searching for program invariants using genetic
play

Searching for Program Invariants using Genetic Programming and - PowerPoint PPT Presentation

Jan 31, 2024 •37 likes •417 views

Searching for Program Invariants using Genetic Programming and Mutation Testing Sam Ratcliff, David R. White and John A. Clark. The 13th CREST Open Workshop Thursday 12 May 2011 Outline Invariants Using GP to find Invariants Identifying

  1. Searching for Program Invariants using Genetic Programming and Mutation Testing Sam Ratcliff, David R. White and John A. Clark. The 13th CREST Open Workshop Thursday 12 May 2011

  2. Outline Invariants Using GP to find Invariants Identifying Interesting Invariants Summary

  3. Outline Invariants Using GP to find Invariants Identifying Interesting Invariants Summary

  4. What is an invariant? Algorithm 1 Array sum program i , s := 0 , 0; do i � = n → i , s := i + 1 , s + b [ i ] od Precondition: n ≥ 0 Postcondition: s = � n − 1 j =0 b [ j ] Loop invariant: 0 ≤ i ≤ n and s = � i − 1 j =0 b [ j ]

  5. What use is an invariant? What are they good for? They can be provided as a specification for a programmer. They can be used to derive programs or to prove them correct. A well-known example of their use is in the design-by-contract paradigm.

  6. How do we create invariants? They are provided by the programmer (sometimes). We can also try to generate invariants for a given program. . .

  7. The Daikon Invariant Generator Java Program Front-end T est Harness Trace Data T emplate Instantiation Invariant Candidate Filtering Invariants

  8. The Limitations of Daikon Daikon is limited in two regards: • templates are restricted in size to make instantiation tractable. • invariants are limited to those embodied in the repository of templates. We would like to be able to locate invariants of arbitrary size and complexity. . .

  9. Outline Invariants Using GP to find Invariants Identifying Interesting Invariants Summary

  10. Using GP to find Invariants Two different approaches: Daikon Brute force-enumeration and data-driven restriction. Search Approach Construction of invariants guided by heuristics.

  11. Method 1. Loop invariants are considered by adding dummy methods (Daikon deals in method entry/exit points). 2. Daikon’s front-end tools are used to generate execution traces. 3. GP is used to search the space of invariants. (Fitness is the number of samples the invariant is consistent with). 4. Fully-consistent invariants are added to an archive. 5. Syntactic equivalents subsequently punished. 6. Archive is output at the end of the search.

  12. Method Overview Program Daikon Trace Front-end Data T est Harness ECJ Candidate Invariants

  13. GP Search A GP search is run for each method. Used population sizes of { 100,250 } , and similar total number of generations. Mutation (p=0.9) heavily favoured over crossover (p=0.1).

  14. GP Search A GP search is run for each method. Used population sizes of { 100,250 } , and similar total number of generations. Mutation (p=0.9) heavily favoured over crossover (p=0.1). → Emphasis on individual improvements, exploiting syntactic similarity of consistent invariants.

  15. Functions over Variables Function Description = Equals = 0 Equals zero Greater than > ≥ Greater than or equal to ≥ 0 Greater than or equal to 0 ≥ 1 Greater than or equal to 1 % Modulo � = Is not equal to � = 0 Is not equal to zero

  16. Function over Arrays Function Description ArrayElement Value at array position ArrayLessThan Lexical comparison of two arrays ArrayLEQ Lexical comparison of two arrays ArraysEqual Numeric comparison of two arrays IsMemberOf Membership of an array LEQAllElements Compare value to all values in array MaxIndex The last index of an array NotNull Check if array is not null PreviousElement Element at position prior to argument Size Array size SortedArray Is array sorted?

  17. Functions used by Gries Function Description AND Logical AND ArraySum Array sum GCD Greatest common divisor of variables IsMemberSubArray Does the subarray contain this value? LEQSubArray Compare value to subarray ≤ 0 Less than or equal to zero Negative Multiply by -1 OR Logical OR PermOfFour Permutation of four values PermOfTwo Permutation of two values

  18. Example Programs One set taken from Gries’ work, used previously in Daikon: Example Inputs Description Abs int x x set to abs(x) ArraySum int[ ] b, int s s set to sum(b) FourTupleSort int q0, q1, q2, q3 inputs ordered GCD int x, y x set to gcd(x,y) Max int x, y, z z set to max(x,y) MinArray int[ ] b, int x x set to min. value in b Perm int x, y x and y ordered by < . . . and also Bubble Sort, Insertion Sort, Quicksort and Selection Sort.

  19. Results (1/2) Example Program Point Median Percentage Found Abs abs 100.00 ArraySum arraysum 100.00 ArraySum loop 92.86 BubbleSort bubblesort 100.00 BubbleSort inner loop 100.00 BubbleSort outer loop 100.00 FourTupleSort fourtuplesort 100.00 GCD gcd 100.00 GCD loop 66.67 InsertionSort insertionsort 100.00 InsertionSort inner loop 53.45 InsertionSort outer loop 86.84

  20. Results (2/2) Example Program Point Median Percentage Found Max max 100.00 MinArray minarray 100.00 MinArray loop 100.00 Perm perm 100.00 Quicksort dummy 100.00 Quicksort partition 63.56 Quicksort quicksort 100.00 Quicksort quicksortrecursive 62.50 SelectionSort selectionsort 100.00 SelectionSort inner loop 72.50 SelectionSort outer loop 100.00

  21. Outline Invariants Using GP to find Invariants Identifying Interesting Invariants Summary

  22. Uninteresting Invariants Success rates look impressive: we have found most of the Daikon invariants. There’s something I didn’t mention - for one experiment, we found . . .

  23. Uninteresting Invariants Success rates look impressive: we have found most of the Daikon invariants. There’s something I didn’t mention - for one experiment, we found . . . 45 997 invariants!

  24. That’s a lot of invariants 3000 abs arraysum arraysum loop 2500 quicksort quicksort recursive quicksort partition 2000 Invariants found 1500 1000 500 0 0 200 400 600 800 1000 Population size, Generations

  25. What are these invariants? Some of them are: • Tautologies. • Syntactic equivalents of the Daikon invariants.

  26. What are these invariants? Some of them are: • Tautologies. • Syntactic equivalents of the Daikon invariants. . . . but some of them are just plain obvious, irrelevant or uninteresting. How can we get rid of them?

  27. Using Mutation Testing Mutation Testing Good test data can identify small syntactic errors. Mutation Fragility Test Useful invariants are those general enough to be consistent with the traces of the program yet specific enough to be inconsistent with the trace data of (first-order) mutants.

  28. Mutation Fragility Test Program Program MuJava Mutants Mutation T est Daikon Trace Harness Front-end Data Mutant Trace Data Trace Generation Ordered Fragility Candidate ECJ Invariants T est Invariants Invariant Filtering Search

  29. Mutation Fragility Test Each invariant i is therefore assigned a priority score, p ( i ): 1 1 � � p ( i ) = c ( i , s ) (1) | M | | S | m ∈ M s ∈ S M is the set of relevant mutants, S the set of sample data points for a mutant, c ( i , s ) is 1 if the invariant is consistent with the mutant datapoint. We can then order the invariant list by this value.

  30. Results: the Brief Highlights Algorithm 1 Array sum program i , s := 0 , 0; do i � = n → i , s := i + 1 , s + b [ i ] od Precondition: n ≥ 0 Postcondition: s = � n − 1 j =0 b [ j ] Loop invariant: 0 ≤ i ≤ n and s = � i − 1 j =0 b [ j ]

  31. Results: the Brief Highlights For the ArraySum method and loop program points, the system generated 1837 and 789 invariants respectively. Hence a programmer must examine 2626 invariants.

  32. Results: the Brief Highlights For the ArraySum method and loop program points, the system generated 1837 and 789 invariants respectively. Hence a programmer must examine 2626 invariants. When the mutant fragility metric is used to order them, only 17 must be examined.

  33. Results: the Brief Highlights Similarly, the GCD example from Gries includes an invariant that is ranked 1 out of 3114 invariants!

  34. Results: Summary Method Invariant Depth Total arraysum orig ( n ) ≥ 0 1837 1837 s = � n − 1 arraysum k =0 b [ k ] 4 1837 arraysum.loop i ≥ 0 340 789 arraysum.loop n ≥ i 289 789 s = � i − 1 arraysum.loop k =0 b [ k ] 789 13 fourtuplesort q 0 ≤ q 1 123 557 fourtuplesort q 1 ≤ q 2 136 557 fourtuplesort q 2 ≤ q 3 142 557 gcd orig ( x ) ≥ 1 1685 1685 gcd orig ( y ) ≥ 1 1685 1685 gcd x = gcd ( orig ( x ) , orig ( y ) 15 1685 gcd x ≥ 1 1228 1685 gcd x = y 135 1685 gcd gcd ( x , y ) = gcd ( orig ( x ) , orig ( y )) 243 1685 gcd.loop x ≥ 1 358 3114 gcd.loop gcd ( x , y ) = gcd ( orig ( x ) , orig ( y )) 691 3114 gcd.loop x = gcd ( orig ( x ) , orig ( y ) 1 3114

  35. Results: Summary II Method Invariant Depth Total max z ≥ x 11055 11055 max z ≥ y 555 11055 max ( z = x ) ∨ z = y ) 1172 11055 minarray n ≥ i 1506 1506 minarray ∀ k , 0 ≥ k ≤ i − 1 , x ≤ b [ k ] 22 1506 minarray x ∈ b 24 1506 minarray.loop i ≥ 1 571 2173 minarray.loop n ≥ i 571 2173 minarray.loop ∀ k , 0 ≥ k ≤ i − 1 , x ≤ b [ k ] 2173 38 minarray.loop x ∈ b 2173 18 perm x ≤ y 243 40 perm { x , y } is perm. of { y , x } 243 8

  36. Outline Invariants Using GP to find Invariants Identifying Interesting Invariants Summary

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

1 2 Genetic Program Genetic Program Parameter 3 Genetic Program Genetic Program 4 Softcoding

1 2 Genetic Program Genetic Program Parameter 3 Genetic Program Genetic Program 4 Softcoding

1 2 Genetic Program Genetic Program Parameter 3 Genetic Program Genetic Program 4 Softcoding Platform Softcoding Platform Faster More affordable More affordable More predictable 5 Modulating Softcoding Platform g Genetic

1.13k views • 68 slides
Genetic Programming What is it? Genetic Programming Genetic programming (GP) is an

Genetic Programming What is it? Genetic Programming Genetic programming (GP) is an

Genetic Programming What is it? Genetic Programming Genetic programming (GP) is an automated method for creating a working computer program from a high-level problem statement of a problem. Genetic programming starts from a high-

197 views • 8 slides
Loop invariants &lt;precondition: n&gt;0&gt; int i = 0; while (i &lt; n){ i = i+1; We want to

Loop invariants &lt;precondition: n&gt;0&gt; int i = 0; while (i &lt; n){ i = i+1; We want to

4/23/16 Loop invariants as a way of reasoning about the state of your program Loop invariants &lt;precondition: n&gt;0&gt; int i = 0; while (i &lt; n){ i = i+1; We want to prove: } i==n right after the loop &lt;post condition: i==n&gt;

80 views • 7 slides
Daikon: Dynamic Analysis for Inferring Likely Invariants Reading: Dynamically Discovering Likely

Daikon: Dynamic Analysis for Inferring Likely Invariants Reading: Dynamically Discovering Likely

Daikon: Dynamic Analysis for Inferring Likely Invariants Reading: Dynamically Discovering Likely Program Invariants to Support Program Evolution 17-654/17-765 Analysis of Software Artifacts Jonathan Aldrich What is an Invariant? A

361 views • 22 slides
Leveraging Program Invariants to Promote Population Diversity in Search-Based Automatic Program

Leveraging Program Invariants to Promote Population Diversity in Search-Based Automatic Program

Leveraging Program Invariants to Promote Population Diversity in Search-Based Automatic Program Repair Zhen Yu Ding , Yiwei Lyu , Christopher S. Timperley , Claire Le Goues University of Pittsburgh, Carnegie Mellon

991 views • 64 slides
CS 220: Discrete Structures and their Applications Loop Invariants Chapter 3 in zybooks Program

CS 220: Discrete Structures and their Applications Loop Invariants Chapter 3 in zybooks Program

CS 220: Discrete Structures and their Applications Loop Invariants Chapter 3 in zybooks Program verification How do we know our program works correctly? In this lecture we will focus on a tool for verifying the correctness of programs that

605 views • 25 slides
Searching for the genetic basis of complex traits in humans and primates Vasily Ramensky UCLA

Searching for the genetic basis of complex traits in humans and primates Vasily Ramensky UCLA

Searching for the genetic basis of complex traits in humans and primates Vasily Ramensky UCLA Center for Neurobehavioral Genetics 22/03/16 University of California Los Angeles Center for Neurobehavioral Genetics -- 35-year project aimed to

742 views • 46 slides
Decision Tree Based Learning of Program Invariants Deepak DSouza Department of Computer

Decision Tree Based Learning of Program Invariants Deepak DSouza Department of Computer

Floyd-Hoare Style Verification Decision Tree Learning ICE Learning Proofs with Multiple Invariants Decision Tree Based Learning of Program Invariants Deepak DSouza Department of Computer Science and Automation Indian Institute of Science,

648 views • 37 slides
Synthesis of Ranking Functions and Synthesis of Inductive Invariants and Synthesis of

Synthesis of Ranking Functions and Synthesis of Inductive Invariants and Synthesis of

Synthesis of Ranking Functions and Synthesis of Inductive Invariants and Synthesis of Recurrence Sets via Constraint Solving Andreas Podelski January 17, 2012 1 Program Verification and Constraints Reasoning about program

422 views • 28 slides
Fundamentals of Program Analysis + Generation of Linear Prg. Invariants Markus Mller-Olm

Fundamentals of Program Analysis + Generation of Linear Prg. Invariants Markus Mller-Olm

Fundamentals of Program Analysis + Generation of Linear Prg. Invariants Markus Mller-Olm Westflische Wilhelms-Universitt Mnster, Germany 2nd Tutorial of SPP RS3: Reliably Secure Software Systems Schloss Buchenau, September 3-6, 2012

1.74k views • 162 slides
Learning Loop Invariants for Program Verification Xujie Si*, Hanjun Dai*, Mukund Raghothaman,

Learning Loop Invariants for Program Verification Xujie Si*, Hanjun Dai*, Mukund Raghothaman,

Learning Loop Invariants for Program Verification Xujie Si*, Hanjun Dai*, Mukund Raghothaman, Mayur Naik, Le Song University of Pennsylvania Georgia Institute of Technology NeurIPS 2018 Code: https://github.com/PL-ML/code2inv * equal

386 views • 34 slides
Proving invariants: how many times a program should be unfolded ? Paul Caspi, Jan Mik

Proving invariants: how many times a program should be unfolded ? Paul Caspi, Jan Mik

Proving invariants: how many times a program should be unfolded ? Paul Caspi, Jan Mik VERIMAG Grenoble Problem definition 1 A closed system state space S initial state I is a predicate on S transition relation T is a predicate on S

161 views • 13 slides
Genetic.io Genetic Algorithms in all their shapes and forms ! Genetic.io Make something of your

Genetic.io Genetic Algorithms in all their shapes and forms ! Genetic.io Make something of your

Genetic.io Genetic Algorithms in all their shapes and forms ! Genetic.io Make something of your big data Julien Sebrien Self-taught, passion for development. Java, Cassandra, Spark, JPPF . @jsebrien, julien.sebrien@genetic.io

440 views • 43 slides
Linguistics 384: Language and Computers Operators Searching the web Topic 2: Searching

Linguistics 384: Language and Computers Operators Searching the web Topic 2: Searching

Language and Computers Topic 2: Searching Introduction Text Speech Searching in a Library Catalogue Special characters Linguistics 384: Language and Computers Operators Searching the web Topic 2: Searching Operators Improving searching

597 views • 36 slides
Searching Tiziana Ligorio 1 Todays Plan Searching algorithms and their analysis 2

Searching Tiziana Ligorio 1 Todays Plan Searching algorithms and their analysis 2

Searching Tiziana Ligorio 1 Todays Plan Searching algorithms and their analysis 2 Searching Looking for something! In this discussion we will assume searching for an element in an array 3 Linear search Most intuitive

269 views • 25 slides
GENERATING INVARIANTS IN POSITIVE CHARACTERISTIC VISU MAKAM Abstract. The ring of invariants for a

GENERATING INVARIANTS IN POSITIVE CHARACTERISTIC VISU MAKAM Abstract. The ring of invariants for a

GENERATING INVARIANTS IN POSITIVE CHARACTERISTIC VISU MAKAM Abstract. The ring of invariants for a rational representation of a reductive group is finitely generated by the results of Hilbert, Nagata and Haboush. However, the proof is not

482 views • 3 slides
Daikon: Dynamic Analysis for Inferring Likely Invariants Reading:

Daikon: Dynamic Analysis for Inferring Likely Invariants Reading:

Daikon: Dynamic Analysis for Inferring Likely Invariants Reading:

650 views • 17 slides
Extreme multilabel learning Charles Elkan Amazon Fellow December 12, 2015 1/32 Massive

Extreme multilabel learning Charles Elkan Amazon Fellow December 12, 2015 1/32 Massive

Extreme multilabel learning Charles Elkan Amazon Fellow December 12, 2015 1/32 Massive multilabel classification In the world of big data, it is common to have many training examples (10 6 instances) high-dimensional data (10 6 features) many

501 views • 32 slides
Implemen(ng Threads and Synchroniza(on Jeff Chase Duke

Implemen(ng Threads and Synchroniza(on Jeff Chase Duke

D D u k e S y s t t e m s Implemen(ng Threads and Synchroniza(on Jeff Chase Duke University Operating Systems: The Classical View Each process Programs has a private run as data data virtual address

734 views • 59 slides
DySy: Dynamic Symbolic Execution for Invariant Inference C. Csallner N. Tillmann Y.

DySy: Dynamic Symbolic Execution for Invariant Inference C. Csallner N. Tillmann Y.

DySy: Dynamic Symbolic Execution for Invariant Inference C. Csallner N. Tillmann Y. Smaragdakis Marc Egg Invariant Inference Object top() { if(Empty) return null; return theArray[topOfStack]; } Invariant Inference Tool

465 views • 20 slides
DySy Dynamic Symbolic Execution for Invariant Inference April 28th 2009 Lukas Schwab

DySy Dynamic Symbolic Execution for Invariant Inference April 28th 2009 Lukas Schwab

Seminar in Software Engineering DySy Dynamic Symbolic Execution for Invariant Inference April 28th 2009 Lukas Schwab lschwab@student.ethz.ch The authors Christoph Csallner - College of Computing, Georgia Tech Nikolai Tillmann -

750 views • 25 slides
Automatic Generation of Program Specifications Jeremy Nimmer MIT Lab for Computer Science

Automatic Generation of Program Specifications Jeremy Nimmer MIT Lab for Computer Science

Automatic Generation of Program Specifications Jeremy Nimmer MIT Lab for Computer Science http://pag.lcs.mit.edu/ Joint work with Michael Ernst Jeremy Nimmer, page 1 Synopsis Specifications are useful for many tasks Use of specifications

485 views • 29 slides
An Empirical Comparison of Automated Generation and Classification Techniques for

An Empirical Comparison of Automated Generation and Classification Techniques for

An Empirical Comparison of Automated Generation and Classification Techniques for Object-Oriented Unit Testing Marcelo dAmorim (UIUC) Carlos Pacheco (MIT) Tao Xie (NCSU) Darko Marinov (UIUC) Michael D. Ernst (MIT) Automated Software

513 views • 33 slides
Extending Dynamic Constraint Detection with Disjunctive Constraints Nadya Kuzmina John Paul

Extending Dynamic Constraint Detection with Disjunctive Constraints Nadya Kuzmina John Paul

Extending Dynamic Constraint Detection with Disjunctive Constraints Nadya Kuzmina John Paul Ruben Gamboa James Caldwell University of Wyoming Dynamic Constraint Detection Fixed grammar of universal properties. Serves well for the

500 views • 27 slides

More recommend