safety as a software metric l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Safety as a Software Metric PowerPoint Presentation
Download Presentation
Safety as a Software Metric

Loading in 2 Seconds...

play fullscreen
1 / 37

Safety as a Software Metric - PowerPoint PPT Presentation


  • 207 Views
  • Uploaded on

Safety as a Software Metric. Matthias Felleisen and Robert Corky Cartwright Rice University. Why Safety as a Metric? . Measuring Software: Syntax versus Semantics What is Programming Language Safety ? What Makes an Individual Program Safe ? How about Teaching Program Safety? .

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Safety as a Software Metric' - sandra_john


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
safety as a software metric

Safety as a Software Metric

Matthias Felleisen and Robert Corky Cartwright

Rice University

why safety as a metric
Why Safety as a Metric?
  • Measuring Software: Syntax versus Semantics
  • What is Programming LanguageSafety ?
  • What Makes an Individual Program Safe ?
  • How about Teaching Program Safety?
why measure software
Why Measure Software?
  • correct and efficient software
  • maintainable software
  • extensible software
what do metrics measure
What do Metrics Measure?
  • lines of code
  • number of procedures, gotos, loops, modules, statements versus expressions, …
  • in short: Syntactic Attributes of software
what should metrics measure
What should Metrics Measure?
  • correctness
  • extensibility
  • maintainability
  • in short: semantic and organizational attributes
measuring correctness is difficult
Measuring Correctness is Difficult
  • goal: measure certain aspects of correctness
  • specifically: assume the programming language is safe, what kind of problems can we predict?
safety a high level view 1
Safety -- A High-Level View (1)

“Close the valve by

10 degrees!”

“Turned the valve by

10 degrees!”

safety a high level view 2
Safety -- A High-Level View (2)

“Close the valve by

10 degrees!”

“Turned the valve by

15 degrees!”

safety a high level view 3
Safety -- A High-Level View (3)

“OUCH!”

“Close the valve by

10 degrees!”

safety a high level view 4
Safety -- A High-Level View (4)

-------------

-------

-------------

---------

----------

safety a high level view 5
Safety -- A High-Level View (5)

-------------

-------

-------------

---------

----------

ERROR!

c and c are not safe
C and C++ are NOT Safe!

int f(int n, int m) {

int r = n % m;

if (0 == r)

return m;

else

return f(m,r);

}

main() {

char a = 'a';

char b = 'b';

int mn[2] = {24,6};

char c = 'c';

char d = 'd';

printf("%d\n",f(mn[0],mn[1]));

printf("%d\n",f(mn[0],c));

printf("%d\n",f(mn[0],mn[2]));

}

safety in programming languages
Safety in Programming Languages
  • a safe language protects every computational primitive, e.g., +, *, if, vector-lookup, record dereference, …
  • protection is implemented with a mixture of compile-time and run-time checks
  • safety guarantees errors are caught
  • safety greatly increases effectiveness of debugging
safety
Safety
  • … is NOT just TYPE checking!
examples
Examples

Fortran

C

C++

Perl

ML

Eiffel

Java

Scheme (untyped, but safe)

SAFE Languages

UNSAFE Languages

measuring the safety of programs
Measuring the Safety of Programs
  • programs in safe languages signal errors
  • programs should not signal errors
  • determine whether any computational primitive might signal an error
  • make programmers explain potential faults
mrspidey measuring the safety of scheme programs
MrSpidey: Measuring the Safety of Scheme Programs
  • Scheme is a dialect of Algol and LISP
  • lexical scope, first-class functions (“mini-objects”)
  • LISP’s syntax (parentheses) and primitives (cons, car, and cdr)
measuring safety is more than checking types
Measuring Safety is More than Checking Types
  • check general “data shapes”
  • lists with at least N items
  • vector references
an elaborate example from the scheme front end
An Elaborate Example from the Scheme Front-end

S-expression

S-expression

(let (<var> <rhs:exp>)

<body:exp>)

((lambda (<var>) <body:exp>)

<rhs:exp>)

program construction rice university fall 1998
Program Construction: Rice University, Fall 1998
  • course on program safety
  • understanding
  • measuring
  • based on Scheme and Java
on safety of languages and programs
On Safety of Languages and Programs
  • programming language safety
  • program safety
  • theory and tools for “measuring” program safety
    • logics that conservatively approximate semantics
    • logics that extend the logic of type checking
the pragmatics of mrspidey
The Pragmatics of MrSpidey
  • using MrSpidey:
    • checking
    • understanding potential fault sites:
      • data set
      • data flow
    • is it a problem with the program?
    • is it a problem with the theory/tool?
    • if the latter, can a re-organization help?
hands on work
Hands-on Work
  • homework assignments
    • sets of problems for each bullet
    • increasing complexity
    • theory and practice
  • project: implement sequential subset of Java
    • modules and data invariants that cross boundaries
    • exploring large pieces of code
evaluation 1
Evaluation (1)
  • course evaluation: excellent
  • targeted questions:
    • understanding of language safety
    • understanding of program safety
    • understanding of measuring safety with theorem provers
    • effectiveness of homeworks versus project
evaluation 2
Evaluation (2)

Positives:

appreciate safety

appreciate tools

appreciate theory

understand the above based on homework

Negatives

project too large

summary
Summary
  • new, semantics-based thinking about “metrics”
  • extensions: measuring stronger invariants (numeric constraints, polyvariant); measuring organization (patterns?)
  • teaching: a good approach to have students understand partial correctness
thank you
Thank You

Mike Fagan (92)

Andrew Wright (94)

Cormac Flanagan (96)

Matthew Flatt

Shriram Krishnamurthi

Robby Findler