Software Engineering Research and Tools Overview

fun with code tests and verification n.w
1 / 22
Embed
Share

Exploring software engineering research tools such as static verification, test generation, and program semantics to build, maintain, and understand programs effectively. Examples of tools like SDV, Sage, HAVOC, Pex, and VCC are discussed, along with concepts like Hoare triple and loop invariants.

  • Software
  • Engineering
  • Tools
  • Research
rayaanacharya
maddoxxc Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Fun with code, tests, and verification K. Rustan M. Leino Research in Software Engineering (RiSE) Microsoft Research, Redmond Caltech Pasadena, CA 12 November 2009

  2. Software engineering research Goal Better build, maintain, and understand programs How do we do it? Specifications Tools, tools, tools Program semantics Verification-condition generation, symbolic execution, model checking, abstract interpretation, fuzzing, test generation Satisfiability Modulo Theories (SMT)

  3. Some specification/verification tools at Microsoft Static Driver Verifier (SDV) Applied regularly to all Microsoft device drivers of the supported device models, ~300 bugs found Available to third parties in Windows DDK Sage Applied regularly 100s of people doing various kinds of fuzzing HAVOC Has been applied to 100s of KLOC ~40 bugs in resource leaks, lock usage, use-after-free Pex Test generation, uses Code Contracts Applied to various libraries components VCC Being applied to Microsoft Hypervisor

  4. Spec# programming system [Barnett, F hndrich, Leino, M ller, Schulte, Venter, et al.] Research prototype Spec# language C# 2.0 + non-null types + contracts Checking: Static type checking Run-time checking Static verification

  5. Chunker Spec#

  6. Reasoning about programs Hoare triple every terminating execution trace of program S that starts in a state satisfying P does not go wrong, and terminates in a state satisfying Q { P } S { Q } says that

  7. Assignments { } x := E { Q } Q[E/x] Examples: { } x := y { x is even } { } x := x + 1 { x < 100 } { } x := 3*y { x*x + 5*x = 721 } y is even x < 99 9*y*y + 15*y = 721

  8. Loops To prove: find a loop invariant J and prove: invariant holds initially: P J invariant is maintained: { J B } S { J } invariant is strong enough to establish postcondition: J B Q { P } while B do S end { Q }

  9. Cubes Spec#

  10. Chalice [Leino, M ller, Smans] Experimental language with focus on: Shared-memory concurrency Static verification Key features Memory access governed by a model of permissions Sharing via locks with monitor invariants Deadlock checking, dynamic lock re-ordering Channels Other features Classes; Mutual exclusion and readers/writers locks; Fractional permissions;Two-state monitor invariants; Asynchronous method calls; Memory leak checking; Logic predicates and functions; Ghost and prophecy variables

  11. Inc Chalice

  12. Transfer of permissions method Main() { var c := new Counter; call c.Inc(); } method Inc() requiresacc(y) ensuresacc(y) { y := y + 1; }

  13. Shared state What if two threads want write access to the same location? methodA() { y := y + 21; } class Fib { var y: int; method Main() { var c := new Fib; fork c.A(); fork c.B(); } } ? methodB() { y := y + 34; }

  14. Monitors methodA() { acquirethis; y := y + 21; releasethis; } class Fib { var y: int; invariantacc(y); method Main() { var c := new Fib; share c; fork c.A(); fork c.B(); } } methodB() { acquirethis; y := y + 34; releasethis; }

  15. Monitor invariants Like other specifications, can hold both permissions and conditions Example: invariant acc(y) && 0 <= y

  16. Boogie a verification platform [Barnett, Jacobs, Leino, Moskal, R mmer, et al.] C with HAVOC specifications C with VCC specifications Spec# Dafny Chalice Boogie Isabelle/ HOL Simplify Z3 SMT Lib

  17. Encoding object-oriented programs in Boogie Boogie

  18. Specifications: .NET today StringBuilder.Append Method (Char[], Int32, Int32) Appends the string representation of a specified subarray of Unicode characters to the end of this instance. Parameters value A character array. startIndex The starting position in value. charCount The number of characters append. Return Value A reference to this instance after the append operation has occurred. Exceptions public public StringBuilder Append Append(char char[] value, int int startIndex, int int charCount); Exception Type Condition ArgumentNullException value is a null reference, and startIndex and charCount are not zero. ArgumentOutOfRangeException charCount is less than zero. -or- startIndex is less than zero. -or- startIndex + charCount is less than the length of value.

  19. Specifications in Spec# public StringBuilder Append(char[] value, int startIndex, int charCount ); requires value == null ==> startIndex == 0 && charCount == 0; requires 0 <= startIndex; requires 0 <= charCount; requires value != null ==> startIndex + charCount <= value.Length; ensures result == this;

  20. Specifications with Code Contracts [Barnett, F hndrich, Grunkemeyer, Logozzo, et al.] (.NET 4.0) public StringBuilder Append(char[] value, int startIndex, int charCount ) { Contract.Requires(value != null || (startIndex == 0 && charCount == 0)); Contract.Requires(0 <= startIndex); Contract.Requires(0 <= charCount); Contract.Requires(value == null || startIndex + charCount <= value.Length); Contract.Ensures(Contracts.Result<StringBuilder>() == this); // method implementation... } Note that postcondition is declared at top of method body, which is not where it should be executed. A rewriter tool moves these.

  21. TrimSuffix Code Contracts and Pex [Tillman & de Halleux]

  22. Try it for yourself Spec# (open source): http://specsharp.codeplex.com VCC (open source): http://vcc.codeplex.com Boogie, Chalice, Dafny (open source): http://boogie.codeplex.com Code Contracts: http://research.microsoft.com/contracts Pex: http://research.microsoft.com/pex RiSE: http://research.microsoft.com/rise

Related


GIS Application for EPC Asset Damage Assessment post-2009 Tsunami

GIS Application for EPC Asset Damage Assessment post-2009 Tsunami

hiro
Project 2009-01 Event Reporting Updates

Project 2009-01 Event Reporting Updates

davis
Trends in College Mental Health Indicators: 2009-2018 Surveys

Trends in College Mental Health Indicators: 2009-2018 Surveys

tobin
Irrigation Service Centre Project Results 2009-2010

Irrigation Service Centre Project Results 2009-2010

vest_idy
Insights on First-Year Seminars: 2009 National Survey Findings

Insights on First-Year Seminars: 2009 National Survey Findings

jmcfa
Events as a Strategic Marketing Tool: Effect Measurement and Evaluation - World Cyclo-Cross Championships 2009

Events as a Strategic Marketing Tool: Effect Measurement and Evaluation - World Cyclo-Cross Championships 2009

jav_c
Caltech Retiree Annual Open Enrollment 2021 Information

Caltech Retiree Annual Open Enrollment 2021 Information

agand
Community Vitality Assessment in Wallowa County: 2009 Findings and Social Goals

Community Vitality Assessment in Wallowa County: 2009 Findings and Social Goals

joeleenh
The Impact of the RRN 2009 - 2019: A Decade of Recovery Research Network Reflection

The Impact of the RRN 2009 - 2019: A Decade of Recovery Research Network Reflection

cervantes_i
Overview of 2009 IECC Energy Code in West Virginia

Overview of 2009 IECC Energy Code in West Virginia

winn_654
Analysis of Variance in Women's Professional Bowling Association - 2009

Analysis of Variance in Women's Professional Bowling Association - 2009

spola
Bathymetry Trackline Fitting Techniques at ACM SIGSPATIAL GIS 2009

Bathymetry Trackline Fitting Techniques at ACM SIGSPATIAL GIS 2009

ava_b
Overview of Aerial Lift Testing Per ANSI 92.2-2009 Standards

Overview of Aerial Lift Testing Per ANSI 92.2-2009 Standards

kheringt
Key Differences Between 2003 and 2009 ICC/ANSI A117.1 for Plumbing Subcode

Key Differences Between 2003 and 2009 ICC/ANSI A117.1 for Plumbing Subcode

dunnigan_b
National Travel Survey 2009 - Summary Findings

National Travel Survey 2009 - Summary Findings

remmers_k
Louisiana 2009 Traffic Records Data Report: Analysis and Insights

Louisiana 2009 Traffic Records Data Report: Analysis and Insights

mhen
Institutional AAR: SBCT vs FCS 1999-2009 & The Transformation Decade

Institutional AAR: SBCT vs FCS 1999-2009 & The Transformation Decade

dyl_m
Challenges and Feedback from 2009 Sonoma MPI Community Sessions

Challenges and Feedback from 2009 Sonoma MPI Community Sessions

etty_486
Evolution of Rock Melody: 1954-2009 Analysis

Evolution of Rock Melody: 1954-2009 Analysis

arrd597
Land Law Reform Act 2009: Section 31 Applications Overview

Land Law Reform Act 2009: Section 31 Applications Overview

homr
CEBP Learning Institute Fall 2009 Evaluation Report

CEBP Learning Institute Fall 2009 Evaluation Report

moak_i
UK Renal Registry 23rd Annual Report 2019 Data Analysis

UK Renal Registry 23rd Annual Report 2019 Data Analysis

elyj_764

More Related Content