160 likes | 303 Views
Hybrid Program Analysis for Error Detection. Michael Achenbach University of Aarhus Denmark. Hypothesis. Combine program verification techniques to get a good verification tool. Examples from Literature. Testing, abstraction, theorem proving: better together! (T. Ball et al, 2006)
E N D
Hybrid Program Analysis for Error Detection Michael Achenbach University of AarhusDenmark
Hypothesis • Combine program verification techniques to get a good verification tool
Examples from Literature • Testing, abstraction, theorem proving: better together! (T. Ball et al, 2006) • Generalized symbolic execution for model checking and testing (S. Khurshid et al, 2003) • DART (P. Godefroid et al, 2005) • CUTE / jCUTE (K. Sen et al, 2005) Static Analysis Fixed Point Calculation Abstract Interpretation Dynamic Analysis Testing Runtime Monitoring Model Checking Type Checkers Theorem Proving Full Logical Proof Constraint Solving Decision Procedures
Hypothesis • Combine program verification techniques to get a good verification tool • Combine static analysis and testing • One framework for both methods • Check for safety properties • Enable syntax for abstractions on the programming level
Testing normal execution buggy execution abstraction boundaries
Static Analysis normal execution buggy execution buggy abstraction abstraction boundaries
Hybrid Program Analysis normal execution buggy execution buggy abstraction abstraction boundaries
Seamless Scaling Run 1 Run 4 Static Analysis Testing Run 3 Run 2 TVLA ESP … DART CUTE …
Outline • Extended Monotone Framework • Examples and Usage Scenarios • Future Work
loop cond false true assert stmt 1 stmt n Extended Monotone Framework • Prototype for WHILE language with MFP algorithm • Lattice over sets of states • Specifications from assertions become transfer functions Problem: State explosion in concrete evaluations! while(?){ assert …; stmt 1; … stmt n; }
ov Extended Monotone Framework • Each state contains: • Stack of loop evaluations • Abstraction of the store • Introduce merge operator that overwrites old state with new state • Drops monotonicity New termination issues loop cond false true stmt 1 stmt 2 stmt n
Specify partially abstract test stub Perform concrete unit testing Example: Test Stubs // Method under test String critical(Permission pm, Domain dom, String user){if(pm.hasAccess(user)) return access(dom);elsereturn "permission denied"; } // Partially abstract test stub class APermission implements Permission{ boolean hasAccess(String user){ if(user <<= VALID) returntrue;if(user <<= INVALID) returnfalse;return ?; } } // Test case testCritical(){ assert critical(new APermission(),..., INVALID) .equals("permission denied"); }
Specify invariants and safety properties Define partitions of abstract input values Example: Invariants procedure probabilisticExtension(x){ r := 0;while(x > 0){ y := x * x; z := random(x, y); // Invariant and safety property checkassert z <<= [x,y];assert z != 0; x := x - (x / z); r := r + 1; } return r; } procedure test(){ assert probabilisticExtension([-inf,0]) = 0; assert probabilisticExtension([1,1]) = 1; assert probabilisticExtension([2,+inf]) >= 1; }
Other Usage Scenarios • Iterative refinement of test input • Compare with predicate refinement • Partially abstract tests as pointcut specification language in AOP (compare with H. Masuhara et al, 2008) • Non-standard interpretations (compare with J. M. Siskind et al, 2007)
Future Work • Cope with more language features • Make abstractions easily pluggable • Make use of analysis definition languages • Define syntax and semantics of abstractions as Embedded Domain Specific Language • Automated partially abstract test case generation • Compare with SYNERGY (A. Nori et al, 2006)