inference of necessary field conditions with abstract
play

Inference of Necessary Field Conditions with Abstract Interpretation - PowerPoint PPT Presentation

May 01, 2023 •151 likes •356 views

Inference of Necessary Field Conditions with Abstract Interpretation Mehdi Bouaziz 1 , Francesco Logozzo 2 , Manuel F ahndrich 2 1 Ecole normale sup erieure, Paris, France 2 Microsoft Research, Redmond, WA, USA Tenth Asian Symposium on

  1. Inference of Necessary Field Conditions with Abstract Interpretation Mehdi Bouaziz 1 , Francesco Logozzo 2 , Manuel F¨ ahndrich 2 1 ´ Ecole normale sup´ erieure, Paris, France 2 Microsoft Research, Redmond, WA, USA Tenth Asian Symposium on Programming Languages and Systems December 12, 2012 – Kyoto, Japan

  2. Design by Contract is a programming methodology which systematically requires the programmer to provide contracts (preconditions, postconditions, object invariants) at design time. Mehdi Bouaziz, Francesco Logozzo, Manuel F¨ ahndrich 2/15 Inference of Necessary Field Conditions with Abstract Interpretation

  3. Design by Contract is a programming methodology which systematically requires the programmer to provide contracts (preconditions, postconditions, object invariants) at design time. ◮ allow automatic generation of documentation, ◮ amplify the testing process, ◮ enable assume/guarantee reasoning for static program verification. Mehdi Bouaziz, Francesco Logozzo, Manuel F¨ ahndrich 2/15 Inference of Necessary Field Conditions with Abstract Interpretation

  4. Design by Contract: Example public class Person { private readonly string Name; private readonly JobTitle JobTitle; public Person(string name, JobTitle jobTitle) { Contract.Requires(jobTitle != null && name != null); this.Name = name; this.JobTitle = jobTitle; } private void ObjectInvariant() { Contract.Invariant(this.Name != null); Contract.Invariant(this.JobTitle != null); } public string GetFullName() { if (this.JobTitle != null) return string.Format("{0}�({1})", PrettyPrint(this.Name), this.JobTitle.ToString())); return PrettyPrint(this.Name); } public string PrettyPrint(string s) { Contract.Requires(s != null); Contract.Ensures(Contract.Result<string>() != null); // ... } } Mehdi Bouaziz, Francesco Logozzo, Manuel F¨ ahndrich 3/15 Inference of Necessary Field Conditions with Abstract Interpretation

  5. Design by Contract: Dream and Reality PL designer dream: the programmer provides sufficient contracts for all the methods and all the classes; a static verifier leverages them to prove the program correctness. Mehdi Bouaziz, Francesco Logozzo, Manuel F¨ ahndrich 4/15 Inference of Necessary Field Conditions with Abstract Interpretation

  6. Design by Contract: Dream and Reality PL designer dream: the programmer provides sufficient contracts for all the methods and all the classes; a static verifier leverages them to prove the program correctness. Reality: ◮ the PL or the programming environment does not support contracts: the programmer use non-contract checks on input parameters/fields, unexploitable by a static analyzer, ◮ the program is only partially annotated, ◮ the programmer thinks that some contracts are obvious, ◮ the provided contracts are too weak. Mehdi Bouaziz, Francesco Logozzo, Manuel F¨ ahndrich 4/15 Inference of Necessary Field Conditions with Abstract Interpretation

  7. Design by Contract: Dream and Reality PL designer dream: the programmer provides sufficient contracts for all the methods and all the classes; a static verifier leverages them to prove the program correctness. Reality: ◮ the PL or the programming environment does not support contracts: the programmer use non-contract checks on input parameters/fields, unexploitable by a static analyzer, ◮ the program is only partially annotated, ◮ the programmer thinks that some contracts are obvious, ◮ the provided contracts are too weak. Solution: Inference! Mehdi Bouaziz, Francesco Logozzo, Manuel F¨ ahndrich 4/15 Inference of Necessary Field Conditions with Abstract Interpretation

  8. Contract Inference By abstract interpretation: ◮ Postconditions ◮ Preconditions [Cousot Cousot Logozzo 10] [Cousot Cousot F¨ ahndrich Logozzo 13] Works well! Mehdi Bouaziz, Francesco Logozzo, Manuel F¨ ahndrich 5/15 Inference of Necessary Field Conditions with Abstract Interpretation

  9. Contract Inference By abstract interpretation: ◮ Postconditions ◮ Preconditions [Cousot Cousot Logozzo 10] [Cousot Cousot F¨ ahndrich Logozzo 13] Works well! ◮ Object invariants Class-Level Modular Analysis [Logozzo 03] Brittle! Mehdi Bouaziz, Francesco Logozzo, Manuel F¨ ahndrich 5/15 Inference of Necessary Field Conditions with Abstract Interpretation

  10. Class-Level Modular Analysis Fixpoint characterization of the invariant: � � I = s 〚 c 〛 ⊔ s 〚 m 〛 ( I ) c ∈ Constrs m ∈ Methods Mehdi Bouaziz, Francesco Logozzo, Manuel F¨ ahndrich 6/15 Inference of Necessary Field Conditions with Abstract Interpretation

  11. Class-Level Modular Analysis: Example public class Person { private readonly string Name; private readonly JobTitle JobTitle; public Person(string name, JobTitle jobTitle) { Contract.Requires(jobTitle != null && name != null); this.Name = name; this.JobTitle = jobTitle; } public string GetFullName() { if (this.JobTitle != null) return string.Format("{0}�({1})", PrettyPrint(this.Name), this.JobTitle.ToString())); return PrettyPrint(this.Name); } public int BaseSalary() { return this.JobTitle.BaseSalary; } public string PrettyPrint(string s) { Contract.Requires(s != null); // ... } } I 0 = � Name �→ NN , JobTitle �→ NN � Mehdi Bouaziz, Francesco Logozzo, Manuel F¨ ahndrich 7/15 Inference of Necessary Field Conditions with Abstract Interpretation

  12. Class-Level Modular Analysis: Example, constructor added public class Person { private readonly string Name; private readonly JobTitle JobTitle; public Person(string name, JobTitle jobTitle) { Contract.Requires(jobTitle != null && name != null); this.Name = name; this.JobTitle = jobTitle; } public Person(string name) { Contract.Requires(name != null); this.Name = name; } public string GetFullName() { if (this.JobTitle != null) return string.Format("{0}�({1})", PrettyPrint(this.Name), this.JobTitle.ToString())); return PrettyPrint(this.Name); } public int BaseSalary() { return this.JobTitle.BaseSalary; } } I 1 = � Name �→ NN , JobTitle �→ T � Mehdi Bouaziz, Francesco Logozzo, Manuel F¨ ahndrich 8/15 Inference of Necessary Field Conditions with Abstract Interpretation

  13. Our Solution: Backward Inference of Necessary Conditions Necessary conditions: properties that should hold on the object fields; if violated, an error will definitely occur. Mehdi Bouaziz, Francesco Logozzo, Manuel F¨ ahndrich 9/15 Inference of Necessary Field Conditions with Abstract Interpretation

  14. Our Solution: Backward Inference of Necessary Conditions Necessary conditions: properties that should hold on the object fields; if violated, an error will definitely occur. Goal-directed backward interprocedural propagation of potentially failing assertions. ◮ push assertions that cannot be proven to method entry points (necessary precondition inference [Cousot Cousot Logozzo 10]) ◮ keep those involving private fields ◮ propagate them to the constructors ◮ generate an abstract error trace Mehdi Bouaziz, Francesco Logozzo, Manuel F¨ ahndrich 9/15 Inference of Necessary Field Conditions with Abstract Interpretation

  15. Backward Inference of Necessary Conditions: Example public class Person { private readonly string Name; private readonly JobTitle JobTitle; public Person(string name, JobTitle jobTitle) { Contract.Requires(jobTitle != null && name != null); this.Name = name; this.JobTitle = jobTitle; } public Person(string name) { Contract.Requires(name != null); this.Name = name; } public string GetFullName() { if (this.JobTitle != null) return string.Format("{0}�({1})", PrettyPrint(this.Name), this.JobTitle.ToString())); return PrettyPrint(this.Name); } public int BaseSalary() { return this.JobTitle.BaseSalary; } } I 2 = � Name �→ NN , JobTitle �→ NN � Mehdi Bouaziz, Francesco Logozzo, Manuel F¨ ahndrich 10/15 Inference of Necessary Field Conditions with Abstract Interpretation

  16. The algorithm Result : A necessary condition I ∗ on object fields while true do φ ← true foreach m ∈ M do if ¬ cccheck ( m , out ¯ a ) then // Strengthen precondition and invariant � φ P , φ I � ← π 2 ( I ( m )(¯ a )) Pre m ← Pre m ∧ φ P φ ← φ ∧ φ I end end if φ = true then break // no change on I F , we are done else I F ← I F ∧ φ end end foreach c ∈ C do if ¬ cccheck ( c , out ¯ a ) then // Strengthen the precondition Pre c ← Pre c ∧ π 1 ( I ( c )(¯ a )) end end Mehdi Bouaziz, Francesco Logozzo, Manuel F¨ ahndrich 11/15 Inference of Necessary Field Conditions with Abstract Interpretation

  17. Special Case: Readonly Fields Restricted to readonly fields, the necessary condition inference algorithm gives object invariants after the first iteration of the main loop. Mehdi Bouaziz, Francesco Logozzo, Manuel F¨ ahndrich 12/15 Inference of Necessary Field Conditions with Abstract Interpretation

  18. Experiments We ran cccheck on .Net Framework libraries, with: (BR) object invariant inference disabled; (NCR) object invariant inference enabled for readonly fields only; (NC1) object invariant inference enabled for all fields, with the constraint of analyzing every method only once; (CLMAR) forward class-level modular analysis enabled for readonly fields only. Mehdi Bouaziz, Francesco Logozzo, Manuel F¨ ahndrich 13/15 Inference of Necessary Field Conditions with Abstract Interpretation

Recommend

Fields Organizational Strategies readings: From Object to Field Field Conditions by Stan Allen

Fields Organizational Strategies readings: From Object to Field Field Conditions by Stan Allen

Fields Organizational Strategies readings: From Object to Field Field Conditions by Stan Allen Andrea Bagniewski Aya Jazaierly Field Conditions - form - rethinking the part-to-whole problem - reacting to Deconstructivism - in opposition to

524 views • 16 slides
Background Magnetic Field and Kink and Torus Instabilities Y. Liu 1 ABSTRACT Using a Potential

Background Magnetic Field and Kink and Torus Instabilities Y. Liu 1 ABSTRACT Using a Potential

Background Magnetic Field and Kink and Torus Instabilities Y. Liu 1 ABSTRACT Using a Potential Field Source Surface model (PFSS), we study profile of magnetic field overlying erupted filaments. The filaments studied here were re- ported to

517 views • 8 slides
ACMS 20340 Statistics for Life Sciences Chapter 15: Inference in Practice Inference in Practice

ACMS 20340 Statistics for Life Sciences Chapter 15: Inference in Practice Inference in Practice

ACMS 20340 Statistics for Life Sciences Chapter 15: Inference in Practice Inference in Practice Recall the simple conditions for inference about a population mean: Known standard deviation Sample obtained randomly Normally

534 views • 30 slides
Probability, Statistics and Inference Probability : an abstract mathematical framework for

Probability, Statistics and Inference Probability : an abstract mathematical framework for

Mathematical Tools for Neural and Cognitive Science Fall semester, 2017 Probability, Statistics and Inference Probability : an abstract mathematical framework for describing random quantities (e.g., measurements) Statistics : use of

505 views • 29 slides
Variational Mean Field Variational Mean Field for Graphical Models for Graphical Models

Variational Mean Field Variational Mean Field for Graphical Models for Graphical Models

Variational Mean Field Variational Mean Field for Graphical Models for Graphical Models CS/CNS/EE 155 Baback Moghaddam Machine Learning Group baback @ jpl.nasa.gov Approximate Inference Approximate Inference Consider general UGs ( i.e.,

382 views • 37 slides
Section 4: Statistics and Inference Probability : an abstract mathematical framework for

Section 4: Statistics and Inference Probability : an abstract mathematical framework for

Mathematical Tools for Neural and Cognitive Science Fall semester, 2016 Section 4: Statistics and Inference Probability : an abstract mathematical framework for describing random quantities (e.g. measurements) Statistics : use of probability

529 views • 25 slides
Prescription for e.m. field calculations P. Piot, PHYS 571 Fall 2007 Boundary conditions I

Prescription for e.m. field calculations P. Piot, PHYS 571 Fall 2007 Boundary conditions I

Prescription for e.m. field calculations P. Piot, PHYS 571 Fall 2007 Boundary conditions I Electric field components z z S Magnetic field components end plates Proof: start with what we had last lesson P. Piot, PHYS 571

547 views • 15 slides
@ Estimating uncertainty in real-world conditions using Bayesian inference Max Sklar Foursquare

@ Estimating uncertainty in real-world conditions using Bayesian inference Max Sklar Foursquare

Reading into Scarce Data @ Estimating uncertainty in real-world conditions using Bayesian inference Max Sklar Foursquare Engineer @maxsklar We're talking about this problem: - When do I have enough data to be confident in my answer? -

427 views • 23 slides
Optimal Continuous DR-Submodular Maximization and Applications to Provable Mean Field Inference

Optimal Continuous DR-Submodular Maximization and Applications to Provable Mean Field Inference

Optimal Continuous DR-Submodular Maximization and Applications to Provable Mean Field Inference Yatao (An) Bian, Joachim M. Buhmann, Andreas Krause ETH Zurich Motivation and Background Product recommendation Given a parameterized submodular

420 views • 5 slides
All of The Above Presents December 2017 Predictions for Jon Wood Field Current Conditions at

All of The Above Presents December 2017 Predictions for Jon Wood Field Current Conditions at

All of The Above Presents December 2017 Predictions for Jon Wood Field Current Conditions at Jon Wood Field (Jet Stream data by www.weatherstreet.com) You are Here Forecast for Jon Wood Field (Weather forecast data by www.wunderground.com)

823 views • 35 slides
Bayesian networks Independence Bayesian networks Markov conditions Inference by

Bayesian networks Independence Bayesian networks Markov conditions Inference by

Bayesian networks Independence Bayesian networks Markov conditions Inference by enumeration rejection sampling Gibbs sampler Independence if P(A=a,B=a) = P(A=a)P(B=b) for all a and b, then we call A and B

733 views • 19 slides
Particle in a static E-field Consider a charge particle q interacting with a E-field E =E x .

Particle in a static E-field Consider a charge particle q interacting with a E-field E =E x .

Particle in a static E-field Consider a charge particle q interacting with a E-field E =E x . Particles initial conditions p (t=0)=p 0 y. The Lorentz force is: integrate So that total energy a time t is: P. Piot,

542 views • 7 slides
Assessing Translations: How Different Checking Procedures Compare Under Field Conditions Gijs van

Assessing Translations: How Different Checking Procedures Compare Under Field Conditions Gijs van

Assessing Translations: How Different Checking Procedures Compare Under Field Conditions Gijs van Houten, International Survey Methodologist Danielle Cuddington, Research Analyst Katie Simmons, Associate Director, Research Steve Schwarzer,

530 views • 14 slides
Inference of Field Initialization Fausto Spoto and Michael D. Ernst University of Verona, Italy

Inference of Field Initialization Fausto Spoto and Michael D. Ernst University of Verona, Italy

Inference of Field Initialization Fausto Spoto and Michael D. Ernst University of Verona, Italy &amp; University of Washington, USA Honolulu, May 25, 2011, ICSE 1 / 8 Clever tracking of windows by name (from a real story) public class MyWindow

674 views • 48 slides
Update on LUTS/BPH (Clinical field surgical) Pusan National University Hospital Lee Wan

Update on LUTS/BPH (Clinical field surgical) Pusan National University Hospital Lee Wan

Update on LUTS/BPH (Clinical field surgical) Pusan National University Hospital Lee Wan Contents q AUA abstract review q EAU abstract review q Recent Journal review AUA Abstract q AUA BPH session: Surgical Therapy and New Technology (40) -

365 views • 25 slides
The boundary conditions 3. In our case the boundaries are straight lines, connected at the

The boundary conditions 3. In our case the boundaries are straight lines, connected at the

1. We have now derived numerical approximations that allow us to update the flow field in time, in the DNS of Multiphase Flows interior of the domain. Before we can do a specific problem we need to include boundary conditions. Direct

427 views • 7 slides
The Study of Quinoa Salinity Tolerance in the Field Conditions By: Mohammad Shahid and N.K. Rao

The Study of Quinoa Salinity Tolerance in the Field Conditions By: Mohammad Shahid and N.K. Rao

International Quinoa Conference 2016: Quinoa for Future Food and Nutrition Security in Marginal Environments Dubai, 6-8 December 2016 www.quinoaconference.com The Study of Quinoa Salinity Tolerance in the Field Conditions By: Mohammad Shahid

581 views • 28 slides
Lost in Mathematics: Quantum Field Theory Abstract for Invited Presentation for Physics

Lost in Mathematics: Quantum Field Theory Abstract for Invited Presentation for Physics

Lost in Mathematics: Quantum Field Theory Abstract for Invited Presentation for Physics Beyond Relativity 2019 Akira Kanda Omega Mathematical Institute/ University of Toronto Mihai Prunescu University of Bucharest, Romanian Academy of

301 views • 13 slides
Medical Imagery for the Field Therapist Traumatic Conditions T ti C diti

Medical Imagery for the Field Therapist Traumatic Conditions T ti C diti

Medical imagery for the field therapist Medical Imagery for the Field Therapist Traumatic Conditions T ti C diti Charlen Berry B.Sc., CAT(C), DO(Qc) Certified Athletic Therapist / Osteopath EATA Buffalo 2013 EATA Buffalo 2013

269 views • 15 slides
Phase-field systems with nonlinear coupling and dynamic boundary conditions Cecilia Cavaterra

Phase-field systems with nonlinear coupling and dynamic boundary conditions Cecilia Cavaterra

Phase-field systems with nonlinear coupling and dynamic boundary conditions Cecilia Cavaterra Dipartimento di Matematica F . Enriques Universit degli Studi di Milano cecilia.cavaterra@unimi.it VIII Workshop on Partial Differential

510 views • 46 slides
A different approach Operational semantics defines an interpreter, from abstract syntax to

A different approach Operational semantics defines an interpreter, from abstract syntax to

A different approach Operational semantics defines an interpreter, from abstract syntax to abstract syntax. Metalanguage is inference rules (slides) or OCaml ( interp.ml ) CSE-505: Programming Languages Denotational semantics defines a compiler

312 views • 3 slides
Exact Inference Inference Basic task for inference: Compute

Exact Inference Inference Basic task for inference: Compute

Exact Inference Inference Basic task for inference: Compute a posterior distribu8on for some query variables given some observed evidence Sum out

699 views • 30 slides
Note on a construction of TQFT from cohomology Kiyonori Gomi Abstract This is a note about a

Note on a construction of TQFT from cohomology Kiyonori Gomi Abstract This is a note about a

Note on a construction of TQFT from cohomology Kiyonori Gomi Abstract This is a note about a simple construction of even dimensional topo- logical quantum field theories, based on cohomology with its coefficients in a finite field, the cup

403 views • 26 slides
Medical Imagery for the Field Therapist Therapist Traumatic Conditions Charlen

Medical Imagery for the Field Therapist Therapist Traumatic Conditions Charlen

Medical imagery for the field therapist Medical Imagery for the Field Therapist Therapist Traumatic Conditions Charlen Berry B.Sc., CAT(C), DO(Qc) Certified Athletic Therapist / Osteopath EATA Buffalo 2013 EATA Buffalo 2013 2

610 views • 43 slides

More recommend