Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Daikon system for dynamic detection of likely invariants MIT Computer Science and Artificial Intelligence Lab. 16 January 2007 Presented by Chervet.

Published byAngela Stevens Modified over 8 years ago

Similar presentations

Presentation on theme: "The Daikon system for dynamic detection of likely invariants MIT Computer Science and Artificial Intelligence Lab. 16 January 2007 Presented by Chervet."— Presentation transcript:

1 The Daikon system for dynamic detection of likely invariants MIT Computer Science and Artificial Intelligence Lab. 16 January 2007 Presented by Chervet Benjamin Dec 2008 : System Modeling and Analysis 1

2 Contents: I.Introduction Daikon in one sentence Short example II.Daikon in deep Key features Uses Architectures Interference Engine andOptimization III.Synthesis example The Size-limited Stack 2

3 The Daikon system for dynamic detection of likely invariants Dynamic detection : != static analysis : Need to run the program to generate the invariants. Will not build an automate or try all the cases. Daikon : Chinese Radish and a software developed by the MIT, that dynamically detect likely invariants. Invariants : property that holds at a certain point or points in a programm (ex: x==0, String.isObject==true, v>z…) Introduction -> Daikon in one sentence. Daikon detects likely properties that hold at a certain point by running a programm. 3

4 How Daikon works ? Results list of invariants Trace Raw data extracted Program/Data JavaPearlC/C++Spreadsheet Introduction -> Short example. 4

5 From the program to the trace Java Code : package perso; public class test2{ public static int l; public static int i; public static int useless; public static void main(String args[]){ test2.l=0; test2.i=0; while(10 >= test2.l){ test2.incr(); } public static void incr(){ test2.l++; test2.i++; } Part of the trace : perso.test2.incr():::ENTER this_invocation_nonce 4 perso.test2.l 3 1 perso.test2.i 3 1 perso.test2.useless 0 1 perso.test2.incr():::EXIT26 this_invocation_nonce 4 perso.test2.l 4 1 perso.test2.i 4 1 perso.test2.useless 0 1 5

6 From the trace to the invariants Trace :Results : To doDaikon version 4.5.1, released November 3, 2008; Processing trace data; reading 1 dtrace file: [20:52:35]: Finished reading test2.dtrace.gz ========================================= perso.test2:::CLASS perso.test2.l == perso.test2.i perso.test2.l >= 0 perso.test2.useless == 0 perso.test2.l >= perso.test2.useless ========================================= perso.test2.incr():::EXIT perso.test2.useless == orig(perso.test2.useless) perso.test2.l > perso.test2.useless perso.test2.l - orig(perso.test2.l) - 1 == 0 perso.test2.useless <= orig(perso.test2.l) ========================================= perso.test2.main(java.lang.String[]):::ENTER perso.test2.l == perso.test2.useless perso.test2.l == size(arg0[]) arg0 has only one value arg0.getClass() == java.lang.String[].class arg0[] == [] arg0[].toString == [] Introduction -> Short example. perso.test2.incr():::ENTER this_invocation_nonce 4 perso.test2.l 3 1 perso.test2.i 3 1 perso.test2.useless 0 1 perso.test2.incr():::EXIT26 this_invocation_nonce 4 perso.test2.l 4 1 perso.test2.i 4 1 perso.test2.useless 0 1 6

7 Key features of Daikon Different input ▫Many programming languages  Java  C/C++  Pearl ▫Spreadsheet  CVS II.Daikon in deep -> Key features. 7

8 Rich output ▫Grammar of Properties  75 different invariants checks  Implications checking (a v > w) ▫Grammar of Variables  Parameters and return values checking  Pre state values (orig in short examples)  Global Variable, Pre State values, Fields  Can find asserts on variable that don’t appear in the program ▫Multiple Program points checkings Key features of Daikon II.Daikon in deep -> Key features. 8

9 Scalability ▫Used by the NASA on over 1 million lines of C/C++ Invariant filtering ▫Redundants invariants (a – 1 >= 3 and a a-1 >2) ▫Do not display invariants between unrelated variables Portable ▫Run with Linux and Windows Key features of Daikon II.Daikon in deep -> Key features. 9

10 Understanding an algorithm or the implementation Documentation ▫Always up to date Avoiding bugs ▫Check if the invariant stay true after a modification of the code Debugging Testing Uses II.Daikon in deep -> Uses. 10

11 Verification ▫Are the specification true ? ▫95% of the properties were provable with Java. Data structure and control repair. Uses II.Daikon in deep -> Uses. 11

12 Daikon architecture II.Daikon in deep -> Uses. Different language code (C/++, Pearl, Java) Language-specific instrumenters : Create a new version of the source, compile it, link it and execute it and output the values needed to build the traces. The trace is then piped to the inference engine. Trace Interference engine build the invariants from the trace. Invariants 12

13 Assume that all potential invariants are true Test each one against each sample Discard contradicted invariant A few optimizations needed to scale better. Interference Engine II.Daikon in deep -> Interference Engine 13

14 Equal variables ▫If an invariant is true for one variable, then it will be true if another variable is equal. Dynamically constant variables ▫If a variable has the same value at each observed sample, we do not need to perform the same test at each step. (Ex: if v = 2, in 3 steps, we do not need to make the test v >=0 for the 3 steps). Variable hierarchy: ▫Some variables contribute to invariant at multiple program points. If the same samples appears at two points of a programm, then the invariant at the first point and at the second point are the same. Suppression of weak invariants: ▫X > Y implies X >= Y Optimization : reduce the calculus amount by 99%. II.Daikon in deep -> Interference Engine 14

15 III.Synthesis Exemple Simple stack with a fixed-maximum size: Fields: Object[] Array; // Array containing stacks elements Int topOfStack; // top of the stack, -1 if the stack is empty. Methods: Void push(Object x) ; //Add an object at the top of the stack Void pop(); // Remove the object at the top of the stack Object top(); // Return (without removing) the objet at the top Object topandpop(); //Remove and return the object at the top Boolean isEmpty(); // Boolean isFull(); Void makeEmpty(); // Clear the stacks. 15

16 III.Synthesis Exemple Exemple of outputs and how it can be used : This.theArray != null This.topOfStack >= -1 This.theArray[this.topOfStack+1..] elements = null Orig(capacity) = this.theArray.length The array is never null. Methods can thus safely reference it without checking for null. The topOfStack is never smaller than -1. It works as the programmer intended to make it work. The Array is empty for the case above the top Of the case. It infers that the pop method nulls out the entry after returning it. Respect the specification. The capacity of the array is always equal to designed capacity. Object invariants for the Class: Post conditions for the StackAr constructor : 16

17 Summarize : Invariants are very useful, but hard to find. Daikon detects the invariants dynamicaly ▫Do not check for every possible values. May gives not true invariants : ▫True for a particular test suits but not for another. But : Easier to reject false invariants that to guess the true ones. 17

Download ppt "The Daikon system for dynamic detection of likely invariants MIT Computer Science and Artificial Intelligence Lab. 16 January 2007 Presented by Chervet."

Similar presentations

Queues Printer queues Several jobs submitted to printer Jobs form a queue Jobs processed in same order as they were received.

Queues Printer queues Several jobs submitted to printer Jobs form a queue Jobs processed in same order as they were received.
Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Design By Contract Using JMSAssert.

Design By Contract Using JMSAssert.
Stacks, Queues, and Linked Lists

Stacks, Queues, and Linked Lists
Lab 8 Ordered list. OVERVIEW In an ordered list the elements are maintained in ascending (or descending) order based on the data contained in the list.

Lab 8 Ordered list. OVERVIEW In an ordered list the elements are maintained in ascending (or descending) order based on the data contained in the list.
11-Jun-14 The assert statement. 2 About the assert statement The purpose of the assert statement is to give you a way to catch program errors early The.

11-Jun-14 The assert statement. 2 About the assert statement The purpose of the assert statement is to give you a way to catch program errors early The.
Chapter 16 Java Virtual Machine. To compile a java program in Simple.java, enter javac Simple.java javac outputs Simple.class, a file that contains bytecode.

Chapter 16 Java Virtual Machine. To compile a java program in Simple.java, enter javac Simple.java javac outputs Simple.class, a file that contains bytecode.
50.530: Software Engineering Sun Jun SUTD. Week 10: Invariant Generation.

50.530: Software Engineering Sun Jun SUTD. Week 10: Invariant Generation.
Java Review Interface, Casting, Generics, Iterator.

Java Review Interface, Casting, Generics, Iterator.
Annoucements  Next labs 9 and 10 are paired for everyone. So don’t miss the lab.  There is a review session for the quiz on Monday, November 4, at 8:00.

Annoucements  Next labs 9 and 10 are paired for everyone. So don’t miss the lab.  There is a review session for the quiz on Monday, November 4, at 8:00.
Copyright © 2012 Pearson Education, Inc. Chapter 18: Stacks And Queues.

Copyright © 2012 Pearson Education, Inc. Chapter 18: Stacks And Queues.
Slides prepared by Rose Williams, Binghamton University ICS201 Exception Handling University of Hail College of Computer Science and Engineering Department.

Slides prepared by Rose Williams, Binghamton University ICS201 Exception Handling University of Hail College of Computer Science and Engineering Department.
Chapter 1. The Phases of Software Development. Data Structure 2 Chapter outline  Objectives  Use Javadoc to write a method’s complete specification.

Chapter 1. The Phases of Software Development. Data Structure 2 Chapter outline  Objectives  Use Javadoc to write a method’s complete specification.
Stacks, Queues, and Deques

Stacks, Queues, and Deques
Software Engineering and Design Principles Chapter 1.

Software Engineering and Design Principles Chapter 1.
Stacks. What is a stack? Last-in first-out data structure (LIFO) New objects are placed on top Removal restricted to top object Examples?

Stacks. What is a stack? Last-in first-out data structure (LIFO) New objects are placed on top Removal restricted to top object Examples?
Stacks CS-240 Dick Steflik. Stacks Last In, First Out operation - LIFO As items are added they are chronologically ordered, items are removed in reverse.

Stacks CS-240 Dick Steflik. Stacks Last In, First Out operation - LIFO As items are added they are chronologically ordered, items are removed in reverse.
Stacks CS-240 Dick Steflik. Stacks Last In, First Out operation - LIFO As items are added they are chronologically ordered, items are removed in reverse.

Stacks CS-240 Dick Steflik. Stacks Last In, First Out operation - LIFO As items are added they are chronologically ordered, items are removed in reverse.
Dynamically Discovering Likely Program Invariants to Support Program Evolution Michael D. Ernst, Jake Cockrell, William G. Griswold, David Notkin Presented.

Dynamically Discovering Likely Program Invariants to Support Program Evolution Michael D. Ernst, Jake Cockrell, William G. Griswold, David Notkin Presented.

Similar presentations

Ads by Google