![Page 1: Dynamically Discovering Likely Program Invariants All material in this presentation is derived from documentation online at the Daikon website,](https://reader036.vdocuments.us/reader036/viewer/2022071808/56649f065503460f94c1afb1/html5/thumbnails/1.jpg)
Dynamically Discovering Likely Program Invariants
All material in this presentation is derived from documentation online at the Daikon website,http://pag.csail.mit.edu/daikon/
and from publications by Michael D. Ernst, Jake Cockrell, William G. Griswold, and David Notkin.
Presented by Neeraj Khanolkar
![Page 2: Dynamically Discovering Likely Program Invariants All material in this presentation is derived from documentation online at the Daikon website,](https://reader036.vdocuments.us/reader036/viewer/2022071808/56649f065503460f94c1afb1/html5/thumbnails/2.jpg)
Daikon Means ..
• A daikon is a type of Asian radish. Daikon is pronounced like the two English words die-con.
• The name can be thought of as standing for "dynamic conjectures".
![Page 3: Dynamically Discovering Likely Program Invariants All material in this presentation is derived from documentation online at the Daikon website,](https://reader036.vdocuments.us/reader036/viewer/2022071808/56649f065503460f94c1afb1/html5/thumbnails/3.jpg)
Current Release of Daikon
• Is completely written in Java. (Needs JVM 1.5 to run)
• Is quite easy to install and use for inference on Java programs. (Simply put daikon.jar in your classpath)
• Has a rich suite of tools operating on invariants. (Daikon tools can be used to print the inferred invariants in JML format, and to automatically annotate source files with the JML specs)
![Page 4: Dynamically Discovering Likely Program Invariants All material in this presentation is derived from documentation online at the Daikon website,](https://reader036.vdocuments.us/reader036/viewer/2022071808/56649f065503460f94c1afb1/html5/thumbnails/4.jpg)
Original Program
Instrumented Program
Instrumentation
Data trace database
Execution with test suite
Invariants
Detection of Invariants
Architecture of the Daikon tool
![Page 5: Dynamically Discovering Likely Program Invariants All material in this presentation is derived from documentation online at the Daikon website,](https://reader036.vdocuments.us/reader036/viewer/2022071808/56649f065503460f94c1afb1/html5/thumbnails/5.jpg)
A Simple Examplepublic class ArraySum{
private void dummy(int sum, int[] theArray){
}
...
public int getSum(int[] b){
int i = 0;
int s = 0;
int n = b.length;
while(i != n){
s = s + b[i];
i = i + 1;
}
this.dummy(s,b);
return s;
}
}
The call to dummy(s,b) is a hack to record the local variable s.
Daikon's current front ends do not produce output for local variables, only for variables visible from outside a procedure.
![Page 6: Dynamically Discovering Likely Program Invariants All material in this presentation is derived from documentation online at the Daikon website,](https://reader036.vdocuments.us/reader036/viewer/2022071808/56649f065503460f94c1afb1/html5/thumbnails/6.jpg)
Daikon Output In JML FormatArraySum.getSum(int[]):::ENTER
Variables: …
b != null
(daikon.Quant.size(b) >> daikon.Quant.size(b)-1 == 0)
===================================================
ArraySum.getSum(int[]):::EXIT
Variables: …
assignable b, b[*]
daikon.Quant.pairwiseEqual(b, \old(b))
\result != daikon.Quant.size(b)-1
(\old(daikon.Quant.size(b)) >> daikon.Quant.size(b)-1 == 0)
![Page 7: Dynamically Discovering Likely Program Invariants All material in this presentation is derived from documentation online at the Daikon website,](https://reader036.vdocuments.us/reader036/viewer/2022071808/56649f065503460f94c1afb1/html5/thumbnails/7.jpg)
Simple Example II
public class ArraySum{
...
public int[] getReverse(int[] b){
int[] reverse = new int[b.length];
for(int i = 0; i < reverse.length; i++){
reverse[i] = b[reverse.length - i - 1];
}
return reverse;
}
...
}
![Page 8: Dynamically Discovering Likely Program Invariants All material in this presentation is derived from documentation online at the Daikon website,](https://reader036.vdocuments.us/reader036/viewer/2022071808/56649f065503460f94c1afb1/html5/thumbnails/8.jpg)
Daikon Output In JML FormatArraySum.getReverse(int[]):::ENTER
Variables: ….
b != null
(daikon.Quant.size(b) >> daikon.Quant.size(b)-1 == 0)
===================================================
ArraySum.getReverse(int[]):::EXIT
Variables: …
assignable b, b[*]
daikon.Quant.pairwiseEqual(b, \old(b))
daikon.Quant.size(\result) == \old(daikon.Quant.size(b))
\result != null
daikon.Quant.isReverse(b, \result)
daikon.Quant.size(\result) >> daikon.Quant.size(b)-1 == 0)
![Page 9: Dynamically Discovering Likely Program Invariants All material in this presentation is derived from documentation online at the Daikon website,](https://reader036.vdocuments.us/reader036/viewer/2022071808/56649f065503460f94c1afb1/html5/thumbnails/9.jpg)
What Invariants Are Inferred?
• Invariants over any variable– Constant Value– Uninitialized
• Invariants over a single numeric variable– Range limits– Non-zero
• Invariants over two numeric variables– Linear relationship y = ax + b– Ordering comparison
![Page 10: Dynamically Discovering Likely Program Invariants All material in this presentation is derived from documentation online at the Daikon website,](https://reader036.vdocuments.us/reader036/viewer/2022071808/56649f065503460f94c1afb1/html5/thumbnails/10.jpg)
What Invariants Are Inferred?
• Invariants over three numeric variables• Invariants over a single sequence variable
– Range: Minimum and maximum sequence values
– Element ordering
• Invariants over two sequence variables– Subsequence relationship
– Reversal
• Invariants over a sequence and a numeric variable
![Page 11: Dynamically Discovering Likely Program Invariants All material in this presentation is derived from documentation online at the Daikon website,](https://reader036.vdocuments.us/reader036/viewer/2022071808/56649f065503460f94c1afb1/html5/thumbnails/11.jpg)
How Are Invariants Inferred?
• For each variable or tuple of variables, each potential invariant is tested.
• For instance, given 3 variables x, y and z– Each potential binary invariant is checked for <x, y>,
for <x, z> and for <y, z>.
– Each potential unary invariant is checked for x, for y and for z.
– Each potential ternary invariant is checked for
<x, y, z>.
![Page 12: Dynamically Discovering Likely Program Invariants All material in this presentation is derived from documentation online at the Daikon website,](https://reader036.vdocuments.us/reader036/viewer/2022071808/56649f065503460f94c1afb1/html5/thumbnails/12.jpg)
How Are Invariants Inferred?
• A sample is a tuple of values for the instrumented variables at a program point, stemming from one execution of that program point.
• An invariant is checked by testing each sample in turn.
• As soon as a sample not satisfying the invariant is encountered, the invariant is known not to hold and is not checked for any subsequent samples.
![Page 13: Dynamically Discovering Likely Program Invariants All material in this presentation is derived from documentation online at the Daikon website,](https://reader036.vdocuments.us/reader036/viewer/2022071808/56649f065503460f94c1afb1/html5/thumbnails/13.jpg)
Additional Derived Variables
• From sequence s– Length i.e. size(s)– Extremal elements: s[0], s[size(s) – 1]
• From any numeric sequence s– Minimum and maximum: min(s) and max(s)
• From any sequence s and any numeric variable i– Element at index s[i]– Subsequence s[0..i]
• From function invocations– Number of calls
![Page 14: Dynamically Discovering Likely Program Invariants All material in this presentation is derived from documentation online at the Daikon website,](https://reader036.vdocuments.us/reader036/viewer/2022071808/56649f065503460f94c1afb1/html5/thumbnails/14.jpg)
Inferred Invariants Useful In Modifying Programs.
(Case Study Experience)
• Explicated data structures.• Confirmed and contradicted expectations.• Revealed a bug.• Demonstrated test suite inadequacy.• Validated program changes.