Presentation is loading. Please wait.

Presentation is loading. Please wait.

Catching Bugs in the Web of Program Invariants Proseminar „Programmanalyse”, Prof. Dr. Heike Wehrheim Universität Paderborn, WS 2011/2012 Anton Tonkushin.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Catching Bugs in the Web of Program Invariants Proseminar „Programmanalyse”, Prof. Dr. Heike Wehrheim Universität Paderborn, WS 2011/2012 Anton Tonkushin."— Presentation transcript:

1 Catching Bugs in the Web of Program Invariants Proseminar „Programmanalyse”, Prof. Dr. Heike Wehrheim Universität Paderborn, WS 2011/2012 Anton Tonkushin

2 Static debugging Array indexing outside of its proper bounds Division by zero Referencing of null pointers Jumping to non-function pointers etc Identifying problems at compile- or runtime Solution: Magic Tool Assisting the programmer in verifying the preconditions of program operations Immediate errors’ signaling Programmanalyse, WS 2011/2012, Anton Tonkushin 2

3 MrSpidey Interactive, static debugger for Scheme Understanding complex programs Debugging complex programs Introduction & Goals Main functions: Describes the set of possible values for each program variable and expression (value set invariant) Identifies possibly unsafe program operations that may cause run-time errors Provides a supporting graphical explanation for these invariants Programmanalyse, WS 2011/2012, Anton Tonkushin 3

4 Set-based analysis in MrSpidey Introduction: Program variables and expressions are viewed as sets of values Possibly infinite sets of values represented finitely using abstract values Each abstract value corresponds to a particular constructor expression in the analyzed program Programmanalyse, WS 2011/2012, Anton Tonkushin 4

5 Sample source language Λ Programmanalyse, WS 2011/2012, Anton Tonkushin Introduction: P ∈ Program ::= (define x M)... M, N ∈ Λ ::= V l Ι (M M) l Ι (cons M M) l Ι (car M) l Ι (cdr M) l V ∈ Value ::= c Ι x Ι (λx.M) l Ι (cons V V) c ∈ Const=Num ∪ {nil,...} n ∈ Num={0, 1, 2,...} x ∈ Vars={x, y, z,...} l ∈ Label 5

6 Abstract values & abstract store Abstract values Abstract store Result of the set-based analysis Finite table Maps variables and labels to sets of abstract values S ∈ AbsStore = (Vars ∪ Label) → P(AbsValue P ) Programmanalyse, WS 2011/2012, Anton Tonkushin 6

7 Two stage algorithm of MrSpidey Deriving constraints in a syntax-directed manner from the program text Determining the minimal (i.e., most accurate) abstract store satisfying these constraints Programmanalyse, WS 2011/2012, Anton Tonkushin Example 7

8 A sample analysis: deriving constraints Programmanalyse, WS 2011/2012, Anton Tonkushin 8

9 A sample analysis: solving constraints Programmanalyse, WS 2011/2012, Anton Tonkushin 9

10 Value Flow & Value Flow Browser Programmanalyse, WS 2011/2012, Anton Tonkushin Construction of a value flow graph from the subset relations Each edge in this graph -> arrow overlaid on the program text 10

11 Questions? 11

Download ppt "Catching Bugs in the Web of Program Invariants Proseminar „Programmanalyse”, Prof. Dr. Heike Wehrheim Universität Paderborn, WS 2011/2012 Anton Tonkushin."

Similar presentations

CS3012: Formal Languages and Compilers Static Analysis the last of the analysis phases of compilation type checking - is an operator applied to an incompatible.

CS3012: Formal Languages and Compilers Static Analysis the last of the analysis phases of compilation type checking - is an operator applied to an incompatible.
Good Programming Practices rules every programmer should know and follow.

Good Programming Practices rules every programmer should know and follow.
Modular and Verified Automatic Program Repair Francesco Logozzo, Thomas Ball RiSE - Microsoft Research Redmond.

Modular and Verified Automatic Program Repair Francesco Logozzo, Thomas Ball RiSE - Microsoft Research Redmond.
Semantics Static semantics Dynamic semantics attribute grammars

Semantics Static semantics Dynamic semantics attribute grammars
A System to Generate Test Data and Symbolically Execute Programs Lori A. Clarke September 1976.

A System to Generate Test Data and Symbolically Execute Programs Lori A. Clarke September 1976.
Intermediate Code Generation

Intermediate Code Generation
Chapter 6 Type Checking. The compiler should report an error if an operator is applied to an incompatible operand. Type checking can be performed without.

Chapter 6 Type Checking. The compiler should report an error if an operator is applied to an incompatible operand. Type checking can be performed without.
Context-Sensitive Interprocedural Points-to Analysis in the Presence of Function Pointers Presentation by Patrick Kaleem Justin.

Context-Sensitive Interprocedural Points-to Analysis in the Presence of Function Pointers Presentation by Patrick Kaleem Justin.
3-Valued Logic Analyzer (TVP) Tal Lev-Ami and Mooly Sagiv.

3-Valued Logic Analyzer (TVP) Tal Lev-Ami and Mooly Sagiv.
Telecooperation/RBG Technische Universität Darmstadt Copyrighted material; for TUD student use only Introduction to Computer Science I Topic 16: Exception.

Telecooperation/RBG Technische Universität Darmstadt Copyrighted material; for TUD student use only Introduction to Computer Science I Topic 16: Exception.
Compiler Construction

Compiler Construction
Lecture - 1 on Data Structures. Prepared by, Jesmin Akhter, Lecturer, IIT,JU Data Type and Data Structure Data type Set of possible values for variables.

Lecture - 1 on Data Structures. Prepared by, Jesmin Akhter, Lecturer, IIT,JU Data Type and Data Structure Data type Set of possible values for variables.
CMPT 225 Data Structures and Programming. Course information Lecturer: Jan Manuch (Jano), TASC 9405 TAs: Osama Saleh,

CMPT 225 Data Structures and Programming. Course information Lecturer: Jan Manuch (Jano), TASC TAs: Osama Saleh,
Lecture Roger Sutton CO331 Visual programming 15: Debugging 1.

Lecture Roger Sutton CO331 Visual programming 15: Debugging 1.
Safety as a Software Metric Matthias Felleisen and Robert Corky Cartwright Rice University.

Safety as a Software Metric Matthias Felleisen and Robert Corky Cartwright Rice University.
Slides prepared by Rose Williams, Binghamton University Chapter 1 Getting Started 1.1 Introduction to Java.

Slides prepared by Rose Williams, Binghamton University Chapter 1 Getting Started 1.1 Introduction to Java.
CS 290C: Formal Models for Web Software Lecture 10: Language Based Modeling and Analysis of Navigation Errors Instructor: Tevfik Bultan.

CS 290C: Formal Models for Web Software Lecture 10: Language Based Modeling and Analysis of Navigation Errors Instructor: Tevfik Bultan.
Static and Dynamic Contract Verifiers For Java Hongming Liu.

Static and Dynamic Contract Verifiers For Java Hongming Liu.
1 Program Analysis Mooly Sagiv Tel Aviv University 640-6706 Textbook: Principles of Program Analysis.

1 Program Analysis Mooly Sagiv Tel Aviv University Textbook: Principles of Program Analysis.
Chapter 9: Subprogram Control

Chapter 9: Subprogram Control

Similar presentations

Ads by Google