View
36
Download
0
Category
Preview:
DESCRIPTION
Hybrid Program Analysis for Error Detection. Michael Achenbach University of Aarhus Denmark. Hypothesis. Combine program verification techniques to get a good verification tool. Examples from Literature. Testing, abstraction, theorem proving: better together! (T. Ball et al, 2006) - PowerPoint PPT Presentation
Citation preview
Hybrid Program Analysis for Error Detection
Michael Achenbach
University of AarhusDenmark
Hypothesis
• Combine program verification techniques to get a good verification tool
Examples from Literature
Static Analysis
Fixed Point CalculationAbstract Interpretation
Dynamic Analysis
TestingRuntime Monitoring
Theorem Proving
Full Logical ProofConstraint Solving
Decision Procedures
Model Checking
Type Checkers
• Testing, abstraction, theorem proving: better together! (T. Ball et al, 2006)
• Generalized symbolic execution for model checking and testing (S. Khurshid et al, 2003)
• DART (P. Godefroid et al, 2005)• CUTE / jCUTE (K. Sen et al, 2005)
Hypothesis
• Combine program verification techniques to get a good verification tool
• Combine static analysis and testing– One framework for both methods– Check for safety properties
• Enable syntax for abstractions on the programming level
Testing
normal execution
buggy execution
abstraction boundaries
Static Analysis
normal execution
buggy execution
buggy abstraction
abstraction boundaries
Hybrid Program Analysis
normal execution
buggy execution
buggy abstraction
abstraction boundaries
Seamless Scaling
Run 1
TestingStatic Analysis
Run 3
Run 4
Run 2
TVLAESP…
DARTCUTE
…
Outline
• Extended Monotone Framework
• Examples and Usage Scenarios
• Future Work
Extended Monotone Framework
loop cond
assert
stmt 1
stmt n
truefalse
• Prototype for WHILE language with MFP algorithm
• Lattice over sets of states
• Specifications from assertions become transfer functions
while(?){
assert …;
stmt 1;
…
stmt n;
}
Problem:State explosion in
concrete evaluations!
Extended Monotone Framework
loop cond
stmt 1
stmt 2
stmt n
truefalse
• Each state contains:– Stack of loop evaluations– Abstraction of the store
• Introduce merge operator that overwrites old state with new state
• Drops monotonicity
New termination issues
ov
Example: Test Stubs// Method under testString critical(Permission pm, Domain dom, String user){
if(pm.hasAccess(user)) return access(dom);else return "permission denied";
}
// Partially abstract test stubclass APermission implements Permission{ boolean hasAccess(String user){
if(user <<= VALID) return true; if(user <<= INVALID) return false; return ?; }
}
// Test case testCritical(){ assert critical(new APermission(),..., INVALID)
.equals("permission denied");}
Specify partially abstract test stub
Perform concreteunit testing
Example: Invariantsprocedure probabilisticExtension(x){
r := 0;while(x > 0){ y := x * x; z := random(x, y);
// Invariant and safety property check assert z <<= [x,y]; assert z != 0;
x := x - (x / z); r := r + 1; } return r;
}
procedure test(){ assert probabilisticExtension([-inf,0]) = 0; assert probabilisticExtension([1,1]) = 1; assert probabilisticExtension([2,+inf]) >= 1;
}
Specify invariantsand safetyproperties
Define partitions ofabstract input values
Other Usage Scenarios
• Iterative refinement of test input– Compare with predicate refinement
• Partially abstract tests as pointcut specification language in AOP (compare with H. Masuhara et al, 2008)
• Non-standard interpretations (compare with J. M. Siskind et al, 2007)
Future Work
• Cope with more language features
• Make abstractions easily pluggable– Make use of analysis definition languages– Define syntax and semantics of abstractions
as Embedded Domain Specific Language
• Automated partially abstract test case generation– Compare with SYNERGY (A. Nori et al, 2006)
Questions?
Recommended