Modular Verification of Procedure Equivalence in the Presence of Memory Allocation

We present a new technique for automatically synthesizing replacement classes. The technique starts with an original class O and a potential replacement class R, then uses R to synthesize a new class that implements the same interface and provides the same functionality as O. Critically, our technique works with a synthesized inter-class equivalence predicate between the states of O and R. It uses this predicate to ensure that original and synthesized methods leave corresponding O and R objects in equivalent states. The predicate therefore enables the technique to synthesize individual replacement methods in isolation while still obtaining a replacement class that leaves the original and replacement objects in equivalent states after arbitrarily long method invocation sequences. We have implemented the technique as part of a tool, named M , and evaluated it using open-source Java classes. The results highlight the e ectiveness of M in synthesizing replacement classes. CCS Concepts: • Software and its engineering → Programming by example; Object oriented frameworks.

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Synthesizing replacement classes

Samak

Kim

Rinard

2019

“…Cross-version program analysis. Prior work on comparing closely related programs versions include regression verification that checks semantic equivalence using uninterpreted function abstraction of equivalent callees [Felsing et al 2014;Godlin and Strichman 2008;Lahiri et al 2012], mutual summaries Wood et al 2017], relational invariant inference to prove differential properties and verification modulo versions [Logozzo et al 2014]. Other approaches include static analysis for abstract differencing [Jackson and Ladd 1994;Partush and Yahav 2014], symbolic execution for verifying assertion-equivalence [Ramos and Engler 2011] and differential symbolic execution to summarize differences [Person et al 2008].…”

Section: Related Workmentioning

confidence: 99%

Verified three-way program merge

Sousa

Dillig

Lahiri

2018

Self Cite

Even though many programmers rely on 3-way merge tools to integrate changes from different branches, such tools can introduce subtle bugs in the integration process. This paper aims to mitigate this problem by defining a semantic notion of conflict-freedom, which ensures that the merged program does not introduce new unwanted behaviors. We also show how to verify this property using a novel, compositional algorithm that combines lightweight summarization for shared program fragments with precise relational reasoning for the modifications. Towards this goal, our method uses a 4-way differencing algorithm on abstract syntax trees to represent different program versions as edits applied to a shared program with holes. This representation allows our verification algorithm to reason about different edits in isolation and compose them to obtain an overall proof of conflict freedom. We have implemented the proposed technique in a new tool called SafeMerge for Java and evaluate it on 52 real-world merge scenarios obtained from Github. The experimental results demonstrate the benefits of our approach over syntactic conflict-freedom and indicate that SafeMerge is both precise and practical. CCS Concepts: • Software and its engineering → Formal software verification;

“…Unlike translation validation where the two programs are expressed at different levels of abstraction and transformations are intra-procedural, regression verification deals with two programs across a refactoring, feature addition or bug-fix with changes possibly spread across procedures. Approaches range from the use of differential symbolic execution [Person et al 2008] for loop-free and recursion-free programs, techniques based on uninterpreted functions to deal with mutual recursion [Godlin and Strichman 2009;Lahiri et al 2012], use of mutual summaries for checking heap-manipulating programs Wood et al 2017], to the use of standard invariant inference for inferring intermediate relational invariants [Felsing et al 2014;]. Because the invariants and assertions relate program variables, the resulting verification conditions are expressible in first-order theories supported by SMT solvers.…”

Section: Related Workmentioning

confidence: 99%

Verifying equivalence of database-driven applications

Wang

Dillig

Lahiri

et al. 2017

Self Cite

This paper addresses the problem of verifying equivalence between a pair of programs that operate over databases with different schemas. This problem is particularly important in the context of web applications, which typically undergo database refactoring either for performance or maintainability reasons. While web applications should have the same externally observable behavior before and after schema migration, there are no existing tools for proving equivalence of such programs. This paper takes a first step towards solving this problem by formalizing the equivalence and refinement checking problems for database-driven applications. We also propose a proof methodology based on the notion of bisimulation invariants over relational algebra with updates and describe a technique for synthesizing such bisimulation invariants. We have implemented the proposed technique in a tool called Mediator for verifying equivalence between database-driven applications written in our intermediate language and evaluate our tool on 21 benchmarks extracted from textbooks and real-world web applications. Our results show that the proposed methodology can successfully verify 20 of these benchmarks.