extending dynamic constraint detection with disjunctive
play

Extending Dynamic Constraint Detection with Disjunctive Constraints - PowerPoint PPT Presentation

Sep 05, 2022 •212 likes •500 views

Extending Dynamic Constraint Detection with Disjunctive Constraints Nadya Kuzmina John Paul Ruben Gamboa James Caldwell University of Wyoming Dynamic Constraint Detection Fixed grammar of universal properties. Serves well for the

  1. Extending Dynamic Constraint Detection with Disjunctive Constraints Nadya Kuzmina John Paul Ruben Gamboa James Caldwell University of Wyoming

  2. Dynamic Constraint Detection � Fixed grammar of universal properties. � Serves well for the discovery of a well-defined set of problem-specific, but program- independent properties. � Does not allow to capture the logic of a particular program. � Goal: enable constraint detection to capture the subtle essential properties of a program under analysis.

  3. State Space Partitioning Technique (SSPT) � Combines static and dynamic program analysis. � Automatically specializes the language of constraint detection. � Adds program-specific disjunctive properties.

  4. Introduction: State Space Partitions State space: − ≤ < 31 31 { x , y 2 x , y 2 } Three disjoint subspaces, or abstract states : P , P , P 1 2 3

  5. Types of Disjunctive Constraints � Object Invariant ¬ ∨ � Properties a and b are mutually exclusive: ¬ a b � Use cases for a method m s ∨ � Method m was called when abstract states s or w hold: w � Transitions between abstract states induced by a method p ⇒ m , q � p is an abstract state on variables at precondition of m � q is a disjunction of abstract states on variables at postcondition of m p ⇒ � Daikon-inferred implications for a method m , t � p is an abstract state on variables at precondition of m � t is an instantiated template

  6. The Calculator Example

  7. State Spaces for the Calculator Example Π ≡ { P , P } 1 1 2 ≡ P newNumber 1 ≡ ¬ P newNumber 2 Π ≡ { Q , Q , Q } 2 1 2 3 ≡ Q adding 1 ≡ ¬ ∧ Q adding subtractin g 2 ≡ ¬ ∧ ¬ Q adding subtractin g 3

  8. Constraints for Calculator Π ≡ { Q , Q , Q } Π ≡ { P , P } 2 1 2 3 1 1 2 ≡ Q adding ≡ P newNumber 1 1 ≡ ¬ ∧ Q adding subtractin g ≡ ¬ 2 P newNumber 2 ≡ ¬ ∧ ¬ Q adding subtractin g 3

  9. SSPT:Overview � Form disjoint partitions of the state spaces of the program variables involved in expressing the i f - t hen- el se tests. Π ≡ i f ( addi ng) { Q , Q , Q } 2 1 2 3 ≡ Q adding … 1 ≡ ¬ ∧ Q adding subtractin g el se i f ( subt r act i ng) 2 ≡ ¬ ∧ ¬ Q adding subtractin g 3 …

  10. SSPT: Hypothesized Constraints Π = Let { P , P , ..., P } 1 2 n � Preconditions: ∨ ∨ ∨ P P ... P 1 2 n ⇒ ∨ ∈ � Postconditions: P P P , i , j , k [ 1 .. n ] i j k � Object invariants: check whether the tests of the corresponding i f - t hen- el se statement are mutually exclusive. � For the Calculator example ∧ ¬ ∨ i f ( addi ng) ( adding subtractin g ) … ¬ ∧ ∨ ( adding subtractin g ) el se i f ( subt r act i ng) ¬ ∧ ¬ ( adding subtractin g ) …

  11. SSPT: Constraint Approximation Algorithm Π = � Let { P , P , P } 1 2 3 ∈ � Notation: for i [ 1 .. 3 ] pre P - abstract state over variable values at precondition P i i post P P - abstract state over variable values at postcondition i i

  12. SSPT: Constraint Approximation Algorithm

  13. SSPT: Constraint Approximation Algorithm Intuition behind the algorithm: Let i = 1 and after step 2, let S = {1, 3}. ⇒ ¬ ⇒ ¬ Then, are consistent with pre post pre post P P and P P 1 1 1 3 the observed data. is true by construction. ∨ ∨ post post post P P P 1 2 3 ⇒ The transition follows by propositional pre post P P 1 2 logic.

  14. ContExt: Implementation � Lightweight static analysis of Java source code for abstract state extraction. � Dynamic analysis tasks are delegated to Daikon. � ContExt combines the constraints inferred by our approach with those inferred by Daikon in its output.

  15. Transitional Constraint Inference � A splitting condition (splitter) is a boolean expression in terms of some program variables. � Let T be a program point which has all the variables involved in a splitter a . � a partitions the data trace into two mutually exclusive subsets: : contains the data values that satisfy a � T a : contains the data values on which a does not � T ¬ a Π hold. pre P i � Each abstract state from a space is used as a splitter on the data trace at postcondition program points of the enclosing class. pre post P P i j � Convenient checks when and both hold.

  16. Limitations � Our approach is primarily a dynamic analysis. � The reported constraints are unsound. � Potentially stronger constraints are reported. � Increase in the number of accidental constraints reported and loss of precision. � Given the same test suite, our approach may not infer some unconditional constraints that Daikon would. � Requires the presence of source code. � The technique has been applied to only one class at a time.

  17. Evaluation Challenge � Quantitative measurement of the quality of inferred constraints is challenging. � Propose a methodology for a quantitative evaluation of constraint inference techniques based on a modeling language Alloy. � Concentrate on recall. � Apply it to comparatively evaluate Daikon and ContExt on two examples.

  18. Evaluation Methodology

  19. Case Study 1: Puzzle � The Puzzle class represents an environment with an agent.

  20. Puzzle Specification

  21. Puzzle Evaluation

  22. Case Study 2: Employee Example

  23. Related Work � Csallner et al. employ a dynamic symbolic execution technique to obtain program-specific constraints. � performs symbolic execution over an existing test suite. � Engler et al. and Yang et al. focus on recovering a relatively small number of error-revealing properties. � Dallmaier et al. use a combination of static and dynamic analysis to construct state machines that represent an object’s behavior in terms of its inspector and mutator methods. � Arumuga Nainar et al. are interested in finding relevant boolean formulae. � The formulae partition the program state space into only two subspaces, one in which a bug is exibited, and the other one in which it is not.

  24. Conclusions � State Space Partitioning Technique combines lightweight static and dynamic analysis to provide for the inference of program-specific disjunctive properties. � Proposed an evaluation methodology for the quality of inferred constraints based on the Alloy modeling language.

  25. Comparative Complexity � Generalized disjunctive template: k , where k is the number of hypothesized � 2 non-disjunctive constraints.

  26. Comparative Complexity P Number of program points in the target program. C Number of hypothesized constraints at a program point. L Number of data samples observed. � Daikon (approximated with those of the simple incremental algorithm) : � Space complexity: S = O(P * C) � Time complexity: T = O (P * C * L)

  27. Comparative Complexity P Number of program points in the target program. C Number of hypothesized constraints at a program point. L Number of data samples observed. m Number of class-scoped partitions. n The maximum number of states per class-scoped partition. � ContExt: ′ ′ = = + � P m * n * P , C m * n C ′ ′ = = + � Space complexity: S O( P * C ) O ( mnP * ( mn C )) ′ ′ = = + � Time complexity: T O ( P * C * L ) O ( mnP * ( mn C ) * L )

Recommend

New verifiable sufficient conditions for metric subregularity of constraint systems with

New verifiable sufficient conditions for metric subregularity of constraint systems with

New verifiable sufficient conditions for metric subregularity of constraint systems with application to disjunctive programs Michal Cervinka , Based on the joint work with Mat Benko and Tim Hoheisel Institute of

558 views • 21 slides
Extending a Compiler Backend for Complete Memory Error Detection Norman A. Rink and Jeronimo

Extending a Compiler Backend for Complete Memory Error Detection Norman A. Rink and Jeronimo

Extending a Compiler Backend for Complete Memory Error Detection Norman A. Rink and Jeronimo Castrillon Technische Universitt Dresden Automotive Safety &amp; Security 2017 30 May 2017 Stuttgart Outline 1. Motivation 2. Error detection,

573 views • 23 slides
Open, extensible dynamic programming systems or just how deep is the dynamic rabbit hole?

Open, extensible dynamic programming systems or just how deep is the dynamic rabbit hole?

DLS, Portland, 2006 10 23 Open, extensible dynamic programming systems or just how deep is the dynamic rabbit hole? Ian Piumarta Viewpoints Research Institute ian@squeakland.org dynamic dynamic? data? extending objects

719 views • 42 slides
Dominance Detection Methods for Lookahead Constraint Solvers I. Razgon and A. Meisels -1-

Dominance Detection Methods for Lookahead Constraint Solvers I. Razgon and A. Meisels -1-

Dominance Detection Methods for Lookahead Constraint Solvers I. Razgon and A. Meisels -1- Contents 1. Problem Presentation 2. Algorithms 3. Preliminary results and further investigation 4. Related work 5. Conclusion -2- Future

257 views • 12 slides
Extending TVM with Dynamic Execution Jared Roesch and Haichen Shen Outline Motivation for

Extending TVM with Dynamic Execution Jared Roesch and Haichen Shen Outline Motivation for

Extending TVM with Dynamic Execution Jared Roesch and Haichen Shen Outline Motivation for Dynamism Representing Dynamism Executing Dynamism Evaluation Dynamic Neural Networks Networks are exhibiting more and more

1.08k views • 50 slides
Symmetry Detection and Exploitation in Constraint Programming Chris Mears June, 2008 Chris

Symmetry Detection and Exploitation in Constraint Programming Chris Mears June, 2008 Chris

Introduction Automatic Symmetry Detection Symmetry Exploitation Conclusion Symmetry Detection and Exploitation in Constraint Programming Chris Mears June, 2008 Chris Mears Symmetry Detection and Exploitation in Constraint Programming

973 views • 56 slides
Justifications in Constraint Handling Paper: Thom Frhwirth Rules for Logical Retraction in

Justifications in Constraint Handling Paper: Thom Frhwirth Rules for Logical Retraction in

Justifications in Constraint Handling Paper: Thom Frhwirth Rules for Logical Retraction in Dynamic Presentation: Daniel Gall October 10, 2017 Algorithms Page 2 Justifications in Constraint Handling Rules for Logical Retraction in Dynamic

1.09k views • 41 slides
Detection of Gauss Markov Random Fields under Routing Energy Constraint A. Anandkumar 1 L. Tong 1

Detection of Gauss Markov Random Fields under Routing Energy Constraint A. Anandkumar 1 L. Tong 1

Detection of Gauss Markov Random Fields under Routing Energy Constraint A. Anandkumar 1 L. Tong 1 A. Swami 2 1 School of Electrical and Computer Engineering Cornell University, Ithaca, NY 14853 2 Army Research Laboratory, Adelphi MD 20783

860 views • 58 slides
Recent Developments in Disjunctive Programming Egon Balas Carnegie Mellon University Recent

Recent Developments in Disjunctive Programming Egon Balas Carnegie Mellon University Recent

Recent Developments in Disjunctive Programming Egon Balas Carnegie Mellon University Recent Developments in Disjunctive Programming 01.09.17 1 / 56 Recent Developments in Disjunctive Programming 1. Background and basic results 2.

886 views • 56 slides
Extending ns Extending ns In OTcl In C++ Debugging Padma Haldar USC/ISI 1 2 ns

Extending ns Extending ns In OTcl In C++ Debugging Padma Haldar USC/ISI 1 2 ns

Outline Extending ns Extending ns In OTcl In C++ Debugging Padma Haldar USC/ISI 1 2 ns Directory Structure Extending ns in OTcl ns-allinone If you dont want to compile source your changes in your sim Tcl8.3 TK8.3

303 views • 9 slides
Copying Subgraphs MDE Extending GT within Model Repositories Case Study Example Models

Copying Subgraphs MDE Extending GT within Model Repositories Case Study Example Models

Introduction Context Copying Subgraphs MDE Extending GT within Model Repositories Case Study Example Models Consistency Constraint Plain SDM Trfo Pieter van Gorp, Story Diagrams Control Flow Hans Schippers, Primitives for Model Dirk

712 views • 37 slides
Generating Model Transformations for Mending Dynamic Constraint Violations in Cyber Physical

Generating Model Transformations for Mending Dynamic Constraint Violations in Cyber Physical

Arizona s First University. Generating Model Transformations for Mending Dynamic Constraint Violations in Cyber Physical Systems Sean Whitsitt and Jonathan Sprinkle Introduction: Cyber Physical Systems Electrical and Computer Engineering

599 views • 23 slides
Android 292 Jrme Pilliet Universit Paris-Est Marne-la-Valle Forewords Dynamic languages

Android 292 Jrme Pilliet Universit Paris-Est Marne-la-Valle Forewords Dynamic languages

Android 292 Jrme Pilliet Universit Paris-Est Marne-la-Valle Forewords Dynamic languages Semantic determined at runtime Smartphone / Tablet Constraint memory Constraint computing power Android and Dalvik OS most used Java

468 views • 28 slides
WEM Reform: Constraint Development Responsibilities PSO-WG Meeting 3 February 2019 1

WEM Reform: Constraint Development Responsibilities PSO-WG Meeting 3 February 2019 1

WEM Reform: Constraint Development Responsibilities PSO-WG Meeting 3 February 2019 1 Constraint technical framework Constraint Limit advice equations 2. Constraint formulation 1. Power system 3. Constraint model library 4. Dispatch

523 views • 12 slides
Inter-procedural Control Flow Analysis Using Constraint-based Approach cs6463 1 The Dynamic

Inter-procedural Control Flow Analysis Using Constraint-based Approach cs6463 1 The Dynamic

Inter-procedural Control Flow Analysis Using Constraint-based Approach cs6463 1 The Dynamic Dispatch Problem Which function is called by p(x)? int myFunc ( int (*p)(int), ) { return p(x); } P is a function pointer. What

364 views • 20 slides
Overlapping Communities in Dynamic Networks: Their Detection and Mobile Applications Nam P .

Overlapping Communities in Dynamic Networks: Their Detection and Mobile Applications Nam P .

Overlapping Communities in Dynamic Networks: Their Detection and Mobile Applications Nam P . Nguyen, Thang N. Dinh, Sindhura Tokala, My T. Thai Department of Computer and Information Science and Engineering, University of Florida, USA

1.46k views • 87 slides
Shape Outlier Detection Using Pose Preserving Dynamic Shape Models Chan-Su Lee and Ahmed

Shape Outlier Detection Using Pose Preserving Dynamic Shape Models Chan-Su Lee and Ahmed

Shape Outlier Detection Using Pose Preserving Dynamic Shape Models Chan-Su Lee and Ahmed Elgammal Rutgers, The State University of New Jersey Department of Computer Science Outline Introduction Shape Outlier Detection for Visual

753 views • 32 slides
Constraint Programming - Heuristics in Search Variable and Value selection Static and

Constraint Programming - Heuristics in Search Variable and Value selection Static and

Constraint Programming - Heuristics in Search Variable and Value selection Static and Dynamic Heuristics Incomplete Search Strategies Symmetry Breaking (introduction) 10 November 2011 Constraint Programming 1 Heuristic Search -

746 views • 59 slides
Extending the GC hardware Rob Reilink Extending the GC hardware Why? GC can be an embedded

Extending the GC hardware Rob Reilink Extending the GC hardware Why? GC can be an embedded

Extending the GC hardware Rob Reilink Extending the GC hardware Why? GC can be an embedded computer Home automation Cinema set Car Infotainment system ... But: Essential hardware lacks: Data storage (harddisk and/or flash)

221 views • 9 slides
What do Shannon-type Inequalities, Submodular Width, and Disjunctive Datalog have to do with one

What do Shannon-type Inequalities, Submodular Width, and Disjunctive Datalog have to do with one

What do Shannon-type Inequalities, Submodular Width, and Disjunctive Datalog have to do with one another? Mahmoud Abo Khamis 1 Hung Q. Ngo 1 Dan Suciu 1 , 2 1 LogicBlox Inc. 2 University of Washington PODS 2017 1/22 Contributions A Join

1.59k views • 131 slides
Extending Hindley-Milner Type Inference with Coercive Structural Subtyping Dmitriy Traytel

Extending Hindley-Milner Type Inference with Coercive Structural Subtyping Dmitriy Traytel

Why coercions? A naive algorithm Constraint-based algorithm Conclusion Extending Hindley-Milner Type Inference with Coercive Structural Subtyping Dmitriy Traytel Stefan Berghofer Tobias Nipkow APLAS 2011 Isabelle nat&lt;:int =

1.23k views • 61 slides
Extending ns Padma Haldar USC/ISI 1 Outline Extending ns In OTcl In C++

Extending ns Padma Haldar USC/ISI 1 Outline Extending ns In OTcl In C++

Extending ns Padma Haldar USC/ISI 1 Outline Extending ns In OTcl In C++ Debugging 2 ns Directory Structure ns-allinone Tcl8.3 TK8.3 OTcl tclcl ns-2 nam-1 ... tcl C+ + code ex test mcast ... lib examples

965 views • 52 slides
Constraint Solving in Symbolic Execution Cristian Cadar Department of Computing Imperial College

Constraint Solving in Symbolic Execution Cristian Cadar Department of Computing Imperial College

Constraint Solving in Symbolic Execution Cristian Cadar Department of Computing Imperial College London Invited talk at SMT 2015 18 July, San Francisco, CA, USA Dynamic Symbolic Execution Dynamic symbolic execution is a technique for

660 views • 53 slides
Chapter 9:Advanced Programming Techniques A mixed bag of different methods to improve the

Chapter 9:Advanced Programming Techniques A mixed bag of different methods to improve the

Constraint Logic Programming Chapter 9:Advanced Programming Techniques A mixed bag of different methods to improve the efficiency of finding a solution 1 Advanced Programming Extending the Constraint Solver Combining Symbolic and

215 views • 18 slides

More recommend