Hockenmaier

Lecture 23: Decision Trees Decision trees Prof. Julia Hockenmaier

CS440/ECE448: Intro to Artificial Intelligence Lecture 23: Decision Trees Decision trees Prof. Julia Hockenmaier juliahmr@illinois.edu http://cs.illinois.edu/fa11/cs440 Decision trees Decision tree

338 views • 7 slides
Closed forms for generating series, and finite summation analogues modulo a prime Sandro Mattarei

Closed forms for generating series, and finite summation analogues modulo a prime Sandro Mattarei

Closed forms for generating series, and finite summation analogues modulo a prime Sandro Mattarei (joint work with Roberto Tauraso) School of Mathematics and Physics University of Lincoln (UK) Gargnano, October 2017 S. Mattarei Finite

1.23k views • 71 slides
Variational Inference CMSC 691 UMBC Goal: Posterior Inference Hyperparameters Unknown

Variational Inference CMSC 691 UMBC Goal: Posterior Inference Hyperparameters Unknown

Approximate Inference: Variational Inference CMSC 691 UMBC Goal: Posterior Inference Hyperparameters Unknown parameters Data: p ( | ) Likelihood model: p( | ) (Some) Learning Techniques MAP/MLE: Point

1.09k views • 81 slides

More recommend