likely program invariants
play

Likely Program Invariants Michael Ernst, Jake Cockrell, Bill - PowerPoint PPT Presentation

Aug 23, 2023 •47 likes •287 views

Dynamically Detecting Likely Program Invariants Michael Ernst, Jake Cockrell, Bill Griswold (UCSD), and David Notkin University of Washington Department of Computer Science and Engineering http://www.cs.washington.edu/homes/mernst/ Ernst,

  1. Dynamically Detecting Likely Program Invariants Michael Ernst, Jake Cockrell, Bill Griswold (UCSD), and David Notkin University of Washington Department of Computer Science and Engineering http://www.cs.washington.edu/homes/mernst/ Ernst, ICSE 99, page 1

  2. Overview Goal: recover invariants from programs Technique: run the program, examine values Artifact: Daikon • recovered formal specifications Results: • aided in a software modification task • motivation Outline: • techniques • future work Ernst, ICSE 99, page 2

  3. Goal: recover invariants Detect invariants like those in assert statements • x > abs(y) • x = 16*y + 4*z + 3 • array a contains no duplicates • for each node n , n = n.child.parent • graph g is acyclic Ernst, ICSE 99, page 3

  4. Uses for invariants Write better programs [Liskov 86] Documentation Convert to assert Maintain invariants to avoid introducing bugs Validate test suite: value coverage Locate exceptional conditions Higher-level profile-directed compilation [Calder 98] Bootstrap proofs [Wegbreit 74, Bensalem 96] Ernst, ICSE 99, page 4

  5. Experiment 1: recover formal specifications Example: Program 15.1.1 from The Science of Programming [Gries 81] // Sum array b of length n into variable s. i := 0; s := 0; while i  n do { s := s + b [ i ]; i := i +1 } Precondition: n  0 Postcondition: s = (  j : 0  j < n : b [ j ]) Loop invariant: 0  i  n and s = (  j : 0  j < i : b [ j ]) Ernst, ICSE 99, page 5

  6. Test suite for program 15.1.1 100 randomly-generated arrays • Length uniformly distributed from 7 to 13 • Elements uniformly distributed from -100 to 100 Ernst, ICSE 99, page 6

  7. Inferred invariants 15.1.1:::BEGIN (100 samples) N = size(B) (7 values) N in [7..13] (7 values) B (100 values) All elements in [-100..100] (200 values) 15.1.1:::END (100 samples) N = I = N_orig = size(B) (7 values) B = B_orig (100 values) S = sum(B) (96 values) N in [7..13] (7 values) B (100 values) All elements in [-100..100] (200 values) Ernst, ICSE 99, page 7

  8. Inferred loop invariants 15.1.1:::LOOP (1107 samples) N = size(B) (7 values) S = sum(B[0..I-1]) (96 values) N in [7..13] (7 values) I in [0..13] (14 values) I <= N (77 values) B (100 values) All elements in [-100..100] (200 values) B[0..I-1] (985 values) All elements in [-100..100] (200 values) Ernst, ICSE 99, page 8

  9. Ways to obtain invariants • Programmer-supplied • Static analysis: examine the program text [Cousot 77, Gannod 96] • properties are guaranteed to be true • pointers are intractable in practice • Dynamic analysis: run the program Ernst, ICSE 99, page 9

  10. Dynamic invariant detection Original Instrumented program program Data trace Invariants database Detect Instrument Run invariants Test suite Look for patterns in values the program computes: • Instrument the program to write data trace files • Run the program on a test suite • Offline invariant engine reads data trace files, checks for a collection of potential invariants Ernst, ICSE 99, page 10

  11. Running the program Requires a test suite • standard test suites are adequate • relatively insensitive to test suite No guarantee of completeness or soundness • useful nonetheless Ernst, ICSE 99, page 11

  12. Sample invariants x,y,z are variables; a,b,c are constants Numbers: • unary: x = a, a  x  b, x  a (mod b) • n-ary: x  y , x = a y + b z + c, x = max( y , z ) Sequences: • unary: sorted, invariants over all elements • with scalar: membership • with sequence: subsequence, ordering Ernst, ICSE 99, page 12

  13. Checking invariants For each potential invariant: • quickly determine constants (e.g., a and b in y = a x + b) • stop checking once it is falsified This is inexpensive Ernst, ICSE 99, page 13

  14. Performance Runtime growth: • quadratic in number of variables at a program point (linear in number of invariants checked/discovered) • linear in number of samples or values (test suite size) • linear in number of program points Absolute runtime: a few minutes per procedure • 10,000 calls, 70 variables, instrument entry and exit Ernst, ICSE 99, page 14

  15. Statistical checks Check hypothesized distribution To show x  0 for v values of x in range of size r , v   1  probability of no zeroes is  r  1   Range limits (e.g., x  22): • more samples than neighbors (clipped to that value) • same number of samples as neighbors (uniform distribution) Ernst, ICSE 99, page 15

  16. Derived variables Variables not appearing in source text • array: length, sum, min, max • array and scalar: element at index, subarray • number of calls to a procedure Enable inference of more complex relationships Staged derivation and invariant inference • avoid deriving meaningless values • avoid computing tautological invariants Ernst, ICSE 99, page 16

  17. Experiment 2: C code lacking explicit invariants 563-line C program: regexp search & replace [Hutchins 94, Rothermel 98] Task: modify to add Kleene + Use both detected invariants and traditional tools Ernst, ICSE 99, page 17

  18. Experiment 2 invariant uses Contradicted some maintainer expectations anticipated lj < j in makepat Revealed a bug when lastj = *j in stclose , array bounds error Explicated data structures regexp compiled form (a string) Ernst, ICSE 99, page 18

  19. Experiment 2 invariant uses Showed procedures used in limited ways makepat : start = 0 and delim = ’ \ 0’ Demonstrated test suite inadequacy calls( in_set_2 ) = calls( stclose ) Changes in invariants validated program changes plclose : *j  *j orig +2 stclose : *j = *j orig +1 Ernst, ICSE 99, page 19

  20. Experiment 2 conclusions Invariants: • effectively summarize value data • support programmer’s own inferences • lead programmers to think in terms of invariants • provide serendipitous information Useful tools: • trace database (supports queries) • invariant differencer Ernst, ICSE 99, page 20

  21. Future work Logics: • Disjunctions: p = NULL or *p > i • Predicated invariants: if condition then invariant • Temporal invariants • Global invariants (multiple program points) • Existential quantifiers Domains: recursive (pointer-based) data structures • Local invariants • Global invariants: structure [Hendren 92] , value Ernst, ICSE 99, page 21

  22. More future work User interface • control over instrumentation • display and manipulation of invariants Experimental evaluation • apply to a variety of tasks • apply to more and bigger programs • users wanted! (Daikon works on C, C++, Java, Lisp) Ernst, ICSE 99, page 22

  23. Related work Dynamic inference • inductive logic programming [Bratko 93] • program spectra [Reps 97] • finite state machines [Boigelot 97, Cook 98] Static inference [Jeffords 98] • checking specifications [Detlefs 96, Evans 96, Jacobs 98] • specification extension [Givan 96, Hendren 92] • etc. [Henry 90, Ward 96] Ernst, ICSE 99, page 23

  24. Conclusions Dynamic invariant detection is feasible • Prototype implementation Dynamic invariant detection is effective • Two experiments provide preliminary support Dynamic invariant detection is a challenging but promising area for future research Ernst, ICSE 99, page 24

Recommend

Searching for Program Invariants using Genetic Programming and Mutation Testing Sam Ratcliff,

Searching for Program Invariants using Genetic Programming and Mutation Testing Sam Ratcliff,

Searching for Program Invariants using Genetic Programming and Mutation Testing Sam Ratcliff, David R. White and John A. Clark. The 13th CREST Open Workshop Thursday 12 May 2011 Outline Invariants Using GP to find Invariants Identifying

417 views • 38 slides
Loop invariants &lt;precondition: n&gt;0&gt; int i = 0; while (i &lt; n){ i = i+1; We want to

Loop invariants &lt;precondition: n&gt;0&gt; int i = 0; while (i &lt; n){ i = i+1; We want to

4/23/16 Loop invariants as a way of reasoning about the state of your program Loop invariants &lt;precondition: n&gt;0&gt; int i = 0; while (i &lt; n){ i = i+1; We want to prove: } i==n right after the loop &lt;post condition: i==n&gt;

80 views • 7 slides
Daikon: Dynamic Analysis for Inferring Likely Invariants Reading: Dynamically Discovering Likely

Daikon: Dynamic Analysis for Inferring Likely Invariants Reading: Dynamically Discovering Likely

Daikon: Dynamic Analysis for Inferring Likely Invariants Reading: Dynamically Discovering Likely Program Invariants to Support Program Evolution 17-654/17-765 Analysis of Software Artifacts Jonathan Aldrich What is an Invariant? A

361 views • 22 slides
Leveraging Program Invariants to Promote Population Diversity in Search-Based Automatic Program

Leveraging Program Invariants to Promote Population Diversity in Search-Based Automatic Program

Leveraging Program Invariants to Promote Population Diversity in Search-Based Automatic Program Repair Zhen Yu Ding , Yiwei Lyu , Christopher S. Timperley , Claire Le Goues University of Pittsburgh, Carnegie Mellon

991 views • 64 slides
CS 220: Discrete Structures and their Applications Loop Invariants Chapter 3 in zybooks Program

CS 220: Discrete Structures and their Applications Loop Invariants Chapter 3 in zybooks Program

CS 220: Discrete Structures and their Applications Loop Invariants Chapter 3 in zybooks Program verification How do we know our program works correctly? In this lecture we will focus on a tool for verifying the correctness of programs that

605 views • 25 slides
Decision Tree Based Learning of Program Invariants Deepak DSouza Department of Computer

Decision Tree Based Learning of Program Invariants Deepak DSouza Department of Computer

Floyd-Hoare Style Verification Decision Tree Learning ICE Learning Proofs with Multiple Invariants Decision Tree Based Learning of Program Invariants Deepak DSouza Department of Computer Science and Automation Indian Institute of Science,

648 views • 37 slides
Synthesis of Ranking Functions and Synthesis of Inductive Invariants and Synthesis of

Synthesis of Ranking Functions and Synthesis of Inductive Invariants and Synthesis of

Synthesis of Ranking Functions and Synthesis of Inductive Invariants and Synthesis of Recurrence Sets via Constraint Solving Andreas Podelski January 17, 2012 1 Program Verification and Constraints Reasoning about program

422 views • 28 slides
Fundamentals of Program Analysis + Generation of Linear Prg. Invariants Markus Mller-Olm

Fundamentals of Program Analysis + Generation of Linear Prg. Invariants Markus Mller-Olm

Fundamentals of Program Analysis + Generation of Linear Prg. Invariants Markus Mller-Olm Westflische Wilhelms-Universitt Mnster, Germany 2nd Tutorial of SPP RS3: Reliably Secure Software Systems Schloss Buchenau, September 3-6, 2012

1.74k views • 162 slides
Learning Loop Invariants for Program Verification Xujie Si*, Hanjun Dai*, Mukund Raghothaman,

Learning Loop Invariants for Program Verification Xujie Si*, Hanjun Dai*, Mukund Raghothaman,

Learning Loop Invariants for Program Verification Xujie Si*, Hanjun Dai*, Mukund Raghothaman, Mayur Naik, Le Song University of Pennsylvania Georgia Institute of Technology NeurIPS 2018 Code: https://github.com/PL-ML/code2inv * equal

386 views • 34 slides
Proving invariants: how many times a program should be unfolded ? Paul Caspi, Jan Mik

Proving invariants: how many times a program should be unfolded ? Paul Caspi, Jan Mik

Proving invariants: how many times a program should be unfolded ? Paul Caspi, Jan Mik VERIMAG Grenoble Problem definition 1 A closed system state space S initial state I is a predicate on S transition relation T is a predicate on S

161 views • 13 slides
GENERATING INVARIANTS IN POSITIVE CHARACTERISTIC VISU MAKAM Abstract. The ring of invariants for a

GENERATING INVARIANTS IN POSITIVE CHARACTERISTIC VISU MAKAM Abstract. The ring of invariants for a

GENERATING INVARIANTS IN POSITIVE CHARACTERISTIC VISU MAKAM Abstract. The ring of invariants for a rational representation of a reductive group is finitely generated by the results of Hilbert, Nagata and Haboush. However, the proof is not

482 views • 3 slides
Transition Invariants for Program Termination Andreas Podelski January 9, 2012 Ramseys

Transition Invariants for Program Termination Andreas Podelski January 9, 2012 Ramseys

Transition Invariants for Program Termination Andreas Podelski January 9, 2012 Ramseys theorem every infinite complete graph that is colored with finitely many colors contains a monochrome infinite complete subgraph termination a program P

550 views • 27 slides
Local invariants of maps between 3-manifolds Victor Goryunov University of Liverpool Conference

Local invariants of maps between 3-manifolds Victor Goryunov University of Liverpool Conference

Introduction Generic critical value sets Integer invariants mod2 invariants Local invariants of maps between 3-manifolds Victor Goryunov University of Liverpool Conference Legacy of Vladimir Arnold Fields Institute, Toronto 25 November

1.37k views • 84 slides
Cheeger-Gromov L 2 -invariants of 3-manifolds Geunho Lim Indiana University Bloomington

Cheeger-Gromov L 2 -invariants of 3-manifolds Geunho Lim Indiana University Bloomington

Cheeger-Gromov L 2 -invariants of 3-manifolds Geunho Lim Indiana University Bloomington limg@iu.edu L 2 -invariants Topological Definition of L 2 -invariants, (2) (M, ) M is a closed (4k-1)-manifold. : 1 ( M) G is

806 views • 3 slides
Quickly Detecting Relevant Program Invariants Michael Ernst, Adam Czeisler, Bill Griswold

Quickly Detecting Relevant Program Invariants Michael Ernst, Adam Czeisler, Bill Griswold

Quickly Detecting Relevant Program Invariants Michael Ernst, Adam Czeisler, Bill Griswold (UCSD), and David Notkin University of Washington http://www.cs.washington.edu/homes/mernst/daikon Michael Ernst, page 1 Overview Goal: improve

776 views • 32 slides
Data Invariants, Abstraction and Refinement Liam OConnor University of Edinburgh LFCS (and

Data Invariants, Abstraction and Refinement Liam OConnor University of Edinburgh LFCS (and

Data Invariants and ADTs Validation Data Refinement Administrivia Software System Design and Implementation Data Invariants, Abstraction and Refinement Liam OConnor University of Edinburgh LFCS (and UNSW) Term 2 2020 1 Data Invariants

1.07k views • 68 slides
Integrable and chaotic mappings of the plane with polygon invariants. Tim Zolkin 1 Sergei

Integrable and chaotic mappings of the plane with polygon invariants. Tim Zolkin 1 Sergei

1. Definitions, historical remarks and tools we need 2. Periodic integer maps with polygon invariants 3. Maps with polygon invariants Integrable and chaotic mappings of the plane with polygon invariants. Tim Zolkin 1 Sergei Nagaitsev 1 , 2 1

691 views • 65 slides
Characterizing Algebraic Invariants by Differential Radical Invariants Khalil Ghorbal Carnegie

Characterizing Algebraic Invariants by Differential Radical Invariants Khalil Ghorbal Carnegie

Characterizing Algebraic Invariants by Differential Radical Invariants Khalil Ghorbal Carnegie Mellon university Joint work with Andr e Platzer CMACS AVACS November 21st, 2013 K. Ghorbal (CMU) CMACS AVACS 1 CMACS 1 / 31 Introduction

575 views • 33 slides
K-theoretic Gromov-Witten invariants and derived algebraic geometry Marco Robalo (IMJ-PRG, UPMC)

K-theoretic Gromov-Witten invariants and derived algebraic geometry Marco Robalo (IMJ-PRG, UPMC)

K-theoretic Gromov-Witten invariants and derived algebraic geometry Marco Robalo (IMJ-PRG, UPMC) Summary 1 Introduction: GW invariants 2 Brane Actions and Correspondences Introduction - GW-invariants Results in this talk: collaboration with E.

2.05k views • 125 slides
Geometrical representation of entanglement invariants of symmetric N-qubit states December 17,

Geometrical representation of entanglement invariants of symmetric N-qubit states December 17,

Geometrical representation of entanglement invariants of symmetric N-qubit states December 17, 2011 Swarnamala Sirsi University of Mysore Collaborator Veena Adiga The problem of enumeration of local invariants of quantum state described by

366 views • 33 slides
COMP 213 Advanced Object-oriented Programming Lecture 25 Class Invariants Class Invariants A

COMP 213 Advanced Object-oriented Programming Lecture 25 Class Invariants Class Invariants A

COMP 213 Advanced Object-oriented Programming Lecture 25 Class Invariants Class Invariants A class invariant is definition of Class Invariant some property that is always true of all instances of the class in question. i.e., some statement,

1.34k views • 96 slides
Invariants of disordered topological insulators Hermann Schulz-Baldes, Erlangen . main

Invariants of disordered topological insulators Hermann Schulz-Baldes, Erlangen . main

Invariants of disordered topological insulators Invariants of disordered topological insulators Hermann Schulz-Baldes, Erlangen . main collaborators: De Nittis, Prodan . Bochum, June 2014 Wien, August, September 2014 Invariants of disordered

785 views • 30 slides
Vector invariants in arbitrary characteristic Frank Grosshans Aachen, RWTH June 2010 Grosshans

Vector invariants in arbitrary characteristic Frank Grosshans Aachen, RWTH June 2010 Grosshans

Vector invariants in arbitrary characteristic Frank Grosshans Aachen, RWTH June 2010 Grosshans (West Chester University) (Institute) Vector invariants 06/10 1 / 30 Outline Sections 1. The general problem of vector invariants Grosshans

1.36k views • 106 slides
Regions and Permissions for Data Invariants Romain Bardou and Claude March e Septembre 2009

Regions and Permissions for Data Invariants Romain Bardou and Claude March e Septembre 2009

Regions and Permissions for Data Invariants Romain Bardou and Claude March e Septembre 2009 Regions and Permissions for Data Invariants 1 / 1 Motivation preservation of data invariants in pointer programs ownership system of Spec#

301 views • 29 slides

More recommend