hybrid program analysis for error detection
DESCRIPTION
Hybrid Program Analysis for Error Detection. Michael Achenbach University of Aarhus Denmark. Hypothesis. Combine program verification techniques to get a good verification tool. Examples from Literature. Testing, abstraction, theorem proving: better together! (T. Ball et al, 2006) - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Hybrid Program Analysis for Error Detection](https://reader035.vdocuments.site/reader035/viewer/2022062314/56812e61550346895d940793/html5/thumbnails/1.jpg)
Hybrid Program Analysis for Error Detection
Michael Achenbach
University of AarhusDenmark
![Page 2: Hybrid Program Analysis for Error Detection](https://reader035.vdocuments.site/reader035/viewer/2022062314/56812e61550346895d940793/html5/thumbnails/2.jpg)
Hypothesis
• Combine program verification techniques to get a good verification tool
![Page 3: Hybrid Program Analysis for Error Detection](https://reader035.vdocuments.site/reader035/viewer/2022062314/56812e61550346895d940793/html5/thumbnails/3.jpg)
Examples from Literature
Static Analysis
Fixed Point CalculationAbstract Interpretation
Dynamic Analysis
TestingRuntime Monitoring
Theorem Proving
Full Logical ProofConstraint Solving
Decision Procedures
Model Checking
Type Checkers
• Testing, abstraction, theorem proving: better together! (T. Ball et al, 2006)
• Generalized symbolic execution for model checking and testing (S. Khurshid et al, 2003)
• DART (P. Godefroid et al, 2005)• CUTE / jCUTE (K. Sen et al, 2005)
![Page 4: Hybrid Program Analysis for Error Detection](https://reader035.vdocuments.site/reader035/viewer/2022062314/56812e61550346895d940793/html5/thumbnails/4.jpg)
Hypothesis
• Combine program verification techniques to get a good verification tool
• Combine static analysis and testing– One framework for both methods– Check for safety properties
• Enable syntax for abstractions on the programming level
![Page 5: Hybrid Program Analysis for Error Detection](https://reader035.vdocuments.site/reader035/viewer/2022062314/56812e61550346895d940793/html5/thumbnails/5.jpg)
Testing
normal execution
buggy execution
abstraction boundaries
![Page 6: Hybrid Program Analysis for Error Detection](https://reader035.vdocuments.site/reader035/viewer/2022062314/56812e61550346895d940793/html5/thumbnails/6.jpg)
Static Analysis
normal execution
buggy execution
buggy abstraction
abstraction boundaries
![Page 7: Hybrid Program Analysis for Error Detection](https://reader035.vdocuments.site/reader035/viewer/2022062314/56812e61550346895d940793/html5/thumbnails/7.jpg)
Hybrid Program Analysis
normal execution
buggy execution
buggy abstraction
abstraction boundaries
![Page 8: Hybrid Program Analysis for Error Detection](https://reader035.vdocuments.site/reader035/viewer/2022062314/56812e61550346895d940793/html5/thumbnails/8.jpg)
Seamless Scaling
Run 1
TestingStatic Analysis
Run 3
Run 4
Run 2
TVLAESP…
DARTCUTE
…
![Page 9: Hybrid Program Analysis for Error Detection](https://reader035.vdocuments.site/reader035/viewer/2022062314/56812e61550346895d940793/html5/thumbnails/9.jpg)
Outline
• Extended Monotone Framework
• Examples and Usage Scenarios
• Future Work
![Page 10: Hybrid Program Analysis for Error Detection](https://reader035.vdocuments.site/reader035/viewer/2022062314/56812e61550346895d940793/html5/thumbnails/10.jpg)
Extended Monotone Framework
loop cond
assert
stmt 1
stmt n
truefalse
• Prototype for WHILE language with MFP algorithm
• Lattice over sets of states
• Specifications from assertions become transfer functions
while(?){
assert …;
stmt 1;
…
stmt n;
}
Problem:State explosion in
concrete evaluations!
![Page 11: Hybrid Program Analysis for Error Detection](https://reader035.vdocuments.site/reader035/viewer/2022062314/56812e61550346895d940793/html5/thumbnails/11.jpg)
Extended Monotone Framework
loop cond
stmt 1
stmt 2
stmt n
truefalse
• Each state contains:– Stack of loop evaluations– Abstraction of the store
• Introduce merge operator that overwrites old state with new state
• Drops monotonicity
New termination issues
ov
![Page 12: Hybrid Program Analysis for Error Detection](https://reader035.vdocuments.site/reader035/viewer/2022062314/56812e61550346895d940793/html5/thumbnails/12.jpg)
Example: Test Stubs// Method under testString critical(Permission pm, Domain dom, String user){
if(pm.hasAccess(user)) return access(dom);else return "permission denied";
}
// Partially abstract test stubclass APermission implements Permission{ boolean hasAccess(String user){
if(user <<= VALID) return true; if(user <<= INVALID) return false; return ?; }
}
// Test case testCritical(){ assert critical(new APermission(),..., INVALID)
.equals("permission denied");}
Specify partially abstract test stub
Perform concreteunit testing
![Page 13: Hybrid Program Analysis for Error Detection](https://reader035.vdocuments.site/reader035/viewer/2022062314/56812e61550346895d940793/html5/thumbnails/13.jpg)
Example: Invariantsprocedure probabilisticExtension(x){
r := 0;while(x > 0){ y := x * x; z := random(x, y);
// Invariant and safety property check assert z <<= [x,y]; assert z != 0;
x := x - (x / z); r := r + 1; } return r;
}
procedure test(){ assert probabilisticExtension([-inf,0]) = 0; assert probabilisticExtension([1,1]) = 1; assert probabilisticExtension([2,+inf]) >= 1;
}
Specify invariantsand safetyproperties
Define partitions ofabstract input values
![Page 14: Hybrid Program Analysis for Error Detection](https://reader035.vdocuments.site/reader035/viewer/2022062314/56812e61550346895d940793/html5/thumbnails/14.jpg)
Other Usage Scenarios
• Iterative refinement of test input– Compare with predicate refinement
• Partially abstract tests as pointcut specification language in AOP (compare with H. Masuhara et al, 2008)
• Non-standard interpretations (compare with J. M. Siskind et al, 2007)
![Page 15: Hybrid Program Analysis for Error Detection](https://reader035.vdocuments.site/reader035/viewer/2022062314/56812e61550346895d940793/html5/thumbnails/15.jpg)
Future Work
• Cope with more language features
• Make abstractions easily pluggable– Make use of analysis definition languages– Define syntax and semantics of abstractions
as Embedded Domain Specific Language
• Automated partially abstract test case generation– Compare with SYNERGY (A. Nori et al, 2006)
![Page 16: Hybrid Program Analysis for Error Detection](https://reader035.vdocuments.site/reader035/viewer/2022062314/56812e61550346895d940793/html5/thumbnails/16.jpg)
Questions?