The Daikon system for dynamic detection of likely invariants MIT Computer Science and Artificial Intelligence Lab. 16 January 2007 Presented by Chervet.

Slides:

Advertisements

Similar presentations

Queues Printer queues Several jobs submitted to printer Jobs form a queue Jobs processed in same order as they were received.

Advertisements

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Design By Contract Using JMSAssert.

Stacks, Queues, and Linked Lists

Lab 8 Ordered list. OVERVIEW In an ordered list the elements are maintained in ascending (or descending) order based on the data contained in the list.

11-Jun-14 The assert statement. 2 About the assert statement The purpose of the assert statement is to give you a way to catch program errors early The.

Chapter 16 Java Virtual Machine. To compile a java program in Simple.java, enter javac Simple.java javac outputs Simple.class, a file that contains bytecode.

50.530: Software Engineering Sun Jun SUTD. Week 10: Invariant Generation.

Java Review Interface, Casting, Generics, Iterator.

Annoucements  Next labs 9 and 10 are paired for everyone. So don’t miss the lab.  There is a review session for the quiz on Monday, November 4, at 8:00.

Copyright © 2012 Pearson Education, Inc. Chapter 18: Stacks And Queues.

Slides prepared by Rose Williams, Binghamton University ICS201 Exception Handling University of Hail College of Computer Science and Engineering Department.

Chapter 1. The Phases of Software Development. Data Structure 2 Chapter outline  Objectives  Use Javadoc to write a method’s complete specification.

Stacks, Queues, and Deques

Software Engineering and Design Principles Chapter 1.

Stacks. What is a stack? Last-in first-out data structure (LIFO) New objects are placed on top Removal restricted to top object Examples?

Stacks CS-240 Dick Steflik. Stacks Last In, First Out operation - LIFO As items are added they are chronologically ordered, items are removed in reverse.

Stacks CS-240 Dick Steflik. Stacks Last In, First Out operation - LIFO As items are added they are chronologically ordered, items are removed in reverse.

Dynamically Discovering Likely Program Invariants to Support Program Evolution Michael D. Ernst, Jake Cockrell, William G. Griswold, David Notkin Presented.

JAVA PROGRAMING LANGUAGE. Content of Java 2 SDK  Development Tools (In the bin subdirectory.) Tools and utilities that will help you develop, execute,

Stacks Cmput Lecture 18 Department of Computing Science University of Alberta ©Duane Szafron 2000 Some code in this lecture is based on code from.

1 CSCD 326 Data Structures I Stacks. 2 Data Type Stack Most basic property: last item in (most recently inserted) is first item out LIFO - last in first.

What Went Wrong? Alex Groce Carnegie Mellon University Willem Visser NASA Ames Research Center.

Michael Ernst, page 1 Improving Test Suites via Operational Abstraction Michael Ernst MIT Lab for Computer Science Joint.

Chapter 16 Java Virtual Machine. To compile a java program in Simple.java, enter javac Simple.java javac outputs Simple.class, a file that contains bytecode.

Queues Cmput Lecture 19 Department of Computing Science University of Alberta ©Duane Szafron 2000 Some code in this lecture is based on code from.

AP Computer Science.  Not necessary but good programming practice in Java  When you override a super class method notation.

CS102 Introduction to Computer Programming

©Ian Sommerville 2000Software Engineering, 6th edition. Chapter 19Slide 1 Verification and Validation l Assuring that a software system meets a user's.

Dr. Pedro Mejia Alvarez Software Testing Slide 1 Software Testing: Building Test Cases.

Unit Testing & Defensive Programming. F-22 Raptor Fighter.

Introduction to Object-oriented Programming CSIS 3701: Advanced Object Oriented Programming.

Introduction to Java Appendix A. Appendix A: Introduction to Java2 Chapter Objectives To understand the essentials of object-oriented programming in Java.

1 Abstraction  Identify important aspects and ignore the details  Permeates software development programming languages are abstractions built on hardware.

SAK 3117 Data Structures Chapter 3: STACKS. Objective To introduce: Stack concepts Stack operations Stack applications CONTENT 3.1 Introduction 3.2 Stack.

JavaDoc1 JavaDoc DEPARTMENT OF COMPUTER SCIENCE AND SOFTWARE ENGINEERING CONCORDIA UNIVERSITY July 24, 2006 by Emil Vassev & Joey Paquet revision 1.2 –

 200 Total Points ◦ 74 Points Writing Programs ◦ 60 Points Tracing Algorithms and determining results ◦ 36 Points Short Answer ◦ 30 Points Multiple Choice.

Generalized Containers CSIS 3701: Advanced Object Oriented Programming.

Chapter 7 Stacks. © 2004 Pearson Addison-Wesley. All rights reserved 7-2 The Abstract Data Type: Developing an ADT During the Design of a Solution Specifications.

Computer Science and Software Engineering University of Wisconsin - Platteville 2. Pointer Yan Shi CS/SE2630 Lecture Notes.

Problem of the Day  Why are manhole covers round?

Stacks. A stack is a data structure that holds a sequence of elements and stores and retrieves items in a last-in first- out manner (LIFO). This means.

Refactoring1 Improving the structure of existing code.

Dynamically Discovering Likely Program Invariants All material in this presentation is derived from documentation online at the Daikon website,

CS Data Structures I Chapter 2 Principles of Programming & Software Engineering.

OOSC - JMSAssert. Design By Contract A powerful technique for writing reliable software. Specifying the software purpose with the implementation. Key.

1 Test Selection for Result Inspection via Mining Predicate Rules Wujie Zheng

Nyhoff, ADTs, Data Structures and Problem Solving with C++, Second Edition, © 2005 Pearson Education, Inc. All rights reserved Stacks.

Core Java Introduction Byju Veedu Ness Technologies httpdownload.oracle.com/javase/tutorial/getStarted/intro/definition.html.

 200 Total Points ◦ 75 Points Writing Programs ◦ 60 Points Tracing Algorithms and determining results ◦ 35 Points Short Answer ◦ 30 Points Multiple Choice.

U n i v e r s i t y o f H a i l 1 ICS 202  2011 spring  Data Structures and Algorithms 

ANU COMP2110 Software Design in 2003 Lecture 10Slide 1 COMP2110 Software Design in 2004 Lecture 12 Documenting Detailed Design How to write down detailed.

CMSC 202 Advanced Section Classes and Objects: Object Creation and Constructors.

Introduction to array: why use arrays ?. Motivational example Problem: Write a program that reads in and stores away 5 double numbers After reading in.

(1) ICS 313: Programming Language Theory Chapter 11: Abstract Data Types (Data Abstraction)

Programming & Debugging. Key Programming Issues Modularity Modifiability Ease of Use Fail-safe programming Style Debugging.

Throw, Throws & Try-Catch Statements Explanations and Pictures from: Reference:

Reasoning and Design (and Assertions). How to Design Your Code The hard way: Just start coding. When something doesn’t work, code some more! The easier.

Click to edit Master text styles Stacks Data Structure.

1 Stacks Abstract Data Types (ADTs) Stacks Application to the analysis of a time series Java implementation of a stack Interfaces and exceptions.

1 Topic 5 Polymorphism "“Inheritance is new code that reuses old code. Polymorphism is old code that reuses new code.”

Jeremy Nimmer, page 1 Automatic Generation of Program Specifications Jeremy Nimmer MIT Lab for Computer Science Joint work with.

Testing and Debugging UCT Department of Computer Science Computer Science 1015F Hussein Suleman March 2009.

Lecture 1b- Introduction

CS 2308 Final Exam Review.

Developing Java Applications with NetBeans

Assertions References: internet notes; Bertrand Meyer, Object-Oriented Software Construction; 4/25/2019.

Developing Java Applications with NetBeans

Presentation transcript:

The Daikon system for dynamic detection of likely invariants MIT Computer Science and Artificial Intelligence Lab. 16 January 2007 Presented by Chervet Benjamin Dec 2008 : System Modeling and Analysis 1

Contents: I.Introduction Daikon in one sentence Short example II.Daikon in deep Key features Uses Architectures Interference Engine andOptimization III.Synthesis example The Size-limited Stack 2

The Daikon system for dynamic detection of likely invariants Dynamic detection : != static analysis : Need to run the program to generate the invariants. Will not build an automate or try all the cases. Daikon : Chinese Radish and a software developed by the MIT, that dynamically detect likely invariants. Invariants : property that holds at a certain point or points in a programm (ex: x==0, String.isObject==true, v>z…) Introduction -> Daikon in one sentence. Daikon detects likely properties that hold at a certain point by running a programm. 3

How Daikon works ? Results list of invariants Trace Raw data extracted Program/Data JavaPearlC/C++Spreadsheet Introduction -> Short example. 4

From the program to the trace Java Code : package perso; public class test2{ public static int l; public static int i; public static int useless; public static void main(String args[]){ test2.l=0; test2.i=0; while(10 >= test2.l){ test2.incr(); } public static void incr(){ test2.l++; test2.i++; } Part of the trace : perso.test2.incr():::ENTER this_invocation_nonce 4 perso.test2.l 3 1 perso.test2.i 3 1 perso.test2.useless 0 1 perso.test2.incr():::EXIT26 this_invocation_nonce 4 perso.test2.l 4 1 perso.test2.i 4 1 perso.test2.useless 0 1 5

From the trace to the invariants Trace :Results : To doDaikon version 4.5.1, released November 3, 2008; Processing trace data; reading 1 dtrace file: [20:52:35]: Finished reading test2.dtrace.gz ========================================= perso.test2:::CLASS perso.test2.l == perso.test2.i perso.test2.l >= 0 perso.test2.useless == 0 perso.test2.l >= perso.test2.useless ========================================= perso.test2.incr():::EXIT perso.test2.useless == orig(perso.test2.useless) perso.test2.l > perso.test2.useless perso.test2.l - orig(perso.test2.l) - 1 == 0 perso.test2.useless <= orig(perso.test2.l) ========================================= perso.test2.main(java.lang.String[]):::ENTER perso.test2.l == perso.test2.useless perso.test2.l == size(arg0[]) arg0 has only one value arg0.getClass() == java.lang.String[].class arg0[] == [] arg0[].toString == [] Introduction -> Short example. perso.test2.incr():::ENTER this_invocation_nonce 4 perso.test2.l 3 1 perso.test2.i 3 1 perso.test2.useless 0 1 perso.test2.incr():::EXIT26 this_invocation_nonce 4 perso.test2.l 4 1 perso.test2.i 4 1 perso.test2.useless 0 1 6

Key features of Daikon Different input ▫Many programming languages  Java  C/C++  Pearl ▫Spreadsheet  CVS II.Daikon in deep -> Key features. 7

Rich output ▫Grammar of Properties  75 different invariants checks  Implications checking (a v > w) ▫Grammar of Variables  Parameters and return values checking  Pre state values (orig in short examples)  Global Variable, Pre State values, Fields  Can find asserts on variable that don’t appear in the program ▫Multiple Program points checkings Key features of Daikon II.Daikon in deep -> Key features. 8

Scalability ▫Used by the NASA on over 1 million lines of C/C++ Invariant filtering ▫Redundants invariants (a – 1 >= 3 and a a-1 >2) ▫Do not display invariants between unrelated variables Portable ▫Run with Linux and Windows Key features of Daikon II.Daikon in deep -> Key features. 9

Understanding an algorithm or the implementation Documentation ▫Always up to date Avoiding bugs ▫Check if the invariant stay true after a modification of the code Debugging Testing Uses II.Daikon in deep -> Uses. 10

Verification ▫Are the specification true ? ▫95% of the properties were provable with Java. Data structure and control repair. Uses II.Daikon in deep -> Uses. 11

Daikon architecture II.Daikon in deep -> Uses. Different language code (C/++, Pearl, Java) Language-specific instrumenters : Create a new version of the source, compile it, link it and execute it and output the values needed to build the traces. The trace is then piped to the inference engine. Trace Interference engine build the invariants from the trace. Invariants 12

Assume that all potential invariants are true Test each one against each sample Discard contradicted invariant A few optimizations needed to scale better. Interference Engine II.Daikon in deep -> Interference Engine 13

Equal variables ▫If an invariant is true for one variable, then it will be true if another variable is equal. Dynamically constant variables ▫If a variable has the same value at each observed sample, we do not need to perform the same test at each step. (Ex: if v = 2, in 3 steps, we do not need to make the test v >=0 for the 3 steps). Variable hierarchy: ▫Some variables contribute to invariant at multiple program points. If the same samples appears at two points of a programm, then the invariant at the first point and at the second point are the same. Suppression of weak invariants: ▫X > Y implies X >= Y Optimization : reduce the calculus amount by 99%. II.Daikon in deep -> Interference Engine 14

III.Synthesis Exemple Simple stack with a fixed-maximum size: Fields: Object[] Array; // Array containing stacks elements Int topOfStack; // top of the stack, -1 if the stack is empty. Methods: Void push(Object x) ; //Add an object at the top of the stack Void pop(); // Remove the object at the top of the stack Object top(); // Return (without removing) the objet at the top Object topandpop(); //Remove and return the object at the top Boolean isEmpty(); // Boolean isFull(); Void makeEmpty(); // Clear the stacks. 15

III.Synthesis Exemple Exemple of outputs and how it can be used : This.theArray != null This.topOfStack >= -1 This.theArray[this.topOfStack+1..] elements = null Orig(capacity) = this.theArray.length The array is never null. Methods can thus safely reference it without checking for null. The topOfStack is never smaller than -1. It works as the programmer intended to make it work. The Array is empty for the case above the top Of the case. It infers that the pop method nulls out the entry after returning it. Respect the specification. The capacity of the array is always equal to designed capacity. Object invariants for the Class: Post conditions for the StackAr constructor : 16

Summarize : Invariants are very useful, but hard to find. Daikon detects the invariants dynamicaly ▫Do not check for every possible values. May gives not true invariants : ▫True for a particular test suits but not for another. But : Easier to reject false invariants that to guess the true ones. 17