quickly detecting relevant program invariants
play

Quickly Detecting Relevant Program Invariants Michael Ernst, Adam - PowerPoint PPT Presentation

Oct 29, 2023 •442 likes •776 views

Quickly Detecting Relevant Program Invariants Michael Ernst, Adam Czeisler, Bill Griswold (UCSD), and David Notkin University of Washington http://www.cs.washington.edu/homes/mernst/daikon Michael Ernst, page 1 Overview Goal: improve

  1. Quickly Detecting Relevant Program Invariants Michael Ernst, Adam Czeisler, Bill Griswold (UCSD), and David Notkin University of Washington http://www.cs.washington.edu/homes/mernst/daikon Michael Ernst, page 1

  2. Overview Goal: improve dynamic invariant detection [ICSE 99, TSE] Relevance improvements: • add desired invariants (2 techniques) • eliminate undesired ones (3 techniques) Experiments validate the success Michael Ernst, page 2

  3. Program invariants Detect invariants (as in assert s or specifications) • x > abs(y) • x = 16*y + 4*z + 3 • array a contains no duplicates • for each node n , n = n.child.parent • graph g is acyclic Michael Ernst, page 3

  4. Uses for invariants • Write better programs [Gries 81, Liskov 86] • Document code • Check assumptions: convert to assert • Maintain invariants to avoid introducing bugs • Locate unusual conditions • Validate test suite: value coverage • Provide hints for higher-level profile-directed compilation [Calder 98] • Bootstrap proofs [Wegbreit 74, Bensalem 96] Michael Ernst, page 4

  5. Dynamic invariant detection is accurate Recovered formal specifications, found bugs Target programs: • The Science of Programming [Gries 81] • Program checkers [Detlefs 98, Xi 98] • MIT 6.170 student programs • Data Structures and Algorithm Analysis in Java [Weiss 99] Michael Ernst, page 5

  6. Dynamic invariant detection is useful 563-line C program: regexp search & replace [Hutchins 94, Rothermel 98] • Explicated data structures • Contradicted expectations, preventing bugs • Revealed bugs • Showed limited use of procedures • Improved test suite • Validated program changes Michael Ernst, page 6

  7. Dynamic invariant detection Original Instrumented program program Data trace Invariants database Detect Instrument Run invariants Test suite Look for patterns in values the program computes: • Instrument the program to write data trace files • Run the program on a test suite • Invariant engine reads data traces, generates potential invariants, and checks them Michael Ernst, page 7

  8. Checking invariants For each potential invariant: • instantiate (determine constants like a and b in y = a x + b) • check for each set of variable values • stop checking when falsified This is inexpensive: many invariants, each cheap Michael Ernst, page 8

  9. Relevance Usefulness to a programmer for a task Contingent on task and programmer We manually classified invariants Perfect output is unnecessary (and impossible) Michael Ernst, page 9

  10. Improved invariant relevance Add desired invariants: 1. Implicit values 2. Unused polymorphism Eliminate undesired invariants (and improve performance): 3. Unjustified properties 4. Redundant invariants 5. Incomparable variables Michael Ernst, page 10

  11. 1. Implicit values Goal: relationships over non-variables Examples: • for array a: length(a), sum(a), min(a), max(a) • for array a and scalar i: a[i], a[0..i] • for procedure p: #calls(p) Michael Ernst, page 11

  12. Derived variables Successfully produces desired invariants Adds many new variables Potential problems: • slowdown: interleave derivation and inference • irrelevant invariants: techniques 3 – 5, later in talk Michael Ernst, page 12

  13. 2. Unused polymorphism Variables declared with general type, used with more specific type Example: given a generic list that contains only integers, report that the contents are sorted Also applicable to subtype polymorphism Michael Ernst, page 13

  14. Unused polymorphism example class MyInteger { int value; … } class Link { Object element; Link next; … } class List { Link header; … } List myList = new List(); for (int i=0; i<10; i++) myList.add(new MyInteger(i)); Desired invariant: in class List , header. closure( next ) is sorted by  over key .element.value Michael Ernst, page 14

  15. Polymorphism elimination Daikon respects declared types Pass 1: front end outputs object ID, runtime type, and all known fields Pass 2: given refined type, front end outputs more fields Sound for deterministic programs Effective for programs tested so far Michael Ernst, page 15

  16. 3. Unjustified properties Given three samples for x : x = 7 x = – 42 x = 22 Potential invariants: x  0 x  22 x  – 42 Michael Ernst, page 16

  17. Statistical checks Check hypothesized distribution To show x  0 for v values of x in range of size r , v   1  probability of no zeroes is  r  1   Range limits (e.g., x  22): • same number of samples as neighbors (uniform) • more samples than neighbors (clipped) # of samples # of samples variable value variable value Michael Ernst, page 17

  18. Duplicate values Array sum program: // Sum array b of length n into variable s. i : = 0; s : = 0; while i  n do { s : = s + b [ i ]; i : = i + 1 } b is unchanged inside loop Problem: at loop head, – 88  b [ n – 1]  99 – 556  sum( b )  539 Reason: more samples inside loop Michael Ernst, page 18

  19. Disregard duplicate values Idea: count a value if its var was just modified Front end outputs modification bit per value • compared techniques for eliminating duplicates Result: eliminates undesired invariants Michael Ernst, page 19

  20. 4. Redundant invariants Given: 0  i  j Redundant: a [ i ]  a [0.. j ] max( a [0.. i ])  max( a [0.. j ]) Redundant invariants are logically implied Implementation contains many such tests Michael Ernst, page 20

  21. Suppress redundancies Avoid deriving variables: suppress 25-50% • equal to another variable • nonsensical (a[i] when i < 0) Avoid checking invariants: • false invariants: trivial improvement • true invariants: suppress 90% Avoid reporting trivial invariants: suppress 25% Michael Ernst, page 21

  22. 5. Unrelated variables Problem: the following are of no interest bool b; int *p; b < p int myweight, mybirthyear; myweight < mybirthyear Michael Ernst, page 22

  23. Limit comparisons Check relations only over comparable variables • declared program types • Lackwit [O’Callahan 97] : value flow analysis based on polymorphic type inference Michael Ernst, page 23

  24. Comparability results Comparisons: • declared types: 60% as many comparisons • Lackwit: 5% as many comparisons; scales well Runtime: 40-70% improvement Few differences in reported invariants Michael Ernst, page 24

  25. Future work Online inference Proving invariants Characterize good test suites New invariants: temporal, existential User interface • control over instrumentation • display and manipulation of invariants Further experimental evaluation • apply to more and bigger programs • apply to a variety of tasks Michael Ernst, page 25

  26. Related work Dynamic inference • inductive logic programming [Bratko 93, Cypher 93] • program spectra [Reps 97, Harrold 98] • finite state machines [Boigelot 97, Cook 98] Static inference • checking specifications [Detlefs 96, Evans 96, Jacobs 98] • specification extension [Givan 96, Hendren 92] • other [Jeffords 98, Henry 90, Ward 96] Michael Ernst, page 26

  27. Conclusions Naive implementation is infeasible Relevance improvements: accuracy, performance • add desired invariants • eliminate undesired invariants Experimental validation Dynamic invariant detection is promising for research and practice Michael Ernst, page 27

  28. Questions? Michael Ernst, page 28

  29. Ways to obtain invariants • Programmer-supplied • Static analysis: examine the program text [Cousot 77, Gannod 96] • properties are guaranteed to be true • pointers are intractable in practice • Dynamic analysis: run the program • complementary to static techniques Michael Ernst, page 29

  30. Unused polymorphism example class MyInteger { int value; … } class Link { Object element; Link next; … } class List { Link header; … } List myList = new List(); for (int i=0; i<10; i++) myList.add(new MyInteger(i)); Desired invariant: in class List , header. closure( next ) .element.value : sorted by  Michael Ernst, page 30

  31. Comparison with AI Dynamic invariant detection: Can be formulated as an AI problem Cannot be solved by current AI techniques • not classification or clustering • no noise • no negative examples; many positive examples • intelligible output Michael Ernst, page 31

  32. Is implication obvious? Want: size( topOfStack. closure( next )) = size(orig( topOfStack. closure( next ))) + 1 Get: size( topOfStack.next. closure( next )) = size( topOfStack. closure( next )) – 1 topOfStack.next. closure( next ) = orig( topOfStack. closure( next )) Solution: interactive UI, queries on variables Michael Ernst, page 32

Recommend

Detecting Image Splicing Using Geometry Invariants And Camera Characteristics Consistency

Detecting Image Splicing Using Geometry Invariants And Camera Characteristics Consistency

Detecting Image Splicing Using Geometry Invariants And Camera Characteristics Consistency Yu-Feng Jessie Hsu, Shih-Fu Chang Digital Video Multimedia Lab Department of Electrical Engineering, Columbia University Motivation: Image Forensics

692 views • 25 slides
Searching for Program Invariants using Genetic Programming and Mutation Testing Sam Ratcliff,

Searching for Program Invariants using Genetic Programming and Mutation Testing Sam Ratcliff,

Searching for Program Invariants using Genetic Programming and Mutation Testing Sam Ratcliff, David R. White and John A. Clark. The 13th CREST Open Workshop Thursday 12 May 2011 Outline Invariants Using GP to find Invariants Identifying

417 views • 38 slides
Likely Program Invariants Michael Ernst, Jake Cockrell, Bill Griswold (UCSD), and David Notkin

Likely Program Invariants Michael Ernst, Jake Cockrell, Bill Griswold (UCSD), and David Notkin

Dynamically Detecting Likely Program Invariants Michael Ernst, Jake Cockrell, Bill Griswold (UCSD), and David Notkin University of Washington Department of Computer Science and Engineering http://www.cs.washington.edu/homes/mernst/ Ernst,

287 views • 24 slides
Loop invariants &lt;precondition: n&gt;0&gt; int i = 0; while (i &lt; n){ i = i+1; We want to

Loop invariants &lt;precondition: n&gt;0&gt; int i = 0; while (i &lt; n){ i = i+1; We want to

4/23/16 Loop invariants as a way of reasoning about the state of your program Loop invariants &lt;precondition: n&gt;0&gt; int i = 0; while (i &lt; n){ i = i+1; We want to prove: } i==n right after the loop &lt;post condition: i==n&gt;

80 views • 7 slides
Daikon: Dynamic Analysis for Inferring Likely Invariants Reading: Dynamically Discovering Likely

Daikon: Dynamic Analysis for Inferring Likely Invariants Reading: Dynamically Discovering Likely

Daikon: Dynamic Analysis for Inferring Likely Invariants Reading: Dynamically Discovering Likely Program Invariants to Support Program Evolution 17-654/17-765 Analysis of Software Artifacts Jonathan Aldrich What is an Invariant? A

361 views • 22 slides
Leveraging Program Invariants to Promote Population Diversity in Search-Based Automatic Program

Leveraging Program Invariants to Promote Population Diversity in Search-Based Automatic Program

Leveraging Program Invariants to Promote Population Diversity in Search-Based Automatic Program Repair Zhen Yu Ding , Yiwei Lyu , Christopher S. Timperley , Claire Le Goues University of Pittsburgh, Carnegie Mellon

991 views • 64 slides
Invariants Associated to K-theoretic Methods and Complexity of Algebraic Cycle Groups Karim

Invariants Associated to K-theoretic Methods and Complexity of Algebraic Cycle Groups Karim

Invariants Associated to K-theoretic Methods and Complexity of Algebraic Cycle Groups Karim Mansour University of Alberta Department of Mathematics Alberta, Canada abdelgal@ualberta.ca December 04, 2100 Detecting geometry by its interaction

663 views • 53 slides
CS 220: Discrete Structures and their Applications Loop Invariants Chapter 3 in zybooks Program

CS 220: Discrete Structures and their Applications Loop Invariants Chapter 3 in zybooks Program

CS 220: Discrete Structures and their Applications Loop Invariants Chapter 3 in zybooks Program verification How do we know our program works correctly? In this lecture we will focus on a tool for verifying the correctness of programs that

605 views • 25 slides
Using Likely Invariants For Automated Software Fault Localization Swarup Sahoo, John Criswell,

Using Likely Invariants For Automated Software Fault Localization Swarup Sahoo, John Criswell,

Using Likely Invariants For Automated Software Fault Localization Swarup Sahoo, John Criswell, Chase Geigle, Vikram Adve Presented By: Matthew Perez and Thomas Rupp Motivation Detecting software bugs is time consuming and difficult Lots

150 views • 13 slides
12/6/2013 Detecting Fakes Image Forensics: Detecting Forged Photos 1.Detecting photorealistic

12/6/2013 Detecting Fakes Image Forensics: Detecting Forged Photos 1.Detecting photorealistic

12/6/2013 Detecting Fakes Image Forensics: Detecting Forged Photos 1.Detecting photorealistic graphics 2.Detecting manipulated images Photo manipulation is the application of image editing techniques to photographs in order to create an

306 views • 13 slides
The Yield to M Maturity (YTM) of Bonds and How to C Calculate It Quickly This Lesson: Very

The Yield to M Maturity (YTM) of Bonds and How to C Calculate It Quickly This Lesson: Very

The Yield to M Maturity (YTM) of Bonds and How to C Calculate It Quickly This Lesson: Very Important for DCM/LevFin Were going to start looking at concepts relevant for Debt Capital Markets (DCM) and Leveraged Finance (LevFin) teams. This

322 views • 13 slides
Decision Tree Based Learning of Program Invariants Deepak DSouza Department of Computer

Decision Tree Based Learning of Program Invariants Deepak DSouza Department of Computer

Floyd-Hoare Style Verification Decision Tree Learning ICE Learning Proofs with Multiple Invariants Decision Tree Based Learning of Program Invariants Deepak DSouza Department of Computer Science and Automation Indian Institute of Science,

648 views • 37 slides
Synthesis of Ranking Functions and Synthesis of Inductive Invariants and Synthesis of

Synthesis of Ranking Functions and Synthesis of Inductive Invariants and Synthesis of

Synthesis of Ranking Functions and Synthesis of Inductive Invariants and Synthesis of Recurrence Sets via Constraint Solving Andreas Podelski January 17, 2012 1 Program Verification and Constraints Reasoning about program

422 views • 28 slides
Fundamentals of Program Analysis + Generation of Linear Prg. Invariants Markus Mller-Olm

Fundamentals of Program Analysis + Generation of Linear Prg. Invariants Markus Mller-Olm

Fundamentals of Program Analysis + Generation of Linear Prg. Invariants Markus Mller-Olm Westflische Wilhelms-Universitt Mnster, Germany 2nd Tutorial of SPP RS3: Reliably Secure Software Systems Schloss Buchenau, September 3-6, 2012

1.74k views • 162 slides
Learning Loop Invariants for Program Verification Xujie Si*, Hanjun Dai*, Mukund Raghothaman,

Learning Loop Invariants for Program Verification Xujie Si*, Hanjun Dai*, Mukund Raghothaman,

Learning Loop Invariants for Program Verification Xujie Si*, Hanjun Dai*, Mukund Raghothaman, Mayur Naik, Le Song University of Pennsylvania Georgia Institute of Technology NeurIPS 2018 Code: https://github.com/PL-ML/code2inv * equal

386 views • 34 slides
Proving invariants: how many times a program should be unfolded ? Paul Caspi, Jan Mik

Proving invariants: how many times a program should be unfolded ? Paul Caspi, Jan Mik

Proving invariants: how many times a program should be unfolded ? Paul Caspi, Jan Mik VERIMAG Grenoble Problem definition 1 A closed system state space S initial state I is a predicate on S transition relation T is a predicate on S

161 views • 13 slides
GENERATING INVARIANTS IN POSITIVE CHARACTERISTIC VISU MAKAM Abstract. The ring of invariants for a

GENERATING INVARIANTS IN POSITIVE CHARACTERISTIC VISU MAKAM Abstract. The ring of invariants for a

GENERATING INVARIANTS IN POSITIVE CHARACTERISTIC VISU MAKAM Abstract. The ring of invariants for a rational representation of a reductive group is finitely generated by the results of Hilbert, Nagata and Haboush. However, the proof is not

482 views • 3 slides
Detecting and Quantifying Variation In Effects of Program Assignment (ITT) Howard Bloom Stephen

Detecting and Quantifying Variation In Effects of Program Assignment (ITT) Howard Bloom Stephen

Detecting and Quantifying Variation In Effects of Program Assignment (ITT) Howard Bloom Stephen Raudenbush Michael Weiss Kristin Porter Presented to the Workshop on Learning about and from Variation in Program Impacts? at Stanford

491 views • 26 slides
Transition Invariants for Program Termination Andreas Podelski January 9, 2012 Ramseys

Transition Invariants for Program Termination Andreas Podelski January 9, 2012 Ramseys

Transition Invariants for Program Termination Andreas Podelski January 9, 2012 Ramseys theorem every infinite complete graph that is colored with finitely many colors contains a monochrome infinite complete subgraph termination a program P

550 views • 27 slides
Detecting Chang Detecting Changes in W s in Water ter Qua Q ualit lity i lit lit i in L

Detecting Chang Detecting Changes in W s in Water ter Qua Q ualit lity i lit lit i in L

Detecting Chang Detecting Changes in W s in Water ter Qua Q ualit lity i lit lit i in L i L L Long ong I I Islan I l and S d S d S d Soun ound d with with NERACOOS Buoy y Observations James ODonnell, Todd Fake, Kay

815 views • 26 slides
Local invariants of maps between 3-manifolds Victor Goryunov University of Liverpool Conference

Local invariants of maps between 3-manifolds Victor Goryunov University of Liverpool Conference

Introduction Generic critical value sets Integer invariants mod2 invariants Local invariants of maps between 3-manifolds Victor Goryunov University of Liverpool Conference Legacy of Vladimir Arnold Fields Institute, Toronto 25 November

1.37k views • 84 slides
Cheeger-Gromov L 2 -invariants of 3-manifolds Geunho Lim Indiana University Bloomington

Cheeger-Gromov L 2 -invariants of 3-manifolds Geunho Lim Indiana University Bloomington

Cheeger-Gromov L 2 -invariants of 3-manifolds Geunho Lim Indiana University Bloomington limg@iu.edu L 2 -invariants Topological Definition of L 2 -invariants, (2) (M, ) M is a closed (4k-1)-manifold. : 1 ( M) G is

806 views • 3 slides
Detecting Cracks under Bushings Detecting Cracks under Bushings in Aircraft Structures in

Detecting Cracks under Bushings Detecting Cracks under Bushings in Aircraft Structures in

Inno Innovative Materials tive Materials Air Force Research Center for Nondestructive Testin Testing T Tech chnologies, es, I Inc. c. Laboratory Evaluation Detecting Cracks under Bushings Detecting Cracks under Bushings in Aircraft

308 views • 12 slides
Detecting changes in Detecting changes in the rate the rate of a of a Poisson process

Detecting changes in Detecting changes in the rate the rate of a of a Poisson process

Detecting changes in Detecting changes in the rate the rate of a of a Poisson process Poisson process George V. Moustakides Outline Overview of the change detection problem CUSUM test and Lordens criterion The Poisson

454 views • 28 slides

More recommend