The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Artificial software diversity: automatic synthesis of program sosies
1. Artificial software diversity:
automatic synthesis of
program sosies
Benoit Baudry
Joint work with Simon Allier, Ioannis Kavvouras, Julien
Langlois and Martin Monperrus
2. Diversity to handle / increase uncertainty
l Navigate through the program space
l brittleness versus plasticity of software
l Failure detection
l Moving target
l Self-repair of software
4. Program sosie
4
• Given a
specification S
• Given a program
P that conforms
to S
correct
implementation
5. Program sosie
5
• Given a
specification S
• Given a program
P that conforms
to S
• A sosie of P is a
variant that also
conforms to S
a sosie
6. Program sosie
6
potential
failures or
breaches
failure diversity
• Given a
specification S
• Given a program
P that conforms
to S
• A sosie of P is a
variant that also
conforms to S
7. Specification: data and properties
fun : Function
assert abs(fun(.5) - 0.25) < 0.05
assert abs(fun(.4) - 0.16) < 0.05
assert abs(fun(.3) - 0.09) < 0.05
l The test input data specifies the input domain
l The assertions specify the level of abstraction
8. Sosies and Diversity
l There is a diversity of sosies
l There may be a diversity of output outside the
specified domain
l The specified input domain and the
associated level of abstraction allows more or
less diversity
The diversity is a dependent variable of
the input domain and level of abstraction
9. Sosies are not
l The identity / the clone
l Program equivalence (the same output for all
possible inputs)
l The same output
l on the specified input domain
l at a given level of abstraction
l Could be called "phenotypic equivalence"
10. Research questions
Do sosies exist?
Can we automatically synthesize them?
What are effective transformations?
10
11. Automatic Synthesis of Sosies
l We replace a given piece of code by another
one and see whether all assertions remain
satisfied
l Pieces of code:
l Method calls
l Methods
l Expressions
l ...
12. Example of sosie
12
@Override
public void report(SortedMap<String, Gauge> gauges,
SortedMap<String, Counter> counters,
SortedMap<String, Histogram> histograms,
SortedMap<String, Meter> meters,
SortedMap<String, Timer> timers) {
final long timestamp = TimeUnit.MILLISECONDS.toSeconds(clock.getTime());
for (Map.Entry<String, Gauge> entry : gauges.entrySet()) {
reportGauge(timestamp, entry.getKey(), entry.getValue());
}
for (Map.Entry<String, Counter> entry : counters.entrySet()) {
reportCounter(timestamp, entry.getKey(), entry.getValue());
}
for (Map.Entry<String, Histogram> entry : histograms.entrySet()) {
reportHistogram(timestamp, entry.getKey(), entry.getValue());
}
for (Map.Entry<String, Meter> entry : meters.entrySet()) {
reportMeter(timestamp, entry.getKey(), entry.getValue());
}
for (Map.Entry<String, Timer> entry : timers.entrySet()) {
reportTimer(timestamp, entry.getKey(), entry.getValue());
}
}
13. Example of sosie
13
@Override
public void report(SortedMap<String, Gauge> gauges,
SortedMap<String, Counter> counters,
SortedMap<String, Histogram> histograms,
SortedMap<String, Meter> meters,
SortedMap<String, Timer> timers) {
InputContext: [long]
OutputContext: void
codeFragment: if (least >= bound)
final long timestamp = TimeUnit.MILLISECONDS.toSeconds(clock.getTime());
throw new java.lang.IllegalArgumentException();
for (Map.Entry<String, Gauge> entry : gauges.entrySet()) {
reportGauge(timestamp, entry.getKey(), entry.getValue());
}
InputContext: [long]
OutputContext: void
codeFragment: if (n <= 0)
for (Map.Entry<String, Counter> entry : counters.entrySet()) {
reportCounter(timestamp, entry.getKey(), entry.getValue());
}
for (Map.Entry<String, Histogram> entry : histograms.entrySet()) {
throw new java.lang.IllegalArgumentException("n must be
reportHistogram(timestamp, entry.getKey(), entry.getValue());
positive");
}
for (Map.Entry<String, Meter> entry : meters.entrySet()) {
reportMeter(timestamp, entry.getKey(), entry.getValue());
}
for (Map.Entry<String, Timer> entry : timers.entrySet()) {
reportTimer(timestamp, entry.getKey(), entry.getValue());
}
}
14. Example of sosie
14
@Override
public void report(SortedMap<String, Gauge> gauges,
SortedMap<String, Counter> counters,
SortedMap<String, Histogram> histograms,
SortedMap<String, Meter> meters,
SortedMap<String, Timer> timers) {
final long timestamp = TimeUnit.MILLISECONDS.toSeconds(clock.getTime());
for (Map.Entry<String, Gauge> entry : gauges.entrySet()) {
reportGauge(timestamp, entry.getKey(), entry.getValue());
}
for (Map.Entry<String, Counter> entry : counters.entrySet()) {
if (timestamp <= 0)
throw new java.lang.IllegalArgumentException("n must be positive");
}
for (Map.Entry<String, Histogram> entry : histograms.entrySet()) {
reportHistogram(timestamp, entry.getKey(), entry.getValue());
}
for (Map.Entry<String, Meter> entry : meters.entrySet()) {
reportMeter(timestamp, entry.getKey(), entry.getValue());
}
for (Map.Entry<String, Timer> entry : timers.entrySet()) {
reportTimer(timestamp, entry.getKey(), entry.getValue());
}
}
variable mapping: {n=timestamp}
InputContext: [long]
OutputContext: void
codeFragment: if (n <= 0)
throw new java.lang.IllegalArgumentException("n must be
positive");
15. What is effective for sosiefication?
• Evaluate the efficiency of 9 transformations:
• Replace/Add/Delete
• CMNVM Replace/Add: context mapping but not
variable mapping
• NCMVMN Replace/Add: not context mapping but
mapping on variable name
• NCM Replace/Add: no context mapping
15
18. What to do with sosies?
l Demonstrate plastic properties of software
l Functional equivalence and repair
l Functional resillience; replacement in case of bugs (ICSE'13
Gorla et al.)
l Use as gene pool
l Randomize execution to create a moving target
l Functional sense of self ("detect-fast")
The diversity of functionally equivalent code
improves the robustness and resilience
of software