Jinlin Yang and David Evans [jinlin, Department of Computer Science University of Virginia PASTE 2004 June 7 th 2004

Slides:

Advertisements

Similar presentations

Refining High Performance FORTRAN Code from Programming Model Dependencies Ferosh Jacob University of Alabama Department of Computer Science

Advertisements

Seyedehmehrnaz Mireslami, Mohammad Moshirpour, Behrouz H. Far Department of Electrical and Computer Engineering University of Calgary, Canada {smiresla,

Mining Specifications Glenn Ammons, Dept. Computer Science University of Wisconsin Rastislav Bodik, Computer Science Division University of California,

Lecture # 2 : Process Models

1 of 24 Automatic Extraction of Object-Oriented Observer Abstractions from Unit-Test Executions Dept. of Computer Science & Engineering University of Washington,

David Evans CS655: Programming Languages University of Virginia Computer Science Lecture 19: Minding Ps & Qs: Axiomatic.

1 Perracotta: Mining Temporal API Rules from Imperfect Traces Jinlin Yang David Evans Deepali Bhardwaj Thirumalesh Bhat Manuvir Das.

Linear Obfuscation to Combat Symbolic Execution Zhi Wang 1, Jiang Ming 2, Chunfu Jia 1 and Debin Gao 3 1 Nankai University 2 Pennsylvania State University.

Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.

Component 4: Introduction to Information and Computer Science Unit 9: Components and Development of Large Scale Systems Lecture 5 This material was developed.

Architecture-driven Modeling and Analysis By David Garlan and Bradley Schmerl Presented by Charita Feldman.

Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.

Dynamically Discovering Likely Program Invariants to Support Program Evolution Michael D. Ernst, Jake Cockrell, William G. Griswold, David Notkin Presented.

CS590 Z Software Defect Analysis Xiangyu Zhang. CS590F Software Reliability What is Software Defect Analysis  Given a software program, with or without.

1 SWE Introduction to Software Engineering Lecture 5.

Dynamically Discovering Likely Program Invariants to Support Program Evolution Michael D. Ernst, Jake Cockrell, William G. Griswold, David Notkin Presented.

Michael Ernst, page 1 Improving Test Suites via Operational Abstraction Michael Ernst MIT Lab for Computer Science Joint.

School of Computer ScienceG53FSP Formal Specification1 Dr. Rong Qu Introduction to Formal Specification

CPSC 531: DES Overview1 CPSC 531:Discrete-Event Simulation Instructor: Anirban Mahanti Office: ICT Class Location:

1 Inferring Specifications A kind of review. 2 The Problem Most programs do not have specifications Those that do often fail to preserve the consistency.

Principle of Functional Verification Chapter 1~3 Presenter : Fu-Ching Yang.

Combinational Logic Design

What Exactly are the Techniques of Software Verification and Validation A Storehouse of Vast Knowledge on Software Testing.

CASE Tools And Their Effect On Software Quality Peter Geddis – pxg07u.

Cheng/Dillon-Software Engineering: Formal Methods Model Checking.

Dr. Pedro Mejia Alvarez Software Testing Slide 1 Software Testing: Building Test Cases.

272: Software Engineering Fall 2012 Instructor: Tevfik Bultan Lecture 17: Code Mining.

Reverse Engineering State Machines by Interactive Grammar Inference Neil Walkinshaw, Kirill Bogdanov, Mike Holcombe, Sarah Salahuddin.

Abstraction IS 101Y/CMSC 101 Computational Thinking and Design Tuesday, September 17, 2013 Carolyn Seaman University of Maryland, Baltimore County.

Testing. Definition From the dictionary- the means by which the presence, quality, or genuineness of anything is determined; a means of trial. For software.

1 Performance Evaluation of Computer Networks: Part II Objectives r Simulation Modeling r Classification of Simulation Modeling r Discrete-Event Simulation.

Mining Windows Kernel API Rules Jinlin Yang 09/28/2005CS696.

Michael Ernst, page 1 Collaborative Learning for Security and Repair in Application Communities Performers: MIT and Determina Michael Ernst MIT Computer.

Chapter 8 – Software Testing Lecture 1 1Chapter 8 Software testing The bearing of a child takes nine months, no matter how many women are assigned. Many.

Automatically Inferring Temporal Properties for Program Evolution Jinlin Yang and David Evans 15 th IEEE International Symposium on Software Reliability.

SOFTWARE DESIGN (SWD) Instructor: Dr. Hany H. Ammar

Survey on Trace Analyzer (2) Hong, Shin /34Survey on Trace Analyzer (2) KAIST.

Strauss: A Specification Miner Glenn Ammons Department of Computer Sciences University of Wisconsin-Madison.

Debugging Simulation Models CS 780 Spring 2007 Instructor: Peter Kemper Dept of Computer Science, College of William and Mary Prerequisites: A first course.

1 Test Selection for Result Inspection via Mining Predicate Rules Wujie Zheng

Dynamic Program Analysis Klaus Havelund Kestrel Technology NASA Ames Research Center Motivation for writing specs: Instant gratification.

Celluloid An interactive media sequencing language.

Chapter 8 Lecture 1 Software Testing. Program testing Testing is intended to show that a program does what it is intended to do and to discover program.

Using Loop Invariants to Detect Transient Faults in the Data Caches Seung Woo Son, Sri Hari Krishna Narayanan and Mahmut T. Kandemir Microsystems Design.

Inculcating Invariants in Introductory Courses David Evans and Michael Peck University of Virginia ICSE 2006 Education Track Shanghai, 24 May

Constraints Assisted Modeling and Validation Presented in CS294-5 (Spring 2007) Thomas Huining Feng Based on: [1]Constraints Assisted Modeling and Validation.

Parallel and Distributed Systems Laboratory Paradise: A Toolkit for Building Reliable Concurrent Systems Trace Verification for Parallel Systems Vijay.

Generating High-Quality Tests for Boolean Circuits by Treating Tests as Proof Encoding Eugene Goldberg, Pete Manolios Northeastern University, USA TAP-2010,

CAPP: Change-Aware Preemption Prioritization Vilas Jagannath, Qingzhou Luo, Darko Marinov Sep 6 th 2011.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 4 Slide 1 Software Processes.

Banaras Hindu University. A Course on Software Reuse by Design Patterns and Frameworks.

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur

Software Development Process CS 360 Lecture 3. Software Process The software process is a structured set of activities required to develop a software.

 Simulation enables the study of complex system.  Simulation is a good approach when analytic study of a system is not possible or very complex.  Informational,

September 1999Compaq Computer CorporationSlide 1 of 16 Verification of cache-coherence protocols with TLA+ Homayoon Akhiani, Damien Doligez, Paul Harter,

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur

Copyright 1999 G.v. Bochmann ELG 7186C ch.1 1 Course Notes ELG 7186C Formal Methods for the Development of Real-Time System Applications Gregor v. Bochmann.

Test Case Purification for Improving Fault Localization presented by Taehoon Kwak SoftWare Testing & Verification Group Jifeng Xuan, Martin Monperrus [FSE’14]

The PLA Model: On the Combination of Product-Line Analyses 강태준.

Jeremy Nimmer, page 1 Automatic Generation of Program Specifications Jeremy Nimmer MIT Lab for Computer Science Joint work with.

OPERATING SYSTEMS CS 3502 Fall 2017

Chapter 19: Architecture, Implementation, and Testing

Gabor Madl Ph.D. Candidate, UC Irvine Advisor: Nikil Dutt

Baisc Of Software Testing

Test Case Test case Describes an input Description and an expected output Description. Test case ID Section 1: Before execution Section 2: After execution.

Software Verification and Validation

Software Verification and Validation

Automated Analysis and Code Generation for Domain-Specific Models

Software Verification and Validation

Extending Interface Based Design

Presentation transcript:

Jinlin Yang and David Evans [jinlin, Department of Computer Science University of Virginia PASTE 2004 June 7 th Dynamically Inferring Temporal Properties

PASTE 2004Jinlin Yang2 Temporal Properties Example: fopen/fclose Essential for program’s correctness Hard for humans to document correctly [Holzmann, FSE ’02 keynote] Can we infer them automatically? Yes!

PASTE 2004Jinlin Yang3 Related Work Value-based invariants –Daikon [Ernst, TSE, Feb. ‘01] –We focus on invariants in sequence of events Temporal properties –Recovering thread models [Cook, JSS ‘04] –Mining specification [Ammons, POPL ‘02] –Extracting component interfaces [Whaley, ISSTA ‘02] –We focus on relationship between 2 or 3 events: greater automation, scalability

PASTE 2004Jinlin Yang4 Our Approach Program Instrumented Program Instrumentation Test Suite Execution Traces Testing Inferred Properties Candidate Property Patterns Inference

PASTE 2004Jinlin Yang5 Program Verification Inferred Properties Model Report Derived Properties Satisfaction or Counter- examples Report Generation Validation Program Dynamic Inference

PASTE 2004Jinlin Yang6 Program Evolution Inferred Properties 1 Different Properties Difference Analyzer Inferred Properties 2 Shared Properties Program Version 1 Program Version 2 Dynamic Inference

PASTE 2004Jinlin Yang7 Property Patterns Response pattern [Dwyer, ICSE ‘99] [-P]* (P [-S]* S [-P]*)* SPPSPS  SPSP  Too weak 3 primitive patterns 4 derived patterns

PASTE 2004Jinlin Yang8 Partial Order of Patterns MultiEffect PSS MultiCause PPS EffectFirst SPS Alternating PSPS OneCause SPSS OneEffect SPPS CauseFirst PPSS Response SPPSPS Stricter

PASTE 2004Jinlin Yang9 Logical Relation of Patterns MultiEffect PSS MultiCause PPS EffectFirst SPS Alternating PSPS OneCause SPSS OneEffect SPPS CauseFirst PPSS For each combination of two events Decide if they satisfy CauseFirst, OneCause, or OneEffect Find the strictest pattern Response SPPSPS Stricter ΛΛΛ Λ

PASTE 2004Jinlin Yang10 Find Strictest Pattern Trace 1: PSPSTrace 2: PPSAll Traces CauseFirst  OneCause  OneEffect  For any two events, determine the strictest pattern satisfied by all traces

PASTE 2004Jinlin Yang11 Find Strictest Pattern Trace 1: PSPSTrace 2: PPSAll Traces CauseFirst  OneCause  OneEffect  For any two events, determine the strictest pattern satisfied by all traces

PASTE 2004Jinlin Yang12 Find Strictest Pattern Trace 1: PSPSTrace 2: PPSAll Traces CauseFirst  OneCause  OneEffect  CauseFirstΛOneEffect  MultiCause For any two events, determine the strictest pattern satisfied by all traces

PASTE 2004Jinlin Yang13 Implementation Automated testing and inference Instrumentation and properties diff by hand 900 lines of Perl code 93 different events, 100 traces, each has 222 events on average: less than an hour Program Instrumented Program Instrumentation Test Suite Execution Traces Testing Inferred Properties Candidate Property Patterns Inference

PASTE 2004Jinlin Yang14 Experiments Hypotheses –We can automatically extract interesting temporal properties. –Differences of temporal properties among multiple versions can reveal interesting things. Target programs –Tour bus simulator (8 student submissions) –OpenSSL (0.9.6, d) –Simplified producer-consumer (in the paper)

PASTE 2004Jinlin Yang15 Tour Bus Simulator Bus and each passenger is a separate thread Assignment in Fall 2003 graduate-level course (before we started this project) 8 submissions from the instructor

PASTE 2004Jinlin Yang16 Testing >cville_bus –N 2 –C 1 –T 2 Bus waiting for trip 1 Passenger 0 gets in Bus drives around Charlottesville Passenger 0 gets off Bus waiting for trip 2 Passenger 1 gets in Bus drives around Charlottesville Passenger 1 gets off Bus stops for the day N, the number of people C, the capacity of the bus T, the number of trips Executed each submission with 100 randomly generated inputs, where 20 < C ≤ 40 C+1 ≤ N ≤ 2C 1 ≤ T ≤ 10

PASTE 2004Jinlin Yang17 Results: Tour Bus Simulator Pattern7 Correct Versions 1 Faulty Version Alternating wait  drives MultiEffect drives  gets off wait  gets off wait  gets in wait  drives wait  gets in MultiCause gets in  drives CauseFirst gets in  gets off drives  gets off wait  gets off Differences reveal problems –Bus drives around before all passengers get off –Other problems

PASTE 2004Jinlin Yang18 OpenSSL Widely used implementation of the Secure Socket Layer protocol 6 versions [0.9.6, 0.9.7, 0.9.7a-d] We focus on the handshake protocol

PASTE 2004Jinlin Yang19

PASTE 2004Jinlin Yang20 Testing Manually instrumented server Modified client: advance to a different state with 5% probability Executed each version of server with 1000 randomly generated clients

PASTE 2004Jinlin Yang21 Inferred Alternating Patterns a0.9.7b0.9.7c0.9.7d SR_KEY_EXCH  SR_CERT_VRFY SW_CERT  SW_KEY_EXCH SW_SRVR_DONE  SR_CERT Documented improvement Fixed bug Race condition 7 alternating patterns same for all versions

PASTE 2004Jinlin Yang22 Partitioning Traces Correct clients –Properties are exactly same as specified –All versions agree Faulty clients without server errors generated –Found one possible vulnerability of DOS attack Segmentation faults –A documented bug fixed since 0.9.7d

PASTE 2004Jinlin Yang23 Summary of Experiments Useful in program evolution –Reveal interesting changes in OpenSSL –Identify unexpected differences Revealed bugs –Tour bus: identified faulty implementation Multiple implementations are rare, but multiple representations are common (i.e. design, model, code) –OpenSSL: partitioning traces

PASTE 2004Jinlin Yang24 Future Work/Research Questions Automating instrumentation/validation –Can we automatically identify interesting events? Identifying more useful patterns –Combine data-flow with events –More expressive, more events –Ed will talk more about this Prioritize results –How to identify interesting differences? Testing –How do the inferred properties vary with the test suite?

PASTE 2004Jinlin Yang25 Conclusion Automatically inferring temporal properties is feasible Even very simple property patterns reveal interesting program properties

PASTE 2004Jinlin Yang26 Thank You! This work is funded in part by the National Science Foundation. We thank Marty Humphrey for providing the student submissions, Chengdu Huang for helping OpenSSL, Joel Winstead for discussion and comments on earlier version of this paper, anonymous PASTE reviewers for insightful comments, anonymous CS650 students who wrote the buggy code, and our research group members and CS graduate students at the UVa for helping improve the talk.