Presentation is loading. Please wait.

Presentation is loading. Please wait.

public int Abs(int x) { if (x < 0) return -x; else return x; } public int Abs(int x) { if (x < 0) return -x;

Published byJavier Leeson Modified over 2 years ago

Similar presentations

Presentation on theme: "public int Abs(int x) { if (x < 0) return -x; else return x; } public int Abs(int x) { if (x < 0) return -x;"— Presentation transcript:

1 http://research.microsoft.com/contracts

2 public int Abs(int x) { if (x < 0) return -x; else return x; } public int Abs(int x) { if (x < 0) return -x; else return x; } Little reminder: -(-2 31 )== -2 31 Little reminder: -(-2 31 )== -2 31

3

4

5 public int Abs(int x) { Contract.Requires(x != Int32.MinValue); Contract.Ensures(Contract.Result () >= 0); if (x < 0) return -x; else return x; } public int Abs(int x) { Contract.Requires(x != Int32.MinValue); Contract.Ensures(Contract.Result () >= 0); if (x < 0) return -x; else return x; }

6

7

8

9

10

11

12

13 Expression Reconstruction Heap Analysis Destack

14 public class Alias { int x; public void Foo(bool b) { Contract.Ensures(tmp.x >= -20); Alias tmp = new Alias(); tmp.x = -11; Alias alias = tmp; if(b) { alias.x = 10; } public class Alias { int x; public void Foo(bool b) { Contract.Ensures(tmp.x >= -20); Alias tmp = new Alias(); tmp.x = -11; Alias alias = tmp; if(b) { alias.x = 10; } public class Alias { public void Foo(bool b) { int svX = -11; assume (b) { svX = 10; } assert (svX >= -20); } public class Alias { public void Foo(bool b) { int svX = -11; assume (b) { svX = 10; } assert (svX >= -20); }

15

16 public class Alias { public void Foo(int f, int max) { int x = 0; while (x < max) { x++; } Contract.Assert(x >= -20); } public class Alias { public void Foo(int f, int max) { int x = 0; while (x < max) { x++; } Contract.Assert(x >= -20); } Infer x ∈ [0, +oo] Check: Ok! No overflow!

17 public enum ItalianBikeBrand { DeRosa=0, Colnago=2, Pinarello=4, Daccordi=6 } public string CityFor(ItalianBikeBrand bike) { switch(bike) { case ItalianBikeBrand.DeRosa: return "Milan"; case ItalianBikeBrand.Daccordi: return "Pisa"; case ItalianBikeBrand.Pinarello: return "Treviso"; case ItalianBikeBrand.Colnago: return "Milan"; default: Contract.Assert(false); // Should prove unreachable return null; } public enum ItalianBikeBrand { DeRosa=0, Colnago=2, Pinarello=4, Daccordi=6 } public string CityFor(ItalianBikeBrand bike) { switch(bike) { case ItalianBikeBrand.DeRosa: return "Milan"; case ItalianBikeBrand.Daccordi: return "Pisa"; case ItalianBikeBrand.Pinarello: return "Treviso"; case ItalianBikeBrand.Colnago: return "Milan"; default: Contract.Assert(false); // Should prove unreachable return null; } DisIntervals infer [1,1] [3,3] [5,5] [7, + [-∞,-1] [1,1] [3,3] [5,5] [7, +∞] DisIntervals infer [1,1] [3,3] [5,5] [7, + [-∞,-1] [1,1] [3,3] [5,5] [7, +∞] Check: Check: ⊥ Admissible values [0,0] [2,2] [4,4] [6,6] Admissible values [0,0] [2,2] [4,4] [6,6]

18

19 public static void F() { int x = 5, y = 100; while (x >= 0) { x = x - 1; y = y + 10; } Contract.Assert(y == 160); } public static void F() { int x = 5, y = 100; while (x >= 0) { x = x - 1; y = y + 10; } Contract.Assert(y == 160); } Linear equalities 10 * x + y == 150 Linear equalities 10 * x + y == 150 Check: ok! Intervals infer x ∈ [-1, -1] y ∈ [100, +∞] Intervals infer x ∈ [-1, -1] y ∈ [100, +∞]

20 public void Count(int[] values) { int neg = 0, pos = 0, j= 0; foreach (var x in values) { if (x < 0) { neg++; j++; } else if (x > 0) { pos++; j++; } } Contract.Assert(neg + pos == j); Contract.Assert(neg + pos <= values.Length); } public void Count(int[] values) { int neg = 0, pos = 0, j= 0; foreach (var x in values) { if (x < 0) { neg++; j++; } else if (x > 0) { pos++; j++; } } Contract.Assert(neg + pos == j); Contract.Assert(neg + pos <= values.Length); } Proven by Linear equalities Proven by SubPolyhedra

21

22

23

24

25 assume x == yx = 0; y = 1 assert x<= y 〈 x - y == 0, T 〉 〈 T, x ∈ [0,0] ⋀ y ∈ [1,1] 〉 〈 T, T 〉 〈 x - y == β, β ∈ [- 1, 0] 〉

26

27 Precision/ Cost Hints for Join/Widening Reduction algorithm, Basis exploration Simplex with floats Exact Simplex …. No Hint Die-Hard Semantic hints 2D Convex hull ….

28 Abstract Domain AD1 Abstract Domain AD2 Abstract Domain AD3

29 public void Init(int N) { Contract.Requires(N > 0); int[] a = new int[N]; int i = 0; while (i < N) { a[i] = 222; i = i + 1; } Contract.Assert( ∀ k ∈ [0, N). a[k] == 222); } public void Init(int N) { Contract.Requires(N > 0); int[] a = new int[N]; int i = 0; while (i < N) { a[i] = 222; i = i + 1; } Contract.Assert( ∀ k ∈ [0, N). a[k] == 222); } If i == 0 then a not initialized a not initialized else if i > 0 a[0] == … a[i] == 222 a[0] == … a[i] == 222else impossible impossible If i == 0 then a not initialized a not initialized else if i > 0 a[0] == … a[i] == 222 a[0] == … a[i] == 222else impossible impossible Challenge 1: Effective handling of disjunction Challenge 1: Effective handling of disjunction Challenge 2: Infer all the elements initialized Challenge 2: Infer all the elements initialized

30

31 [222, 222] 00 i, k [0, 0] NN Segment bounds Uniform content abstraction ?? 0 i, 0 k 0 ≤ i, 0 ≤ k i == i == k i < N, k N i < N, k < N DisjunctionDisjunction

32 public static int[] Factory(int len) { return new int[len]; } public static int[] Factory(int len) { return new int[len]; }

33

34

35

36

37

38

39

Download ppt "public int Abs(int x) { if (x < 0) return -x; else return x; } public int Abs(int x) { if (x < 0) return -x;"

Similar presentations

Francesco Logozzo Microsoft Research, Redmond, WA.

Francesco Logozzo Microsoft Research, Redmond, WA.
Int fact (int n) { If (n == 0) return 1; else return n * fact (n – 1); } 5 void main () { Int Sum; : Sum = fact (5); : } Factorial Program Using Recursion.

Int fact (int n) { If (n == 0) return 1; else return n * fact (n – 1); } 5 void main () { Int Sum; : Sum = fact (5); : } Factorial Program Using Recursion.
static void Main() { int i = 0; if (i == 0) { int a = 5; int b = 15; if (a == 5) { int c = 3; int d = 99; }

static void Main() { int i = 0; if (i == 0) { int a = 5; int b = 15; if (a == 5) { int c = 3; int d = 99; }
CodeContracts & Clousot Francesco Logozzo - Microsoft Mehdi Bouaziz – ENS.

CodeContracts & Clousot Francesco Logozzo - Microsoft Mehdi Bouaziz – ENS.
Lecture 4 Towards a Verifying Compiler: Data Abstraction Wolfram Schulte Microsoft Research Formal Methods 2006 Purity, Model fields, Inconsistency _____________.

Lecture 4 Towards a Verifying Compiler: Data Abstraction Wolfram Schulte Microsoft Research Formal Methods 2006 Purity, Model fields, Inconsistency _____________.
Logical Abstract Interpretation Sumit Gulwani Microsoft Research, Redmond.

Logical Abstract Interpretation Sumit Gulwani Microsoft Research, Redmond.
LIST PROCESSING.

LIST PROCESSING.
1 Arrays An array is a special kind of object that is used to store a collection of data. The data stored in an array must all be of the same type, whether.

1 Arrays An array is a special kind of object that is used to store a collection of data. The data stored in an array must all be of the same type, whether.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Introduction to Computer Science Robert Sedgewick and Kevin Wayne Recursive Factorial Demo pubic class Factorial {

Introduction to Computer Science Robert Sedgewick and Kevin Wayne Recursive Factorial Demo pubic class Factorial {
Sorting & Searching Review. Selection Sort 1. Find the smallest element 2. Move to the front of the array (swap with front) 3. Repeat Steps 1&2, but ignoring.

Sorting & Searching Review. Selection Sort 1. Find the smallest element 2. Move to the front of the array (swap with front) 3. Repeat Steps 1&2, but ignoring.
Dictionaries, Hash Tables, Collisions Resolution, Sets Svetlin Nakov Telerik Corporation www.telerik.com.

Dictionaries, Hash Tables, Collisions Resolution, Sets Svetlin Nakov Telerik Corporation
PLDI’2005Page 1June 2005 Example (C code) int double(int x) { return 2 * x; } void test_me(int x, int y) { int z = double(x); if (z==y) { if (y == x+10)

PLDI’2005Page 1June 2005 Example (C code) int double(int x) { return 2 * x; } void test_me(int x, int y) { int z = double(x); if (z==y) { if (y == x+10)
A Parametric Segmentation Functor for Fully Automatic and Scalable Array Content Analysis Patrick Cousot, NYU & ENS Radhia Cousot, CNRS & ENS & MSR Francesco.

A Parametric Segmentation Functor for Fully Automatic and Scalable Array Content Analysis Patrick Cousot, NYU & ENS Radhia Cousot, CNRS & ENS & MSR Francesco.
Data Structures ADT List

Data Structures ADT List
Execute Blocks of Code Multiple Times Svetlin Nakov Telerik Corporation www.telerik.com.

Execute Blocks of Code Multiple Times Svetlin Nakov Telerik Corporation
Type Checking, Inference, & Elaboration CS153: Compilers Greg Morrisett.

Type Checking, Inference, & Elaboration CS153: Compilers Greg Morrisett.
1 Advanced Programming Examples Output. Show the exact output produced by the following code segment. char[,] pic = new char[6,6]; for (int i = 0; i <

1 Advanced Programming Examples Output. Show the exact output produced by the following code segment. char[,] pic = new char[6,6]; for (int i = 0; i <
The Java Assertion. 2 Assertion A Java statement in JDK 1.4 & newer Intent: enables code to test assumptions. E.g., a method that calculates the a particle’s.

The Java Assertion. 2 Assertion A Java statement in JDK 1.4 & newer Intent: enables code to test assumptions. E.g., a method that calculates the a particle’s.
1 of 31 Images from Africa. 2 of 31 My little Haitian friend Antoine (1985)

1 of 31 Images from Africa. 2 of 31 My little Haitian friend Antoine (1985)

Similar presentations

Ads by Google