public int Abs(int x) { if (x < 0) return -x; else return x; } public int Abs(int x) { if (x < 0) return -x;

Slides:



Advertisements
Similar presentations
Static Analysis of Heap-manipulating Low-level software Sumit GulwaniAshish Tiwari MSR, Redmond SRI International.
Advertisements

The Microsoft Technical Roadshow 2007 Language Enhancements and LINQ Daniel Moth Developer & Platform Group Microsoft Ltd
Advanced programming tools at Microsoft
Logical Abstract Interpretation Sumit Gulwani Microsoft Research, Redmond.
Copyright © 2003 Pearson Education, Inc. Slide 1.
Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
Writing specifications for object-oriented programs K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 21 Jan 2005 Invited talk, AIOOL 2005 Paris,
Technologies for finding errors in object-oriented software K. Rustan M. Leino Microsoft Research, Redmond, WA Lecture 0 Summer school on Formal Models.
Lecture 4 Towards a Verifying Compiler: Data Abstraction Wolfram Schulte Microsoft Research Formal Methods 2006 Purity, Model fields, Inconsistency _____________.
Recursive Descent Technique CMSC 331. UMBC 2 The Header /* This program matches the following A -> B { '|' B } B -> C { '&' C } C -> D { '^' D } D ->
1 Refactoring with Contracts Shmuel Tyszberowicz School of Computer Science The Academic College of Tel Aviv Yaffo Maayan Goldstein School of Computer.
Data Structures ADT List
LIST PROCESSING.
Synthesis, Analysis, and Verification Lecture 13 Dynamic Allocation.
Shape Analysis with Structural Invariant Checkers Bor-Yuh Evan Chang Xavier Rival George C. Necula May 10, 2007 OSQ Retreat.
Maths for Programming Contests
Dictionaries, Hash Tables, Collisions Resolution, Sets Svetlin Nakov Telerik Corporation
Module 4: Statements and Exceptions. Overview Introduction to Statements Using Selection Statements Using Iteration Statements Using Jump Statements Handling.
Procedural Programming in C# Chapters Objectives You will be able to: Describe the most important data types available in C#. Read numeric values.
the javascript language BY SA.
1 public class Newton { public static double sqrt(double c) { double epsilon = 1E-15; if (c < 0) return Double.NaN; double t = c; while (Math.abs(t - c/t)
Introduction to Computer Science Robert Sedgewick and Kevin Wayne Recursive Factorial Demo pubic class Factorial {
© A+ Computer Science - if-else if-else if switch case © A+ Computer Science -
1 Arrays An array is a special kind of object that is used to store a collection of data. The data stored in an array must all be of the same type, whether.
Execute Blocks of Code Multiple Times Svetlin Nakov Telerik Corporation
Abstract Interpretation Part II
1 of 31 Images from Africa. 2 of 31 My little Haitian friend Antoine (1985)
What Does This Program Do?
C OMP 110 R ECURSION Instructor: Jason Carter. 2 R ECURSION English Return (Oxford/Webster) procedure repeating itself indefinitely or until condition.
Continuing Abstract Interpretation We have seen: 1.How to compile abstract syntax trees into control-flow graphs 2.Lattices, as structures that describe.
Senem Kumova Metin Spring2009 STACKS AND QUEUES Chapter 10 in A Book on C.
static void Main() { int i = 0; if (i == 0) { int a = 5; int b = 15; if (a == 5) { int c = 3; int d = 99; }
Using SMT solvers for program analysis Shaz Qadeer Research in Software Engineering Microsoft Research.
Lecture 12 Recursion part 1
Type Checking, Inference, & Elaboration CS153: Compilers Greg Morrisett.
Execute Blocks of Code Multiple Times Telerik Software Academy C# Fundamentals – Part 1.
CHARLES UNIVERSITY IN PRAGUE faculty of mathematics and physics C# Language &.NET Platform 12 th -13 th Lecture Pavel Ježek.
PLDI’2005Page 1June 2005 Example (C code) int double(int x) { return 2 * x; } void test_me(int x, int y) { int z = double(x); if (z==y) { if (y == x+10)
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
CodeContracts & Clousot Francesco Logozzo - Microsoft Mehdi Bouaziz – ENS.
Our experience with the CodeContracts static checker Francesco Logozzo with M. Fahndrich, M. Barnett.
CS 4800 By Brandon Andrews.  Specifications  Goals  Applications  Design Steps  Testing.
Francesco Logozzo Microsoft Research, Redmond, WA.
CHARLES UNIVERSITY IN PRAGUE faculty of mathematics and physics C# Language &.NET Platform 7 th & 8 th Lecture Pavel Ježek.
A Parametric Segmentation Functor for Fully Automatic and Scalable Array Content Analysis Patrick Cousot, NYU & ENS Radhia Cousot, CNRS & ENS & MSR Francesco.
Delegates Programming in C# Delegates CSE 494R (proposed course for 459 Programming in C#) Prof. Roger Crawfis.
COP-3330: Object Oriented Programming Flow Control May 16, 2012 Eng. Hector M Lugo-Cordero, MS.
Sound Haskell Dana N. Xu University of Cambridge Joint work with Simon Peyton Jones Microsoft Research Cambridge Koen Claessen Chalmers University of Technology.
Computing with C# and the.NET Framework Chapter 2 C# Programming Basics ©2003, 2011 Art Gittleman.
Sorting & Searching Review. Selection Sort 1. Find the smallest element 2. Move to the front of the array (swap with front) 3. Repeat Steps 1&2, but ignoring.
1 Static Contract Checking for Haskell Dana N. Xu University of Cambridge Joint work with Simon Peyton Jones Microsoft Research Cambridge Koen Claessen.
The Java Assertion. 2 Assertion A Java statement in JDK 1.4 & newer Intent: enables code to test assumptions. E.g., a method that calculates the a particle’s.
1 Advanced Programming Examples Output. Show the exact output produced by the following code segment. char[,] pic = new char[6,6]; for (int i = 0; i
Arrays Using array as an expression, on the right-hand side Assigning to an array.
Int fact (int n) { If (n == 0) return 1; else return n * fact (n – 1); } 5 void main () { Int Sum; : Sum = fact (5); : } Factorial Program Using Recursion.
Chapter Nine Strings. Char vs String Literals Size of data types: Size of data types: –sizeof(“hello\n”)7 bytes –sizeof(“hello”)6 bytes –sizeof(“X”)2.
Arvind Computer Science and Artificial Intelligence Laboratory M.I.T. L05-1 September 21, 2006http:// Types and Simple Type.
Minimising memory churn
Computing with C# and the .NET Framework
Herding Nulls and other C# stories from the future
New Features in C# 7.0 Mads Torgersen C# Program Manager
.NET and .NET Core 5.2 Type Operations Pan Wuming 2016.
null, true, and false are also reserved.
Cs212: Data Structures Computer Science Department Lab 7: Stacks.
JavaScript Reserved Words
Module 2 Variables, Assignment, and Data Types
C++ Pointers and Strings
C++ Pointers and Strings
CS 1430: Programming in C++.
Sorting Algorithms.
Presentation transcript:

public int Abs(int x) { if (x < 0) return -x; else return x; } public int Abs(int x) { if (x < 0) return -x; else return x; } Little reminder: -(-2 31 )== Little reminder: -(-2 31 )== -2 31

public int Abs(int x) { Contract.Requires(x != Int32.MinValue); Contract.Ensures(Contract.Result () >= 0); if (x < 0) return -x; else return x; } public int Abs(int x) { Contract.Requires(x != Int32.MinValue); Contract.Ensures(Contract.Result () >= 0); if (x < 0) return -x; else return x; }

Expression Reconstruction Heap Analysis Destack

public class Alias { int x; public void Foo(bool b) { Contract.Ensures(tmp.x >= -20); Alias tmp = new Alias(); tmp.x = -11; Alias alias = tmp; if(b) { alias.x = 10; } public class Alias { int x; public void Foo(bool b) { Contract.Ensures(tmp.x >= -20); Alias tmp = new Alias(); tmp.x = -11; Alias alias = tmp; if(b) { alias.x = 10; } public class Alias { public void Foo(bool b) { int svX = -11; assume (b) { svX = 10; } assert (svX >= -20); } public class Alias { public void Foo(bool b) { int svX = -11; assume (b) { svX = 10; } assert (svX >= -20); }

public class Alias { public void Foo(int f, int max) { int x = 0; while (x < max) { x++; } Contract.Assert(x >= -20); } public class Alias { public void Foo(int f, int max) { int x = 0; while (x < max) { x++; } Contract.Assert(x >= -20); } Infer x ∈ [0, +oo] Check: Ok! No overflow!

public enum ItalianBikeBrand { DeRosa=0, Colnago=2, Pinarello=4, Daccordi=6 } public string CityFor(ItalianBikeBrand bike) { switch(bike) { case ItalianBikeBrand.DeRosa: return "Milan"; case ItalianBikeBrand.Daccordi: return "Pisa"; case ItalianBikeBrand.Pinarello: return "Treviso"; case ItalianBikeBrand.Colnago: return "Milan"; default: Contract.Assert(false); // Should prove unreachable return null; } public enum ItalianBikeBrand { DeRosa=0, Colnago=2, Pinarello=4, Daccordi=6 } public string CityFor(ItalianBikeBrand bike) { switch(bike) { case ItalianBikeBrand.DeRosa: return "Milan"; case ItalianBikeBrand.Daccordi: return "Pisa"; case ItalianBikeBrand.Pinarello: return "Treviso"; case ItalianBikeBrand.Colnago: return "Milan"; default: Contract.Assert(false); // Should prove unreachable return null; } DisIntervals infer [1,1] [3,3] [5,5] [7, + [-∞,-1] [1,1] [3,3] [5,5] [7, +∞] DisIntervals infer [1,1] [3,3] [5,5] [7, + [-∞,-1] [1,1] [3,3] [5,5] [7, +∞] Check: Check: ⊥ Admissible values [0,0] [2,2] [4,4] [6,6] Admissible values [0,0] [2,2] [4,4] [6,6]

public static void F() { int x = 5, y = 100; while (x >= 0) { x = x - 1; y = y + 10; } Contract.Assert(y == 160); } public static void F() { int x = 5, y = 100; while (x >= 0) { x = x - 1; y = y + 10; } Contract.Assert(y == 160); } Linear equalities 10 * x + y == 150 Linear equalities 10 * x + y == 150 Check: ok! Intervals infer x ∈ [-1, -1] y ∈ [100, +∞] Intervals infer x ∈ [-1, -1] y ∈ [100, +∞]

public void Count(int[] values) { int neg = 0, pos = 0, j= 0; foreach (var x in values) { if (x < 0) { neg++; j++; } else if (x > 0) { pos++; j++; } } Contract.Assert(neg + pos == j); Contract.Assert(neg + pos <= values.Length); } public void Count(int[] values) { int neg = 0, pos = 0, j= 0; foreach (var x in values) { if (x < 0) { neg++; j++; } else if (x > 0) { pos++; j++; } } Contract.Assert(neg + pos == j); Contract.Assert(neg + pos <= values.Length); } Proven by Linear equalities Proven by SubPolyhedra

assume x == yx = 0; y = 1 assert x<= y 〈 x - y == 0, T 〉 〈 T, x ∈ [0,0] ⋀ y ∈ [1,1] 〉 〈 T, T 〉 〈 x - y == β, β ∈ [- 1, 0] 〉

Precision/ Cost Hints for Join/Widening Reduction algorithm, Basis exploration Simplex with floats Exact Simplex …. No Hint Die-Hard Semantic hints 2D Convex hull ….

Abstract Domain AD1 Abstract Domain AD2 Abstract Domain AD3

public void Init(int N) { Contract.Requires(N > 0); int[] a = new int[N]; int i = 0; while (i < N) { a[i] = 222; i = i + 1; } Contract.Assert( ∀ k ∈ [0, N). a[k] == 222); } public void Init(int N) { Contract.Requires(N > 0); int[] a = new int[N]; int i = 0; while (i < N) { a[i] = 222; i = i + 1; } Contract.Assert( ∀ k ∈ [0, N). a[k] == 222); } If i == 0 then a not initialized a not initialized else if i > 0 a[0] == … a[i] == 222 a[0] == … a[i] == 222else impossible impossible If i == 0 then a not initialized a not initialized else if i > 0 a[0] == … a[i] == 222 a[0] == … a[i] == 222else impossible impossible Challenge 1: Effective handling of disjunction Challenge 1: Effective handling of disjunction Challenge 2: Infer all the elements initialized Challenge 2: Infer all the elements initialized

[222, 222] 00 i, k [0, 0] NN Segment bounds Uniform content abstraction ?? 0 i, 0 k 0 ≤ i, 0 ≤ k i == i == k i < N, k N i < N, k < N DisjunctionDisjunction

public static int[] Factory(int len) { return new int[len]; } public static int[] Factory(int len) { return new int[len]; }

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.