Presentation is loading. Please wait.

Presentation is loading. Please wait.

Towards trustworthy refactoring in Erlang

Published byClifton Davis Modified over 5 years ago

Similar presentations

Presentation on theme: "Towards trustworthy refactoring in Erlang"— Presentation transcript:

1 Towards trustworthy refactoring in Erlang
Dániel Horpácsi, Judit Kőszegi, Simon Thompson

2 „Could we design a refactoring formalism in which any definition is inherently correct?”

3 Refactoring language: design goals
Executable Verifiable Applicable Intuitive Representation-independent All at once

4 Execution Formalism: high-level DSL Mostly declarative
Partly Erlang-specific Concrete term rewriting with simple strategies Interpreted in the existing refactoring framework Static analysis Transformation Pretty-printing

5 Verification Correctness of the refactoring definition: for any program, the refactoring transformation results in a semantically equivalent program Correctness of a refactoring application: the original and the resulting program are semantically equivalent Consequently, the refactoring correctness is relative to The language semantics The language metatheory (The existing framework is not subject to this verification)

6 Types of refactoring definitions
The smaller the better Local a single conditional rewrite rule Extensive combination of rules Composite combination of refactorings Refactoring Prime Local Extensive Scheme instance Composite

7 A local example [ X*Y || X <- Numbers1, Y <- Numbers2,
List = [{X, Y} || X <- Numbers1, Y <- Numbers2, X>Y], Fun = fun({X, Y}) -> X*Y end, lists:map(Fun, List) REFACTORING listcomp2map() [ Head || GeneratorsFilters.. ] List = [ { Vars.. } || GeneratorsFilters.. ], Fun = fun ({ Vars.. }) -> Head end, lists:map(Fun, List) WHEN Vars.. = intersect(bound_vars(GeneratorsFilters..), vars(Head))) AND fresh(List) AND fresh(Fun)

8 Proving correctness Correctness of refactoring
Equivalence of program patterns Validity in reachability logic

9 Proving equivalence Operational semantics (+metatheory) defined in reachability logic Special sort: configuration Special predicate: basic pattern Pairs of pure patterns Equivalence property expressed in reachability logic Pairs of pure patterns with configuration pairs Symbolic circular coinduction to derive formula validity Sound but not complete Tactic and implementation for automatic proofs

10 An extensive example REFACTORING rename_function(NewName) ON function_definition(THIS) Name(Args..) -> Body NewName(Args..) -> Body.. WHEN NOT function_exists(module(THIS), NewName, length(Args..)) THEN ON function_calls(THIS) Name(Args..) NewName(Args..) THEN ON ...

11 Schemes Scheme Guarantee consistent changes
Hide the complexity of extensive refactorings Simplify definition and verification by splitting into two parts Contract on the parameters ensures correctness Scheme Skeleton w.r.t. contract Rewrite rules Parameters

12 Function signature refactoring
Skeleton Applying the signature rewrite (name + args) on the function definition and every function reference (calls, directives, etc.) Parameter A „function head” rewrite rule specifying how the signature is changed Contract Formal and generality requirements on the arguments

13 Examples FUNCTION SIGNATURE REFACTORING rename_function(NewName) Name(Args..) NewName(Args..) FUNCTION SIGNATURE REFACTORING tuple_function_arguments() Name(Args..) Name({Args..})

14 Forward dataflow refactoring
Skeleton Applying any of the „definition” rules on the selected data source and applying any of the „reference” rules on each element of the dataflow path Parameters At least one „definition” transformation rule and at least one „reference” trasformation rule Contract Each pair of „definition” and „reference” rules are consistent

15 Example FORWARD DATAFLOW REFACTORING fun2value() DEFINITION fun() -> E end WHEN pure(E) E REFERENCE F F() F X = fun() -> 123 end, some_code(), Y = X() + 1, X() - 5 X = 123, some_code(), Y = X + 1, X - 5

16 Correctness of scheme instances
Pre-proved skeleton Valid rewrite rules Refactoring

17 Towards trustworthy refactoring
Simple, executable formalism for defining refactorings Local, extensive and composite definitions High-level refactoring schemes for extensive transformations A method for turning any refactoring definition into a formally verifiable logic formula

Download ppt "Towards trustworthy refactoring in Erlang"

Similar presentations

1 Decision Procedures An algorithmic point of view Equality Logic and Uninterpreted Functions.

1 Decision Procedures An algorithmic point of view Equality Logic and Uninterpreted Functions.
Computer Science CPSC 322 Lecture 25 Top Down Proof Procedure (Ch 5.2.2)

Computer Science CPSC 322 Lecture 25 Top Down Proof Procedure (Ch 5.2.2)
An Abstract Interpretation Framework for Refactoring P. Cousot, NYU, ENS, CNRS, INRIA R. Cousot, ENS, CNRS, INRIA F. Logozzo, M. Barnett, Microsoft Research.

An Abstract Interpretation Framework for Refactoring P. Cousot, NYU, ENS, CNRS, INRIA R. Cousot, ENS, CNRS, INRIA F. Logozzo, M. Barnett, Microsoft Research.
PZ03D Programming Language design and Implementation -4th Edition Copyright©Prentice Hall, 2000 1 PZ03D - Program verification Programming Language Design.

PZ03D Programming Language design and Implementation -4th Edition Copyright©Prentice Hall, PZ03D - Program verification Programming Language Design.
ICE1341 Programming Languages Spring 2005 Lecture #6 Lecture #6 In-Young Ko iko.AT. icu.ac.kr iko.AT. icu.ac.kr Information and Communications University.

ICE1341 Programming Languages Spring 2005 Lecture #6 Lecture #6 In-Young Ko iko.AT. icu.ac.kr iko.AT. icu.ac.kr Information and Communications University.
Introducing Formal Methods, Module 1, Version 1.1, Oct., 1998 1 Formal Specification and Analytical Verification L 5.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
Constraint Semantics for Abstract Read Permissions 28 th July 2014, FTfJP, Uppsala John Tang Boyland (UW-Milwaukee/ETH Zurich) Peter Müller, Malte Schwerhoff,

Constraint Semantics for Abstract Read Permissions 28 th July 2014, FTfJP, Uppsala John Tang Boyland (UW-Milwaukee/ETH Zurich) Peter Müller, Malte Schwerhoff,
1 How to transform an analyzer into a verifier. 2 OUTLINE OF THE LECTURE a verification technique which combines abstract interpretation and Park’s fixpoint.

1 How to transform an analyzer into a verifier. 2 OUTLINE OF THE LECTURE a verification technique which combines abstract interpretation and Park’s fixpoint.
This Week Finish relational semantics Hoare logic Interlude on one-point rule Building formulas from programs.

This Week Finish relational semantics Hoare logic Interlude on one-point rule Building formulas from programs.
A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.

A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.
August 27-29 2007Moscow meeting1August 27-29 2007Moscow meeting1August 27-29 2007Moscow meeting11 Deductive tools in insertion modeling verification A.Letichevsky.

August Moscow meeting1August Moscow meeting1August Moscow meeting11 Deductive tools in insertion modeling verification A.Letichevsky.
Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.

Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.
Copyright © 2006 Addison-Wesley. All rights reserved. 3.5 Dynamic Semantics Meanings of expressions, statements, and program units Static semantics – type.

Copyright © 2006 Addison-Wesley. All rights reserved. 3.5 Dynamic Semantics Meanings of expressions, statements, and program units Static semantics – type.
Program Proving Notes Ellen L. Walker.

Program Proving Notes Ellen L. Walker.
1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.

1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.
Automated Soundness Proofs for Dataflow Analyses and Transformations via Local Rules Sorin Lerner* Todd Millstein** Erika Rice* Craig Chambers* * University.

Automated Soundness Proofs for Dataflow Analyses and Transformations via Local Rules Sorin Lerner* Todd Millstein** Erika Rice* Craig Chambers* * University.
10.6.2008 Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der.

Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der.
1 Static Analysis Methods CSSE 376 Software Quality Assurance Rose-Hulman Institute of Technology March 20, 2007.

1 Static Analysis Methods CSSE 376 Software Quality Assurance Rose-Hulman Institute of Technology March 20, 2007.
1 Scheme Scheme is a functional language. Scheme is based on lambda calculus. lambda abstraction = function definition In Scheme, a function is defined.

1 Scheme Scheme is a functional language. Scheme is based on lambda calculus. lambda abstraction = function definition In Scheme, a function is defined.
Principles of Object-Oriented Software Development Behavioral refinement.

Principles of Object-Oriented Software Development Behavioral refinement.

Similar presentations

Ads by Google