an ab an abstract ct in inter erpreta on on
play

An#Ab An #Abstract ct#In #Inter erpreta-on on# {' {' - PowerPoint PPT Presentation

Nov 05, 2023 •454 likes •542 views

Example:#extract#method public'int'Decrement(int'x)' public'int'Decrement(int'x)' An#Ab An #Abstract ct#In #Inter erpreta-on on# {' {' ''Contract.Requires(x'>='5);' ''Contract.Requires(x'>='5);'

  1. Example:#extract#method public'int'Decrement(int'x)' public'int'Decrement(int'x)' An#Ab An #Abstract ct#In #Inter erpreta-on on# {' {' ''Contract.Requires(x'>='5);' ''Contract.Requires(x'>='5);' ''Contract.Ensures(Contract.Result<int>()'>='0);' ''Contract.Ensures(Contract.Result<int>()'>='0);' ' ' Frame Fr amework#f rk#for#R r#Refact actorin ring# g# ''while'(x'!='0)'xCC;'' ''x'='NewMethod(x);' ' ' ''return'x;' ''return'x;' } }' ' private'static'int'NewMethod(int'x)' P.#Cousot,# NYU,%ENS,%CNRS,%INRIA {' ''while'(x'!='0)'xCC;' ''' R.#Cousot,# ENS,%CNRS,%INRIA ''return'x;' } F.#Logozzo,#M.#BarneA,# Microso3%Research The#problem and#the#(modular)#proof? Refactoring#is#a#very#common#programmer#ac-vity public'int'Decrement(int'x)' public'int'Decrement(int'x)' {' {' Useful#to#maintain#the#code,#avoid#code#bloats,#etc. ''Contract.Requires(x'>='5);' ''Contract.Requires(x'>='5);' ''Contract.Ensures(Contract.Result<int>()'>='0);' ''Contract.Ensures(Contract.Result<int>()'>='0);' Examples:#rename,#reLorder#parameters,#extract#method,#etc. ' ' Postcondi-on:# Postcondi-on ''while'(x'!='0)'xCC;'' ''x'='NewMethod(x);' ok Viola-on? IDEs##guarantee#that#the#refactored#program#is: ' ' No# ''return'x;' ''return'x;' overlofw 1. a#syntac-cally#valid#program } }' ' 2. a#seman-cally#equivalent#program private'static'int'NewMethod(int'x)' {' There#is#no#guarantee#about#the# ''while'(x'!='0)'xCC;' ''' Possible# 1. Preserva-on#of#the#correctness#proof ''return'x;' overlofw } 2. Interac-on#with#the#sta-c#analysis

  2. Extract#method#with# Simple#solu-ons? contracts:# Method#inlining:#the#reverse#of#extract#method May#not#scale#up,#how#many#levels#should#we#inline? Isolated#analysis:#infer#preL#and#postcondi-ons#of#the#extracted#method Requirements Too#imprecise,#without#the#context#inferred#contracts#may#be#too#generic Invariant#projec-on:#project#the#pre/postLstates#on#the#parameters#and#return#value Too#specific,#cannot#refactor#unreached#code# User#assistance:#User#provides#the#contracts Imprac-cal,#too#many#contracts#to#write State#of#the#art#(before#this#paper#;L) Contribu-on Validity An#abstract#interpreta-on#framework#for#proofLpreserving#method#refactoring The#inferred#contract#should#be#valid A#new#set#theore-c#version#of#Hoare#logic Counterexample: With#some#surprising#results! public'int'Decrement(int'x)' private'static'int'NewMethod(int'x)' Defini-on#of#the#problem#of#extract#method#with#contracts {' {' 'Contract.Requires(x'>='5);' ''Contract.Requires(x'>='5);' Solu-on#in#the#concrete#and#in#the#abstract 'Contract.Ensures(Contract.Result<int>()'>=0);' '' Contract.Ensures(Contract.Result<int>()==12345);; ' ' Implementa-on#on#a#real#system ''x'='NewMethod(x);' ''while'(x'!='0)'xCC;' Invalid# ok Using#the#CodeContracts#sta-c#verifier#(Clousot)#and#the#Roslyn#CTP ' ''' ensures ''return'x;' ''return'x;' Performance#comparable#to#the#“usual”#extract#method } }'

  3. Safety Generality The#precondi-on#of#the#extracted#method#should#adver-se#possible#errors The#inferred#contract#is#the#most#general#sa-sfying#Validity,#Safety,#and#Completeness Counterexample: Counterexample:#Valid,#Safe,#Complete#but#not#General#contract public'int'Decrement(int'x)' private'static'int'NewMethod(int'x)' public'int'Decrement(int'x)' private'static'int'NewMethod(int'x)' Requires# {' {' {' {' too#strong 'Contract.Requires(x'>='5);' ''' 'Contract.Requires(x'>='5);' '' Contract.Requires(x;>=;5);; 'Contract.Ensures(Contract.Result<int>()'>=0);' '' Contract.Ensures(Contract.Result<int>();==;0);; 'Contract.Ensures(Contract.Result<int>()'>=0);' ''Contract.Ensures(Contract.Result<int>()'=='0);' ' ' ' ' ''x'='NewMethod(x);' ''while'(x'!='0)'xCC;' Possible# ''x'='NewMethod(x);' ''while'(x'!='0)'xCC;' ok ok ok ' ''' overflow ' ''' ''return'x;' ''return'x;' ''return'x;' ''return'x;' } }' } }' Completeness Our#solu-on The#verifica-on#of#the#callee#should#s-ll#go#through Valid,#Safe,#Complete,#and#General#contract Counterexample:##Valid#and#safe#contract,#but#not#complete public'int'Decrement(int'x)' private'static'int'NewMethod(int'x)' public'int'Decrement(int'x)' private'static'int'NewMethod(int'x)' {' {' {' {' 'Contract.Requires(x'>='5);' ''Contract.Requires(x'>='5);' 'Contract.Requires(x'>='5);' '' Contract.Requires(x;>=;0);; 'Contract.Ensures(Contract.Result<int>()'>=0);' ;;Contract.Ensures(Contract.Result<int>();<=;x);; 'Contract.Ensures(Contract.Result<int>()'>=0);' ''Contract.Ensures(Contract.Result<int>()'=='0);' ' ' ' ' Can’t# ''x'='NewMethod(x);' ''while'(x'!='0)'xCC;' ''x'='NewMethod(x);' ''while'(x'!='0)'xCC;' prove# ok ok ok ' ''' ' ''' ensures ''return'x;' ''return'x;' ''return'x;' ''return'x;' } }' } }'

  4. Orders#on#contracts Covariant#order# ⟹ Intui-on:#a#stronger#precondi-on#is#beAer#for#the#callee P,#Q# ⟹ #P’,#Q’#iff#P# � #P’#and#Q# � #Q’ Formaliza-on Controvariant#order#→ Intui-on:#a#→Lstronger#contract#is#more#general#(beAer#for#the#caller) P,#Q#→#P’,#Q’#iff#P’# � #P#and#Q# � #Q’ Note:%formal%(and%more%correct)%definiAon%in%the%paper Algebraic#Hoare#Logic Some#nota-on… We#need#to#formalize#what#a#sta-c#analyzer#does,#in#par-cular#method#calls m' is#the#refactored#(extracted)#method ' Hoare#Logic#is#the#natural#candidate S ' denotes#the#selected#code#(to#be#extracted)# However,#it#is#already#an#abstrac-on#of#the#concrete#seman-cs It#is#the#body#of#the#extracted#method# m We#define#a#concrete#Hoare#logic#where#predicates#are#replaced#by#sets P m ,#Q m #is#the#most#precise#safety#contract#for#a#method#m# See%Cousot,%Cousot%&%Logozzo%VMCAI’11 {#P}# S #{#Q#}# P# � # � (Σ)#and#Q# � # � (Σ#×#Σ) P s ,#Q s# is#the#projec-on#of#the#abstract#state# The#deduc-on#rules#are#as#usual before#the#selec-on,#P s Details#in#the#paper# aler#the#selec-on,#Q s

  5. Extract#method#with#contracts#problem Itera-ve#Solu-on# The#refactored#contract#P R ,#Q R# is#a#solu-on#to#the#problem#if#it#sa-sfies Idea:#give#an#itera-ve#characteriza-on#of#the#declara-ve#solu-on Validity It#is#easier#to#abstract#and#compensates#for#the#lose#of#precision {#P R# }# S #{#Q R #} Safety Theorem:#Define# P R ,Q R ⟹ #P m ,#Q m F[ S ] 〈 X ,# Y 〉 ##=# 〈 P m # � #pre ~ [ S ] Y ,#Q m # � #post[ S ] X 〉 # Completeness Then {#P s# }# m(…) #{#Q s #} P R ,Q R# =#{#P m# }# S #{#post[ S ]P m# }#=#gfp (Ps,#Qs) #F[ S ] Generality The#order#for#the#greatest#fixpoint#computa-on#is#→ � #P’ R ,Q’ R #sa-sfying#validity,#safety,#and#completeness:#P R ,Q R #→ # P’ R ,Q’ R Intui-on:#generalize#the#contract#at#each#itera-on#step Theorem:#The#4#requirements#above#are#mutually#independent Declara-ve#Solu-on Theorem:#There#exists#a#unique#solu-on#for#the#problem: P R ,Q R# =#{#P m# }# S #{#post[ S ]P m# } ##Drawback:#It#is#not#a#feasible#solu-on Abstrac-on Pm#and#post[.]#are#not#computable#(only#for#trivial#cases#of#finite#domains) We#need#to#perform#some#abstrac-on#to#make#it#tractable The#formula-on#above#is#illLsuited#for#abstrac-on #

  6. Abstract#Hoare#triples We#are#in#trouble? Given#abstract#domains#A#approxima-ng## � (Σ)#and#B##approxima-ng# � (Σ#×#Σ) A#similar#result#holds#for#the#disjunc-on#rule# ! Define#abstract#Hoare#triples We#need#some#hypotheses#on#the#abstract#domains#and#the#concre-za-ons#γ {#P#}# S #{#Q#}# ⟺ Theorem:#The#abstract#Hoare#triples#without#the#conjunc-on#and#disjunc-on#are#sound #{#γ A (P)#}# S #{#γ B (Q)#}# But#we#need#conjunc-on#to#model#method#call,#product#of#analyses,#etc.! Idea:#replace#the#concrete#set#opera-ons#with#the#abstract#counterparts Theorem:#If#γ B #is#finiteLmeet#preserving#the#conjunc-on#rule#is#sound Abstract#Hoare#triples#generalize#usual#Hoare#logic Example:#Fix#A,#B#to#be#first#order#logic#predicates A#dual#result#holds#for#γ A #and#the#disjunc-on#rule Ques-on:#Are#the#usual#rules#of#Hoare#logic#valid#in#the#general#case? Details%on%the%paper:%formalizaAon%and%some%extra%technical%details # Counterexample:##conjunc-on#rule And#now? We#can#define#the#problem#of#the#extract#method#with#contracts#in#the#abstract Define#abstract#contracts,#the#rule#for#abstract#method#call,#etc. Theorem:#The#abstract#counterparts#for#validity,#safety,#and#completeness#are#sound However,#abstrac-on#introduces#new#problems It#is#impossible#to#have#a#complete#abstract#refactoring#in#general It#did#not#manifest#in#our#experiments {# x%≥%0 #}# x'='Cx #{# x%≤%0 }###and###{# x%≤%0 #}# x'='Cx #{# x%≥%0% } The#iterated#gfp#computa-on#balances#for#the#loss#of#informa-on But Details#in#the#paper#(or#come#to#see#me#aler#the#talk!) {# x%≥%0% � # x%≤%0% }# x'='Cx #{# x%≤%0% # � # x%≥%0 }# #{# x%=%0% }# x'='Cx #{#false % }

  7. Inference#Algorithm Use#the#Roslyn#refactoring#service#to#detect#the#extracted#method#m Use#Clousot#to#infer#P s ,#Q s Project#the#entry#state#on#the#beginning#of#the#selec-on(P s ).#Similarly#for#Q s Experiments Annotate#the#extracted#method#with#P s ,#Q s Use#Clousot#to#infer#P m ,#Q m Add#P m ,#Q m# to#the#extracted#method#and#start#the#gfp#computa-on Weaken#the#precondi-on,#strengthen#the#postcondi-on Do#not#go#below#P s ,#Q s Implementa-on Results We#use#the#CodeContracts#sta-c#checker#(aka#Clousot)#as#underlying#sta-c#analyzer Based#on#abstract#interpreta-on More#then#75K#downloads,#widely#used#in#industrial#environments We#use#the#Roslyn#CTP#for#C##language#services#and#basic#engine#refactoring Industrial#strength#C##compiler#and#services#implementa-on Integrates#in#Visual#Studio

Recommend

ABSTRACT P e o p l e l i k e a b s t r a c t a r t b e c a u s e i t m a k e s t h e m f

ABSTRACT P e o p l e l i k e a b s t r a c t a r t b e c a u s e i t m a k e s t h e m f

ABSTRACT P e o p l e l i k e a b s t r a c t a r t b e c a u s e i t m a k e s t h e m f e e l c l e v e r WHAT IS ABSTRACT OF RESEARCH PAPER? An abstract summarizes, usually in one paragraph of 300 words or less, the major aspects

263 views • 10 slides
CASE REPORT Abstract This sign was first described in 1910 by Demetrius Chilaiditi, Chilaiditi

CASE REPORT Abstract This sign was first described in 1910 by Demetrius Chilaiditi, Chilaiditi

Majd Michael, MD Richard W. McCallum, MD CASE REPORT Abstract This sign was first described in 1910 by Demetrius Chilaiditi, Chilaiditi syndrome is a rare entity in which inter position of a Greek radiologist who practiced in Vienna, Austria.

2.56k views • 3 slides
world of In Inter Ic Ice-Pump JAN 2016 Presentation of Inter Ice-Pump 1 Inter Ice-Pump ApS //

world of In Inter Ic Ice-Pump JAN 2016 Presentation of Inter Ice-Pump 1 Inter Ice-Pump ApS //

Inter Ice-Pump ApS // Ulvevej 11 // DK - 7800 Skive // Denmark Tel: +45 96 140 140 // www.intericepump.com Welcome to the world of In Inter Ic Ice-Pump JAN 2016 Presentation of Inter Ice-Pump 1 Inter Ice-Pump ApS // Ulvevej 11 // DK - 7800

311 views • 7 slides
A Southeast Louisiana Inter Modal A Southeast Louisiana Inter Modal Transportation Hub

A Southeast Louisiana Inter Modal A Southeast Louisiana Inter Modal Transportation Hub

A Southeast Louisiana Inter Modal A Southeast Louisiana Inter Modal Transportation Hub Specializing in: CN Rail to Truck and/or Barge to Mississippi River Inter Modal Trans Loading Engineering provided by Research provided by

482 views • 14 slides
WITH PASSION AND EXPERIENCE INTER STARTER Inter Starter is a young company concerned with

WITH PASSION AND EXPERIENCE INTER STARTER Inter Starter is a young company concerned with

WITH PASSION AND EXPERIENCE INTER STARTER Inter Starter is a young company concerned with supplying automotive electromechanical components. WAREHOUSE Our proposal is, above all, to provide our clients with complete starters and

450 views • 18 slides
The 11 th Pacific Science Inter-Congress The Inter-Congress Theme Background Pacific

The 11 th Pacific Science Inter-Congress The Inter-Congress Theme Background Pacific

The 11 th Pacific Science Inter-Congress The Inter-Congress Theme Background Pacific Countries and Their Ocean Facing Local The 1st Symposium on French Research in the Pacific was and Global Changes held in August 2004 in Noumea, in New

306 views • 29 slides
West and Central Africa Inter- Sectoral and Inter-Agency Regional Technical Meeting On the

West and Central Africa Inter- Sectoral and Inter-Agency Regional Technical Meeting On the

West and Central Africa Inter- Sectoral and Inter-Agency Regional Technical Meeting On the Humanitarian Response in Northern Nigeria Dakar, March 05, 2014 Terms of Reference Three main areas of concern prompted discussions and consensus

469 views • 12 slides
INTER- AND TRANSDISCIPLINARY PHD PROGRAMS GREGOR ENGELS INTER- AND TRANSDISCIPLINARY PHD

INTER- AND TRANSDISCIPLINARY PHD PROGRAMS GREGOR ENGELS INTER- AND TRANSDISCIPLINARY PHD

INTER- AND TRANSDISCIPLINARY PHD PROGRAMS GREGOR ENGELS INTER- AND TRANSDISCIPLINARY PHD PROGRAMS Challenging Scenarios of today (1) Smart Home / Ambient Assisted Living (AAL) Interdisciplinary Topics Transdisciplinary Topics

307 views • 12 slides
Partnering for Relief - Optimizing Logistics. An Inter-Agency Approach: Why and How?! George

Partnering for Relief - Optimizing Logistics. An Inter-Agency Approach: Why and How?! George

Partnering for Relief - Optimizing Logistics. An Inter-Agency Approach: Why and How?! George Fenton, May 8, 2008 Inter-Agency Approach Inter-Agency Approach With the Global (natural) risk hotspots analysis of the World Bank, future emergency

805 views • 14 slides
Abstract interpretation based Analysis [FPCA 95], Predicate Abstraction [Mannas festschrift

Abstract interpretation based Analysis [FPCA 95], Predicate Abstraction [Mannas festschrift

Abstract interpretation The Verification Grand Challenge - Abstract interpretation is a mathematical theory of - - and Abstract Interpretation sound approximation of properties of formal sys- tems (including program specifications, semantics,

422 views • 10 slides
Inter-university Centre for Research in Environmental Psychology Centre Inter-universitaire de

Inter-university Centre for Research in Environmental Psychology Centre Inter-universitaire de

Inter-university Centre for Research in Environmental Psychology Centre Inter-universitaire de Recherche on Psychologie Environnementale Universit degli Studi di Napoli Federico II 17/04/2012 www.cirpa.it CIRPA presentation 17/04/2012

506 views • 28 slides
M ONTHLY H&amp;S F OCUS W INTER 2014/2015 W INTER W ORKING Every year, the weather conditions

M ONTHLY H&amp;S F OCUS W INTER 2014/2015 W INTER W ORKING Every year, the weather conditions

M ONTHLY H&amp;S F OCUS W INTER 2014/2015 W INTER W ORKING Every year, the weather conditions during winter can strongly impact our environment and therefore impact our workplace and our health, introducing new hazards that will need to be

158 views • 5 slides
IPC, Threads, Races, Critical Sections Inter-Process Communication 7A. Inter-Process

IPC, Threads, Races, Critical Sections Inter-Process Communication 7A. Inter-Process

4/23/2018 IPC, Threads, Races, Critical Sections Inter-Process Communication 7A. Inter-Process Communication the exchange of data between processes 3T. Threads Goals simplicity 7B. The Critical Section Problem convenience

355 views • 8 slides
IPC, Threads, Races, Critical Sections Inter-Process Communication 7A. Inter-Process

IPC, Threads, Races, Critical Sections Inter-Process Communication 7A. Inter-Process

4/14/2017 IPC, Threads, Races, Critical Sections Inter-Process Communication 7A. Inter-Process Communication the exchange of data between processes 3T. Threads Goals simplicity 7B. The Critical Section Problem convenience

205 views • 8 slides
IPA INTER-REGIONAL ENCYCLOPEDIC DICTIONARY (IRED): THE INTER-REGIONAL PHASE Panel Presentation in

IPA INTER-REGIONAL ENCYCLOPEDIC DICTIONARY (IRED): THE INTER-REGIONAL PHASE Panel Presentation in

IPA INTER-REGIONAL ENCYCLOPEDIC DICTIONARY (IRED): THE INTER-REGIONAL PHASE Panel Presentation in Buenos Aires, July 28, 2017 1. PHILOSOPHYAND UNIQUE FEATURES OF IRED Stefano Bolognini, IPA President (2013-2017) and Chair of IRED It is my

311 views • 11 slides
INTER RAO Export, LLC: Engineering and supply of power equipment 2019 Inter RAO Group

INTER RAO Export, LLC: Engineering and supply of power equipment 2019 Inter RAO Group

INTER RAO Export, LLC: Engineering and supply of power equipment 2019 Inter RAO Group International R&amp;D and Energy Power Generation Retail Power Supply Power Grids Engineering Power Trading Efficiency Russian strategic

226 views • 6 slides
Abstract Classes and Interfaces (?) June 21, 2017 Reading Quiz Abstract Classes A. Abstract

Abstract Classes and Interfaces (?) June 21, 2017 Reading Quiz Abstract Classes A. Abstract

Abstract Classes and Interfaces (?) June 21, 2017 Reading Quiz Abstract Classes A. Abstract classes inherit from multiple parents, standard classes only inherit from one parent. B. Abstract classes can only have one instance at a time,

563 views • 33 slides
INTER-TRUST Interoperable Trust Assurance Infrastructure Grant agreement no: 317731 Introduction

INTER-TRUST Interoperable Trust Assurance Infrastructure Grant agreement no: 317731 Introduction

INTER-TRUST ICT FP7- G.A. 317731 INTER-TRUST Interoperable Trust Assurance Infrastructure Grant agreement no: 317731 Introduction The main objective of the INTER-TRUST project is to develop a framework to support trustworthy applications

255 views • 4 slides
How is the oral abstract presentation formatted? Format of Presentation 1) Title slide (1 slide)

How is the oral abstract presentation formatted? Format of Presentation 1) Title slide (1 slide)

O RAL A BSTRACT PREPARATION AND P RESENTATION What is an abstract? The abstract is a short synopsis of a research or clinical research study. A written conference abstract is printed in the conference proceedings and allows the reader to

480 views • 4 slides
1 Inter-Domain Routing Network comprised of many Autonomous Systems (ASes) or domains 23

1 Inter-Domain Routing Network comprised of many Autonomous Systems (ASes) or domains 23

CSE/EE 461 Lecture 11 Inter-domain Routing This Lecture Focus How do we make routing scale? Application Presentation Inter-domain routing Session ASes and BGP Transport Network Data Link Physical sdg // CSE/EE 461,

395 views • 5 slides
CommandButton1 ber Presentation Time Abstract file name Name Abstract Title Authors

CommandButton1 ber Presentation Time Abstract file name Name Abstract Title Authors

9/9/2014 FFF 2014 Oral Abstract Schedule and Roster Page 1 6:17 PM ract Num CommandButton1 ber Presentation Time Abstract file name Name Abstract Title Authors Biomacromolecules and biohybrid Albena Lederer systems the question of 24 24

294 views • 3 slides
Speeding up the Inter-Planetary File System (IPFS) Speeding up the Inter-Planetary File System

Speeding up the Inter-Planetary File System (IPFS) Speeding up the Inter-Planetary File System

1 Guillaume Michel Speeding up the Inter-Planetary File System (IPFS) Speeding up the Inter-Planetary File System (IPFS) Semester project presentation Project Advisor: Project Supervisor: Student: Laboratory: Prof. Bryan Ford Cristina

1.52k views • 29 slides
Inter-Domain DOTS Use Cases draft-nishizuka-dots-inter-domain-usecases-00 Kaname Nishizuka, NTT

Inter-Domain DOTS Use Cases draft-nishizuka-dots-inter-domain-usecases-00 Kaname Nishizuka, NTT

Inter-Domain DOTS Use Cases draft-nishizuka-dots-inter-domain-usecases-00 Kaname Nishizuka, NTT Communications Nov. 2015 IETF94@yokohama Draft Overview Motivation The volume of DDoS attack will exceed available anti- DDoS capability by

802 views • 10 slides
Why Inter- -Municipal Municipal Why Inter Cooperation? Cooperation? 1 Inter- -Municipal

Why Inter- -Municipal Municipal Why Inter Cooperation? Cooperation? 1 Inter- -Municipal

Inter- -Municipal Municipal Inter Cooperation Cooperation Inter- -Municipal Cooperation: Municipal Cooperation: Inter Working Together to Save Money Working Together to Save Money &amp; Provide Better Service &amp; Provide Better

395 views • 17 slides

More recommend