Dynamic Symbolic Data Structure Repair

Slides:



Advertisements
Similar presentations
Korat Automated Testing Based on Java Predicates Chandrasekhar Boyapati, Sarfraz Khurshid, Darko Marinov MIT ISSTA 2002 Rome, Italy.
Advertisements

Ceng-112 Data Structures I Chapter 5 Queues.
The Singleton Pattern II Recursive Linked Structures.
1/20 Generalized Symbolic Execution for Model Checking and Testing Charngki PSWLAB Generalized Symbolic Execution for Model Checking and Testing.
Algorithm Strategies Nelson Padua-Perez Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.
Binary Trees Terminology A graph G = is a collection of nodes and edges. An edge (v 1,v 2 ) is a pair of vertices that are directly connected. A path,
Recursion Chapter 7. Chapter 7: Recursion2 Chapter Objectives To understand how to think recursively To learn how to trace a recursive method To learn.
Recursion Chapter 7. Chapter 7: Recursion2 Chapter Objectives To understand how to think recursively To learn how to trace a recursive method To learn.
Efficient Modular Glass Box Software Model Checking Michael Roberson Chandrasekhar Boyapati The University of Michigan.
1/23/2003University of Virginia1 Korat: Automated Testing Based on Java Predicates CS751 Presentation by Radu Stoleru C.Boyapaty, S.Khurshid, D.Marinov.
Korat: Automated Testing Based on Java Predicates Chandrasekhar Boyapati 1, Sarfraz Khurshid 2, and Darko Marinov 3 1 University of Michigan Ann Arbor.
Chandrasekhar Boyapati (Google) Sarfraz Khurshid (University of Texas)
CS 261 – Fall 2009 Binary Search Trees Again, but in detail.
Trees, Binary Search Trees, Recursion, Project 2 Bryce Boe 2013/08/01 CS24, Summer 2013 C.
Korat: Automated Testing Based on Java Predicates
1 Trees Tree nomenclature Implementation strategies Traversals –Depth-first –Breadth-first Implementing binary search trees.
Recursion Chapter 7. Chapter Objectives  To understand how to think recursively  To learn how to trace a recursive method  To learn how to write recursive.
S EARCHING AND T REES COMP1927 Computing 15s1 Sedgewick Chapters 5, 12.
272: Software Engineering Fall 2012 Instructor: Tevfik Bultan Lecture 6: Exhaustive Bounded Testing and Feedback-Directed Random Testing.
1 Chapter 17 Object-Oriented Data Structures. 2 Objectives F To describe what a data structure is (§17.1). F To explain the limitations of arrays (§17.1).
 Trees Data Structures Trees Data Structures  Trees Trees  Binary Search Trees Binary Search Trees  Binary Tree Implementation Binary Tree Implementation.
(c) University of Washington16-1 CSC 143 Java Linked Lists Reading: Ch. 20.
Rudiments of Trees a Joshua presentation DATA STRUCTURES.
A Test Case + Mock Class Generator for Coding Against Interfaces Mainul Islam, Christoph Csallner Software Engineering Research Center (SERC) Computer.
Trees. 2 Root leaf CHAPTER 5 3 Definition of Tree n A tree is a finite set of one or more nodes such that: n There is a specially designated node called.
Chapter 5 Linked List by Before you learn Linked List 3 rd level of Data Structures Intermediate Level of Understanding for C++ Please.
Copyright © 2012 Pearson Education, Inc. Chapter 20: Binary Trees.
2014-T2 Lecture 27 School of Engineering and Computer Science, Victoria University of Wellington  Lindsay Groves, Marcus Frean, Peter Andreae, and Thomas.
CUTE: A Concolic Unit Testing Engine for C Koushik SenDarko MarinovGul Agha University of Illinois Urbana-Champaign.
Copyright © 2015, 2012, 2009 Pearson Education, Inc., Publishing as Addison-Wesley All rights reserved. Chapter 20: Binary Trees.
(c) University of Washington20c-1 CSC 143 Binary Search Trees.
Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 20: Binary Trees.
(c) University of Washington20-1 CSC 143 Java Trees.
TREES From root to leaf. Trees  A tree is a non-linear collection  The elements are in a hierarchical arrangement  The elements are not accessible.
Recursion Topic 5.
Data Structures and Design in Java © Rick Mercer
Anatomy of a linked list
B/B+ Trees 4.7.
Recursive Objects (Part 4)
Backtracking And Branch And Bound
Queues Queues Queues.
Binary Search one reason that we care about sorting is that it is much faster to search a sorted list compared to sorting an unsorted list the classic.
Trees.
Data Structures & Algorithm Design
A Test Case + Mock Class Generator for Coding Against Interfaces
COMP 103 Binary Search Trees.
Chapter 17 Object-Oriented Data Structures
Binary Tree and General Tree
Chapter 20: Binary Trees.
Map interface Empty() - return true if the map is empty; else return false Size() - return the number of elements in the map Find(key) - if there is an.
Types of Algorithms.
Chapter 21: Binary Trees.
Stacks.
New Ideas Track: Testing MapReduce-Style Programs Christoph Csallner, Leonidas Fegaras, Chengkai Li Computer.
Tree A tree is a data structure in which each node is comprised of some data as well as node pointers to child nodes
CS212D: Data Structures Week 5-6 Linked List.
Tree Searching.
CMSC 202 Trees.
Collections Framework
CSE 143 Lecture 25 Set ADT implementation; hashing read 11.2
50.530: Software Engineering
Building Java Programs
CSC 143 Binary Search Trees.
Recursive Objects Singly Linked Lists.
Diagnostic Evaluation
CUTE: A Concolic Unit Testing Engine for C
Trees.
Trees-2, Graphs Data Structures with C Chpater-6 Course code: 10CS35
Hashing based on slides by Marty Stepp
Trees.
Presentation transcript:

Dynamic Symbolic Data Structure Repair = DSDSR Ishtiaque Hussain, Christoph Csallner Software Engineering Research Center (SERC) Computer Science and Engineering Department University of Texas at Arlington, USA May 7, 2010.

What is bytecode instrumentation?? Dynamic Symbolic Data Structure Repair

Location: Waterfront, Cape Town, South Africa Me Christoph Location: Waterfront, Cape Town, South Africa Occasion: ICSE 2010

Why Data Structure Repair is important? All software use some sort of data structure underneath Data structure corruption might result into software crash In real time systems user intervention might not be an option for corruption repair Dynamic Symbolic Data Structure Repair

Dynamic Symbolic Data Structure Repair Goal: Automatically repair corrupted data structures to prevent software crash Perform such repair actions effectively and in a time efficient manner. Cannot wait forever! Dynamic Symbolic Data Structure Repair

Dynamic Symbolic Data Structure Repair Example: Singly-linked list public class LinkedList { Node header; // .. public boolean repOk() { Node n = header; if (n == null) return true; int length = n.value; int count = 1; while (n.next != null) { count += 1; n = n.next; if (count > length) return false; } if (count != length) public class Node { int value; Node next; // .. } next Node value 4 First node has a value that is equal to the number of nodes in the list. Dynamic Symbolic Data Structure Repair

Dynamic Symbolic Data Structure Repair 4 n1 == null T F n1 n2 n3 n1.next != null F T 2 > n1.value F T public class LinkedList { Node header; // .. public boolean repOk() { Node n = header; if (n == null) return true; int length = n.value; int count = 1; while (n.next != null) { count += 1; n = n.next; if (count > length) return false; } if (count != length) n2.next != null F T 3 > n1.value F T n3.next != null F T Explain, slow use “instrumentation”, mention data structure should be same, maintain all the constraints, change the last one Careful about saying: we want it to return true, not false 3 != n1.value F T return true return false Dynamic Symbolic Data Structure Repair

Dynamic Symbolic Data Structure Repair Our approach to the problem: public class LinkedList { Node header; // .. public boolean repOk() { Node n = header; if (n == null) return true; int length = n.value; int count = 1; while (n.next != null) { count += 1; n = n.next; if (count > length) return false; } if (count != length) public class Node { int value; Node next; // .. } n1 n2 n3 4 First node has a value that is equal to the number of nodes in the list. Dynamic Symbolic Data Structure Repair

Dynamic Symbolic Data Structure Repair Our approach to the problem: 4 3 public class LinkedList { Node header; // .. public boolean repOk() { Node n = header; if (n == null) return true; int length = n.value; int count = 1; while (n.next != null) { count += 1; n = n.next; if (count > length) return false; } if (count != length) public class Node { int value; Node next; // .. } n1 n2 n3 First node has a value that is equal to the number of nodes in the list. Constraints: n1 != null n1.next != null 2 <= n1.value n2.next != null 3 <= n1.value n3.next == null 3!= n1.value Talk about dynamic type checking. Take time to point the change in 1.value 3 == n1.value 3 = n1.value Solve Dynamic Symbolic Data Structure Repair

Algorithm: Normal program execution Yes repOk returns true? No Error: Failed to repair Yes Too many tries? No Repair Attempt I-repOk builds path condition Modify and solve path condition By the way, in this slide I-repOk means Instrumented repOk Lines: thicker. Dotted lines change with different colored line No Found solution? Yes Repair data structure Dynamic Symbolic Data Structure Repair

Dynamic Symbolic Data Structure Repair Existing state-of-the-art tool: Juzi Developed by Bassem Elkarablieh and Sarfaraz Khurshid of University of Texas at Austin [ICSE’08, ASE’07] Web link: http://users.ece.utexas.edu/~elkarabl/Juzi/index.html To evaluate our tool we took the leading tool in data structure repair, Juzi Add referenceICSE ‘08 ASE ‘07 Dynamic Symbolic Data Structure Repair

Juzi’s approach in solving our example problem: public class LinkedList { Node header; // .. public boolean repOk() { Node n = header; if (n == null) return true; int length = n.value; int count = 1; while (n.next != null) { count += 1; n = n.next; if (count > length) return false; } if (count != length) public class Node { int value; Node next; // .. } Last accessed instance 2 3 Last accessed field 1 4 4 First node has a value that is equal to the number of nodes in the list. Dynamic Symbolic Data Structure Repair

Juzi’s approach in solving our example problem: public class LinkedList { Node header; // .. public boolean repOk() { Node n = header; if (n == null) return true; int length = n.value; int count = 1; while (n.next != null) { count += 1; n = n.next; if (count > length) return false; } if (count != length) public class Node { int value; Node next; // .. } 3 4 Go slow, explain why back track, Exhaustive == blindly; trial and error First node has a value that is equal to the number of nodes in the list. Dynamic Symbolic Data Structure Repair

DSDSR vs. Juzi: Conceptual differences Corruption assumption Backtrack in list of field accesses Backtrack in list of branch conditions* Primitive field Constraint solving Reference field Exhaustive search For *: We have an improvement that we are working on. Dynamic Symbolic Data Structure Repair

DSDSR vs. Juzi for Singly-Linked List Y axis is logarithmic, Dynamic Symbolic Data Structure Repair

Dynamic Symbolic Data Structure Repair More Results: Binary Tree, return immediate Dynamic Symbolic Data Structure Repair

Dynamic Symbolic Data Structure Repair More Results: Binary Tree, return late Dynamic Symbolic Data Structure Repair

Dynamic Symbolic Data Structure Repair More Results: Binary Tree, return mixed Dynamic Symbolic Data Structure Repair

Dynamic Symbolic Data Structure Repair Thank you! We specially thank Bassem Elkarablieh and Sarfaraz Khurshid for helping us with Juzi. Dynamic Symbolic Data Structure Repair

Dynamic Symbolic Data Structure Repair Binary Tree: return immediate public boolean repOk() { if (root == null) // An empty tree == zero in size return ( size == 0); Set<Node> visited = new HashSet<Node>; visited.add(root); LinkedList<Node> workList = new LinkedList<Node>; workList.add(root); while (!workList.isEmpty()) { Node current = workList.removeFirst(); if (current.left != null) { // no cycles along left if (!visited.add(current.left)) { return false; } else workList.add(current.left); } if (current.right != null) { // no cycles along right if (!visited.add(current.right)) { workList.add(current.right); if (visited.size() != size) // size == #visited nodes return result; size = 5 n1 n2 n3 n4 n5 Should be a tree #nodes reachable from root is stored in the size field. Dynamic Symbolic Data Structure Repair

Dynamic Symbolic Data Structure Repair Binary Tree: return late public boolean repOk() { boolean result = true; // An empty tree == zero in size if (root == null){ if (size != 0) result = false; return result; } // … while (!workList.isEmpty()) { Node current = workList.removeFirst(); if (current.left != null) { // no cycles along left if (!visited.add(current.left)) { result = false; } else workList.add(current.left); if (current.right != null) { // no cycles along right if (!visited.add(current.right)) { workList.add(current.right); if (visited.size() != size) // size == #visited nodes size = 5 n1 n2 n3 n4 n5 Should be a tree #nodes reachable from root is stored in the size field Dynamic Symbolic Data Structure Repair

Dynamic Symbolic Data Structure Repair Binary Tree: return mixed public boolean repOk() { boolean result = true; // An empty tree == zero in size if (root == null){ if (size != 0) result = false; return result; } // … while (!workList.isEmpty()) { Node current = workList.removeFirst(); if (current.left != null) { // no cycles along left if (!visited.add(current.left)) { result = false; } else workList.add(current.left); if (current.right != null) { // no cycles along right if (!visited.add(current.right)) { return false; workList.add(current.right); if (visited.size() != size) // size == #visited nodes size = 5 n1 n2 n3 n4 n5 Should be a tree #nodes reachable from root is stored in the size field Dynamic Symbolic Data Structure Repair

Map Updater for Ref. fields Implementation: Corrupt field and instance Map Updater for Ref. fields Updated map for fields First run of repOk Second run of repOk I-repOk I-repOk Data Struct. Data Struct. Path condition to solve Solution Constraint Solver (Z3) Repair Dynamic Symbolic Data Structure Repair

Dynamic Symbolic Data Structure Repair Binary Tree: return late - DSDSR public boolean repOk() { boolean result = true; // An empty tree == zero in size if (root == null){ if (size != 0) result = false; return result; } // … while (!workList.isEmpty()) { Node current = workList.removeFirst(); if (current.left != null) { // no cycles along left if (!visited.add(current.left)) { result = false; } else workList.add(current.left); if (current.right != null) { // no cycles along right if (!visited.add(current.right)) { workList.add(current.right); if (visited.size() != size) // size == #visited nodes size = 5 Constraints: n1 n6 n1 != null n1.left != null n1.left == n1 n1.right != null n1.right != n1 n2.left != null n2.left != n1 n2.left != n2 … 5 == size n2 n1.left != n1 n3 n4 n5 n1.left = new_Node Solve Dynamic Symbolic Data Structure Repair

Binary Tree: return late: second repair public boolean repOk() { boolean result = true; // An empty tree == zero in size if (root == null){ if (size != 0) result = false; return result; } // … while (!workList.isEmpty()) { Node current = workList.removeFirst(); if (current.left != null) { // no cycles along left if (!visited.add(current.left)) { result = false; } else workList.add(current.left); if (current.right != null) { // no cycles along right if (!visited.add(current.right)) { workList.add(current.right); if (visited.size() != size) // size == #visited nodes size = 6 size = 5 Constraints: n1 n6 n1 != null n1.left != null n1.left != n1 n1.right != null n1.right != n1 n1.right != n6 … 6 != size 6 == size n2 n3 n4 n5 size = 6 Solve Dynamic Symbolic Data Structure Repair Dynamic Symbolic Data Structure Repair 25

Binary Tree: return late - Juzi public boolean repOk() { boolean result = true; // An empty tree == zero in size if (root == null){ if (size != 0) result = false; return result; } // … while (!workList.isEmpty()) { Node current = workList.removeFirst(); if (current.left != null) { // no cycles along left if (!visited.add(current.left)) { result = false; } else workList.add(current.left); if (current.right != null) { // no cycles along right if (!visited.add(current.right)) { workList.add(current.right); if (visited.size() != size) // size == #visited nodes size = X size = 5 Last accessed field n1 n2 n3 n4 Second to Last accessed field n5 Should be a tree #nodes reachable from root is stored in the size field Dynamic Symbolic Data Structure Repair

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.