the smart programming assistant
DESCRIPTION
The smart programming assistant. Francesco Logozzo Researcher Microsoft Research, Redmond 3-403. What is it?. Vision for modern programming. Developed at RiSE, Microsoft Research. Real-time feedback. Report tricky bugs and regressions. Code improvements. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: The smart programming assistant](https://reader035.vdocuments.net/reader035/viewer/2022062814/568167f3550346895ddd67cf/html5/thumbnails/1.jpg)
![Page 2: The smart programming assistant](https://reader035.vdocuments.net/reader035/viewer/2022062814/568167f3550346895ddd67cf/html5/thumbnails/2.jpg)
The smart programming assistantFrancesco LogozzoResearcherMicrosoft Research, Redmond3-403
![Page 3: The smart programming assistant](https://reader035.vdocuments.net/reader035/viewer/2022062814/568167f3550346895ddd67cf/html5/thumbnails/3.jpg)
What is it?Vision for modern programming.Developed at RiSE, Microsoft Research.Real-time feedback.Report tricky bugs and regressions.Code improvements.Suggest code fixes and specifications.
![Page 4: The smart programming assistant](https://reader035.vdocuments.net/reader035/viewer/2022062814/568167f3550346895ddd67cf/html5/thumbnails/4.jpg)
“Standing on the shoulders of giants”CodeContracts.Contracts library part of .NET since v4.0.• Specify preconditions, postconditions, object-invariants.
Contracts tools: Static checker, and other tools available on VS Gallery.• Overall 100K downloads.
Roslyn CTP.C#/VB compilers as services.Open-up the compiler pipeline to expose internals.• ASTs, Refactoring…
![Page 5: The smart programming assistant](https://reader035.vdocuments.net/reader035/viewer/2022062814/568167f3550346895ddd67cf/html5/thumbnails/5.jpg)
Code contracts static checkerVisual Studio/Roslyn
Semantic Inference.
Error checking.
Verified repairs.
Pre/post inference.
Semantic baseline.
Stored information
Answer queries.Code
Architecture
![Page 6: The smart programming assistant](https://reader035.vdocuments.net/reader035/viewer/2022062814/568167f3550346895ddd67cf/html5/thumbnails/6.jpg)
Demo!
![Page 7: The smart programming assistant](https://reader035.vdocuments.net/reader035/viewer/2022062814/568167f3550346895ddd67cf/html5/thumbnails/7.jpg)
Questions?
![Page 8: The smart programming assistant](https://reader035.vdocuments.net/reader035/viewer/2022062814/568167f3550346895ddd67cf/html5/thumbnails/8.jpg)
Evaluate this session
Scan this QR code to evaluate this session and be automatically entered in a drawing to win a prize!
![Page 9: The smart programming assistant](https://reader035.vdocuments.net/reader035/viewer/2022062814/568167f3550346895ddd67cf/html5/thumbnails/9.jpg)
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
![Page 10: The smart programming assistant](https://reader035.vdocuments.net/reader035/viewer/2022062814/568167f3550346895ddd67cf/html5/thumbnails/10.jpg)
Backup slides
![Page 11: The smart programming assistant](https://reader035.vdocuments.net/reader035/viewer/2022062814/568167f3550346895ddd67cf/html5/thumbnails/11.jpg)
CodeContractsContract API part of .NET since v.4.0. Tools available on VS Gallery.Almost 100K downloads overall.• Devlabs, VS Gallery.Active user MSDN forum.7700+ messages.
![Page 12: The smart programming assistant](https://reader035.vdocuments.net/reader035/viewer/2022062814/568167f3550346895ddd67cf/html5/thumbnails/12.jpg)
Available in VS Gallery!
MoreVS 2012 integration.Runtime checking.Documentation generation.LessPost-build static analysis.• Scale via team shared SQL DB.No refactoring.
![Page 13: The smart programming assistant](https://reader035.vdocuments.net/reader035/viewer/2022062814/568167f3550346895ddd67cf/html5/thumbnails/13.jpg)
![Page 14: The smart programming assistant](https://reader035.vdocuments.net/reader035/viewer/2022062814/568167f3550346895ddd67cf/html5/thumbnails/14.jpg)
Static analysisDifferent from FxCop, Coverity, Resharper…Those are (mostly) pattern-match based.Perform deep semantic code analysis. For each program point, infer invariants.Invariants are properties that hold for all possible executions.Main Idea: replace concrete values with abstract values.Example: Instead of x : {0, 2, 4, 6, 8, 10} have x : [0, 10] && x is even.
![Page 15: The smart programming assistant](https://reader035.vdocuments.net/reader035/viewer/2022062814/568167f3550346895ddd67cf/html5/thumbnails/15.jpg)
Inferencepublic int BinarySearch(int[] array, int value){ Contract.Requires(array != null); var inf = 0; var sup = array.Length - 1;
while (inf <= sup) {
var mid = (inf + sup) / 2; var midValue = array[mid];
if (midValue < value) inf = mid + 1; else if (midValue > value) sup = mid - 1; else return mid; }
return -1;}
inf: [0, 0], sup: [-1, MaxValue), sup < array.Length inf ≤ sup, sup: [0, MaxValue)
mid: [0, MaxValue), mid ≤ sup, mid < array.Length
inf: [1, MaxValue], sup: [0, MaxValue) inf:[0, 0], sup: [-1, MaxValue-1), sup < array.Length
inf: [0, MaxValue], sup: [-1, MaxValue), sup < array.Length
inf: [0, MaxValue], sup: [-1, MaxValue), sup < array.Length
array != null
![Page 16: The smart programming assistant](https://reader035.vdocuments.net/reader035/viewer/2022062814/568167f3550346895ddd67cf/html5/thumbnails/16.jpg)
MinValue ≤ (inf + sup) ≤ MaxValue
Checkspublic int BinarySearch(int[] array, int value){ Contract.Requires(array != null); var inf = 0; var sup = array.Length - 1;
while (inf <= sup) {
var mid = (inf + sup) / 2; var midValue = array[mid];
if (midValue < value) inf = mid + 1; else if (midValue > value) sup = mid - 1; else return mid; }
return -1;}
array != null
MinValue ≤ array.Length -1 ≤ MaxValue
0 ≤ mid array != null
mid < array.Length
MinValue ≤ mid + 1 ≤ MaxValue MinValue ≤ mid - 1 ≤ MaxValue
MinValue ≤ (inf + sup)/2 ≤ MaxValue
![Page 17: The smart programming assistant](https://reader035.vdocuments.net/reader035/viewer/2022062814/568167f3550346895ddd67cf/html5/thumbnails/17.jpg)
MinValue ≤ (inf + sup) ≤ MaxValue
Error checkingpublic int BinarySearch(int[] array, int value){ Contract.Requires(array != null); var inf = 0; var sup = array.Length - 1;
while (inf <= sup) {
var mid = (inf + sup) / 2; var midValue = array[mid];
if (midValue < value) inf = mid + 1; else if (midValue > value) sup = mid - 1; else return mid; }
return -1;}
array != null
MinValue ≤ array.Length -1 ≤ MaxValue
0 ≤ mid
array != null
mid < array.Length
MinValue ≤ mid + 1 ≤ MaxValue MinValue ≤ mid - 1 ≤ MaxValue
inf: [0, MaxValue], sup: [0, MaxValue], sup < array.Length
array != null
MinValue ≤ (inf + sup)/2 ≤ MaxValue
mid: [0, MaxValue)
MinValue ≤(inf + sup) ≤ MaxValue
![Page 18: The smart programming assistant](https://reader035.vdocuments.net/reader035/viewer/2022062814/568167f3550346895ddd67cf/html5/thumbnails/18.jpg)
Repairing overflowsLeverage the semantic information inferred by the static analysis
For instance, assume that 0 ≤ x, 0 ≤ y, 0 ≤ zThen x + y < z may overflowWe derive a non-overflowing expression like that
(x! + y!)? < z!
as 0 ≤ x, then –x cannot underflow
=y! < (z! +(– x!)!)?
as 0 ≤ z and 0 ≤ x, then z – x cannot underflow
=y! < (z! +(– x!)!)!
![Page 19: The smart programming assistant](https://reader035.vdocuments.net/reader035/viewer/2022062814/568167f3550346895ddd67cf/html5/thumbnails/19.jpg)
Extract methodpublic int Decrement(int x){ Contract.Requires(x >= 5); Contract.Ensures(Contract.Result<int>() >= 0);
while (x != 0) x--;
return x;}
public int Decrement(int x){ Contract.Requires(x >= 5); Contract.Ensures(Contract.Result<int>() >= 0);
x = NewMethod(x);
return x;}
private static int NewMethod(int x){ while (x != 0) x--; return x;}
![Page 20: The smart programming assistant](https://reader035.vdocuments.net/reader035/viewer/2022062814/568167f3550346895ddd67cf/html5/thumbnails/20.jpg)
And the (modular) proof?public int Decrement(int x){ Contract.Requires(x >= 5); Contract.Ensures(Contract.Result<int>() >= 0);
while (x != 0) x--;
return x;}
public int Decrement(int x){ Contract.Requires(x >= 5); Contract.Ensures(Contract.Result<int>() >= 0);
x = NewMethod(x);
return x;}
private static int NewMethod(int x){ while (x != 0) x--; return x;}
Postcondition: okNo
overflow
Possible overflow
Postcondition
Violation?
![Page 21: The smart programming assistant](https://reader035.vdocuments.net/reader035/viewer/2022062814/568167f3550346895ddd67cf/html5/thumbnails/21.jpg)
CompletenessThe verification of the callee should still go through.Counterexample: Valid and safe contract, but not complete.public int Decrement(int x){ Contract.Requires(x >= 5); Contract.Ensures(Contract.Result<int>() >=0);
x = NewMethod(x);
return x;}
private static int NewMethod(int x){ Contract.Requires(x >= 5); Contract.Ensures(Contract.Result<int>() <= x);
while (x != 0) x--; return x;}
Can’t prove
ensuresok
![Page 22: The smart programming assistant](https://reader035.vdocuments.net/reader035/viewer/2022062814/568167f3550346895ddd67cf/html5/thumbnails/22.jpg)
ValidityThe inferred contract should be valid.Counterexample:public int Decrement(int x){ Contract.Requires(x >= 5); Contract.Ensures(Contract.Result<int>() >=0);
x = NewMethod(x);
return x;}
private static int NewMethod(int x){ Contract.Requires(x >= 5); Contract.Ensures(Contract.Result<int>()==12345);
while (x != 0) x--; return x;}
okInvalid ensure
s
![Page 23: The smart programming assistant](https://reader035.vdocuments.net/reader035/viewer/2022062814/568167f3550346895ddd67cf/html5/thumbnails/23.jpg)
SafetyThe precondition of the extracted method should advertise possible errors.Counterexample:public int Decrement(int x){ Contract.Requires(x >= 5); Contract.Ensures(Contract.Result<int>() >=0);
x = NewMethod(x);
return x;}
private static int NewMethod(int x){ Contract.Ensures(Contract.Result<int>() == 0);
while (x != 0) x--; return x;}
ok Possible overflow
![Page 24: The smart programming assistant](https://reader035.vdocuments.net/reader035/viewer/2022062814/568167f3550346895ddd67cf/html5/thumbnails/24.jpg)
GeneralityThe inferred contract is the most general satisfying Validity, Safety, and Completeness.Counterexample: Valid, Safe, and Complete, but not General contract.public int Decrement(int x){ Contract.Requires(x >= 5); Contract.Ensures(Contract.Result<int>() >=0);
x = NewMethod(x);
return x;}
private static int NewMethod(int x){ Contract.Requires(x >= 5); Contract.Ensures(Contract.Result<int>() == 0);
while (x != 0) x--; return x;}
ok ok
Requires too
strong
![Page 25: The smart programming assistant](https://reader035.vdocuments.net/reader035/viewer/2022062814/568167f3550346895ddd67cf/html5/thumbnails/25.jpg)
Our solutionValid, Safe, Complete, and General contract
public int Decrement(int x){ Contract.Requires(x >= 5); Contract.Ensures(Contract.Result<int>() >=0);
x = NewMethod(x);
return x;}
private static int NewMethod(int x){ Contract.Requires(x >= 0); Contract.Ensures(Contract.Result<int>() == 0);
while (x != 0) x--; return x;}
ok ok
![Page 26: The smart programming assistant](https://reader035.vdocuments.net/reader035/viewer/2022062814/568167f3550346895ddd67cf/html5/thumbnails/26.jpg)
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.