Presentation is loading. Please wait.

Presentation is loading. Please wait.

Inferring Object Invariants Bor-Yuh Evan ChangK. Rustan M. Leino University of California, BerkeleyMicrosoft Research January 21, 2005 AIOOL 2005 Paris,

Published byMae Dalton Modified over 9 years ago

Similar presentations

Presentation on theme: "Inferring Object Invariants Bor-Yuh Evan ChangK. Rustan M. Leino University of California, BerkeleyMicrosoft Research January 21, 2005 AIOOL 2005 Paris,"— Presentation transcript:

1 Inferring Object Invariants Bor-Yuh Evan ChangK. Rustan M. Leino University of California, BerkeleyMicrosoft Research January 21, 2005 AIOOL 2005 Paris, France

2 2 1/21/2005Chang and Leino: Inferring Object Invariants What to Infer? class A { int x; A() { this.x := 8; } void M() { this.x := this.x + 1; } int N(int y) { return y / this.x; } invariant this.x ¸ 8 } Treat “this.x” as one variable Used to show divide by zero impossible

3 3 1/21/2005Chang and Leino: Inferring Object Invariants Too Naïve class B { int x; B() { this.x := 8; } void M(B b) { this.x := b.x + 1; } invariant this.x ¸ 8; } Treat “this.x” as one variable this.x == ? Too Imprecise

4 4 1/21/2005Chang and Leino: Inferring Object Invariants Too Naïve class C { int x; C() { this.x := 8; } void M(C c) { c.x := 7; } invariant this.x == 8; } Treat “this.x” as one variable this.x == 8 Unsound

5 5 1/21/2005Chang and Leino: Inferring Object Invariants Methodology distinguishes between “valid” and “mutable” objects UnpackpackUnpack/pack block where the object invariant may be temporarily violated unpackfrom unpack o from T … packas pack o as T Object invariant may be violated Fields may be modified Object invariant holds cannotFields cannot be modified Object Invariant Methodology

6 6 1/21/2005Chang and Leino: Inferring Object Invariants Outline Overview Obtaining Object Invariants –Abstract State –Abstract Transition for Unpack/Pack Example Concluding Remarks

7 7 1/21/2005Chang and Leino: Inferring Object Invariants Overview of Contributions To extend standard reasoning to fields –use parameterized abstract interpretation framework [VMCAI 2005] To simultaneously track an unbounded number of objects –treat “valid” objects collectively following object invariant methodology [JOT 2004] To capture interaction between multiple object invariants –separate analysis into flow-sensitive and flow- insensitive parts –interaction given by object invariant methodology

8 8 1/21/2005Chang and Leino: Inferring Object Invariants Abstract State policy domainKind of invariants obtained given by policy domain P –e.g., linear arithmetic if P is Polyhedra Standard local flow-sensitive abstract interpretation using C ( P, S ) –policy domain extended to work with fields Global flow-insensitive part captured by I –mappings of the form T  C ( P ) e.g., B  sel(H,t,x) ¸ 8, which concretizes to ( 8 t:B ² ( 8 H ² sel(H,t,x) ¸ 8))

9 9 1/21/2005Chang and Leino: Inferring Object Invariants Abstract Transition Write the abstract transition for a statement s –one C per program point –one global I packunpackAll statements except pack/unpack affect only the local state C field updates –including field updates because methodology says that only “mutable” objects can be modified

10 10 1/21/2005Chang and Leino: Inferring Object Invariants Abstract Transition: Pack packIncorporate the information obtained from the local analysis on pack – note – note: does not depend on class context Extract constraints that involve fields of o that are declared in T or a superclass of T Rename o to t and widen into the current object invariant for T

11 11 1/21/2005Chang and Leino: Inferring Object Invariants Abstract Transition: Unpack unpackInstantiate current object invariant on unpack – methodology says that the object satisfies the object invariant right before the unpack – note – note: does not depend on class context Also instantiate object invariant for, say, “valid” method arguments

12 12 1/21/2005Chang and Leino: Inferring Object Invariants Outline Overview Obtaining Object Invariants –Abstract State –Abstract Transition for Unpack/Pack Example Concluding Remarks

13 13 1/21/2005Chang and Leino: Inferring Object Invariants Example class D extends B { int y; D() { this.y := 1; pack this as D; } } class B { int x; B() { this.x := 8; pack this as B; } void M(D d) { unpack this from B; this.x := d.x + d.y; pack this as B; } > I:I: D , B  ??

14 14 1/21/2005Chang and Leino: Inferring Object Invariants Example class D extends B { int y; D() { this.y := 1; pack this as D; } } class B { int x; B() { this.x := 8; pack this as B; } void M(D d) { unpack this from B; this.x := d.x + d.y; pack this as B; } I:I: D , B  ?? sel(H,this,y) = 1

15 15 1/21/2005Chang and Leino: Inferring Object Invariants Example class D extends B { int y; D() { this.y := 1; pack this as D; } } class B { int x; B() { this.x := 8; pack this as B; } void M(D d) { unpack this from B; this.x := d.x + d.y; pack this as B; } I:I: D , B  ? sel(H,this,y) = 1 sel(H,t,y) = 1

16 16 1/21/2005Chang and Leino: Inferring Object Invariants Example class D extends B { int y; D() { this.y := 1; pack this as D; } } class B { int x; B() { this.x := 8; pack this as B; } void M(D d) { unpack this from B; this.x := d.x + d.y; pack this as B; } I:I: D , B  sel(H,this,y) = 1 sel(H,t,y) = 1 sel(H,this,x) = 8 sel(H,t,x) = 8

17 17 1/21/2005Chang and Leino: Inferring Object Invariants Example class D extends B { int y; D() { this.y := 1; pack this as D; } } class B { int x; B() { this.x := 8; pack this as B; } void M(D d) { unpack this from B; this.x := d.x + d.y; pack this as B; } I:I: D , B  sel(H,this,y) = 1 sel(H,t,y) = 1 sel(H,this,x) = 8 sel(H,t,x) = 8 Assume d is valid sel(H,d,y) = 1 Æ sel(H,d,x) = 8

18 18 1/21/2005Chang and Leino: Inferring Object Invariants Example class D extends B { int y; D() { this.y := 1; pack this as D; } } class B { int x; B() { this.x := 8; pack this as B; } void M(D d) { unpack this from B; this.x := d.x + d.y; pack this as B; } I:I: D , B  sel(H,this,y) = 1 sel(H,t,y) = 1 sel(H,this,x) = 8 sel(H,t,x) = 8 sel(H,d,y) = 1 Æ sel(H,d,x) = 8 sel(H,d,y)=1 Æ sel(H,d,x)=8 Æ sel(H,this,x)=8

19 19 1/21/2005Chang and Leino: Inferring Object Invariants Example class D extends B { int y; D() { this.y := 1; pack this as D; } } class B { int x; B() { this.x := 8; pack this as B; } void M(D d) { unpack this from B; this.x := d.x + d.y; pack this as B; } sel(H,this,y) = 1 I:I: D , B  sel(H,t,y) = 1 sel(H,t,x) = 8 sel(H,this,x) = 8 sel(H,d,y) = 1 Æ sel(H,d,x) = 8 sel(H,d,y)=1 Æ sel(H,d,x)=8 Æ sel(H,this,x)=8 sel(H,this,x) = 9

20 20 1/21/2005Chang and Leino: Inferring Object Invariants Example class D extends B { int y; D() { this.y := 1; pack this as D; } } class B { int x; B() { this.x := 8; pack this as B; } void M(D d) { unpack this from B; this.x := d.x + d.y; pack this as B; } sel(H,this,y) = 1 I:I: D , B  sel(H,t,y) = 1 sel(H,t,x) ¸ 8 sel(H,this,x) = 8 sel(H,d,y) = 1 Æ sel(H,d,x) = 8 sel(H,d,y)=1 Æ sel(H,d,x)=8 Æ sel(H,this,x)=8 sel(H,this,x) = 9 Re-examine where previous object invariant for B was instantiated

21 21 1/21/2005Chang and Leino: Inferring Object Invariants Example: Remarks Weakening of object invariant must be with widening (like for loops) Needed the object invariant of D to obtained the desired object invariant for B unpackpackIncorporating information into object invariant determined by unpack/pack, not class context

22 22 1/21/2005Chang and Leino: Inferring Object Invariants Conclusion and Future Work Designed a technique to infer more precise object invariants –based on distinguishing “valid” and “mutable” objects –for class-based object-oriented langauges works with inheritance can obtain invariants on fields of a field using a notion of ownership (see paper) Combined with a methodology (strengthening both) Fits nicely in an abstract interpretation framework (e.g., Logozzo) Future Work: implementation and experiments

23 Thank you! Questions? Comments?

Download ppt "Inferring Object Invariants Bor-Yuh Evan ChangK. Rustan M. Leino University of California, BerkeleyMicrosoft Research January 21, 2005 AIOOL 2005 Paris,"

Similar presentations

Verification of object-oriented programs with invariants Mike Barnett, Robert DeLine, Manuel Fahndrich, K. Rustan M. Leino, Wolfram Schulte Formal techniques.

Verification of object-oriented programs with invariants Mike Barnett, Robert DeLine, Manuel Fahndrich, K. Rustan M. Leino, Wolfram Schulte Formal techniques.
Writing specifications for object-oriented programs K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 21 Jan 2005 Invited talk, AIOOL 2005 Paris,

Writing specifications for object-oriented programs K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 21 Jan 2005 Invited talk, AIOOL 2005 Paris,
Technologies for finding errors in object-oriented software K. Rustan M. Leino Microsoft Research, Redmond, WA Lecture 3 Summer school on Formal Models.

Technologies for finding errors in object-oriented software K. Rustan M. Leino Microsoft Research, Redmond, WA Lecture 3 Summer school on Formal Models.
Lecture 4 Towards a Verifying Compiler: Data Abstraction Wolfram Schulte Microsoft Research Formal Methods 2006 Purity, Model fields, Inconsistency _____________.

Lecture 4 Towards a Verifying Compiler: Data Abstraction Wolfram Schulte Microsoft Research Formal Methods 2006 Purity, Model fields, Inconsistency _____________.
Challenges in increasing tool support for programming K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 23 Sep 2004 ICTAC Guiyang, Guizhou, PRC joint.

Challenges in increasing tool support for programming K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 23 Sep 2004 ICTAC Guiyang, Guizhou, PRC joint.
An Abstract Interpretation Framework for Refactoring P. Cousot, NYU, ENS, CNRS, INRIA R. Cousot, ENS, CNRS, INRIA F. Logozzo, M. Barnett, Microsoft Research.

An Abstract Interpretation Framework for Refactoring P. Cousot, NYU, ENS, CNRS, INRIA R. Cousot, ENS, CNRS, INRIA F. Logozzo, M. Barnett, Microsoft Research.
Comp 212: Intermediate Programming Lecture 18 – Java Generics By: Anupam Chanda.

Comp 212: Intermediate Programming Lecture 18 – Java Generics By: Anupam Chanda.
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 11.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 11.
Abstract Interpretation with Alien Expressions and Heap Structures Bor-Yuh Evan ChangK. Rustan M. Leino University of California, BerkeleyMicrosoft Research.

Abstract Interpretation with Alien Expressions and Heap Structures Bor-Yuh Evan ChangK. Rustan M. Leino University of California, BerkeleyMicrosoft Research.
Program Analysis as Constraint Solving Sumit Gulwani (MSR Redmond) Ramarathnam Venkatesan (MSR Redmond) Saurabh Srivastava (Univ. of Maryland) TexPoint.

Program Analysis as Constraint Solving Sumit Gulwani (MSR Redmond) Ramarathnam Venkatesan (MSR Redmond) Saurabh Srivastava (Univ. of Maryland) TexPoint.
Liang, Introduction to Java Programming, Ninth Edition, (c) 2013 Pearson Education, Inc. All rights reserved. 1 1 Abstract Classes and Interfaces.

Liang, Introduction to Java Programming, Ninth Edition, (c) 2013 Pearson Education, Inc. All rights reserved. 1 1 Abstract Classes and Interfaces.
Liang, Introduction to Java Programming, Eighth Edition, (c) 2011 Pearson Education, Inc. All rights reserved. 0132130807 1 Immutable Objects and Classes.

Liang, Introduction to Java Programming, Eighth Edition, (c) 2011 Pearson Education, Inc. All rights reserved Immutable Objects and Classes.
Lecture 2 Towards a Verifying Compiler: Logic of Object oriented Programs Wolfram Schulte Microsoft Research Formal Methods 2006 Objects, references, heaps,

Lecture 2 Towards a Verifying Compiler: Logic of Object oriented Programs Wolfram Schulte Microsoft Research Formal Methods 2006 Objects, references, heaps,
Aliases in a bug finding tool Benjamin Chelf Seth Hallem June 5 th, 2002.

Aliases in a bug finding tool Benjamin Chelf Seth Hallem June 5 th, 2002.
Abstract Interpretation with Alien Expressions and Heap Structures Bor-Yuh Evan ChangK. Rustan M. Leino UC BerkeleyMicrosoft Research November 11, 2004.

Abstract Interpretation with Alien Expressions and Heap Structures Bor-Yuh Evan ChangK. Rustan M. Leino UC BerkeleyMicrosoft Research November 11, 2004.
Building a program verifier K. Rustan M. Leino Microsoft Research, Redmond, WA 10 May 2006 Guest lecture, Shaz Qadeer’s cse599f, Formal Verification of.

Building a program verifier K. Rustan M. Leino Microsoft Research, Redmond, WA 10 May 2006 Guest lecture, Shaz Qadeer’s cse599f, Formal Verification of.
Harvey SiyPrinciples of Object-Oriented Software Development by Eliens Slide 1 Behavioral Refinement Principles of Object-Oriented Software Development.

Harvey SiyPrinciples of Object-Oriented Software Development by Eliens Slide 1 Behavioral Refinement Principles of Object-Oriented Software Development.
CSE 331 Software Design & Implementation Dan Grossman Fall 2014 Data Abstraction: Abstract Data Types (ADTs) (Based on slides by Mike Ernst, David Notkin,

CSE 331 Software Design & Implementation Dan Grossman Fall 2014 Data Abstraction: Abstract Data Types (ADTs) (Based on slides by Mike Ernst, David Notkin,
Computer Science 340 Software Design & Testing Design By Contract.

Computer Science 340 Software Design & Testing Design By Contract.
Abstract classes and Interfaces. Abstract classes.

Abstract classes and Interfaces. Abstract classes.

Similar presentations

Ads by Google