Generating Precise and Concise Procedure Summaries Greta Yorsh Eran Yahav Satish Chandra.

Slides:



Advertisements
Similar presentations
Dataflow Analysis for Datarace-Free Programs (ESOP 11) Arnab De Joint work with Deepak DSouza and Rupesh Nasre Indian Institute of Science, Bangalore.
Advertisements

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.
Semantics Static semantics Dynamic semantics attribute grammars
Data-Flow Analysis II CS 671 March 13, CS 671 – Spring Data-Flow Analysis Gather conservative, approximate information about what a program.
A Program Transformation For Faster Goal-Directed Search Akash Lal, Shaz Qadeer Microsoft Research.
Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
Programming Languages and Paradigms
Pointer Analysis – Part I Mayur Naik Intel Research, Berkeley CS294 Lecture March 17, 2009.
Automated Software Verification with a Permission-Based Logic 20 th June 2014, Zürich Malte Schwerhoff, ETH Zürich.
Data-Flow Analysis Framework Domain – What kind of solution is the analysis looking for? Ex. Variables have not yet been defined – Algorithm assigns a.
1 How to transform an analyzer into a verifier. 2 OUTLINE OF THE LECTURE a verification technique which combines abstract interpretation and Park’s fixpoint.
Inferring Disjunctive Postconditions Corneliu Popeea and Wei-Ngan Chin School of Computing National University of Singapore - ASIAN
Bebop: A Symbolic Model Checker for Boolean Programs Thomas Ball Sriram K. Rajamani
Type checking © Marcelo d’Amorim 2010.
A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.
August Moscow meeting1August Moscow meeting1August Moscow meeting11 Deductive tools in insertion modeling verification A.Letichevsky.
Hawkeye: Effective Discovery of Dataflow Impediments to Parallelization Omer Tripp John Field Greta Yorsh Mooly Sagiv.
(c) 2007 Mauro Pezzè & Michal Young Ch 7, slide 1 Symbolic Execution and Proof of Properties.
1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.
The Z Specification Language
Rahul Sharma Işil Dillig, Thomas Dillig, and Alex Aiken Stanford University Simplifying Loop Invariant Generation Using Splitter Predicates.
Software Testing and Quality Assurance
White Box Testing and Symbolic Execution Written by Michael Beder.
Establishing Local Temporal Heap Safety Properties with Applications to Compile-Time Memory Management Ran Shaham Eran Yahav Elliot Kolodner Mooly Sagiv.
Next Section: Pointer Analysis Outline: –What is pointer analysis –Intraprocedural pointer analysis –Interprocedural pointer analysis (Wilson & Lam) –Unification.
1 Control Flow Analysis Mooly Sagiv Tel Aviv University Textbook Chapter 3
X := 11; if (x == 11) { DoSomething(); } else { DoSomethingElse(); x := x + 1; } y := x; // value of y? Phase ordering problem Optimizations can interact.
White Box Testing and Symbolic Execution Written by Michael Beder.
Modular Shape Analysis for Dynamically Encapsulated Programs Noam Rinetzky Tel Aviv University Arnd Poetzsch-HeffterUniversität Kaiserlauten Ganesan RamalingamMicrosoft.
Modular Shape Analysis for Dynamically Encapsulated Programs Noam Rinetzky Tel Aviv University Arnd Poetzsch-HeffterUniversität Kaiserlauten Ganesan RamalingamMicrosoft.
Data Flow Analysis Compiler Design Nov. 8, 2005.
© 2006 Pearson Addison-Wesley. All rights reserved2-1 Chapter 2 Principles of Programming & Software Engineering.
Generative Programming. Generic vs Generative Generic Programming focuses on representing families of domain concepts Generic Programming focuses on representing.
1 An introduction to design patterns Based on material produced by John Vlissides and Douglas C. Schmidt.
Programming by Example using Least General Generalizations Mohammad Raza, Sumit Gulwani & Natasa Milic-Frayling Microsoft Research.
Mark Marron IMDEA-Software (Madrid, Spain) 1.
Implementation Yaodong Bi. Introduction to Implementation Purposes of Implementation – Plan the system integrations required in each iteration – Distribute.
PRESTO Research Group, Ohio State University Interprocedural Dataflow Analysis in the Presence of Large Libraries Atanas (Nasko) Rountev Scott Kagan Ohio.
Context Tailoring the DBMS –To support particular applications Beyond alphanumerical data Beyond retrieve + process –To support particular hardware New.
A Parametric Segmentation Functor for Fully Automatic and Scalable Array Content Analysis Patrick Cousot, NYU & ENS Radhia Cousot, CNRS & ENS & MSR Francesco.
1 Employing decision procedures for automatic analysis and verification of heap-manipulating programs Greta Yorsh under the supervision of Mooly Sagiv.
Testing and Verifying Atomicity of Composed Concurrent Operations Ohad Shacham Tel Aviv University Nathan Bronson Stanford University Alex Aiken Stanford.
PPL Static Verification: Type Inference Lecture Notes: Chapter 2.
Exploiting Automatically Inferred Constraint-Models for Building Identification in Satellite Imagery Research funded by the AFSOR, grant numbers FA
Generative Programming. Automated Assembly Lines.
CS 363 Comparative Programming Languages Semantics.
Programming Languages and Paradigms Imperative Programming.
PPL Applicative and Normal Form Verification, Type Checking and Inference.
Program Analysis and Verification
Object-Oriented Modeling: Static Models. Object-Oriented Modeling Model the system as interacting objects Model the system as interacting objects Match.
Semantics In Text: Chapter 3.
© 2006 Pearson Addison-Wesley. All rights reserved2-1 Chapter 2 Principles of Programming & Software Engineering.
A System to Generate Test Data and Symbolically Execute Programs Lori A. Clarke Presented by: Xia Cheng.
© 2006 Pearson Addison-Wesley. All rights reserved 2-1 Chapter 2 Principles of Programming & Software Engineering.
Generating Precise and Concise Procedure Summaries Greta Yorsh Eran Yahav Satish Chandra.
Weighted Automata and Concurrency Akash Lal Microsoft Research, India Tayssir Touili, Nicholas Kidd and Tom Reps ACTS II, Chennai Mathematical Institute.
CS 343 presentation Concrete Type Inference Department of Computer Science Stanford University.
Pointer Analysis – Part I CS Pointer Analysis Answers which pointers can point to which memory locations at run-time Central to many program optimization.
Design Patterns. Outline Purpose Purpose Useful Definitions Useful Definitions Pattern Overview Pattern Overview.
C HAPTER 3 Describing Syntax and Semantics. D YNAMIC S EMANTICS Describing syntax is relatively simple There is no single widely acceptable notation or.
Operational Semantics Mooly Sagiv Tel Aviv University Sunday Scrieber 8 Monday Schrieber.
Technion Haifa Research Labs Israel Institute of Technology Underapproximation for Model-Checking Based on Random Cryptographic Constructions Arie Matsliah.
Rely: Verifying Quantitative Reliability for Programs that Execute on Unreliable Hardware Michael Carbin, Sasa Misailovic, and Martin Rinard MIT CSAIL.
COMP 412, FALL Type Systems C OMP 412 Rice University Houston, Texas Fall 2000 Copyright 2000, Robert Cartwright, all rights reserved. Students.
TIM 58 Chapter 8: Class and Method Design
Symbolic Implementation of the Best Transformer
Johannes Lerch, Johannes Späth, Eric Bodden, and Mira Mezini
CS 583 Fall 2006 Analysis of Algorithms
Review of Week 1 Database DBMS File systems vs. database systems
IoT Modelling Framework and Papyrus Shuai Li, CEA
Presentation transcript:

Generating Precise and Concise Procedure Summaries Greta Yorsh Eran Yahav Satish Chandra

2 Our Framework abstract domain & transformers Summary Generator foo(…) { … } summary of foo function from input to output abstract values

3 Our Framework abstract domain & transformers bar(…) { … foo(); … } summary of foo summary of bar Summary Generator

4 Our Framework Summaries abstract domain & transformers Analyzer client library preciseprecise efficientefficient conciseconcise Summary Generator   (restricted) client …

5 class DataReader { FileComp f;... void setComponent(FileComp p) { this.f = p; } FileComp getComponent() { return this.f; }... void nop() { FileComp t; t = getComponent(); setComponent(t); } Example Composition of transformers tr 13  tr 12  tr 23 (A1)(A2) (A3) tr 13 tr 12 A1: A2: A3: tr 23

6 … Main Challenge Composition of transformers Finite representation of iterated composition of transformers loop iterations calling contexts …

7 Express constraints on intermediate states in terms of initial and final states Restrict the representation of transformers –covers all basic statements –closed under composition –finite language Our Approach tr 13 tr 12 tr 23

8 Our Contributions precise, efficient and conciseFramework for generating precise, efficient and concise summaries –language of transformers –composition algorithm Instances of the framework include –known classes: IFDS, IDE –modular constant propagation with aliasing –modular typestate verification with aliasing Prototype and evaluation for typestate

9 Transformers are defined using conditional micro-transformers –partition values into finite number of classes with uniform behavior –compose using case-splitting –restrict the way partitions defined  e.g., no quantifiers Lift to aggregate domains –powerset, product, union –transformers follow domain structure –dependencies between components Key Ideas tr 13 tr 23 tr 12

10 Simple Example: Tracking “Nullness” Abstract value is a set of access paths –e.g., { x.f, y } must have null value Abstract transformer tr operates pointwise on individual access paths using tr AP : tr(X) =   X tr AP (  ) Conditional micro-transformer tr AP maps an access path  to a set of access paths

11 Example: Conditional Micro-Transformer   t  =this.f  t   this.f  =this.f this.f t = this.f { this.f, t } if  = this.f { } if  = t {  }if   t    this.f tr AP (  ) ≡ preconditions (under certain restrictions)

12 class DataReader { FileComp f;... void setComponent(FileComp p) { this.f = p; } FileComp getComponent() { return this.f; }... void nop() { FileComp t; t = getComponent(); setComponent(t); } Example: Composition Algorithm A1: A2: A3: (A1)(A2) (A3) tr 13 tr 12 tr 23 tr 13 (X) =   X (tr AP  tr AP )(  ) 1223 tr 12 (X) =   X tr AP (  ) tr 23 (X) =   X tr AP (  )

13 t = getComponent() setComponent(t)   t  =this.f  t   this.f  =this.f this.f   t  =t  this.f   t  =t this.f   t  =t  this.f   t  =t this.f   t  =t  this.f   t  =t this.f  :=this.f  := t  :=  Example: Composition Algorithm substitution t = getComponent(); setComponent(t) tr AP 12 23

14    =this.f  t   this.f  =this.f  t  =t this.f this.f=t this.f t=t tttthis.f this.f  this.f  this.f  t  this.f   t t  this.f  t  t    t  this.f  :=this.f  :=t  :=  Example: Composition Algorithm t = getComponent(); setComponent(t)

15   =this.f  t   this.f  t=t tthis.f  this.f   t  Example: Composition Algorithm t = getComponent(); setComponent(t)  t  =this.f  t   this.f  =this.f this.f  t = getComponent(); setComponent(t)

16 Case splitting Substitution Consistency checking Simplification Invert operation (details in the paper) Basic Ingredients of Composition t = getComponent(); setComponent(t)   t  =this.f  t   this.f  =this.f this.f t = getComponent() setComponent(t)   t  =t  this.f   t  =t this.f  t  =this.f  t   this.f  =this.f this.f  

17 Related Work Static determination of dynamic properties of recursive procedures [Cousot-Cousot ’79] Functional approach [Sharir-Pnueli ‘81] IFDS problems [Reps-Horwitz-Sagiv POPL’95] IDE problems [Sagiv-Reps-Horwitz TCS ‘96] Relevant Context Inference [Chatterjee-Ryder-Landi POPL’99]

18 Summary Language of transformers Composition algorithm The language is closed under composition The language is expressive Precise and concise procedure summaries

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.