predicting problems caused by component upgrades
play

Predicting Problems Caused by Component Upgrades Stephen McCamant - PowerPoint PPT Presentation

May 04, 2023 •221 likes •708 views

. 1.05 2.0 2.3.36 0.9 1.1 ? ? 1.0 1.2 Predicting Problems Caused by Component Upgrades Stephen McCamant and Michael D. Ernst Program Analysis Group {smcc,mernst}@CSAIL.MIT.EDU Predicting Problems Caused by Component Upgrades p. 1

  1. . 1.05 2.0 2.3.36 0.9 1.1 ? ? 1.0 1.2 Predicting Problems Caused by Component Upgrades Stephen McCamant and Michael D. Ernst Program Analysis Group {smcc,mernst}@CSAIL.MIT.EDU Predicting Problems Caused by Component Upgrades p. 1

  2. Upcoming Zeminars • Future Zeminars will be here in room 518, except as noted • Monday August 25th 3pm: Jonathan Edwards on a type system for Alloy • Monday September 1st 3pm: No Zeminar, Labor Day • Monday September 8th: Future schedule TBA Predicting Problems Caused by Component Upgrades p. 2

  3. Outline • The upgrade problem • Solution: Compare observed behavior • Comparing observed behavior (details) • Example: Sorting and swap • Case study: Perl modules • Scaling to larger systems • Conclusion Predicting Problems Caused by Component Upgrades p. 3

  4. Upgrade safety • A system uses version 1.1 of a component • Might version 1.2 cause the system to misbehave? (The general question is undecidable) Predicting Problems Caused by Component Upgrades p. 4

  5. Terminology • The component might be any separately developed piece of software • The application uses the component • The vendor develops the component • The user integrates the component with the rest of the application Predicting Problems Caused by Component Upgrades p. 5

  6. Previous solutions • Integrate new component, then test • Resource intensive • Vendor tests new component • Impossible to anticipate all uses • User, not vendor, must make upgrade decision • Static analysis to guarantee identical or subtype behavior • Difficult to provide adequate guarantees Predicting Problems Caused by Component Upgrades p. 6

  7. Behavioral subtyping • Behavioral subtyping [Liskov 94] guarantees behavioral compatibility • Provable properties about supertype are provable about subtype • Operates on human-supplied specifications • Behavioral subtyping is too strong • OK to change aspects that the application does not use • Behavioral subtyping is too weak • An application may depend on implementation details Predicting Problems Caused by Component Upgrades p. 7

  8. Outline • The upgrade problem • Solution: Compare observed behavior • Comparing observed behavior (details) • Example: Sorting and swap • Case study: Perl modules • Scaling to larger systems • Conclusion Predicting Problems Caused by Component Upgrades p. 8

  9. Run-time behavior comparison • Compare run-time behaviors of component • Old component, in context of the application’s use • New component, in context of vendor test suite • Compatible if the vendor tests all the functionality that the application uses (and gets the right output) Predicting Problems Caused by Component Upgrades p. 9

  10. Operational abstraction • Abstraction of run-time behavior of component • Set of program propertiesÐ mathematical statements about component behavior • Syntactically identical to formal specification • Consists of pre- and post-conditions • Can compare via logical implication Predicting Problems Caused by Component Upgrades p. 10

  11. Dynamic invariant detection • Recover likely invariants by examining runtime values, using Daikon http://pag.lcs.mit.edu/daikon • Output is logical statements describing program behavior (potential invariants) • Algorithm: • Conjecture all properties from a large grammar • At each dynamic program point, discard falsified properties • Eliminate implied and statistically unjustified statements • To find conditional properties ( x is even ⇒ a [ x ] = 0 ), use subsets of data Predicting Problems Caused by Component Upgrades p. 11

  12. Outline • The upgrade problem • Solution: Compare observed behavior • Comparing observed behavior (details) • Example: Sorting and swap • Case study: Perl modules • Scaling to larger systems • Conclusion Predicting Problems Caused by Component Upgrades p. 12

  13. Testing upgrade compatibility 1. User computes operational abstraction of old component, in context of application’s use 2. Vendor computes operational abstraction of new component, over test suite 3. Vendor supplies operational abstraction along with new component 4. User compares operational abstractions using an automated tool Predicting Problems Caused by Component Upgrades p. 13

  14. Verifying unchanged behavior • The operational abstraction of the new version, with the vendor’s tests, consists of pre- and post-conditions Pre test and Post test • The abstraction of the old version, in the context of the application, is Pre app and Post app • For the upgrade to be safe, verify that Pre app and the new component imply Post app Predicting Problems Caused by Component Upgrades p. 14

  15. New abstraction must be stronger We want to check that Pre app ⇒ Post app We know that Pre test ⇒ Post test Rest of application ⇓ Pre app ⇒ Pre test ⇓ ⇓ Old component New component ⇓ ⇓ ⇐ Post app Post test ⇓ Rest of application Sufficient conditions: Pre app ⇒ Pre test and Post test ⇒ Post app Predicting Problems Caused by Component Upgrades p. 15

  16. New abstraction must be stronger We want to check that Pre app ⇒ Post app We know that Pre test ⇒ Post test Rest of application ⇓ Pre app ⇒ Pre test ⇓ ⇓ Old component New component ⇓ ⇓ ⇐ Post app Post test ⇓ Rest of application Sufficient conditions: Pre app ⇒ Pre test and Post test ⇒ Post app Predicting Problems Caused by Component Upgrades p. 16

  17. New abstraction must be stronger We want to check that Pre app ⇒ Post app We know that Pre test ⇒ Post test Rest of application ⇓ Pre app ⇒ Pre test ⇓ ⇓ New component New component ⇓ ⇓ ⇐ Post app Post test ⇓ Rest of application Sufficient conditions: Pre app ⇒ Pre test and Post test ⇒ Post app Predicting Problems Caused by Component Upgrades p. 17

  18. New abstraction must be stronger • We want to check that Pre app ⇒ Post app We know that Pre test ⇒ Post test Rest of application ⇓ Pre app ⇒ Pre test ⇓ ⇓ New component New component ⇓ ⇓ ⇐ Post app Post test ⇓ Rest of application Sufficient conditions: Pre app ⇒ Pre test and Post test ⇒ Post app Predicting Problems Caused by Component Upgrades p. 18

  19. New abstraction must be stronger • We want to check that Pre app ⇒ Post app • We know that Pre test ⇒ Post test Rest of application ⇓ Pre app ⇒ Pre test ⇓ ⇓ New component New component ⇓ ⇓ ⇐ Post app Post test ⇓ Rest of application Sufficient conditions: Pre app ⇒ Pre test and Post test ⇒ Post app Predicting Problems Caused by Component Upgrades p. 19

  20. New abstraction must be stronger • We want to check that Pre app ⇒ Post app • We know that Pre test ⇒ Post test Rest of application ⇓ Pre app ⇒ Pre test ⇓ ⇓ New component New component ⇓ ⇓ ⇐ Post app Post test ⇓ Rest of application • Sufficient condition: ( Pre app ⇒ Pre test ) ∧ ( Post test ⇒ Post app ) Predicting Problems Caused by Component Upgrades p. 20

  21. Comparing operational abstractions • Sufficient, but usually false: ( Pre app ⇒ Pre test ) ∧ ( Post test ⇒ Post app ) Pre app Pre test ⇒ x is an integer x is even [Application] ⇓ ⇓ [ inc test suite] Post app Post test x ′ = x + 1 �⇐ x ′ = x + 1 x ′ is odd • Just right: ( Pre app ⇒ Pre test ) ∧ ( Pre app ∧ Post test ⇒ Post app ) Predicting Problems Caused by Component Upgrades p. 21

  22. Highlighting new failures • This check could reject an ‘upgrade’ of a component to the same version • Use of untested behavior (vendor testing insufficient) • Abstraction or prover failure • Repeat comparison, using vendor’s abstraction for old component version • Especially interested in failures that occur only with the new component abstraction Predicting Problems Caused by Component Upgrades p. 22

  23. Reasons for behavioral differences • Differences between application and test suite uses of component require human judgment • True incompatibility • Change in behavior might not affect application • Change in behavior might be a bug fix • Vendor test suite might be deficient • It may be possible to work around the incompatibility Predicting Problems Caused by Component Upgrades p. 23

  24. Outline • The upgrade problem • Solution: Compare observed behavior • Comparing observed behavior (details) • Example: Sorting and swap • Case study: Perl modules • Scaling to larger systems • Conclusion Predicting Problems Caused by Component Upgrades p. 24

  25. Sorting application // Sort the argument into ascending order static void bubble_sort(int[] a) { for (int x = a.length - 1; x > 0; x--) { // Compare adjacent elements in a[0..x] for (int y = 0; y < x; y++) { if (a[y] > a[y+1]) swap(a, y, y+1); } } } Predicting Problems Caused by Component Upgrades p. 25

  26. Swap component // Exchange the two array elements at i and j static void swap(int[] a, int i, int j) { int temp = a[i]; a[i] = a[j]; a[j] = temp; } Predicting Problems Caused by Component Upgrades p. 26

  27. Upgrade to swap component // Exchange the two array elements at i and j static void swap(int[] a, int i, int j) { a[i] ^= a[j]; // XOR a[j] ^= a[i]; a[i] ^= a[j]; } Predicting Problems Caused by Component Upgrades p. 27

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Predicting problems caused by component upgrades Michael Ernst MIT Lab for Computer Science

Predicting problems caused by component upgrades Michael Ernst MIT Lab for Computer Science

Predicting problems caused by component upgrades Michael Ernst MIT Lab for Computer Science http://pag.lcs.mit.edu/~mernst/ Joint work with Stephen McCamant Michael Ernst, page 1 An upgrade problem 1. You are a happy user of Stucco

647 views • 44 slides
Correlated Component Regression: A Fast Parsimonious Approach for Predicting Outcome Variables

Correlated Component Regression: A Fast Parsimonious Approach for Predicting Outcome Variables

Correlated Component Regression: A Fast Parsimonious Approach for Predicting Outcome Variables from a Large Number of Predictors Jay M agidson, Ph.D. Statistical Innovations 1 COM PTSTAT 2010, Paris, France Correlated Component Regression

408 views • 21 slides
Predicting Energy Consumption by Extending the Palladio Component Model Symposium on Software

Predicting Energy Consumption by Extending the Palladio Component Model Symposium on Software

Stuttgart, Germany, 2014-11-27 Predicting Energy Consumption by Extending the Palladio Component Model Symposium on Software Performance (SOSP) 2014 Felix Willnecker 1 , Andreas Brunnert 1 , Helmut Krcmar 2 1 fortiss GmbH, 2 Technische

693 views • 22 slides
th Working with Gumdrop And LitterARTI Aim: to raise awareness of the problems caused by

th Working with Gumdrop And LitterARTI Aim: to raise awareness of the problems caused by

th Working with Gumdrop And LitterARTI Aim: to raise awareness of the problems caused by chewing gum on the floor 4 events - 9th April, 9 th May, 20 th June, 25 th July Prize draw 25 th July - 500 shopping vouchers to be won

398 views • 19 slides
CMS Upgrades CMS Plans up to 2020/ 2030? Dan Green Fermilab 06/05/13 U of D0 CMS Upgrades

CMS Upgrades CMS Plans up to 2020/ 2030? Dan Green Fermilab 06/05/13 U of D0 CMS Upgrades

CMS Upgrades CMS Plans up to 2020/ 2030? Dan Green Fermilab 06/05/13 U of D0 CMS Upgrades 1 Why Upgrade? The LHC will be the only factory in HEP for W, Z, t and H production for a long time To further the energy frontier we

986 views • 45 slides
Problems and Solutions in Classical Component Systems Language Transparency

Problems and Solutions in Classical Component Systems Language Transparency

TDDD05, O. Leifler &amp; C. Kessler, 2005-2014. Some slides by courtesy of Uwe Assmann, IDA / TU Dresden. Problems and Solutions in Classical Component Systems Language Transparency Location/Distribution Transparency Example: Yellow

860 views • 52 slides
system with a relevant groundwater component Iolanda Borz 1, *, Brunella Bonaccorso 1 and Aldo

system with a relevant groundwater component Iolanda Borz 1, *, Brunella Bonaccorso 1 and Aldo

3rd International Electronic Conference on Water Sciences (ECWS-3) 15 30 November 2018 A modified IHACRES rainfall-runoff model for predicting hydrologic response of a river basin system with a relevant groundwater component Iolanda Borz 1,

244 views • 11 slides
KGL Code Upgrades Town Hall Meeting August 5, 2020 Project Scope Life Safety Systems Upgrades

KGL Code Upgrades Town Hall Meeting August 5, 2020 Project Scope Life Safety Systems Upgrades

KGL Code Upgrades Town Hall Meeting August 5, 2020 Project Scope Life Safety Systems Upgrades Fire Protection System Installed Throughout Emergency Power and Lighting Upgrades Guardrail and Handrail Modifications Fire

467 views • 23 slides
7.8 Breakout Discussion 1: User Needs: What are the key problems for coastal managers caused by SLR

7.8 Breakout Discussion 1: User Needs: What are the key problems for coastal managers caused by SLR

Kick-Off Meeting Section 7: Presentations Breakout discussion 1: User needs (Rissik) 7.8 Breakout Discussion 1: User Needs: What are the key problems for coastal managers caused by SLR and climate change? (David Rissik, NCCARF) 84 Kick-Off

276 views • 6 slides
Victorian Energy Upgrades Public Forum Friday 13 October 2017 Victorian Energy Upgrades Public

Victorian Energy Upgrades Public Forum Friday 13 October 2017 Victorian Energy Upgrades Public

Victorian Energy Upgrades Public Forum Friday 13 October 2017 Victorian Energy Upgrades Public Forum Welcome John Hamill CEO, Essential Services Commission Victorian Energy Upgrades Public Forum Introduction Jeff Cefai Director VEET,

1.83k views • 156 slides
The CMS HL-LHC Upgrades and Proposed U.S. CMS Contributions Vivian ODell, U. S. CMS HL-LHC

The CMS HL-LHC Upgrades and Proposed U.S. CMS Contributions Vivian ODell, U. S. CMS HL-LHC

The CMS HL-LHC Upgrades and Proposed U.S. CMS Contributions Vivian ODell, U. S. CMS HL-LHC USCMS Project Manager February 2, 2016 Outline Quick outline of the physics The LHC and CMS CMS Upgrades Funding and Costs

620 views • 50 slides
Predicting Regulatory Elements Predicting Regulatory Elements in P. falciparum in P. falciparum

Predicting Regulatory Elements Predicting Regulatory Elements in P. falciparum in P. falciparum

Predicting Regulatory Elements Predicting Regulatory Elements in P. falciparum in P. falciparum Chengyong Yang Erliang Zeng Giri Narasimhan BioInformatics Research Group (BioRG) School of Computer Science Florida International University,

525 views • 31 slides
Predicting Min Predicting Min-Bias and the Bias and the Underlying Event at

Predicting Min Predicting Min-Bias and the Bias and the Underlying Event at

Predicting Min Predicting Min-Bias and the Bias and the Underlying Event at the LHC Underlying Event at the LHC Extrapolations from the Tevatron to RHIC and the LHC Rick Field University of Florida Outline of Talk

679 views • 49 slides
T8: Predicting Structures in NLP: Constrained Conditional Models and Integer Linear Programming

T8: Predicting Structures in NLP: Constrained Conditional Models and Integer Linear Programming

T8: Predicting Structures in NLP: Constrained Conditional Models and Integer Linear Programming NLP Dan Goldwasser, Vivek Srikumar, Dan Roth A BSTRACT Making decisions in natural language processing problems often involves assigning values to

261 views • 4 slides
Problems Caused by Failures Update all account balances at a bank branch. Accounts(Anum, CId,

Problems Caused by Failures Update all account balances at a bank branch. Accounts(Anum, CId,

Transactions 1 Problems Caused by Failures Update all account balances at a bank branch. Accounts(Anum, CId, BranchId, Balance) update Accounts set Balance = Balance * 1.05 where BranchId = 12345 If the system crashes while processing

251 views • 22 slides
Computational Algorithm Predicting Surface Computational Algorithm Predicting Surface Morphology

Computational Algorithm Predicting Surface Computational Algorithm Predicting Surface Morphology

Computational Algorithm Predicting Surface Computational Algorithm Predicting Surface Morphology Evolution During Electropolishing Joel Thomas 1 , Charles Reece 2 and Stanko R. Brankovic 1,* 1 Cullen College of Engineering University of Houston

399 views • 12 slides
specification free monitoring CS 119 can we avoid writing specs? specification and programming

specification free monitoring CS 119 can we avoid writing specs? specification and programming

specification free monitoring CS 119 can we avoid writing specs? specification and programming specification runtime verification program input output 2 properties can be hard to write To quote quite excellent NASA software engineer

987 views • 65 slides
Tool-Assisted Unit Test Selection Based on Operational Violations Tao Xie David Notkin

Tool-Assisted Unit Test Selection Based on Operational Violations Tao Xie David Notkin

Tool-Assisted Unit Test Selection Based on Operational Violations Tao Xie David Notkin Department of Computer Science &amp; Engineering University of Washington, Seattle, WA Oct. 8th, 2003 ASE 2003, Montreal, Canada 1 Synopsis Context:

802 views • 32 slides
Substra: a Framework for Automatic Generation of Integration Tests Hai Yuan Tao Xie Department of

Substra: a Framework for Automatic Generation of Integration Tests Hai Yuan Tao Xie Department of

Computer Science Substra: a Framework for Automatic Generation of Integration Tests Hai Yuan Tao Xie Department of Computer Science North Carolina State University, USA http://ase.csc.ncsu.edu/ 1 Motivation Software components

406 views • 22 slides
Specific Assertions on Internal States Yingfei Xiong, Dan Hao, Lu Zhang, Tao Zhu, Muyao Zhu,

Specific Assertions on Internal States Yingfei Xiong, Dan Hao, Lu Zhang, Tao Zhu, Muyao Zhu,

PEKING UNIVERSITY Inner Oracles: Input- Specific Assertions on Internal States Yingfei Xiong, Dan Hao, Lu Zhang, Tao Zhu, Muyao Zhu, Tian Lan Peking University, China 2015 PEKING How a Test Detects a Bug UNIVERSITY Test Input Trigger a

381 views • 16 slides
H ANDLING I NVARIANTS IN THE P REDICATE CPA One manager class Exposes general methods for

H ANDLING I NVARIANTS IN THE P REDICATE CPA One manager class Exposes general methods for

A UGMENTING P REDICATE A NALYSIS W ITH A UXILIARY I NVARIANTS Thomas Stieglmaier September 23, 2016 University of Passau M OTIVATION Predicate Analysis SMT-based Abstraction of program, computed from a set of predicates CEGAR for

464 views • 34 slides
1* So*why*should*you*take*this*course?* * ***Visual*for*Bill*Gates*Quote**** *

1* So*why*should*you*take*this*course?* * ***Visual*for*Bill*Gates*Quote**** *

{HEADSHOT:*Intro*to*en1re*course}* * Hello* students.* * Im* Mayur* Naik,* a* professor* of* Computer* Science* at* Georgia* Tech.* * Welcome* to* SoIware*Analysis*and*Tes1ng.* *

787 views • 25 slides
Extended Static Checking Extended Static Checking Greg Nelson MJ 6 James B. Saxe MJ 6

Extended Static Checking Extended Static Checking Greg Nelson MJ 6 James B. Saxe MJ 6

Authors Authors Author Defn. Num.* K. Rustan M. Leino MJS 13 Extended Static Checking Extended Static Checking Greg Nelson MJ 6 James B. Saxe MJ 6 Wolfram Schulte S 3 David Detlefs M 2 Raymie Stata J 2 Mike Barnett S 2

239 views • 5 slides
Advances in Programming Languages APL4: JML The Java Modeling Language David Aspinall

Advances in Programming Languages APL4: JML The Java Modeling Language David Aspinall

Advances in Programming Languages APL4: JML The Java Modeling Language David Aspinall (slides originally by Ian Stark) School of Informatics The University of Edinburgh Thursday 21 January 2010 Semester 2 Week 2 N I V E U R S E I

1.17k views • 21 slides

More recommend