Download presentation
Presentation is loading. Please wait.
1
http://research.microsoft.com/contracts
2
public int Abs(int x) { if (x < 0) return -x; else return x; } public int Abs(int x) { if (x < 0) return -x; else return x; } Little reminder: -(-2 31 )== -2 31 Little reminder: -(-2 31 )== -2 31
5
public int Abs(int x) { Contract.Requires(x != Int32.MinValue); Contract.Ensures(Contract.Result () >= 0); if (x < 0) return -x; else return x; } public int Abs(int x) { Contract.Requires(x != Int32.MinValue); Contract.Ensures(Contract.Result () >= 0); if (x < 0) return -x; else return x; }
13
Expression Reconstruction Heap Analysis Destack
14
public class Alias { int x; public void Foo(bool b) { Contract.Ensures(tmp.x >= -20); Alias tmp = new Alias(); tmp.x = -11; Alias alias = tmp; if(b) { alias.x = 10; } public class Alias { int x; public void Foo(bool b) { Contract.Ensures(tmp.x >= -20); Alias tmp = new Alias(); tmp.x = -11; Alias alias = tmp; if(b) { alias.x = 10; } public class Alias { public void Foo(bool b) { int svX = -11; assume (b) { svX = 10; } assert (svX >= -20); } public class Alias { public void Foo(bool b) { int svX = -11; assume (b) { svX = 10; } assert (svX >= -20); }
16
public class Alias { public void Foo(int f, int max) { int x = 0; while (x < max) { x++; } Contract.Assert(x >= -20); } public class Alias { public void Foo(int f, int max) { int x = 0; while (x < max) { x++; } Contract.Assert(x >= -20); } Infer x ∈ [0, +oo] Check: Ok! No overflow!
![public class Alias { public void Foo(int f, int max) { int x = 0; while (x < max) { x++; } Contract.Assert(x >= -20); } public class Alias { public void Foo(int f, int max) { int x = 0; while (x < max) { x++; } Contract.Assert(x >= -20); } Infer x ∈ [0, +oo] Check: Ok.](http://images.slideplayer.com/8/2470632/slides/slide_16.jpg "No overflow!.")
17
public enum ItalianBikeBrand { DeRosa=0, Colnago=2, Pinarello=4, Daccordi=6 } public string CityFor(ItalianBikeBrand bike) { switch(bike) { case ItalianBikeBrand.DeRosa: return "Milan"; case ItalianBikeBrand.Daccordi: return "Pisa"; case ItalianBikeBrand.Pinarello: return "Treviso"; case ItalianBikeBrand.Colnago: return "Milan"; default: Contract.Assert(false); // Should prove unreachable return null; } public enum ItalianBikeBrand { DeRosa=0, Colnago=2, Pinarello=4, Daccordi=6 } public string CityFor(ItalianBikeBrand bike) { switch(bike) { case ItalianBikeBrand.DeRosa: return "Milan"; case ItalianBikeBrand.Daccordi: return "Pisa"; case ItalianBikeBrand.Pinarello: return "Treviso"; case ItalianBikeBrand.Colnago: return "Milan"; default: Contract.Assert(false); // Should prove unreachable return null; } DisIntervals infer [1,1] [3,3] [5,5] [7, + [-∞,-1] [1,1] [3,3] [5,5] [7, +∞] DisIntervals infer [1,1] [3,3] [5,5] [7, + [-∞,-1] [1,1] [3,3] [5,5] [7, +∞] Check: Check: ⊥ Admissible values [0,0] [2,2] [4,4] [6,6] Admissible values [0,0] [2,2] [4,4] [6,6]
![public enum ItalianBikeBrand { DeRosa=0, Colnago=2, Pinarello=4, Daccordi=6 } public string CityFor(ItalianBikeBrand bike) { switch(bike) { case ItalianBikeBrand.DeRosa: return Milan ; case ItalianBikeBrand.Daccordi: return Pisa ; case ItalianBikeBrand.Pinarello: return Treviso ; case ItalianBikeBrand.Colnago: return Milan ; default: Contract.Assert(false); // Should prove unreachable return null; } public enum ItalianBikeBrand { DeRosa=0, Colnago=2, Pinarello=4, Daccordi=6 } public string CityFor(ItalianBikeBrand bike) { switch(bike) { case ItalianBikeBrand.DeRosa: return Milan ; case ItalianBikeBrand.Daccordi: return Pisa ; case ItalianBikeBrand.Pinarello: return Treviso ; case ItalianBikeBrand.Colnago: return Milan ; default: Contract.Assert(false); // Should prove unreachable return null; } DisIntervals infer [1,1] [3,3] [5,5] [7, + [-∞,-1] [1,1] [3,3] [5,5] [7, +∞] DisIntervals infer [1,1] [3,3] [5,5] [7, + [-∞,-1] [1,1] [3,3] [5,5] [7, +∞] Check: Check: ⊥ Admissible values [0,0] [2,2] [4,4] [6,6] Admissible values [0,0] [2,2] [4,4] [6,6]](http://images.slideplayer.com/8/2470632/slides/slide_17.jpg "public enum ItalianBikeBrand { DeRosa=0, Colnago=2, Pinarello=4, Daccordi=6 } public string CityFor(ItalianBikeBrand bike) { switch(bike) { case ItalianBikeBrand.DeRosa: return Milan ; case ItalianBikeBrand.Daccordi: return Pisa ; case ItalianBikeBrand.Pinarello: return Treviso ; case ItalianBikeBrand.Colnago: return Milan ; default: Contract.Assert(false); // Should prove unreachable return null; } public enum ItalianBikeBrand { DeRosa=0, Colnago=2, Pinarello=4, Daccordi=6 } public string CityFor(ItalianBikeBrand bike) { switch(bike) { case ItalianBikeBrand.DeRosa: return Milan ; case ItalianBikeBrand.Daccordi: return Pisa ; case ItalianBikeBrand.Pinarello: return Treviso ; case ItalianBikeBrand.Colnago: return Milan ; default: Contract.Assert(false); // Should prove unreachable return null; } DisIntervals infer [1,1] [3,3] [5,5] [7, + [-∞,-1] [1,1] [3,3] [5,5] [7, +∞] DisIntervals infer [1,1] [3,3] [5,5] [7, + [-∞,-1] [1,1] [3,3] [5,5] [7, +∞] Check: Check: ⊥ Admissible values [0,0] [2,2] [4,4] [6,6] Admissible values [0,0] [2,2] [4,4] [6,6]")
19
public static void F() { int x = 5, y = 100; while (x >= 0) { x = x - 1; y = y + 10; } Contract.Assert(y == 160); } public static void F() { int x = 5, y = 100; while (x >= 0) { x = x - 1; y = y + 10; } Contract.Assert(y == 160); } Linear equalities 10 * x + y == 150 Linear equalities 10 * x + y == 150 Check: ok! Intervals infer x ∈ [-1, -1] y ∈ [100, +∞] Intervals infer x ∈ [-1, -1] y ∈ [100, +∞]
20
public void Count(int[] values) { int neg = 0, pos = 0, j= 0; foreach (var x in values) { if (x < 0) { neg++; j++; } else if (x > 0) { pos++; j++; } } Contract.Assert(neg + pos == j); Contract.Assert(neg + pos <= values.Length); } public void Count(int[] values) { int neg = 0, pos = 0, j= 0; foreach (var x in values) { if (x < 0) { neg++; j++; } else if (x > 0) { pos++; j++; } } Contract.Assert(neg + pos == j); Contract.Assert(neg + pos <= values.Length); } Proven by Linear equalities Proven by SubPolyhedra
![public void Count(int[] values) { int neg = 0, pos = 0, j= 0; foreach (var x in values) { if (x < 0) { neg++; j++; } else if (x > 0) { pos++; j++; } } Contract.Assert(neg + pos == j); Contract.Assert(neg + pos <= values.Length); } public void Count(int[] values) { int neg = 0, pos = 0, j= 0; foreach (var x in values) { if (x < 0) { neg++; j++; } else if (x > 0) { pos++; j++; } } Contract.Assert(neg + pos == j); Contract.Assert(neg + pos <= values.Length); } Proven by Linear equalities Proven by SubPolyhedra](http://images.slideplayer.com/8/2470632/slides/slide_20.jpg "public void Count(int[] values) { int neg = 0, pos = 0, j= 0; foreach (var x in values) { if (x < 0) { neg++; j++; } else if (x > 0) { pos++; j++; } } Contract.Assert(neg + pos == j); Contract.Assert(neg + pos <= values.Length); } public void Count(int[] values) { int neg = 0, pos = 0, j= 0; foreach (var x in values) { if (x < 0) { neg++; j++; } else if (x > 0) { pos++; j++; } } Contract.Assert(neg + pos == j); Contract.Assert(neg + pos <= values.Length); } Proven by Linear equalities Proven by SubPolyhedra")
25
assume x == yx = 0; y = 1 assert x<= y 〈 x - y == 0, T 〉 〈 T, x ∈ [0,0] ⋀ y ∈ [1,1] 〉 〈 T, T 〉 〈 x - y == β, β ∈ [- 1, 0] 〉
![assume x == yx = 0; y = 1 assert x<= y 〈 x - y == 0, T 〉 〈 T, x ∈ [0,0] ⋀ y ∈ [1,1] 〉 〈 T, T 〉 〈 x - y == β, β ∈ [- 1, 0] 〉](http://images.slideplayer.com/8/2470632/slides/slide_25.jpg "assume x == yx = 0; y = 1 assert x<= y 〈 x - y == 0, T 〉 〈 T, x ∈ [0,0] ⋀ y ∈ [1,1] 〉 〈 T, T 〉 〈 x - y == β, β ∈ [- 1, 0] 〉")
27
Precision/ Cost Hints for Join/Widening Reduction algorithm, Basis exploration Simplex with floats Exact Simplex …. No Hint Die-Hard Semantic hints 2D Convex hull ….
28
Abstract Domain AD1 Abstract Domain AD2 Abstract Domain AD3
29
public void Init(int N) { Contract.Requires(N > 0); int[] a = new int[N]; int i = 0; while (i < N) { a[i] = 222; i = i + 1; } Contract.Assert( ∀ k ∈ [0, N). a[k] == 222); } public void Init(int N) { Contract.Requires(N > 0); int[] a = new int[N]; int i = 0; while (i < N) { a[i] = 222; i = i + 1; } Contract.Assert( ∀ k ∈ [0, N). a[k] == 222); } If i == 0 then a not initialized a not initialized else if i > 0 a[0] == … a[i] == 222 a[0] == … a[i] == 222else impossible impossible If i == 0 then a not initialized a not initialized else if i > 0 a[0] == … a[i] == 222 a[0] == … a[i] == 222else impossible impossible Challenge 1: Effective handling of disjunction Challenge 1: Effective handling of disjunction Challenge 2: Infer all the elements initialized Challenge 2: Infer all the elements initialized
![public void Init(int N) { Contract.Requires(N > 0); int[] a = new int[N]; int i = 0; while (i < N) { a[i] = 222; i = i + 1; } Contract.Assert( ∀ k ∈ [0, N).](http://images.slideplayer.com/8/2470632/slides/slide_29.jpg "a[k] == 222); } public void Init(int N) { Contract.Requires(N > 0); int[] a = new int[N]; int i = 0; while (i < N) { a[i] = 222; i = i + 1; } Contract.Assert( ∀ k ∈ [0, N). a[k] == 222); } If i == 0 then a not initialized a not initialized else if i > 0 a[0] == … a[i] == 222 a[0] == … a[i] == 222else impossible impossible If i == 0 then a not initialized a not initialized else if i > 0 a[0] == … a[i] == 222 a[0] == … a[i] == 222else impossible impossible Challenge 1: Effective handling of disjunction Challenge 1: Effective handling of disjunction Challenge 2: Infer all the elements initialized Challenge 2: Infer all the elements initialized.")
31
[222, 222] 00 i, k [0, 0] NN Segment bounds Uniform content abstraction ?? 0 i, 0 k 0 ≤ i, 0 ≤ k i == i == k i < N, k N i < N, k < N DisjunctionDisjunction
![[222, 222] 00 i, k [0, 0] NN Segment bounds Uniform content abstraction .](http://images.slideplayer.com/8/2470632/slides/slide_31.jpg "0 i, 0 k 0 ≤ i, 0 ≤ k i == i == k i < N, k N i < N, k < N DisjunctionDisjunction.")
32
public static int[] Factory(int len) { return new int[len]; } public static int[] Factory(int len) { return new int[len]; }
![public static int[] Factory(int len) { return new int[len]; } public static int[] Factory(int len) { return new int[len]; }](http://images.slideplayer.com/8/2470632/slides/slide_32.jpg "public static int[] Factory(int len) { return new int[len]; } public static int[] Factory(int len) { return new int[len]; }")
Similar presentations
![1 Advanced Programming Examples Output. Show the exact output produced by the following code segment. char[,] pic = new char[6,6]; for (int i = 0; i <](/31/9641941/big_thumb.jpg "1 Advanced Programming Examples Output. Show the exact output produced by the following code segment. char[,] pic = new char[6,6]; for (int i = 0; i <>")
Ppt on trial and error theory Ppt on rag pickers Ppt on p&g products rebate Ppt on different types of occupations pictures Micro display ppt on tv Ppt on marie curie inventions Ppt on credit policy examples Free ppt on brain machine interface mit Ppt on triangles for class 9th free download Download ppt on electricity