1 / 16

Hybrid Program Analysis for Error Detection

Hybrid Program Analysis for Error Detection. Michael Achenbach University of Aarhus Denmark. Hypothesis. Combine program verification techniques to get a good verification tool. Examples from Literature. Testing, abstraction, theorem proving: better together! (T. Ball et al, 2006)

primo
Download Presentation

Hybrid Program Analysis for Error Detection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Hybrid Program Analysis for Error Detection Michael Achenbach University of AarhusDenmark

  2. Hypothesis • Combine program verification techniques to get a good verification tool

  3. Examples from Literature • Testing, abstraction, theorem proving: better together! (T. Ball et al, 2006) • Generalized symbolic execution for model checking and testing (S. Khurshid et al, 2003) • DART (P. Godefroid et al, 2005) • CUTE / jCUTE (K. Sen et al, 2005) Static Analysis Fixed Point Calculation Abstract Interpretation Dynamic Analysis Testing Runtime Monitoring Model Checking Type Checkers Theorem Proving Full Logical Proof Constraint Solving Decision Procedures

  4. Hypothesis • Combine program verification techniques to get a good verification tool • Combine static analysis and testing • One framework for both methods • Check for safety properties • Enable syntax for abstractions on the programming level

  5. Testing normal execution buggy execution abstraction boundaries

  6. Static Analysis normal execution buggy execution buggy abstraction abstraction boundaries

  7. Hybrid Program Analysis normal execution buggy execution buggy abstraction abstraction boundaries

  8. Seamless Scaling Run 1 Run 4 Static Analysis Testing Run 3 Run 2 TVLA ESP … DART CUTE …

  9. Outline • Extended Monotone Framework • Examples and Usage Scenarios • Future Work

  10. loop cond false true assert stmt 1 stmt n Extended Monotone Framework • Prototype for WHILE language with MFP algorithm • Lattice over sets of states • Specifications from assertions become transfer functions Problem: State explosion in concrete evaluations! while(?){ assert …; stmt 1; … stmt n; }

  11. ov Extended Monotone Framework • Each state contains: • Stack of loop evaluations • Abstraction of the store • Introduce merge operator that overwrites old state with new state • Drops monotonicity New termination issues loop cond false true stmt 1 stmt 2 stmt n

  12. Specify partially abstract test stub Perform concrete unit testing Example: Test Stubs // Method under test String critical(Permission pm, Domain dom, String user){if(pm.hasAccess(user)) return access(dom);elsereturn "permission denied"; } // Partially abstract test stub class APermission implements Permission{ boolean hasAccess(String user){ if(user <<= VALID) returntrue;if(user <<= INVALID) returnfalse;return ?; } } // Test case testCritical(){ assert critical(new APermission(),..., INVALID) .equals("permission denied"); }

  13. Specify invariants and safety properties Define partitions of abstract input values Example: Invariants procedure probabilisticExtension(x){ r := 0;while(x > 0){ y := x * x; z := random(x, y); // Invariant and safety property checkassert z <<= [x,y];assert z != 0; x := x - (x / z); r := r + 1; } return r; } procedure test(){ assert probabilisticExtension([-inf,0]) = 0; assert probabilisticExtension([1,1]) = 1; assert probabilisticExtension([2,+inf]) >= 1; }

  14. Other Usage Scenarios • Iterative refinement of test input • Compare with predicate refinement • Partially abstract tests as pointcut specification language in AOP (compare with H. Masuhara et al, 2008) • Non-standard interpretations (compare with J. M. Siskind et al, 2007)

  15. Future Work • Cope with more language features • Make abstractions easily pluggable • Make use of analysis definition languages • Define syntax and semantics of abstractions as Embedded Domain Specific Language • Automated partially abstract test case generation • Compare with SYNERGY (A. Nori et al, 2006)

  16. Questions?

More Related