quickly detecting relevant program invariants
play

Quickly Detecting Relevant Program Invariants Michael Ernst, Adam - PowerPoint PPT Presentation

Oct 29, 2023 •442 likes •776 views

Quickly Detecting Relevant Program Invariants Michael Ernst, Adam Czeisler, Bill Griswold (UCSD), and David Notkin University of Washington http://www.cs.washington.edu/homes/mernst/daikon Michael Ernst, page 1 Overview Goal: improve

  1. Quickly Detecting Relevant Program Invariants Michael Ernst, Adam Czeisler, Bill Griswold (UCSD), and David Notkin University of Washington http://www.cs.washington.edu/homes/mernst/daikon Michael Ernst, page 1

  2. Overview Goal: improve dynamic invariant detection [ICSE 99, TSE] Relevance improvements: • add desired invariants (2 techniques) • eliminate undesired ones (3 techniques) Experiments validate the success Michael Ernst, page 2

  3. Program invariants Detect invariants (as in assert s or specifications) • x > abs(y) • x = 16*y + 4*z + 3 • array a contains no duplicates • for each node n , n = n.child.parent • graph g is acyclic Michael Ernst, page 3

  4. Uses for invariants • Write better programs [Gries 81, Liskov 86] • Document code • Check assumptions: convert to assert • Maintain invariants to avoid introducing bugs • Locate unusual conditions • Validate test suite: value coverage • Provide hints for higher-level profile-directed compilation [Calder 98] • Bootstrap proofs [Wegbreit 74, Bensalem 96] Michael Ernst, page 4

  5. Dynamic invariant detection is accurate Recovered formal specifications, found bugs Target programs: • The Science of Programming [Gries 81] • Program checkers [Detlefs 98, Xi 98] • MIT 6.170 student programs • Data Structures and Algorithm Analysis in Java [Weiss 99] Michael Ernst, page 5

  6. Dynamic invariant detection is useful 563-line C program: regexp search & replace [Hutchins 94, Rothermel 98] • Explicated data structures • Contradicted expectations, preventing bugs • Revealed bugs • Showed limited use of procedures • Improved test suite • Validated program changes Michael Ernst, page 6

  7. Dynamic invariant detection Original Instrumented program program Data trace Invariants database Detect Instrument Run invariants Test suite Look for patterns in values the program computes: • Instrument the program to write data trace files • Run the program on a test suite • Invariant engine reads data traces, generates potential invariants, and checks them Michael Ernst, page 7

  8. Checking invariants For each potential invariant: • instantiate (determine constants like a and b in y = a x + b) • check for each set of variable values • stop checking when falsified This is inexpensive: many invariants, each cheap Michael Ernst, page 8

  9. Relevance Usefulness to a programmer for a task Contingent on task and programmer We manually classified invariants Perfect output is unnecessary (and impossible) Michael Ernst, page 9

  10. Improved invariant relevance Add desired invariants: 1. Implicit values 2. Unused polymorphism Eliminate undesired invariants (and improve performance): 3. Unjustified properties 4. Redundant invariants 5. Incomparable variables Michael Ernst, page 10

  11. 1. Implicit values Goal: relationships over non-variables Examples: • for array a: length(a), sum(a), min(a), max(a) • for array a and scalar i: a[i], a[0..i] • for procedure p: #calls(p) Michael Ernst, page 11

  12. Derived variables Successfully produces desired invariants Adds many new variables Potential problems: • slowdown: interleave derivation and inference • irrelevant invariants: techniques 3 – 5, later in talk Michael Ernst, page 12

  13. 2. Unused polymorphism Variables declared with general type, used with more specific type Example: given a generic list that contains only integers, report that the contents are sorted Also applicable to subtype polymorphism Michael Ernst, page 13

  14. Unused polymorphism example class MyInteger { int value; … } class Link { Object element; Link next; … } class List { Link header; … } List myList = new List(); for (int i=0; i<10; i++) myList.add(new MyInteger(i)); Desired invariant: in class List , header. closure( next ) is sorted by  over key .element.value Michael Ernst, page 14

  15. Polymorphism elimination Daikon respects declared types Pass 1: front end outputs object ID, runtime type, and all known fields Pass 2: given refined type, front end outputs more fields Sound for deterministic programs Effective for programs tested so far Michael Ernst, page 15

  16. 3. Unjustified properties Given three samples for x : x = 7 x = – 42 x = 22 Potential invariants: x  0 x  22 x  – 42 Michael Ernst, page 16

  17. Statistical checks Check hypothesized distribution To show x  0 for v values of x in range of size r , v   1  probability of no zeroes is  r  1   Range limits (e.g., x  22): • same number of samples as neighbors (uniform) • more samples than neighbors (clipped) # of samples # of samples variable value variable value Michael Ernst, page 17

  18. Duplicate values Array sum program: // Sum array b of length n into variable s. i : = 0; s : = 0; while i  n do { s : = s + b [ i ]; i : = i + 1 } b is unchanged inside loop Problem: at loop head, – 88  b [ n – 1]  99 – 556  sum( b )  539 Reason: more samples inside loop Michael Ernst, page 18

  19. Disregard duplicate values Idea: count a value if its var was just modified Front end outputs modification bit per value • compared techniques for eliminating duplicates Result: eliminates undesired invariants Michael Ernst, page 19

  20. 4. Redundant invariants Given: 0  i  j Redundant: a [ i ]  a [0.. j ] max( a [0.. i ])  max( a [0.. j ]) Redundant invariants are logically implied Implementation contains many such tests Michael Ernst, page 20

  21. Suppress redundancies Avoid deriving variables: suppress 25-50% • equal to another variable • nonsensical (a[i] when i < 0) Avoid checking invariants: • false invariants: trivial improvement • true invariants: suppress 90% Avoid reporting trivial invariants: suppress 25% Michael Ernst, page 21

  22. 5. Unrelated variables Problem: the following are of no interest bool b; int *p; b < p int myweight, mybirthyear; myweight < mybirthyear Michael Ernst, page 22

  23. Limit comparisons Check relations only over comparable variables • declared program types • Lackwit [O’Callahan 97] : value flow analysis based on polymorphic type inference Michael Ernst, page 23

  24. Comparability results Comparisons: • declared types: 60% as many comparisons • Lackwit: 5% as many comparisons; scales well Runtime: 40-70% improvement Few differences in reported invariants Michael Ernst, page 24

  25. Future work Online inference Proving invariants Characterize good test suites New invariants: temporal, existential User interface • control over instrumentation • display and manipulation of invariants Further experimental evaluation • apply to more and bigger programs • apply to a variety of tasks Michael Ernst, page 25

  26. Related work Dynamic inference • inductive logic programming [Bratko 93, Cypher 93] • program spectra [Reps 97, Harrold 98] • finite state machines [Boigelot 97, Cook 98] Static inference • checking specifications [Detlefs 96, Evans 96, Jacobs 98] • specification extension [Givan 96, Hendren 92] • other [Jeffords 98, Henry 90, Ward 96] Michael Ernst, page 26

  27. Conclusions Naive implementation is infeasible Relevance improvements: accuracy, performance • add desired invariants • eliminate undesired invariants Experimental validation Dynamic invariant detection is promising for research and practice Michael Ernst, page 27

  28. Questions? Michael Ernst, page 28

  29. Ways to obtain invariants • Programmer-supplied • Static analysis: examine the program text [Cousot 77, Gannod 96] • properties are guaranteed to be true • pointers are intractable in practice • Dynamic analysis: run the program • complementary to static techniques Michael Ernst, page 29

  30. Unused polymorphism example class MyInteger { int value; … } class Link { Object element; Link next; … } class List { Link header; … } List myList = new List(); for (int i=0; i<10; i++) myList.add(new MyInteger(i)); Desired invariant: in class List , header. closure( next ) .element.value : sorted by  Michael Ernst, page 30

  31. Comparison with AI Dynamic invariant detection: Can be formulated as an AI problem Cannot be solved by current AI techniques • not classification or clustering • no noise • no negative examples; many positive examples • intelligible output Michael Ernst, page 31

  32. Is implication obvious? Want: size( topOfStack. closure( next )) = size(orig( topOfStack. closure( next ))) + 1 Get: size( topOfStack.next. closure( next )) = size( topOfStack. closure( next )) – 1 topOfStack.next. closure( next ) = orig( topOfStack. closure( next )) Solution: interactive UI, queries on variables Michael Ernst, page 32

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Detecting Image Splicing Using Geometry Invariants And Camera Characteristics Consistency

Detecting Image Splicing Using Geometry Invariants And Camera Characteristics Consistency

Detecting Image Splicing Using Geometry Invariants And Camera Characteristics Consistency Yu-Feng Jessie Hsu, Shih-Fu Chang Digital Video Multimedia Lab Department of Electrical Engineering, Columbia University Motivation: Image Forensics

692 views • 25 slides
Searching for Program Invariants using Genetic Programming and Mutation Testing Sam Ratcliff,

Searching for Program Invariants using Genetic Programming and Mutation Testing Sam Ratcliff,

Searching for Program Invariants using Genetic Programming and Mutation Testing Sam Ratcliff, David R. White and John A. Clark. The 13th CREST Open Workshop Thursday 12 May 2011 Outline Invariants Using GP to find Invariants Identifying

417 views • 38 slides
Likely Program Invariants Michael Ernst, Jake Cockrell, Bill Griswold (UCSD), and David Notkin

Likely Program Invariants Michael Ernst, Jake Cockrell, Bill Griswold (UCSD), and David Notkin

Dynamically Detecting Likely Program Invariants Michael Ernst, Jake Cockrell, Bill Griswold (UCSD), and David Notkin University of Washington Department of Computer Science and Engineering http://www.cs.washington.edu/homes/mernst/ Ernst,

287 views • 24 slides
Loop invariants &lt;precondition: n&gt;0&gt; int i = 0; while (i &lt; n){ i = i+1; We want to

Loop invariants &lt;precondition: n&gt;0&gt; int i = 0; while (i &lt; n){ i = i+1; We want to

4/23/16 Loop invariants as a way of reasoning about the state of your program Loop invariants &lt;precondition: n&gt;0&gt; int i = 0; while (i &lt; n){ i = i+1; We want to prove: } i==n right after the loop &lt;post condition: i==n&gt;

80 views • 7 slides
Daikon: Dynamic Analysis for Inferring Likely Invariants Reading: Dynamically Discovering Likely

Daikon: Dynamic Analysis for Inferring Likely Invariants Reading: Dynamically Discovering Likely

Daikon: Dynamic Analysis for Inferring Likely Invariants Reading: Dynamically Discovering Likely Program Invariants to Support Program Evolution 17-654/17-765 Analysis of Software Artifacts Jonathan Aldrich What is an Invariant? A

361 views • 22 slides
Leveraging Program Invariants to Promote Population Diversity in Search-Based Automatic Program

Leveraging Program Invariants to Promote Population Diversity in Search-Based Automatic Program

Leveraging Program Invariants to Promote Population Diversity in Search-Based Automatic Program Repair Zhen Yu Ding , Yiwei Lyu , Christopher S. Timperley , Claire Le Goues University of Pittsburgh, Carnegie Mellon

991 views • 64 slides
Invariants Associated to K-theoretic Methods and Complexity of Algebraic Cycle Groups Karim

Invariants Associated to K-theoretic Methods and Complexity of Algebraic Cycle Groups Karim

Invariants Associated to K-theoretic Methods and Complexity of Algebraic Cycle Groups Karim Mansour University of Alberta Department of Mathematics Alberta, Canada abdelgal@ualberta.ca December 04, 2100 Detecting geometry by its interaction

663 views • 53 slides
CS 220: Discrete Structures and their Applications Loop Invariants Chapter 3 in zybooks Program

CS 220: Discrete Structures and their Applications Loop Invariants Chapter 3 in zybooks Program

CS 220: Discrete Structures and their Applications Loop Invariants Chapter 3 in zybooks Program verification How do we know our program works correctly? In this lecture we will focus on a tool for verifying the correctness of programs that

605 views • 25 slides
Using Likely Invariants For Automated Software Fault Localization Swarup Sahoo, John Criswell,

Using Likely Invariants For Automated Software Fault Localization Swarup Sahoo, John Criswell,

Using Likely Invariants For Automated Software Fault Localization Swarup Sahoo, John Criswell, Chase Geigle, Vikram Adve Presented By: Matthew Perez and Thomas Rupp Motivation Detecting software bugs is time consuming and difficult Lots

150 views • 13 slides
12/6/2013 Detecting Fakes Image Forensics: Detecting Forged Photos 1.Detecting photorealistic

12/6/2013 Detecting Fakes Image Forensics: Detecting Forged Photos 1.Detecting photorealistic

12/6/2013 Detecting Fakes Image Forensics: Detecting Forged Photos 1.Detecting photorealistic graphics 2.Detecting manipulated images Photo manipulation is the application of image editing techniques to photographs in order to create an

306 views • 13 slides
The Yield to M Maturity (YTM) of Bonds and How to C Calculate It Quickly This Lesson: Very

The Yield to M Maturity (YTM) of Bonds and How to C Calculate It Quickly This Lesson: Very

The Yield to M Maturity (YTM) of Bonds and How to C Calculate It Quickly This Lesson: Very Important for DCM/LevFin Were going to start looking at concepts relevant for Debt Capital Markets (DCM) and Leveraged Finance (LevFin) teams. This

322 views • 13 slides
Decision Tree Based Learning of Program Invariants Deepak DSouza Department of Computer

Decision Tree Based Learning of Program Invariants Deepak DSouza Department of Computer

Floyd-Hoare Style Verification Decision Tree Learning ICE Learning Proofs with Multiple Invariants Decision Tree Based Learning of Program Invariants Deepak DSouza Department of Computer Science and Automation Indian Institute of Science,

648 views • 37 slides
Synthesis of Ranking Functions and Synthesis of Inductive Invariants and Synthesis of

Synthesis of Ranking Functions and Synthesis of Inductive Invariants and Synthesis of

Synthesis of Ranking Functions and Synthesis of Inductive Invariants and Synthesis of Recurrence Sets via Constraint Solving Andreas Podelski January 17, 2012 1 Program Verification and Constraints Reasoning about program

422 views • 28 slides
Fundamentals of Program Analysis + Generation of Linear Prg. Invariants Markus Mller-Olm

Fundamentals of Program Analysis + Generation of Linear Prg. Invariants Markus Mller-Olm

Fundamentals of Program Analysis + Generation of Linear Prg. Invariants Markus Mller-Olm Westflische Wilhelms-Universitt Mnster, Germany 2nd Tutorial of SPP RS3: Reliably Secure Software Systems Schloss Buchenau, September 3-6, 2012

1.74k views • 162 slides
Learning Loop Invariants for Program Verification Xujie Si*, Hanjun Dai*, Mukund Raghothaman,

Learning Loop Invariants for Program Verification Xujie Si*, Hanjun Dai*, Mukund Raghothaman,

Learning Loop Invariants for Program Verification Xujie Si*, Hanjun Dai*, Mukund Raghothaman, Mayur Naik, Le Song University of Pennsylvania Georgia Institute of Technology NeurIPS 2018 Code: https://github.com/PL-ML/code2inv * equal

386 views • 34 slides
Proving invariants: how many times a program should be unfolded ? Paul Caspi, Jan Mik

Proving invariants: how many times a program should be unfolded ? Paul Caspi, Jan Mik

Proving invariants: how many times a program should be unfolded ? Paul Caspi, Jan Mik VERIMAG Grenoble Problem definition 1 A closed system state space S initial state I is a predicate on S transition relation T is a predicate on S

161 views • 13 slides
File System Aging: Increasing the Relevance of File System Benchmarks Keith A. Smith Margo I.

File System Aging: Increasing the Relevance of File System Benchmarks Keith A. Smith Margo I.

File System Aging: Increasing the Relevance of File System Benchmarks Keith A. Smith Margo I. Seltzer Harvard University Division of Engineering and Applied Sciences File System Performance 3.0 Read Throughput (MB/sec) 2.5 2.0 1.5 1.0

541 views • 42 slides
Relevance Feedback in Web Search Sergei Vassilvitskii (Stanford University) Eric Brill

Relevance Feedback in Web Search Sergei Vassilvitskii (Stanford University) Eric Brill

Relevance Feedback in Web Search Sergei Vassilvitskii (Stanford University) Eric Brill (Microsoft Research) Introduction Web search is a non-interactive system. Exceptions are spell checking and query suggestions By design search

539 views • 26 slides
CiviBooking A first look Civi booking What did we have? For our previous client we developed

CiviBooking A first look Civi booking What did we have? For our previous client we developed

CiviBooking A first look Civi booking What did we have? For our previous client we developed a bespoke room booking system Book a single resource To one or more contacts Create a slot Clients can then pay for a

326 views • 20 slides
www.drupaleurope.org The Future of Drupal Watchdog Magazine Brian Osborn, Drupal Watchdog

www.drupaleurope.org The Future of Drupal Watchdog Magazine Brian Osborn, Drupal Watchdog

www.drupaleurope.org The Future of Drupal Watchdog Magazine Brian Osborn, Drupal Watchdog Publisher Drupal Community Track Drupal Watchdog @drupalwatchdog www.drupalwatchdog.com Drupal Watchdog - History First launched in 2011

358 views • 11 slides
Extracting Relevant Information from Samples Naftali Tishby School of Computer Science and

Extracting Relevant Information from Samples Naftali Tishby School of Computer Science and

Mathematics of relevance The Information Bottleneck Method Further work and Conclusions Extracting Relevant Information from Samples Naftali Tishby School of Computer Science and Engineering Interdisciplinary Center for Neural Computation The

707 views • 60 slides
Constructing a sigma model from semiclassics In collaboration with: Alexander Altland, Petr

Constructing a sigma model from semiclassics In collaboration with: Alexander Altland, Petr

Constructing a sigma model from semiclassics In collaboration with: Alexander Altland, Petr Braun, Fritz Haake, Stefan Heusler Sebastian Mller Approaches to spectral statistics Semiclassics Approaches to spectral statistics Semiclassics

1.36k views • 80 slides
The Importance of Being Zero T OM AS R ECIO , J. R AFAEL S ENDRA AND C ARLOS V ILLARINO . P

The Importance of Being Zero T OM AS R ECIO , J. R AFAEL S ENDRA AND C ARLOS V ILLARINO . P

S1 ISSAC18, July 16-19, 2018, New York, NY, USA. The Importance of Being Zero T OM AS R ECIO , J. R AFAEL S ENDRA AND C ARLOS V ILLARINO . P RESENTED BY : L AUREANO G ONZ ALEZ -V EGA . T HIS WORK IS PARTIALLY SUPPORTED BY THE RESEARCH

974 views • 29 slides
PRODUCTION AND FIRMS PART I WHAT IS A FIRM? Traditional or textbook view: Firm essentially

PRODUCTION AND FIRMS PART I WHAT IS A FIRM? Traditional or textbook view: Firm essentially

ECO 300 Fall 2005 October 13 PRODUCTION AND FIRMS PART I WHAT IS A FIRM? Traditional or textbook view: Firm essentially defined by its technology of production: Outputs = F(Inputs); Buys or hires inputs in markets; produces and

385 views • 6 slides

More recommend