JPFIntro

JPFIntro - JavaTM PathFinder Neha Rungta NASA Ames Research...

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: JavaTM PathFinder Neha Rungta NASA Ames Research Center So;ware Crisis So;ware crisis declared in 1968 Programs around 100K lines of code What has changed? Programs bigger (5M40M) Processors faster and memory larger Programs in more places (Ubiquitous?) So;ware engineering relaQvely the same If 1968 was a crisis then, what is today? So;ware Engineering LiTle engineering in so;ware engineering Very liTle modeling and analysis Reuse and copy is common Trial and error tesQng Struggle to produce reliable so;ware Reality Check Data: Standish Group, 1995 survey of 365 companies and 8,380 applications. NIST Report 02-3: The economic impacts of inadequate infrastructure for software testing. (May 2002). So;ware Engineering Cost decrease with early error discovery Evolution Cost increase with late error discover Most decisions made Detail design and code structure High level design and system architecture Requirement analysis and system engineering Testing Coding Bad decisions found So;ware Model Checking Detailed modeling and analysis Most decisions made Detail design and code structure High level design and system architecture Requirement analysis and system engineering Evolution Testing Coding Bad decisions found Reduced need for testing So;ware Model Checking Detailed modeling and analysis Most decisions made Detail design and code structure High level design and system architecture Requirement analysis and system engineering iniQator valid == 0 & ack == 0 target * data = DATA valid = 1 ack = 1 valid == 1 & ack == 1 Formalize requirements in mathematically precise language Build logical models of all designs and analyze with requirements Do not move up until designs provably implement requirements and meet specifications So;ware Model Checking Evolution Testing Coding Bad decisions found What can so;ware model checking find? Errors in deep execuQon traces Deadlock, livelock, and starvaQon Race condiQons Priority inversion and locking problems Resource allocaQon errors Bounds checking Incompleteness and redundancy Logic problems What ever you ask! BTW, don't ask don't tell policy JPF History not a new project: around for 10 years and conQnuously developed: 1999 project started as front end for Spin model checker 2000 reimplementaQon as concrete virtual machine for so;ware model checking (concurrency defects) 2003 introducQon of extension interfaces 2005 open sourced on Sourceforge 2008 parQcipaQon in Google Summer of Code 2009 moved to own server, hosQng extension projects and Wiki JPF's Home hTp://babelfish.arc.nasa.gov/trac/jpf JPF's User Forum hTp://groups.google.com/group/javapathfinder Overall Architecture Exploring Choices model checker needs choices to explore state space there are many potenQal types of choices (scheduling, data, ..) choice types should not be hardwired in model checker Choice Generators transiQons begin with a choice and extend unQl the next ChoiceGenerator (CG) is set (by instrucQon, naQve peer or listener) advance posiQons the CG on the next unprocessed choice (if any) backtrack goes up to the next CG with unprocessed choices Choice Generators Search Strategies state explosion miQgaQon: search the interesQng state space part first ("get to the bug early, before running out of memory") Search instances encapsulate (configurable) search policies Search Strategies Bytecode Factory Example ... [20] [21] [10] [11] [12] JPF configuraQon [13] [14] vm.insn_factory.class = [15] ... .numeric.NumericInstructionFactory compiler iinc goto 10 void notSoObvious(int x){ iload_4 int a = x*50; bipush int b = 19437583; if_icmpge 22 int c = a; iload_3 for (int k=0; k<100; k++){ iload_2 c += b; iadd System.out.println(c); }} ... notSoObvious(21474836); class loading class IADD extends Instruction { Instruction execute (.., ThreadInfo ti) { int v1 = ti.pop(); int v2 = ti.pop(); int res = v1 + v2; if ((v1>0 && v2>0 && res<=0) ...throw ArithmeticException.. code execuQon (by JPF) ATributes ParQal Order ReducQon POR State SerializaQon Heap Symmetry NaQve Methods Listeners Design Hierarchy Checking NonNull AnnotaQon on Return public class NonnullChecker extends ListenerAdapter { ... public void executeInstruction (JVM vm) { Instruction insn = vm.getLastInstruction(); ThreadInfo ti = vm.getLastThreadInfo(); if (insn instanceof ARETURN) { // check @NonNull method returns ARETURN areturn = (ARETURN)insn; MethodInfo mi = insn.getMethodInfo(); if (areturn.getReturnValue(ti) == null) { if (mi.getAnnotation("java.annotation.Nonnull") != null) { Instruction nextPc = ti.createAndThrowException( "java.lang.AssertionError", "null return from @Nonnull method: " + mi.getCompleteName()); ti.setNextPC(nextPC); return; } } .. JPF and JUnit derive your test cases from gov.nasa.jpf.util.test.TestJPF run normally under JUnit or from Ant <junit ..> task be aware of that test case is run by JVM and JPF public class ConstTest extends TestJPF { staQc final String JPF_ARGS = { "+listener=.aprop.listener.ConstChecker" }; // standard driver to execute single test methods public staQc void main(String args) { runTestsOfThisClass(args); } // the test methods @Test public void testSta-cConstOk () { if (verifyNoPropertyViolaQon(JPF_ARGS)){ ConstTest.checkThis(); } } ... VerificaQon goal code checked by JPF Obtaining JPF Mercurial repositories on hTp://babelfish.arc.nasa.gov/hg/jpf/{jpfcore,jpfaprop,...} Eclipse Steps (1) Eclipse Update site: hTp://cbes.javaforge.com/update (1) File Import Mercurial - Clone repository using Mercurial - Next (2) Specify hTp://babelfish.arc.nasa.gov/hg/jpf/jpfcore (3) Check the box for 'Search for .project files in clone and use them to create projects' (4) Finish (1) Project Properties - Select Builders - Ant Builder - Click Edit (2) Click JRE tab - Separate JREs - Installed JREs (3) Pick a JDK 1.6xxx...JRE will not find javac (1) Get Mercurial (2) Get jpfcore (3) Build 36 Running JPF (1) Create site.properties in $(user.home)/.jpf One line is enough for now: $(user.home)/My Documents/workspace/jpf-core Install Eclipse Plugin (from the website descripQon) Ensure that you are running Eclipse >= 3.5 (Galileo) In Eclipse go to Help > Install New So;ware In the new window selected "Add" The name is up to you but, set "LocaQon" to hTp://babelfish.arc.nasa.gov/trac/jpf/rawaTachment/wiki/ install/eclipseplugin/update/ From the "Work with:" drop down menu select the update site that you just entered from the previous step Check the "EclipseJPF" check box, select "Next" and go through the install process. Running JPF (2) Right click on *.jpf file and pick "Verify" Go to src/examples and right click on oldclassic.jpf Should see a deadlock! Configuring JPF almost nothing in JPF is hardwired great flexibility but config can be inQmidaQng all of JPFs configuraQon is done through Java properQes (but with some extended property file format) keyword expansion jpf-root = ${user.home}/jpf previously defined properQes system properQes append extensions+=,jpf-aprop no space between key and `+' ! prepend +peer_packages=jpf-symbc/build/peers, direcQves hierarchical process dependencies @requires jpf-awt recursive loading @include ../jpf-symbc/jpf.properties system defaults (from jpf.jar) site.properQes project properQes from all site configured projects (<projectdir>/jpf.properQes) current project properQes (./jpf.properQes) selected applicaQon properQes file (*.jpf) command line args (e.g. bin/jpf +listener=.listeners.ExecTracker ...) Demo Automated Test Case generaQon Symbolic ExecuQon int m(int y){ 1: if (y>0) 2: y++; 3: else 4: y; 5: return y; } pp: 2 pc: Y > 0 v[y]: Y pp: 5 pc: Y > 0 v[y]: Y + 1 pp: pp + 1 pc: Y > 0 v[y]: Y + 1 v[RETURN]: Y + 1 pp: 1 pc: true v[y]: Y pp: 4 pc: !(Y > 0) v[y]: Y pp: 5 pc: !(Y > 0) v[y]: Y 1 pp: pp + 1 pc: !(Y > 0) v[y]: Y 1 v[RETURN]: Y 1 41 msum= {((Y>0), RETURN=Y+1), !(Y>0), RETURN=Y1)} Agile Development 42 EvoluQon Regression analysis technique focused on version differences Combines syntacQc and semanQc analysis techniques IdenQfy and characterize effects of program changes Version Differences Directed Symbolic ExecuQon 43 Background Abstract Syntax Tree if (a > b) a = a + b; if > a b = a a + b 44 Control Flow Graph a > b true a = a + b false ... ... Incremental ExecuQon 45 Incremental Analysis 46 Incremental Analysis 2 affected path condiQons 47 Extensions! ...
View Full Document

This note was uploaded on 02/07/2012 for the course CS 4322 taught by Professor Martinrinard during the Spring '11 term at MIT.

Ask a homework question - tutors are online