Ernst, ICSE 99, page 1 Dynamically Detecting Likely Program Invariants Michael Ernst, Jake Cockrell, Bill Griswold (UCSD), and David Notkin University.

Slides:



Advertisements
Similar presentations
Verification and Validation
Advertisements

50.530: Software Engineering Sun Jun SUTD. Week 10: Invariant Generation.
Chapter 10 Introduction to Arrays
ISBN Chapter 3 Describing Syntax and Semantics.
Michael Ernst, page 1 Learning and repair tools background Michael Ernst MIT Lab for Computer Science Joint work with Jake.
Using Programmer-Written Compiler Extensions to Catch Security Holes Authors: Ken Ashcraft and Dawson Engler Presented by : Hong Chen CS590F 2/7/2007.
An Integration of Program Analysis and Automated Theorem Proving Bill J. Ellis & Andrew Ireland School of Mathematical & Computer Sciences Heriot-Watt.
Dynamic Invariant Discovery Modified from Tevfik Bultan’s original presentation.
Dynamically Discovering Likely Program Invariants to Support Program Evolution Michael D. Ernst, Jake Cockrell, William G. Griswold, David Notkin Presented.
272: Software Engineering Fall 2008 Instructor: Tevfik Bultan Lecture 16: Dynamic Invariant Discovery.
©Ian Sommerville 2000Software Engineering, 6th edition. Chapter 19Slide 1 Verification and Validation l Assuring that a software system meets a user's.
Dynamically Discovering Likely Program Invariants to Support Program Evolution Michael Ernst, Jake Cockrell, William Griswold, David Notkin Presented by.
OOP #10: Correctness Fritz Henglein. Wrap-up: Types A type is a collection of objects with common behavior (operations and properties). (Abstract) types.
Automatically Extracting and Verifying Design Patterns in Java Code James Norris Ruchika Agrawal Computer Science Department Stanford University {jcn,
Dynamically Discovering Likely Program Invariants to Support Program Evolution Michael D. Ernst, Jake Cockrell, William G. Griswold, David Notkin Presented.
Michael Ernst, page 1 Improving Test Suites via Operational Abstraction Michael Ernst MIT Lab for Computer Science Joint.
Describing Syntax and Semantics
2001 ©R.P.Martin Using Distributed Data Structures for Constructing Cluster-Based Servers Richard Martin, Kiran Nagaraja and Thu Nguyen Rutgers University.
Software Testing Verification and validation planning Software inspections Software Inspection vs. Testing Automated static analysis Cleanroom software.
Verification and Validation Yonsei University 2 nd Semester, 2014 Sanghyun Park.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 22 Slide 1 Verification and Validation.
DySy: Dynamic Symbolic Execution for Invariant Inference.
CS 501: Software Engineering Fall 1999 Lecture 16 Verification and Validation.
Dr. Tom WayCSC Code Reviews & Inspections CSC 4700 Software Engineering.
Verification and Validation Chapter 22 of Ian Sommerville’s Software Engineering.
1 Debugging and Testing Overview Defensive Programming The goal is to prevent failures Debugging The goal is to find cause of failures and fix it Testing.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 22 Slide 1 Verification and Validation Slightly adapted by Anders Børjesson.
Dynamically Discovering Likely Program Invariants to Support Program Evolution Presented By: Wes Toland, Geoff Gerfin Michael D. Ernst, Jake Cockrell,
Arrays An array is a data structure that consists of an ordered collection of similar items (where “similar items” means items of the same type.) An array.
Inferring Specifications to Detect Errors in Code Mana Taghdiri Presented by: Robert Seater MIT Computer Science & AI Lab.
The Daikon system for dynamic detection of likely invariants MIT Computer Science and Artificial Intelligence Lab. 16 January 2007 Presented by Chervet.
1 Hash table. 2 Objective To learn: Hash function Linear probing Quadratic probing Chained hash table.
02/12/2014 Presenter: Yuanhang Wang Instructor: Christoph Csallner 1 Dynamically Discovering Likely Program Invariants to Support Program Evolution Michael.
Generics and Collections. Introduction Generics New feature of J2SE 5.0 Provide compile-time type safety Catch invalid types at compile time Generic methods.
Summarizing the Content of Large Traces to Facilitate the Understanding of the Behaviour of a Software System Abdelwahab Hamou-Lhadj Timothy Lethbridge.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 22 Slide 1 Software Verification, Validation and Testing.
Dynamically Discovering Likely Program Invariants All material in this presentation is derived from documentation online at the Daikon website,
CS Data Structures I Chapter 2 Principles of Programming & Software Engineering.
Bill J. Ellis Dependable Systems Group Heriot-Watt University (Project page: Proving Exception.
Today’s Agenda  Reminder: HW #1 Due next class  Quick Review  Input Space Partitioning Software Testing and Maintenance 1.
1 Test Selection for Result Inspection via Mining Predicate Rules Wujie Zheng
CHAPTER 9: VERIFICATION AND VALIDATION 1. Objectives  To introduce software verification and validation and to discuss the distinction between them 
Static Program Analysis of Embedded Software Ramakrishnan Venkitaraman Graduate Student, Computer Science Advisor: Dr. Gopal Gupta
1 CSCD 326 Data Structures I Software Design. 2 The Software Life Cycle 1. Specification 2. Design 3. Risk Analysis 4. Verification 5. Coding 6. Testing.
Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University IWPSE 2003 Program.
Design - programming Cmpe 450 Fall Dynamic Analysis Software quality Design carefully from the start Simple and clean Fewer errors Finding errors.
Using Loop Invariants to Detect Transient Faults in the Data Caches Seung Woo Son, Sri Hari Krishna Narayanan and Mahmut T. Kandemir Microsystems Design.
Computer Science 209 Software Development Handing Errors and Creating Documentation.
Static Techniques for V&V. Hierarchy of V&V techniques Static Analysis V&V Dynamic Techniques Model Checking Simulation Symbolic Execution Testing Informal.
Programming & Debugging. Key Programming Issues Modularity Modifiability Ease of Use Fail-safe programming Style Debugging.
Dynamic Testing.
/ PSWLAB Evidence-Based Analysis and Inferring Preconditions for Bug Detection By D. Brand, M. Buss, V. C. Sreedhar published in ICSM 2007.
Lecture 11 Introduction to R and Accessing USGS Data from Web Services Jeffery S. Horsburgh Hydroinformatics Fall 2013 This work was funded by National.
Jeremy Nimmer, page 1 Automatic Generation of Program Specifications Jeremy Nimmer MIT Lab for Computer Science Joint work with.
A Review of Software Testing - P. David Coward
Chapter 3 of Programming Languages by Ravi Sethi
Types for Programs and Proofs
Algorithmic complexity: Speed of algorithms
Quickly Detecting Relevant Program Invariants
System Design.
Reasoning about code CSE 331 University of Washington.
Predicting problems caused by component upgrades
Automated Support for Program Refactoring Using Invariants
Algorithmic complexity: Speed of algorithms
Test Case Test case Describes an input Description and an expected output Description. Test case ID Section 1: Before execution Section 2: After execution.
Algorithmic complexity: Speed of algorithms
CSE 1020:Software Development
50.530: Software Engineering
Software Testing and QA Theory and Practice (Chapter 5: Data Flow Testing) © Naik & Tripathy 1 Software Testing and Quality Assurance Theory and Practice.
Presentation transcript:

Ernst, ICSE 99, page 1 Dynamically Detecting Likely Program Invariants Michael Ernst, Jake Cockrell, Bill Griswold (UCSD), and David Notkin University of Washington Department of Computer Science and Engineering

Ernst, ICSE 99, page 2 Overview Goal: recover invariants from programs Technique: run the program, examine values Artifact: Daikon Results: Outline: recovered formal specifications aided in a software modification task motivation techniques future work

Ernst, ICSE 99, page 3 Goal: recover invariants Detect invariants like those in assert statements x > abs(y) x = 16*y + 4*z + 3 array a contains no duplicates for each node n, n = n.child.parent graph g is acyclic

Ernst, ICSE 99, page 4 Uses for invariants Write better programs [Liskov 86] Documentation Convert to assert Maintain invariants to avoid introducing bugs Validate test suite: value coverage Locate exceptional conditions Higher-level profile-directed compilation [Calder 98] Bootstrap proofs [Wegbreit 74, Bensalem 96]

Ernst, ICSE 99, page 5 Experiment 1: recover formal specifications Example: Program from The Science of Programming [Gries 81] // Sum array b of length n into variable s. i := 0; s := 0; while i  n do { s := s+b[i]; i := i+1 } Precondition: n  0 Postcondition: s = (  j: 0  j < n : b[j]) Loop invariant: 0  i  n and s = (  j: 0  j < i : b[j])

Ernst, ICSE 99, page 6 Test suite for program randomly-generated arrays Length uniformly distributed from 7 to 13 Elements uniformly distributed from -100 to 100

Ernst, ICSE 99, page 7 Inferred invariants :::BEGIN (100 samples) N = size(B) (7 values) N in [7..13] (7 values) B (100 values) All elements in [ ] (200 values) :::END (100 samples) N = I = N_orig = size(B) (7 values) B = B_orig (100 values) S = sum(B) (96 values) N in [7..13] (7 values) B (100 values) All elements in [ ] (200 values)

Ernst, ICSE 99, page 8 Inferred loop invariants :::LOOP (1107 samples) N = size(B) (7 values) S = sum(B[0..I-1]) (96 values) N in [7..13] (7 values) I in [0..13] (14 values) I <= N (77 values) B (100 values) All elements in [ ] (200 values) B[0..I-1] (985 values) All elements in [ ] (200 values)

Ernst, ICSE 99, page 9 Ways to obtain invariants Programmer-supplied Static analysis: examine the program text [Cousot 77, Gannod 96] properties are guaranteed to be true pointers are intractable in practice Dynamic analysis: run the program

Ernst, ICSE 99, page 10 Dynamic invariant detection Look for patterns in values the program computes: Instrument the program to write data trace files Run the program on a test suite Offline invariant engine reads data trace files, checks for a collection of potential invariants

Ernst, ICSE 99, page 11 Running the program Requires a test suite standard test suites are adequate relatively insensitive to test suite No guarantee of completeness or soundness useful nonetheless

Ernst, ICSE 99, page 12 Sample invariants x,y,z are variables; a,b,c are constants Numbers: unary: x = a, a  x  b, x  a (mod b) n-ary: x  y, x = ay + bz + c, x = max(y, z) Sequences: unary: sorted, invariants over all elements with scalar: membership with sequence: subsequence, ordering

Ernst, ICSE 99, page 13 Checking invariants For each potential invariant: quickly determine constants (e.g., a and b in y = ax + b) stop checking once it is falsified This is inexpensive

Ernst, ICSE 99, page 14 Performance Runtime growth: quadratic in number of variables at a program point (linear in number of invariants checked/discovered) linear in number of samples or values (test suite size) linear in number of program points Absolute runtime: a few minutes per procedure 10,000 calls, 70 variables, instrument entry and exit

Ernst, ICSE 99, page 15 Statistical checks Check hypothesized distribution To show x  0 for v values of x in range of size r, probability of no zeroes is Range limits (e.g., x  22): more samples than neighbors (clipped to that value) same number of samples as neighbors (uniform distribution)

Ernst, ICSE 99, page 16 Derived variables Variables not appearing in source text array: length, sum, min, max array and scalar: element at index, subarray number of calls to a procedure Enable inference of more complex relationships Staged derivation and invariant inference avoid deriving meaningless values avoid computing tautological invariants

Ernst, ICSE 99, page 17 Experiment 2: C code lacking explicit invariants 563-line C program: regexp search & replace [Hutchins 94, Rothermel 98] Task: modify to add Kleene + Use both detected invariants and traditional tools

Ernst, ICSE 99, page 18 Experiment 2 invariant uses Contradicted some maintainer expectations anticipated lj < j in makepat Revealed a bug when lastj = *j in stclose, array bounds error Explicated data structures regexp compiled form (a string)

Ernst, ICSE 99, page 19 Experiment 2 invariant uses Showed procedures used in limited ways makepat : start = 0 and delim = ’\0’ Demonstrated test suite inadequacy calls( in_set_2 ) = calls( stclose ) Changes in invariants validated program changes stclose : *j = *j orig +1 plclose : *j  *j orig +2

Ernst, ICSE 99, page 20 Experiment 2 conclusions Invariants: effectively summarize value data support programmer’s own inferences lead programmers to think in terms of invariants provide serendipitous information Useful tools: trace database (supports queries) invariant differencer

Ernst, ICSE 99, page 21 Future work Logics: Disjunctions: p = NULL or *p > i Predicated invariants: if condition then invariant Temporal invariants Global invariants (multiple program points) Existential quantifiers Domains: recursive (pointer-based) data structures Local invariants Global invariants: structure [Hendren 92], value

Ernst, ICSE 99, page 22 More future work User interface control over instrumentation display and manipulation of invariants Experimental evaluation apply to a variety of tasks apply to more and bigger programs users wanted! (Daikon works on C, C++, Java, Lisp)

Ernst, ICSE 99, page 23 Related work Dynamic inference inductive logic programming [Bratko 93] program spectra [Reps 97] finite state machines [Boigelot 97, Cook 98] Static inference [Jeffords 98] checking specifications [Detlefs 96, Evans 96, Jacobs 98] specification extension [Givan 96, Hendren 92] etc. [Henry 90, Ward 96]

Ernst, ICSE 99, page 24 Conclusions Dynamic invariant detection is feasible Prototype implementation Dynamic invariant detection is effective Two experiments provide preliminary support Dynamic invariant detection is a challenging but promising area for future research

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.