systematic software analysis using sat
play

Systematic Software Analysis Using SAT Sarfraz Khurshid University - PowerPoint PPT Presentation

Dec 23, 2022 •6 likes •286 views

Systematic Software Analysis Using SAT Sarfraz Khurshid University of Texas at Austin khurshid@utexas.edu SAT/SMT/AR Summer School Lisbon, Portugal July 5, 2019 Overview SAT solvers have many uses, e.g., model fjnding, model enumeratjon,

  1. Systematic Software Analysis Using SAT Sarfraz Khurshid University of Texas at Austin khurshid@utexas.edu SAT/SMT/AR Summer School Lisbon, Portugal July 5, 2019

  2. Overview SAT solvers have many uses, e.g., model fjnding, model enumeratjon, and model countjng This lecture focuses on model enumeratjon It has many applicatjons in sofuware (and hardware) engineering ● Testjng : create high quality test suites ● Analysis: illustrate difgerent counterexamples ● Synthesis: create alternatjve implementatjons ● Repair: create alternatjve fjxes 2

  3. An application of enumeration Systematjc testjng of code using specs [ASE’01] ● Idea: create all “small” inputs, and test against them ● High quality suites with non-equivalent inputs ● Symmetry breaking [SAT’03] ● Enabling technology: Alloy tool-set [Jackson-FSE’00] ● Alloy: relatjonal fjrst-order logic + transitjve closure ● Alloy analyzer: SAT-based tool for automatjc analysis ● htup://alloy.mit.edu 3

  4. Outline Basics of sofuware testjng ● Focus: programs with structurally complex inputs Basics of Alloy Basics of systematjc testjng ● Create non-equivalent tests using symmetry breaking Conclusions 4

  5. Structurally complex data 5

  6. Acyclic singly-linked list class SLList { // class invariant: acyclic and size-okay Node header ; int size ; 0 1 static class Node { int elem ; Node next ; } 0 0 void add( int x) { // pre-cond: class invariant (this) // post-cond: class invariant (this) 0 1 // and x is added at the head Node n = new Node(); n. elem = x; 1 0 n. next = header ; header = n; size ++; } 1 1 void remove( int x) { /*... */ } 6

  7. How to create an input list? Write a test (by hand) Two basic ways: at abstract level or at concrete level @Test public void abst() { @Test public void conc() { // create receiver object state // create receiver object state SLList l = new SLList(); SLList l = new SLList(); l.add(0); Node n0 = new Node(); l. header = n0; l. size = 1; n0. elem = 0; n0. next = null ; // execute method to test // execute method to test l.remove(1); l.remove(1); // (partially) check output // (partially) check output assertEquals (0, l. header . elem ); assertEquals (0, l. header . elem ); } } 7

  8. How to create many lists? Can write a test generator (by hand) Can automate using non-deterministjc choice , e.g., with the Java PathFinder [htups://github.com/javapathfjnder] static List abstractGen() { List l = new List(); int length = Verify. getInt (0, 2); for ( int i = 0; i < length; i++) { boolean method = Verify. getBoolean (); int arg = Verify. getInt (0, 1); if (method) { l.add(arg); } else { l.remove(arg); } } return l; } 8

  9. Abstract-level generation Advantage: simple to automate Disadvantage: ● Hard to test partjal implementatjons ● To test remove , must implement add fjrst ● Hard to avoid equivalent tests ● E.g., naive exploratjon creates 21 method sequences: ε, “add(0)”, “add(1)”, “remove(0)”, “remove(1)”, “add(0); add(0)”, “add(0); add(1)”, “add(0); remove(0)”, “add(0); remove(1)”, ... 9

  10. How to create many lists – at the concrete level? Again, can write a test generator (by hand), or automate using non-deterministjc choice Advantage: effjcient, high quality test generatjon Disadvantage: ● Difgerent structures require difgerent generators ● Writjng the generators can be hard ● No textbook methods ● Cannot simply sample at random: # valid /# all → 0 ● Generators need to account for symmetry breaking Idea : use logical constraints and model enumeratjon! 10

  11. Constraint-based generation Observe: each input must be a valid structure ● Acyclic , singly-linked list Approach: characterize validity propertjes as logical constraints, and solve them [ASE’01] solve translate input all small tests constraint instances Two key questjons: ● How to write the constraints? ● How to solve the constraints to fjnd one, many, or all solutjons? 11

  12. How to write constraints? Use a declaratjve language, e.g., Alloy pred Acyclic(l: List) { all n: l.header.*link | n ! in n.^link } Use an imperatjve language, e.g., Java boolean repOk() { if ( header == null ) return size == 0; Set<Node> visited = new HashSet<Node>(); Node current = header ; while (current != null ) { if (!visited.add(current)) return false ; current = current. next ; } return size == visited.size(); } 12

  13. How to solve constraints? For Alloy, its analyzer provides fully automatjc solving using ofg-the-shelf SAT technology ● Kodkod back-end [TorlakJackson-TACAS’07] ● Supports several SAT solvers For Java, there are four basic approaches: ● Translate to SAT, a la bounded model checking [Biere+TACAS’99, JacksonVaziri-ISSTA’00] ● Use symbolic executjon [King-CACM’76, TACAS’03] ● For each path that returns true, create input(s) ● Filter (naively) all candidates using repOk ● Use a dedicated solver for Java, e.g., Korat [ISSTA’02] 13

  14. Non-det. choice and fjltering static void concreteGen() { // allocate objects SLList l = new SLList(); Node n1 = new Node(); Node n2 = new Node(); // build domain(s) Node[] nodes = new Node[]{ null , n1, n2 }; // initialize fields l. header = nodes[Verify. getInt (0, nodes. length - 1)]; l. size = Verify. getInt (0, 2); n1. elem = Verify. getInt (0, 1); n1. next = nodes[Verify. getInt (0, nodes. length - 1)]; n2. elem = Verify. getInt (0, 1); n2. next = nodes[Verify. getInt (0, nodes. length - 1)]; // check validity if (l.repOk()) { // output list } } 14

  15. Solving imperative constraints repOk is a logical constraint writuen in an imperatjve language, hence termed imperatjve constraint Solving repOk using naive fjltering is infeasible ● Checks every candidate in the state space (e.g., 324) ● Creates too many solutjons that are redundant ● E.g., 68 valid lists (instead of 7 that we expect) However, repOk can be used to prune the search and make it feasible [ISSTA’02] ● Korat prunes and checks only non-isomomorphic candidates (e.g., 31) ● Creates non-equivalent solutjons (e.g., 7 valid lists) 15

  16. Alloy

  17. Alloy demo 17

  18. An Alloy specifjcation Linked list example module list one sig List { // set of list atoms header: lone Node } // header: List x Node sig Node { // set of node atoms link: lone Node } // link: Node x Node pred RepOk(l: List) { all n: l.header.*link | n ! in n.^link } 18

  19. Alloy: simulation Linked list example module list one sig List { // set of list atoms header: lone Node } // header: List x Node sig Node { // set of node atoms link: lone Node } // link: Node x Node pred RepOk(l: List) { all n: l.header.*link | n ! in n.^link } run RepOk // default scope is 3 fact Reachability { List.header.*link = Node } 19

  20. Alloy: checking Linked list example sig List { header: lone Node } sig Node { link: lone Node } pred RepOk(l: List) { all n: l.header.*link | n ! in n.^link } pred RepOk2(l: List) { no l.header or some n: l.header.*link | no n.link } assert Equivalence { all l: List | RepOk[l] <=> RepOk2[l] } check Equivalence // for 1, 2, 3, 4, 5, 6, ... 20

  21. Symmetry breaking (SB) Alloy adapts Crawford’s symmetry breaking predicates to remove some, but not all, symmetries [Shlyakhter-SAT’01] We can remove all symmetries – for a class of structures – by writjng additjonal constraints in Alloy [SAT’03] ● For example: ● Defjne a linear order on nodes ● Add constraints to defjne a “traversal” and require the nodes to be “visited” w.r.t. the linear order 21

  22. Full symmetry breaking: lists Linked list example open util/ordering[Node] module list one sig List { header: lone Node } sig Node {link: lone Node } pred RepOk(l: List) { all n: l.header.*link | n ! in n.^link } fact SymmetryBreaking { List.header in first[] all n: List.header.*link | n.link in next[n] } 22

  23. Full symmetry breaking: binary search trees Linked list example fact SymmetryBreaking { // pre-order Tree.root in first[] all n: Tree.root.*(left + right) { some n.left implies n.left in next[n] no n.left implies n.right in next[n] some n.right and some n.left implies n.right in next[max[n.left.*(left + right)]] } } 23

  24. Full symmetry breaking: illustration For exactly 3 nodes (and integer keys {1, 2, 3}), there are 3! = 6 trees in each isomorphism class, e.g., ● Each permutatjon of node identjtjes ( N 0 , N 1 , N 2 ) gives an isomorphic tree With the SymmetryBreaking fact only 1 tree (that respects the pre-order traversal constraint) per class is generated 24

  25. Importance of symmetry breaking With no symmetry breaking the number of solutjons goes up by a factor that is exponentjal in the number of nodes ● Also, the solver can sufger a substantjal slowdown E.g., with full symmetry breaking, there are 5 trees (with 3 nodes and keys {1, 2, 3}): ● With no symmetry breaking, there are 5 x 3! = 30 trees For red-black trees with 9 nodes, solving tjme is >5x less for full symmetry breaking vs. Alloy’s default SB [SAT’03] 25

  26. Results (historic context) Using Alloy with mChafg back in the early 2000’s [SAT’03] 26

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Seminar on Enterprise Software Raimundas Matulevi ius rma@ut.ee 1 How to do a systematic

Seminar on Enterprise Software Raimundas Matulevi ius rma@ut.ee 1 How to do a systematic

Seminar on Enterprise Software Raimundas Matulevi ius rma@ut.ee 1 How to do a systematic literature review ? Kitchenham B., Charters S. (2007) Guidelines for performing Systematic Literature Reviews in Software Engineering EBSE

476 views • 11 slides
Systematic Analysis of testing-related Systematic Analysis of testing-related publications

Systematic Analysis of testing-related Systematic Analysis of testing-related publications

Systematic Analysis of testing-related Systematic Analysis of testing-related publications concerning reprocucibility publications concerning reprocucibility and comparability and comparability Bachelor's Thesis Defense by Artur Solomonik

920 views • 59 slides
System Analysis Preliminaries Jonathan Thaler Department of Computer Science 1 / 12 Software

System Analysis Preliminaries Jonathan Thaler Department of Computer Science 1 / 12 Software

System Analysis Preliminaries Jonathan Thaler Department of Computer Science 1 / 12 Software Engineering Definition Software engineering is the systematic application of engi- neering approaches to the development of software . It is an

672 views • 12 slides
Contextual Analysis SWEN-444 Contextual analysis Systematic analysis of contextual user work

Contextual Analysis SWEN-444 Contextual analysis Systematic analysis of contextual user work

Contextual Analysis SWEN-444 Contextual analysis Systematic analysis of contextual user work activity data Identification, sorting, organization, interpretation, consolidation, and communication For purpose of understanding work context for

449 views • 26 slides
A Gamification Requirements Catalog for Educational Software: Results from a Systematic

A Gamification Requirements Catalog for Educational Software: Results from a Systematic

Universidade Federal de Pernambuco A Gamification Requirements Catalog for Educational Software: Results from a Systematic Literature Review and a Survey with Experts Mariana Peixoto and Carla Silva {mmp2, ctlls}@cin.ufpe.br ACM SAC -

708 views • 17 slides
Which companies are exploring well; A systematic analysis of exploration strategy in the Fraser

Which companies are exploring well; A systematic analysis of exploration strategy in the Fraser

Which companies are exploring well; A systematic analysis of exploration strategy in the Fraser Range Region, Western Australia Presenter: Zenoushka Bynevelt (Image Source: Sirius Resources CET 2014 Presentation) Objective To help improve

1.06k views • 14 slides
Software Reuse From informal reuse (scavenging) to systematic reuse Management and technical

Software Reuse From informal reuse (scavenging) to systematic reuse Management and technical

Software Reuse From informal reuse (scavenging) to systematic reuse Management and technical issues Michal Young, SERC 05/19/99 1 Merry-Go-Round of Sequential Development Conventional view of development: Requirements Common theme -

238 views • 13 slides
RoboStar Technology Systematic Software Testing for Robotics Robert M. Hierons 1 and Raluca

RoboStar Technology Systematic Software Testing for Robotics Robert M. Hierons 1 and Raluca

RoboStar Technology Systematic Software Testing for Robotics Robert M. Hierons 1 and Raluca Lefticaru 2 University of Sheffield, University of Bradford, UK 14th November 2019 Thanks : Ana Cavalcanti, James Baxter, Manuel N u nez, Mercedes

459 views • 35 slides
GENIE Systematic Errors GENIE Systematic Errors GENIE Systematic Errors Hugh Gallagher, Tufts

GENIE Systematic Errors GENIE Systematic Errors GENIE Systematic Errors Hugh Gallagher, Tufts

GENIE Systematic Errors GENIE Systematic Errors GENIE Systematic Errors Hugh Gallagher, Tufts University July 11, 2016 - NUTUNE 16, U. Liverpool OUTLINE 1) History/Context 2) Neutrino-Nucleon Interaction Modeling Free nucleon cross

905 views • 43 slides
Comprehensive and systematic validation of independent safety analysis tools (COVA) SAFIR2018

Comprehensive and systematic validation of independent safety analysis tools (COVA) SAFIR2018

VTT TECHNICAL RESEARCH CENTRE OF FINLAND LTD Comprehensive and systematic validation of independent safety analysis tools (COVA) SAFIR2018 interim seminar, 23.-24.3.2017 Seppo Hillberg, Ismo Karppinen, Ari Silde Critical assessment of

429 views • 6 slides
diabetes mellitus: a systematic review and meta-analysis with over 96,000 patients-years Luiz

diabetes mellitus: a systematic review and meta-analysis with over 96,000 patients-years Luiz

PCSK9 inhibitors and incident type 2 diabetes mellitus: a systematic review and meta-analysis with over 96,000 patients-years Luiz Srgio F. de Carvalho MD PhD Alessandra M. Campos PhD Andrei C. Sposito MD PhD State University of Campinas

445 views • 17 slides
Analysis strategies and treatment of systematic effects in the KATRIN experiment Martin Sle zk

Analysis strategies and treatment of systematic effects in the KATRIN experiment Martin Sle zk

Analysis strategies and treatment of systematic effects in the KATRIN experiment Martin Sle zk for the KATRIN Collaboration Max Planck Institute for Physics Munich, Germany TAUP 2019 Toyama, Japan Outline first KATRIN neutrino mass

746 views • 16 slides
A Systematic Analysis of the Juniper Dual EC Incident Stephen Checkoway With Jacob Maskiewicz,

A Systematic Analysis of the Juniper Dual EC Incident Stephen Checkoway With Jacob Maskiewicz,

A Systematic Analysis of the Juniper Dual EC Incident Stephen Checkoway With Jacob Maskiewicz, Christina Garman, Joshua Fried, Shaanan Cohney, Matthew Green, Nadia Heninger, Ralf-Philipp Weinmann, Eric Rescorla, Hovav Shacham Junipers

1.06k views • 76 slides
A Comparison of Analysis Techniques for Systematic Instructional Design BY RICHARD RD THRI

A Comparison of Analysis Techniques for Systematic Instructional Design BY RICHARD RD THRI

A Comparison of Analysis Techniques for Systematic Instructional Design BY RICHARD RD THRI RIPP, M M.A. FEBRUARY 15, 2017 PRESENTED IN EME 7634: ADVANCED INSTRUCTIONAL DESIGN AT UNIVERSITY OF CENTRAL FLORIDA ASSI SIGNMENT NT 3: A ANAL

706 views • 13 slides
Static (Software) Analysis Dagstuhl 16172: Machine Learning for Dynamic Software Analysis Reiner

Static (Software) Analysis Dagstuhl 16172: Machine Learning for Dynamic Software Analysis Reiner

Static (Software) Analysis Dagstuhl 16172: Machine Learning for Dynamic Software Analysis Reiner Hhnle Software Engineering Group Department of Computer Science Technische Universitt Darmstadt http://www.se.tu-darmstadt.de/

239 views • 23 slides
Hyper-parameter tuning to improve existing software Alexander Brownlee, University of Stirling

Hyper-parameter tuning to improve existing software Alexander Brownlee, University of Stirling

Hyper-parameter tuning to improve existing software Alexander Brownlee, University of Stirling Collaborators 2 Outline The software What to improve? A systematic approach: Statistical analysis Single-objective tuning

501 views • 24 slides
for Test Factoring David Saff, Michael D. Ernst MIT CSAIL PASTE, 2004 June 2/24 Motivation

for Test Factoring David Saff, Michael D. Ernst MIT CSAIL PASTE, 2004 June 2/24 Motivation

Mock Object Creation for Test Factoring David Saff, Michael D. Ernst MIT CSAIL PASTE, 2004 June 2/24 Motivation Continuous testing plug-in for the Eclipse IDE* Test suite: 30 secs 1 sec / plug-in test Set up Eclipse Problem:

545 views • 31 slides
Introductions Instructor : Prof. Kristen Grauman grauman@cs.utexas.edu Computer Vision

Introductions Instructor : Prof. Kristen Grauman grauman@cs.utexas.edu Computer Vision

Introductions Instructor : Prof. Kristen Grauman grauman@cs.utexas.edu Computer Vision TA : Shalini Sahoo Jan 19, 2011 shalini@cs.utexas.edu What is computer vision? Today Course overview Requirements, logistics Done? 1.

349 views • 9 slides
NRC Commissioner Briefing Subsequent License Renewal BWR Lead Plant Peach Bottom Atomic Power

NRC Commissioner Briefing Subsequent License Renewal BWR Lead Plant Peach Bottom Atomic Power

NRC Commissioner Briefing Subsequent License Renewal BWR Lead Plant Peach Bottom Atomic Power Station 2 &amp; 3 Michael P Gallagher Vice President- License Renewal Projects Exelon Generation April 26, 2017 1 Exelon is well positioned

364 views • 8 slides
MARKET ENTER YOUR PRESENTATION UPDATE TITLE HERE Optional subtitle text here UDI August 11,

MARKET ENTER YOUR PRESENTATION UPDATE TITLE HERE Optional subtitle text here UDI August 11,

MARKET ENTER YOUR PRESENTATION UPDATE TITLE HERE Optional subtitle text here UDI August 11, 2020 ADD DATE HERE MEETING Market Overview General Context Retail sector was the first to be impacted but is showing signs of reinvention

647 views • 9 slides
More on Objects and Classes Roman Kontchakov / Carsten Fuhs Birkbeck, University of London

More on Objects and Classes Roman Kontchakov / Carsten Fuhs Birkbeck, University of London

Software and Programming I More on Objects and Classes Roman Kontchakov / Carsten Fuhs Birkbeck, University of London Outline Object References Class Variables and Methods Testing a Class Sections 8.7 8.11 slides are available at

508 views • 22 slides
The Eclipse Programming Environment Eclipse Widely used in both academia and industry

The Eclipse Programming Environment Eclipse Widely used in both academia and industry

Consider the following simple problem. (We will extend this example substantially within a few days.) I want to build a directory of people (e.g., students, faculty, sta ff ) at the University of Puget Sound. A natural structure might involve two

384 views • 4 slides
The Perfect Claim Presented by Andy Hewitt FICCP, FCIOB, FCICES, FQSI MODULE 8 Finalising the

The Perfect Claim Presented by Andy Hewitt FICCP, FCIOB, FCICES, FQSI MODULE 8 Finalising the

The Perfect Claim Presented by Andy Hewitt FICCP, FCIOB, FCICES, FQSI MODULE 8 Finalising the Claim VIDEO 2 Substantiation Substantiation Substantiation is required to prove that statements made, points relied on, facts stated

389 views • 5 slides
On Singularities Of Extremal Periodic Strings F . Franek (joint work with A. Deza) Advanced

On Singularities Of Extremal Periodic Strings F . Franek (joint work with A. Deza) Advanced

Motivation and background Basic properties of d ( n ) Basic properties of d ( n ) Computational Substantiation Thanks On Singularities Of Extremal Periodic Strings F . Franek (joint work with A. Deza) Advanced Optimization Laboratory

617 views • 16 slides

More recommend