1 / 26

The smart programming assistant

The smart programming assistant. Francesco Logozzo Researcher Microsoft Research, Redmond 3-403. What is it?. Vision for modern programming. Developed at RiSE, Microsoft Research. Real-time feedback. Report tricky bugs and regressions. Code improvements.

tybalt
Download Presentation

The smart programming assistant

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The smart programming assistant Francesco Logozzo Researcher Microsoft Research, Redmond 3-403

  2. What is it? • Vision for modern programming. • Developed at RiSE, Microsoft Research. • Real-time feedback. • Report tricky bugs and regressions. • Code improvements. • Suggest code fixes and specifications.

  3. “Standing on the shoulders of giants” • CodeContracts. • Contracts library part of .NET since v4.0. • Specify preconditions, postconditions, object-invariants. • Contracts tools: Static checker, and other tools available on VS Gallery. • Overall 100K downloads. • Roslyn CTP. • C#/VB compilers as services. • Open-up the compiler pipeline to expose internals. • ASTs, Refactoring…

  4. Architecture Code contracts static checker Code Error checking. Semantic Inference. Answer queries. Visual Studio/Roslyn Verified repairs. Pre/post inference. Semantic baseline. Stored information

  5. Demo!

  6. Questions?

  7. Required Slide *delete this box when your slide is finalized Your MS Tag will be inserted here during the final scrub. Evaluate this session • Scan this QR codeto evaluate this session and be automatically entered in a drawing to win a prize!

  8. Backup slides

  9. CodeContracts • Contract API part of .NET since v.4.0. • Tools available on VS Gallery. • Almost 100K downloads overall. • Devlabs, VS Gallery. • Active user MSDN forum. • 7700+ messages.

  10. Available in VS Gallery! • More • VS 2012 integration. • Runtime checking. • Documentation generation. • Less • Post-build static analysis. • Scale via team shared SQL DB. • No refactoring.

  11. Static analysis • Different from FxCop, Coverity, Resharper… • Those are (mostly) pattern-match based. • Perform deep semantic code analysis. • For each program point, infer invariants. • Invariants are properties that hold for all possible executions. • Main Idea: replace concrete values with abstract values. • Example: Instead of x : {0, 2, 4, 6, 8, 10} have x : [0, 10] && x is even.

  12. Inference publicint BinarySearch(int[] array, int value) { Contract.Requires(array != null); varinf = 0; var sup = array.Length - 1; while (inf <= sup) { var mid = (inf + sup) / 2; varmidValue = array[mid]; if (midValue < value) inf = mid + 1; elseif (midValue > value) sup = mid - 1; else return mid; } return -1; } array != null inf: [0, MaxValue], sup: [-1, MaxValue), sup < array.Length inf: [0, 0], sup: [-1, MaxValue), sup < array.Length inf ≤ sup, sup: [0, MaxValue) mid: [0, MaxValue), mid ≤ sup, mid < array.Length inf: [1, MaxValue], sup: [0, MaxValue) inf:[0, 0], sup: [-1, MaxValue-1), sup < array.Length inf: [0, MaxValue], sup: [-1, MaxValue), sup < array.Length

  13. Checks publicint BinarySearch(int[] array, int value) { Contract.Requires(array != null); varinf = 0; var sup = array.Length - 1; while (inf <= sup) { var mid = (inf + sup) / 2; varmidValue = array[mid]; if (midValue < value) inf = mid + 1; elseif (midValue > value) sup = mid - 1; else return mid; } return -1; } array != null MinValue ≤ array.Length -1 ≤ MaxValue MinValue ≤ (inf + sup)/2 ≤ MaxValue MinValue ≤ (inf + sup) ≤ MaxValue array != null 0 ≤ mid mid < array.Length MinValue ≤ mid + 1 ≤ MaxValue MinValue ≤ mid - 1 ≤ MaxValue

  14. Error checking publicint BinarySearch(int[] array, int value) { Contract.Requires(array != null); varinf = 0; var sup = array.Length - 1; while (inf <= sup) { var mid = (inf + sup) / 2; varmidValue = array[mid]; if (midValue < value) inf = mid + 1; elseif (midValue > value) sup = mid - 1; else return mid; } return -1; } array != null array != null MinValue ≤ array.Length -1 ≤ MaxValue inf: [0, MaxValue], sup: [0, MaxValue], sup < array.Length MinValue ≤ (inf + sup) ≤ MaxValue MinValue ≤ (inf + sup)/2 ≤ MaxValue MinValue ≤(inf + sup) ≤ MaxValue array != null 0 ≤ mid mid < array.Length mid: [0, MaxValue) MinValue ≤ mid + 1 ≤ MaxValue MinValue ≤ mid - 1 ≤ MaxValue

  15. Repairing overflows Leverage the semantic information inferred by the static analysis For instance, assume that 0 ≤ x, 0 ≤ y, 0 ≤ z Then x + y < z may overflow We derive a non-overflowing expression like that

  16. Extract method publicint Decrement(int x) { Contract.Requires(x >= 5); Contract.Ensures(Contract.Result<int>() >= 0); while (x != 0) x--; return x; } publicint Decrement(int x) { Contract.Requires(x >= 5); Contract.Ensures(Contract.Result<int>() >= 0); x = NewMethod(x); return x; } privatestaticintNewMethod(int x) { while (x != 0) x--; return x; }

  17. And the (modular) proof? publicint Decrement(int x) { Contract.Requires(x >= 5); Contract.Ensures(Contract.Result<int>() >= 0); while (x != 0) x--; return x; } publicint Decrement(int x) { Contract.Requires(x >= 5); Contract.Ensures(Contract.Result<int>() >= 0); x = NewMethod(x); return x; } privatestaticint NewMethod(int x) { while (x != 0) x--; return x; } Postcondition: ok Postcondition Violation? No overflow Possible overflow

  18. Completeness ok Can’t prove ensures The verification of the callee should still go through. Counterexample: Valid and safe contract, but not complete.

  19. Validity ok Invalid ensures The inferred contract should be valid. Counterexample:

  20. Safety ok Possible overflow The precondition of the extracted method should advertise possible errors. Counterexample:

  21. Generality Requires too strong ok ok The inferred contract is the most general satisfying Validity, Safety, and Completeness. Counterexample: Valid, Safe, and Complete, but not General contract.

  22. Our solution ok ok Valid, Safe, Complete, and General contract

More Related