Presentation is loading. Please wait.

Presentation is loading. Please wait.

public int Abs(int x) { if (x < 0) return -x; else return x; } public int Abs(int x) { if (x < 0) return -x;

Published byJavier Leeson Modified over 4 years ago

Similar presentations

Presentation on theme: "public int Abs(int x) { if (x < 0) return -x; else return x; } public int Abs(int x) { if (x < 0) return -x;"— Presentation transcript:

1 http://research.microsoft.com/contracts

2 public int Abs(int x) { if (x < 0) return -x; else return x; } public int Abs(int x) { if (x < 0) return -x; else return x; } Little reminder: -(-2 31 )== -2 31 Little reminder: -(-2 31 )== -2 31

3

4

5 public int Abs(int x) { Contract.Requires(x != Int32.MinValue); Contract.Ensures(Contract.Result () >= 0); if (x < 0) return -x; else return x; } public int Abs(int x) { Contract.Requires(x != Int32.MinValue); Contract.Ensures(Contract.Result () >= 0); if (x < 0) return -x; else return x; }

6

7

8

9

10

11

12

13 Expression Reconstruction Heap Analysis Destack

14 public class Alias { int x; public void Foo(bool b) { Contract.Ensures(tmp.x >= -20); Alias tmp = new Alias(); tmp.x = -11; Alias alias = tmp; if(b) { alias.x = 10; } public class Alias { int x; public void Foo(bool b) { Contract.Ensures(tmp.x >= -20); Alias tmp = new Alias(); tmp.x = -11; Alias alias = tmp; if(b) { alias.x = 10; } public class Alias { public void Foo(bool b) { int svX = -11; assume (b) { svX = 10; } assert (svX >= -20); } public class Alias { public void Foo(bool b) { int svX = -11; assume (b) { svX = 10; } assert (svX >= -20); }

15

16 public class Alias { public void Foo(int f, int max) { int x = 0; while (x < max) { x++; } Contract.Assert(x >= -20); } public class Alias { public void Foo(int f, int max) { int x = 0; while (x < max) { x++; } Contract.Assert(x >= -20); } Infer x ∈ [0, +oo] Check: Ok! No overflow!

17 public enum ItalianBikeBrand { DeRosa=0, Colnago=2, Pinarello=4, Daccordi=6 } public string CityFor(ItalianBikeBrand bike) { switch(bike) { case ItalianBikeBrand.DeRosa: return "Milan"; case ItalianBikeBrand.Daccordi: return "Pisa"; case ItalianBikeBrand.Pinarello: return "Treviso"; case ItalianBikeBrand.Colnago: return "Milan"; default: Contract.Assert(false); // Should prove unreachable return null; } public enum ItalianBikeBrand { DeRosa=0, Colnago=2, Pinarello=4, Daccordi=6 } public string CityFor(ItalianBikeBrand bike) { switch(bike) { case ItalianBikeBrand.DeRosa: return "Milan"; case ItalianBikeBrand.Daccordi: return "Pisa"; case ItalianBikeBrand.Pinarello: return "Treviso"; case ItalianBikeBrand.Colnago: return "Milan"; default: Contract.Assert(false); // Should prove unreachable return null; } DisIntervals infer [1,1] [3,3] [5,5] [7, + [-∞,-1] [1,1] [3,3] [5,5] [7, +∞] DisIntervals infer [1,1] [3,3] [5,5] [7, + [-∞,-1] [1,1] [3,3] [5,5] [7, +∞] Check: Check: ⊥ Admissible values [0,0] [2,2] [4,4] [6,6] Admissible values [0,0] [2,2] [4,4] [6,6]

18

19 public static void F() { int x = 5, y = 100; while (x >= 0) { x = x - 1; y = y + 10; } Contract.Assert(y == 160); } public static void F() { int x = 5, y = 100; while (x >= 0) { x = x - 1; y = y + 10; } Contract.Assert(y == 160); } Linear equalities 10 * x + y == 150 Linear equalities 10 * x + y == 150 Check: ok! Intervals infer x ∈ [-1, -1] y ∈ [100, +∞] Intervals infer x ∈ [-1, -1] y ∈ [100, +∞]

20 public void Count(int[] values) { int neg = 0, pos = 0, j= 0; foreach (var x in values) { if (x < 0) { neg++; j++; } else if (x > 0) { pos++; j++; } } Contract.Assert(neg + pos == j); Contract.Assert(neg + pos <= values.Length); } public void Count(int[] values) { int neg = 0, pos = 0, j= 0; foreach (var x in values) { if (x < 0) { neg++; j++; } else if (x > 0) { pos++; j++; } } Contract.Assert(neg + pos == j); Contract.Assert(neg + pos <= values.Length); } Proven by Linear equalities Proven by SubPolyhedra

21

22

23

24

25 assume x == yx = 0; y = 1 assert x<= y 〈 x - y == 0, T 〉 〈 T, x ∈ [0,0] ⋀ y ∈ [1,1] 〉 〈 T, T 〉 〈 x - y == β, β ∈ [- 1, 0] 〉

26

27 Precision/ Cost Hints for Join/Widening Reduction algorithm, Basis exploration Simplex with floats Exact Simplex …. No Hint Die-Hard Semantic hints 2D Convex hull ….

28 Abstract Domain AD1 Abstract Domain AD2 Abstract Domain AD3

29 public void Init(int N) { Contract.Requires(N > 0); int[] a = new int[N]; int i = 0; while (i < N) { a[i] = 222; i = i + 1; } Contract.Assert( ∀ k ∈ [0, N). a[k] == 222); } public void Init(int N) { Contract.Requires(N > 0); int[] a = new int[N]; int i = 0; while (i < N) { a[i] = 222; i = i + 1; } Contract.Assert( ∀ k ∈ [0, N). a[k] == 222); } If i == 0 then a not initialized a not initialized else if i > 0 a[0] == … a[i] == 222 a[0] == … a[i] == 222else impossible impossible If i == 0 then a not initialized a not initialized else if i > 0 a[0] == … a[i] == 222 a[0] == … a[i] == 222else impossible impossible Challenge 1: Effective handling of disjunction Challenge 1: Effective handling of disjunction Challenge 2: Infer all the elements initialized Challenge 2: Infer all the elements initialized

30

31 [222, 222] 00 i, k [0, 0] NN Segment bounds Uniform content abstraction ?? 0 i, 0 k 0 ≤ i, 0 ≤ k i == i == k i < N, k N i < N, k < N DisjunctionDisjunction

32 public static int[] Factory(int len) { return new int[len]; } public static int[] Factory(int len) { return new int[len]; }

33

34

35

36

37

38

39

Download ppt "public int Abs(int x) { if (x < 0) return -x; else return x; } public int Abs(int x) { if (x < 0) return -x;"

Similar presentations

A SAT characterization of boolean-program correctness K. Rustan M. Leino Microsoft Research, Redmond, WA 14 Nov 2002 IFIP WG 2.4 meeting, Schloβ Dagstuhl,

A SAT characterization of boolean-program correctness K. Rustan M. Leino Microsoft Research, Redmond, WA 14 Nov 2002 IFIP WG 2.4 meeting, Schloβ Dagstuhl,
Static Analysis of Heap-manipulating Low-level software Sumit GulwaniAshish Tiwari MSR, Redmond SRI International.

Static Analysis of Heap-manipulating Low-level software Sumit GulwaniAshish Tiwari MSR, Redmond SRI International.
The Microsoft Technical Roadshow 2007 Language Enhancements and LINQ Daniel Moth Developer & Platform Group Microsoft Ltd

The Microsoft Technical Roadshow 2007 Language Enhancements and LINQ Daniel Moth Developer & Platform Group Microsoft Ltd
Advanced programming tools at Microsoft

Advanced programming tools at Microsoft
Logical Abstract Interpretation Sumit Gulwani Microsoft Research, Redmond.

Logical Abstract Interpretation Sumit Gulwani Microsoft Research, Redmond.
Copyright © 2003 Pearson Education, Inc. Slide 1.

Copyright © 2003 Pearson Education, Inc. Slide 1.
Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
Writing specifications for object-oriented programs K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 21 Jan 2005 Invited talk, AIOOL 2005 Paris,

Writing specifications for object-oriented programs K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 21 Jan 2005 Invited talk, AIOOL 2005 Paris,
Technologies for finding errors in object-oriented software K. Rustan M. Leino Microsoft Research, Redmond, WA Lecture 0 Summer school on Formal Models.

Technologies for finding errors in object-oriented software K. Rustan M. Leino Microsoft Research, Redmond, WA Lecture 0 Summer school on Formal Models.
Lecture 4 Towards a Verifying Compiler: Data Abstraction Wolfram Schulte Microsoft Research Formal Methods 2006 Purity, Model fields, Inconsistency _____________.

Lecture 4 Towards a Verifying Compiler: Data Abstraction Wolfram Schulte Microsoft Research Formal Methods 2006 Purity, Model fields, Inconsistency _____________.
Recursive Descent Technique CMSC 331. UMBC 2 The Header /* This program matches the following A -> B { '|' B } B -> C { '&' C } C -> D { '^' D } D ->

Recursive Descent Technique CMSC 331. UMBC 2 The Header /* This program matches the following A -> B { '|' B } B -> C { '&' C } C -> D { '^' D } D ->
1 Refactoring with Contracts Shmuel Tyszberowicz School of Computer Science The Academic College of Tel Aviv Yaffo Maayan Goldstein School of Computer.

1 Refactoring with Contracts Shmuel Tyszberowicz School of Computer Science The Academic College of Tel Aviv Yaffo Maayan Goldstein School of Computer.
Mike Barnett RSDE Microsoft Research Nikolai Tillmann RSDE Microsoft Research TL51.

Mike Barnett RSDE Microsoft Research Nikolai Tillmann RSDE Microsoft Research TL51.
Data Structures ADT List

Data Structures ADT List
LIST PROCESSING.

LIST PROCESSING.
Synthesis, Analysis, and Verification Lecture 13 Dynamic Allocation.

Synthesis, Analysis, and Verification Lecture 13 Dynamic Allocation.
Shape Analysis with Structural Invariant Checkers Bor-Yuh Evan Chang Xavier Rival George C. Necula May 10, 2007 OSQ Retreat.

Shape Analysis with Structural Invariant Checkers Bor-Yuh Evan Chang Xavier Rival George C. Necula May 10, 2007 OSQ Retreat.
Maths for Programming Contests

Maths for Programming Contests
Dictionaries, Hash Tables, Collisions Resolution, Sets Svetlin Nakov Telerik Corporation www.telerik.com.

Dictionaries, Hash Tables, Collisions Resolution, Sets Svetlin Nakov Telerik Corporation
Module 4: Statements and Exceptions. Overview Introduction to Statements Using Selection Statements Using Iteration Statements Using Jump Statements Handling.

Module 4: Statements and Exceptions. Overview Introduction to Statements Using Selection Statements Using Iteration Statements Using Jump Statements Handling.

Similar presentations

Ads by Google