SlideShare a Scribd company logo

Tailored source-code-transformation-synthesize-computationally-diverse-program-variants

FoCAS Initiative
FoCAS Initiative

Diversify presentation by Benoit Baudry, Simon Allier, Martin Monperrus

Technology
1 of 32
Download to read offline
Tailored Source Code Transformations to Synthesize Computationally Diverse Program Variants Benoit Baudry, Simon Allier, Martin Monperrus
• This talk is about the generation of very large quantities of sosie programs 2
sosie program • Given a specification S 3
sosie program 4 • Given a specification S • Given a program P that conforms to S specified correct behavior bugs, vulnerabilities expected behavior
sosie program 5 • Given a specification S • Given a program P that conforms to S • A sosie of P is a variant of P that also conforms to S a sosie
Motivation • Explore brittelness vs. plasticity of software • Large quantities of diverse variants • Moving target • Failure detection computation failure diversity 6 diversity
Software brittleness 7 SRSLSLRSRLLSSRRLRL G. Berry. « A la chasse aux bugs, la maladie du certain » (8 juin 2011)
Software brittleness hypothesis 8 SRSLSLRSRLLSSRRLRL G. Berry. « A la chasse aux bugs, la maladie du certain » (8 juin 2011)
Software brittleness hypothesis 9 SRSLSLRSRLLSSRRLRL SRSLSLSSRLLSSRRLRL G. Berry. « A la chasse aux bugs, la maladie du certain » (8 juin 2011)
Software brittleness hypothesis 10 SRSLSLRSRLLSSRRLRL SRSLSLSSRLLSSRRLRL G. Berry. « A la chasse aux bugs, la maladie du certain » (8 juin 2011)
Software brittleness 11
12
Software plasticity hypothesis 13
Software plasticity hypothesis 14 SRSLSLRSRLLSSRRLRL SRSLSLSSRLLSSRRLRL Rinard et al. ICSE’10, FSE’11 POPL’12, PLDI’14 sosie
Specification: data and properties fun : Function assert abs(fun(.5) - 0.25) < 0.05 assert abs(fun(.4) - 0.16) < 0.05 assert abs(fun(.3) - 0.09) < 0.05 l The test input data specifies the input domain l The assertions specify the level of abstraction
Research questions Do sosies exist? Can we automatically synthesize them? What are effective transformations? 16
Sosiefication process 17 7UDQVIRUPDWLRQ RQILJXUDWLRQ RYHUDJHKHFN RSWLRQDO
7UDQVIRUPDWLRQ 6RVLHKHFN 3URJUDP3 9DULDQW3¶ 6RVLH3¶ 6SHFLILFDWLRQ 7HVW6XLWH
3URJUDP 7UDQVIRUPDWLRQ GHJHQHUDWHG YDULDQW3¶ RPSLODWLRQ RN ,QSXW VWHS 2XWSXW VWHS VWHS PHWULFV
Automatic Synthesis of Sosies l We add/deleted/replace a given statement by another one and see whether all assertions remain satisfied l we pick code from the same program l Four strategies l random l wittgenstein: replace with variables that have the same name l reaction: replace with variables that have the same type l steroid: reaction + rename variables
Experimental data 19 #test cases #assert coverage #statement compile 1me test 1me Junit 721 1535 82% 2914 4.5 14.4 EasyMock 617 924 91% 2042 4 7.8 Dagger (core) 128 210 85% 674 5.1 11.2 JBehave-­‐core 485 1451 89% 4984 5.5 22.9 Metrics 214 312 79% 1471 4.7 7.7 commons-­‐ collec1ons 1121 5397 84% 9893 7.9 22.9 commons-­‐lang 2359 13681 94% 11715 6.3 24.6 commons-­‐math 3544 9559 92% 47065 9.2 144.2 clojure NA NA 71% 18533 105.1 185
20 nb of trial: 298938 nb of compile: 81394 nb of sosie: 28805 (10%) don’t compile don’t pass all test cases sosies
Computation diversity • Goal: unpredictability of execution flow • Computation monitoring: • method calls diversity • variable diversity 21 A.foo() IndexedCollection.retainAll(Collection) AbstractCollectionDecorator.retainAll(Collection) AbstractCollectionDecorator.decorated() other calls original call IndexedCollection.reindex() ... sosie call other calls
22 Easymock: 465 sosies Dagger: 481 sosies Junit: 446 sosies
Conclusion • Sosies exist • for all programs • Sosies can exhibit computation diversity • Next steps • variability-aware execution • is computational diversity unbounded? 23 https://github.com/DIVERSIFY-project/sosies-generator http://diversify-project.eu/sosiefied-programs/
References • Zeyuan Allen Zhu, Sasa Misailovic, Jonathan A. Kelner, Martin C. Rinard: Randomized accuracy-aware program transformations for efficient approximate computations. POPL 2012: 441-454 • Eric Schulte, Jonathan Dorn, Stephen Harding, Stephanie Forrest, Westley Weimer: Post-compiler software optimization for reducing energy. ASPLOS 2014: 639-652 • Frederick B Cohen: Operating system protection through program evolution. Computers Security 12, 6 (1993): 565–584. 24
25
Sosies on line • MDMS • simple blog app • JS on client and server sides • Server side stack • JS • Java • DB • environment 26 MDMS RingoJS Rhino JVM Redis DB OS
Sosies on line • Monoculture • multiple instances for performance • load balancer • all instances are clones 27 Internet http request Nginx load balancer config 0 config 0 config 0 config 0 config 0 config 0
Sosies on line • Diversified deployment • All server instances are different • Combine natural and artificial diversity 28 Internet http request Nginx load balancer config 1 config 2 config 3 config 4 config 5 config 6
29
Reactions graph • Reactions graph • one node per reaction • there is an edge between n1 and n2 if n2.in_context == n1.in_context ∨ n1.out_context 30 R1 (int) code (boolean) R2 (boolean) code (int)

Recommended

Access pattern of tags
Access pattern of tagsAccess pattern of tags
Access pattern of tagsHarish Chetty
 
VNUS Workshop Jordan2010
VNUS Workshop Jordan2010VNUS Workshop Jordan2010
VNUS Workshop Jordan2010James Lawson MD /PhD
 
Advances In Varicose Vein Treatment
Advances In Varicose Vein TreatmentAdvances In Varicose Vein Treatment
Advances In Varicose Vein Treatmentguestad3816b5
 
It Does What You Say, Not What You Mean: Lessons From A Decade of Program Repair
It Does What You Say, Not What You Mean: Lessons From A Decade of Program RepairIt Does What You Say, Not What You Mean: Lessons From A Decade of Program Repair
It Does What You Say, Not What You Mean: Lessons From A Decade of Program RepairClaire Le Goues
 
Blinkdb
BlinkdbBlinkdb
BlinkdbNitish Upreti
 
IA3_presentation.pptx
IA3_presentation.pptxIA3_presentation.pptx
IA3_presentation.pptxKtonNguyn2
 
Declarative benchmarking of cassandra and it's data models
Declarative benchmarking of cassandra and it's data modelsDeclarative benchmarking of cassandra and it's data models
Declarative benchmarking of cassandra and it's data modelsMonal Daxini
 
SAST, CWE, SEI CERT and other smart words from the information security world
SAST, CWE, SEI CERT and other smart words from the information security worldSAST, CWE, SEI CERT and other smart words from the information security world
SAST, CWE, SEI CERT and other smart words from the information security worldAndrey Karpov
 

Recommended

Access pattern of tags
Access pattern of tagsAccess pattern of tags
Access pattern of tagsHarish Chetty
 
VNUS Workshop Jordan2010
VNUS Workshop Jordan2010VNUS Workshop Jordan2010
VNUS Workshop Jordan2010James Lawson MD /PhD
 
Advances In Varicose Vein Treatment
Advances In Varicose Vein TreatmentAdvances In Varicose Vein Treatment
Advances In Varicose Vein Treatmentguestad3816b5
 
It Does What You Say, Not What You Mean: Lessons From A Decade of Program Repair
It Does What You Say, Not What You Mean: Lessons From A Decade of Program RepairIt Does What You Say, Not What You Mean: Lessons From A Decade of Program Repair
It Does What You Say, Not What You Mean: Lessons From A Decade of Program RepairClaire Le Goues
 
Blinkdb
BlinkdbBlinkdb
BlinkdbNitish Upreti
 
IA3_presentation.pptx
IA3_presentation.pptxIA3_presentation.pptx
IA3_presentation.pptxKtonNguyn2
 
Declarative benchmarking of cassandra and it's data models
Declarative benchmarking of cassandra and it's data modelsDeclarative benchmarking of cassandra and it's data models
Declarative benchmarking of cassandra and it's data modelsMonal Daxini
 
SAST, CWE, SEI CERT and other smart words from the information security world
SAST, CWE, SEI CERT and other smart words from the information security worldSAST, CWE, SEI CERT and other smart words from the information security world
SAST, CWE, SEI CERT and other smart words from the information security worldAndrey Karpov
 
ElasticSearch AJUG 2013
ElasticSearch AJUG 2013ElasticSearch AJUG 2013
ElasticSearch AJUG 2013Roy Russo
 
Big Linked Data Federation - ExtremeEarth Open Workshop
Big Linked Data Federation - ExtremeEarth Open WorkshopBig Linked Data Federation - ExtremeEarth Open Workshop
Big Linked Data Federation - ExtremeEarth Open WorkshopExtremeEarth
 
Graph-Based Source Code Analysis of JavaScript Repositories
Graph-Based Source Code Analysis of JavaScript Repositories Graph-Based Source Code Analysis of JavaScript Repositories
Graph-Based Source Code Analysis of JavaScript Repositories Dániel Stein
 
MMDS 2014: Myria (and Scalable Graph Clustering with RelaxMap)
MMDS 2014: Myria (and Scalable Graph Clustering with RelaxMap)MMDS 2014: Myria (and Scalable Graph Clustering with RelaxMap)
MMDS 2014: Myria (and Scalable Graph Clustering with RelaxMap)University of Washington
 
SERENE 2014 School: Daniel varro serene2014_school
SERENE 2014 School: Daniel varro serene2014_schoolSERENE 2014 School: Daniel varro serene2014_school
SERENE 2014 School: Daniel varro serene2014_schoolHenry Muccini
 
SERENE 2014 School: Incremental Model Queries over the Cloud
SERENE 2014 School: Incremental Model Queries over the CloudSERENE 2014 School: Incremental Model Queries over the Cloud
SERENE 2014 School: Incremental Model Queries over the CloudSERENEWorkshop
 
Moving Toward Deep Learning Algorithms on HPCC Systems
Moving Toward Deep Learning Algorithms on HPCC SystemsMoving Toward Deep Learning Algorithms on HPCC Systems
Moving Toward Deep Learning Algorithms on HPCC SystemsHPCC Systems
 
The DEBS Grand Challenge 2017
The DEBS Grand Challenge 2017The DEBS Grand Challenge 2017
The DEBS Grand Challenge 2017Roman Katerinenko
 
VRP2013 - Comp Aspects VRP
VRP2013 - Comp Aspects VRPVRP2013 - Comp Aspects VRP
VRP2013 - Comp Aspects VRPVictor Pillac
 
Scalaz By Example (An IO Taster) -- PDXScala Meetup Jan 2014
Scalaz By Example (An IO Taster) -- PDXScala Meetup Jan 2014Scalaz By Example (An IO Taster) -- PDXScala Meetup Jan 2014
Scalaz By Example (An IO Taster) -- PDXScala Meetup Jan 2014Susan Potter
 
Java se-7-evolves-toulouse-jug-2001-09-14
Java se-7-evolves-toulouse-jug-2001-09-14Java se-7-evolves-toulouse-jug-2001-09-14
Java se-7-evolves-toulouse-jug-2001-09-14Baptiste Mathus
 
Towards a Macrobenchmark Framework for Performance Analysis of Java Applications
Towards a Macrobenchmark Framework for Performance Analysis of Java ApplicationsTowards a Macrobenchmark Framework for Performance Analysis of Java Applications
Towards a Macrobenchmark Framework for Performance Analysis of Java ApplicationsGábor Szárnyas
 
DYNAMIC SLICING OF ASPECT-ORIENTED PROGRAMS
DYNAMIC SLICING OF ASPECT-ORIENTED PROGRAMSDYNAMIC SLICING OF ASPECT-ORIENTED PROGRAMS
DYNAMIC SLICING OF ASPECT-ORIENTED PROGRAMSPraveen Penumathsa
 
DYNAMIC SLICING OF ASPECT-ORIENTED PROGRAMS
DYNAMIC SLICING OF ASPECT-ORIENTED PROGRAMSDYNAMIC SLICING OF ASPECT-ORIENTED PROGRAMS
DYNAMIC SLICING OF ASPECT-ORIENTED PROGRAMSPraveen Penumathsa
 
ECMAScript 6 and the Node Driver
ECMAScript 6 and the Node DriverECMAScript 6 and the Node Driver
ECMAScript 6 and the Node DriverMongoDB
 
Tech Talks_25.04.15_Session 3_Tibor Sulyan_Distributed coordination with zook...
Tech Talks_25.04.15_Session 3_Tibor Sulyan_Distributed coordination with zook...Tech Talks_25.04.15_Session 3_Tibor Sulyan_Distributed coordination with zook...
Tech Talks_25.04.15_Session 3_Tibor Sulyan_Distributed coordination with zook...EPAM_Systems_Bulgaria
 
Ray: A Cluster Computing Engine for Reinforcement Learning Applications with ...
Ray: A Cluster Computing Engine for Reinforcement Learning Applications with ...Ray: A Cluster Computing Engine for Reinforcement Learning Applications with ...
Ray: A Cluster Computing Engine for Reinforcement Learning Applications with ...Databricks
 
Terence Barr - jdk7+8 - 24mai2011
Terence Barr - jdk7+8 - 24mai2011Terence Barr - jdk7+8 - 24mai2011
Terence Barr - jdk7+8 - 24mai2011Agora Group
 
A Scalable Dataflow Implementation of Curran's Approximation Algorithm
A Scalable Dataflow Implementation of Curran's Approximation AlgorithmA Scalable Dataflow Implementation of Curran's Approximation Algorithm
A Scalable Dataflow Implementation of Curran's Approximation AlgorithmNECST Lab @ Politecnico di Milano
 
Design Patterns Facilitated by Geode's WAN Distribution
Design Patterns Facilitated by Geode's WAN DistributionDesign Patterns Facilitated by Geode's WAN Distribution
Design Patterns Facilitated by Geode's WAN DistributionVMware Tanzu
 
Fundamentals of Collective Adaptive Systems Manifesto
Fundamentals of Collective Adaptive Systems ManifestoFundamentals of Collective Adaptive Systems Manifesto
Fundamentals of Collective Adaptive Systems ManifestoFoCAS Initiative
 
Final FoCAS Newsletter, Issue Eight, Winter 2016
Final FoCAS Newsletter, Issue Eight, Winter 2016Final FoCAS Newsletter, Issue Eight, Winter 2016
Final FoCAS Newsletter, Issue Eight, Winter 2016FoCAS Initiative
 

More Related Content

Similar to Tailored source-code-transformation-synthesize-computationally-diverse-program-variants

ElasticSearch AJUG 2013
ElasticSearch AJUG 2013ElasticSearch AJUG 2013
ElasticSearch AJUG 2013Roy Russo
 
Big Linked Data Federation - ExtremeEarth Open Workshop
Big Linked Data Federation - ExtremeEarth Open WorkshopBig Linked Data Federation - ExtremeEarth Open Workshop
Big Linked Data Federation - ExtremeEarth Open WorkshopExtremeEarth
 
Graph-Based Source Code Analysis of JavaScript Repositories
Graph-Based Source Code Analysis of JavaScript Repositories Graph-Based Source Code Analysis of JavaScript Repositories
Graph-Based Source Code Analysis of JavaScript Repositories Dániel Stein
 
MMDS 2014: Myria (and Scalable Graph Clustering with RelaxMap)
MMDS 2014: Myria (and Scalable Graph Clustering with RelaxMap)MMDS 2014: Myria (and Scalable Graph Clustering with RelaxMap)
MMDS 2014: Myria (and Scalable Graph Clustering with RelaxMap)University of Washington
 
SERENE 2014 School: Daniel varro serene2014_school
SERENE 2014 School: Daniel varro serene2014_schoolSERENE 2014 School: Daniel varro serene2014_school
SERENE 2014 School: Daniel varro serene2014_schoolHenry Muccini
 
SERENE 2014 School: Incremental Model Queries over the Cloud
SERENE 2014 School: Incremental Model Queries over the CloudSERENE 2014 School: Incremental Model Queries over the Cloud
SERENE 2014 School: Incremental Model Queries over the CloudSERENEWorkshop
 
Moving Toward Deep Learning Algorithms on HPCC Systems
Moving Toward Deep Learning Algorithms on HPCC SystemsMoving Toward Deep Learning Algorithms on HPCC Systems
Moving Toward Deep Learning Algorithms on HPCC SystemsHPCC Systems
 
The DEBS Grand Challenge 2017
The DEBS Grand Challenge 2017The DEBS Grand Challenge 2017
The DEBS Grand Challenge 2017Roman Katerinenko
 
VRP2013 - Comp Aspects VRP
VRP2013 - Comp Aspects VRPVRP2013 - Comp Aspects VRP
VRP2013 - Comp Aspects VRPVictor Pillac
 
Scalaz By Example (An IO Taster) -- PDXScala Meetup Jan 2014
Scalaz By Example (An IO Taster) -- PDXScala Meetup Jan 2014Scalaz By Example (An IO Taster) -- PDXScala Meetup Jan 2014
Scalaz By Example (An IO Taster) -- PDXScala Meetup Jan 2014Susan Potter
 
Java se-7-evolves-toulouse-jug-2001-09-14
Java se-7-evolves-toulouse-jug-2001-09-14Java se-7-evolves-toulouse-jug-2001-09-14
Java se-7-evolves-toulouse-jug-2001-09-14Baptiste Mathus
 
Towards a Macrobenchmark Framework for Performance Analysis of Java Applications
Towards a Macrobenchmark Framework for Performance Analysis of Java ApplicationsTowards a Macrobenchmark Framework for Performance Analysis of Java Applications
Towards a Macrobenchmark Framework for Performance Analysis of Java ApplicationsGábor Szárnyas
 
DYNAMIC SLICING OF ASPECT-ORIENTED PROGRAMS
DYNAMIC SLICING OF ASPECT-ORIENTED PROGRAMSDYNAMIC SLICING OF ASPECT-ORIENTED PROGRAMS
DYNAMIC SLICING OF ASPECT-ORIENTED PROGRAMSPraveen Penumathsa
 
DYNAMIC SLICING OF ASPECT-ORIENTED PROGRAMS
DYNAMIC SLICING OF ASPECT-ORIENTED PROGRAMSDYNAMIC SLICING OF ASPECT-ORIENTED PROGRAMS
DYNAMIC SLICING OF ASPECT-ORIENTED PROGRAMSPraveen Penumathsa
 
ECMAScript 6 and the Node Driver
ECMAScript 6 and the Node DriverECMAScript 6 and the Node Driver
ECMAScript 6 and the Node DriverMongoDB
 
Tech Talks_25.04.15_Session 3_Tibor Sulyan_Distributed coordination with zook...
Tech Talks_25.04.15_Session 3_Tibor Sulyan_Distributed coordination with zook...Tech Talks_25.04.15_Session 3_Tibor Sulyan_Distributed coordination with zook...
Tech Talks_25.04.15_Session 3_Tibor Sulyan_Distributed coordination with zook...EPAM_Systems_Bulgaria
 
Ray: A Cluster Computing Engine for Reinforcement Learning Applications with ...
Ray: A Cluster Computing Engine for Reinforcement Learning Applications with ...Ray: A Cluster Computing Engine for Reinforcement Learning Applications with ...
Ray: A Cluster Computing Engine for Reinforcement Learning Applications with ...Databricks
 
Terence Barr - jdk7+8 - 24mai2011
Terence Barr - jdk7+8 - 24mai2011Terence Barr - jdk7+8 - 24mai2011
Terence Barr - jdk7+8 - 24mai2011Agora Group
 
A Scalable Dataflow Implementation of Curran's Approximation Algorithm
A Scalable Dataflow Implementation of Curran's Approximation AlgorithmA Scalable Dataflow Implementation of Curran's Approximation Algorithm
A Scalable Dataflow Implementation of Curran's Approximation AlgorithmNECST Lab @ Politecnico di Milano
 
Design Patterns Facilitated by Geode's WAN Distribution
Design Patterns Facilitated by Geode's WAN DistributionDesign Patterns Facilitated by Geode's WAN Distribution
Design Patterns Facilitated by Geode's WAN DistributionVMware Tanzu
 

Similar to Tailored source-code-transformation-synthesize-computationally-diverse-program-variants (20)

ElasticSearch AJUG 2013
ElasticSearch AJUG 2013ElasticSearch AJUG 2013
ElasticSearch AJUG 2013
 
Big Linked Data Federation - ExtremeEarth Open Workshop
Big Linked Data Federation - ExtremeEarth Open WorkshopBig Linked Data Federation - ExtremeEarth Open Workshop
Big Linked Data Federation - ExtremeEarth Open Workshop
 
Graph-Based Source Code Analysis of JavaScript Repositories
Graph-Based Source Code Analysis of JavaScript Repositories Graph-Based Source Code Analysis of JavaScript Repositories
Graph-Based Source Code Analysis of JavaScript Repositories
 
MMDS 2014: Myria (and Scalable Graph Clustering with RelaxMap)
MMDS 2014: Myria (and Scalable Graph Clustering with RelaxMap)MMDS 2014: Myria (and Scalable Graph Clustering with RelaxMap)
MMDS 2014: Myria (and Scalable Graph Clustering with RelaxMap)
 
SERENE 2014 School: Daniel varro serene2014_school
SERENE 2014 School: Daniel varro serene2014_schoolSERENE 2014 School: Daniel varro serene2014_school
SERENE 2014 School: Daniel varro serene2014_school
 
SERENE 2014 School: Incremental Model Queries over the Cloud
SERENE 2014 School: Incremental Model Queries over the CloudSERENE 2014 School: Incremental Model Queries over the Cloud
SERENE 2014 School: Incremental Model Queries over the Cloud
 
Moving Toward Deep Learning Algorithms on HPCC Systems
Moving Toward Deep Learning Algorithms on HPCC SystemsMoving Toward Deep Learning Algorithms on HPCC Systems
Moving Toward Deep Learning Algorithms on HPCC Systems
 
The DEBS Grand Challenge 2017
The DEBS Grand Challenge 2017The DEBS Grand Challenge 2017
The DEBS Grand Challenge 2017
 
VRP2013 - Comp Aspects VRP
VRP2013 - Comp Aspects VRPVRP2013 - Comp Aspects VRP
VRP2013 - Comp Aspects VRP
 
Scalaz By Example (An IO Taster) -- PDXScala Meetup Jan 2014
Scalaz By Example (An IO Taster) -- PDXScala Meetup Jan 2014Scalaz By Example (An IO Taster) -- PDXScala Meetup Jan 2014
Scalaz By Example (An IO Taster) -- PDXScala Meetup Jan 2014
 
Java se-7-evolves-toulouse-jug-2001-09-14
Java se-7-evolves-toulouse-jug-2001-09-14Java se-7-evolves-toulouse-jug-2001-09-14
Java se-7-evolves-toulouse-jug-2001-09-14
 
Towards a Macrobenchmark Framework for Performance Analysis of Java Applications
Towards a Macrobenchmark Framework for Performance Analysis of Java ApplicationsTowards a Macrobenchmark Framework for Performance Analysis of Java Applications
Towards a Macrobenchmark Framework for Performance Analysis of Java Applications
 
DYNAMIC SLICING OF ASPECT-ORIENTED PROGRAMS
DYNAMIC SLICING OF ASPECT-ORIENTED PROGRAMSDYNAMIC SLICING OF ASPECT-ORIENTED PROGRAMS
DYNAMIC SLICING OF ASPECT-ORIENTED PROGRAMS
 
DYNAMIC SLICING OF ASPECT-ORIENTED PROGRAMS
DYNAMIC SLICING OF ASPECT-ORIENTED PROGRAMSDYNAMIC SLICING OF ASPECT-ORIENTED PROGRAMS
DYNAMIC SLICING OF ASPECT-ORIENTED PROGRAMS
 
ECMAScript 6 and the Node Driver
ECMAScript 6 and the Node DriverECMAScript 6 and the Node Driver
ECMAScript 6 and the Node Driver
 
Tech Talks_25.04.15_Session 3_Tibor Sulyan_Distributed coordination with zook...
Tech Talks_25.04.15_Session 3_Tibor Sulyan_Distributed coordination with zook...Tech Talks_25.04.15_Session 3_Tibor Sulyan_Distributed coordination with zook...
Tech Talks_25.04.15_Session 3_Tibor Sulyan_Distributed coordination with zook...
 
Ray: A Cluster Computing Engine for Reinforcement Learning Applications with ...
Ray: A Cluster Computing Engine for Reinforcement Learning Applications with ...Ray: A Cluster Computing Engine for Reinforcement Learning Applications with ...
Ray: A Cluster Computing Engine for Reinforcement Learning Applications with ...
 
Terence Barr - jdk7+8 - 24mai2011
Terence Barr - jdk7+8 - 24mai2011Terence Barr - jdk7+8 - 24mai2011
Terence Barr - jdk7+8 - 24mai2011
 
A Scalable Dataflow Implementation of Curran's Approximation Algorithm
A Scalable Dataflow Implementation of Curran's Approximation AlgorithmA Scalable Dataflow Implementation of Curran's Approximation Algorithm
A Scalable Dataflow Implementation of Curran's Approximation Algorithm
 
Design Patterns Facilitated by Geode's WAN Distribution
Design Patterns Facilitated by Geode's WAN DistributionDesign Patterns Facilitated by Geode's WAN Distribution
Design Patterns Facilitated by Geode's WAN Distribution
 

More from FoCAS Initiative

Fundamentals of Collective Adaptive Systems Manifesto
Fundamentals of Collective Adaptive Systems ManifestoFundamentals of Collective Adaptive Systems Manifesto
Fundamentals of Collective Adaptive Systems ManifestoFoCAS Initiative
 
Final FoCAS Newsletter, Issue Eight, Winter 2016
Final FoCAS Newsletter, Issue Eight, Winter 2016Final FoCAS Newsletter, Issue Eight, Winter 2016
Final FoCAS Newsletter, Issue Eight, Winter 2016FoCAS Initiative
 
Advanced Manufacturing: An Industrial Application for Collective Adaptive Sys...
Advanced Manufacturing: An Industrial Application for Collective Adaptive Sys...Advanced Manufacturing: An Industrial Application for Collective Adaptive Sys...
Advanced Manufacturing: An Industrial Application for Collective Adaptive Sys...FoCAS Initiative
 
FoCAS Newsletter Issue Seven
FoCAS Newsletter Issue SevenFoCAS Newsletter Issue Seven
FoCAS Newsletter Issue SevenFoCAS Initiative
 
Where Shall We Have Lunch? Problems For A Computer-aided Future
Where Shall We Have Lunch? Problems For A Computer-aided FutureWhere Shall We Have Lunch? Problems For A Computer-aided Future
Where Shall We Have Lunch? Problems For A Computer-aided FutureFoCAS Initiative
 
Sustainability Challenges In A Complex World
Sustainability Challenges In A Complex WorldSustainability Challenges In A Complex World
Sustainability Challenges In A Complex WorldFoCAS Initiative
 
On Manipulating Attractors In Collective Behaviours Of Bio-hybrid Societies W...
On Manipulating Attractors In Collective Behaviours Of Bio-hybrid Societies W...On Manipulating Attractors In Collective Behaviours Of Bio-hybrid Societies W...
On Manipulating Attractors In Collective Behaviours Of Bio-hybrid Societies W...FoCAS Initiative
 
The Liquid Computing Paradigm
The Liquid Computing ParadigmThe Liquid Computing Paradigm
The Liquid Computing ParadigmFoCAS Initiative
 
Complexity And The Relationship Between Knowledge And Action
Complexity And The Relationship Between Knowledge And ActionComplexity And The Relationship Between Knowledge And Action
Complexity And The Relationship Between Knowledge And ActionFoCAS Initiative
 
FoCAS Newsletter Issue Six
FoCAS Newsletter Issue SixFoCAS Newsletter Issue Six
FoCAS Newsletter Issue SixFoCAS Initiative
 
FoCAS Newsletter Issue Five
FoCAS Newsletter Issue FiveFoCAS Newsletter Issue Five
FoCAS Newsletter Issue FiveFoCAS Initiative
 
Temporal logics for multi-agent systems
Temporal logics for multi-agent systemsTemporal logics for multi-agent systems
Temporal logics for multi-agent systemsFoCAS Initiative
 
Advanced Systems Engineering
Advanced Systems EngineeringAdvanced Systems Engineering
Advanced Systems EngineeringFoCAS Initiative
 
Artificial software diversity: automatic synthesis of program sosies
Artificial software diversity: automatic synthesis of program sosiesArtificial software diversity: automatic synthesis of program sosies
Artificial software diversity: automatic synthesis of program sosiesFoCAS Initiative
 
Search Diverse Models for Proactive Software Diversification
Search Diverse Models for Proactive Software DiversificationSearch Diverse Models for Proactive Software Diversification
Search Diverse Models for Proactive Software DiversificationFoCAS Initiative
 
Modelling Adaptation Policies As Domain-Specific Constraints
Modelling Adaptation Policies As Domain-Specific ConstraintsModelling Adaptation Policies As Domain-Specific Constraints
Modelling Adaptation Policies As Domain-Specific ConstraintsFoCAS Initiative
 
SOCIAL ADAPTATION OF ROBOTS FOR MODULATING SELF-ORGANIZATION IN ANIMAL SOCIETIES
SOCIAL ADAPTATION OF ROBOTS FOR MODULATING SELF-ORGANIZATION IN ANIMAL SOCIETIESSOCIAL ADAPTATION OF ROBOTS FOR MODULATING SELF-ORGANIZATION IN ANIMAL SOCIETIES
SOCIAL ADAPTATION OF ROBOTS FOR MODULATING SELF-ORGANIZATION IN ANIMAL SOCIETIESFoCAS Initiative
 

More from FoCAS Initiative (20)

Fundamentals of Collective Adaptive Systems Manifesto
Fundamentals of Collective Adaptive Systems ManifestoFundamentals of Collective Adaptive Systems Manifesto
Fundamentals of Collective Adaptive Systems Manifesto
 
Final FoCAS Newsletter, Issue Eight, Winter 2016
Final FoCAS Newsletter, Issue Eight, Winter 2016Final FoCAS Newsletter, Issue Eight, Winter 2016
Final FoCAS Newsletter, Issue Eight, Winter 2016
 
Optimal Floor Heating
Optimal Floor HeatingOptimal Floor Heating
Optimal Floor Heating
 
Advanced Manufacturing: An Industrial Application for Collective Adaptive Sys...
Advanced Manufacturing: An Industrial Application for Collective Adaptive Sys...Advanced Manufacturing: An Industrial Application for Collective Adaptive Sys...
Advanced Manufacturing: An Industrial Application for Collective Adaptive Sys...
 
FoCAS Newsletter Issue Seven
FoCAS Newsletter Issue SevenFoCAS Newsletter Issue Seven
FoCAS Newsletter Issue Seven
 
Wrangling Complex Systems
Wrangling Complex SystemsWrangling Complex Systems
Wrangling Complex Systems
 
Where Shall We Have Lunch? Problems For A Computer-aided Future
Where Shall We Have Lunch? Problems For A Computer-aided FutureWhere Shall We Have Lunch? Problems For A Computer-aided Future
Where Shall We Have Lunch? Problems For A Computer-aided Future
 
Sustainability Challenges In A Complex World
Sustainability Challenges In A Complex WorldSustainability Challenges In A Complex World
Sustainability Challenges In A Complex World
 
On Manipulating Attractors In Collective Behaviours Of Bio-hybrid Societies W...
On Manipulating Attractors In Collective Behaviours Of Bio-hybrid Societies W...On Manipulating Attractors In Collective Behaviours Of Bio-hybrid Societies W...
On Manipulating Attractors In Collective Behaviours Of Bio-hybrid Societies W...
 
The Liquid Computing Paradigm
The Liquid Computing ParadigmThe Liquid Computing Paradigm
The Liquid Computing Paradigm
 
Complexity And The Relationship Between Knowledge And Action
Complexity And The Relationship Between Knowledge And ActionComplexity And The Relationship Between Knowledge And Action
Complexity And The Relationship Between Knowledge And Action
 
FoCAS Newsletter Issue Six
FoCAS Newsletter Issue SixFoCAS Newsletter Issue Six
FoCAS Newsletter Issue Six
 
FoCAS Newsletter Issue Five
FoCAS Newsletter Issue FiveFoCAS Newsletter Issue Five
FoCAS Newsletter Issue Five
 
Temporal logics for multi-agent systems
Temporal logics for multi-agent systemsTemporal logics for multi-agent systems
Temporal logics for multi-agent systems
 
Advanced Systems Engineering
Advanced Systems EngineeringAdvanced Systems Engineering
Advanced Systems Engineering
 
Artificial software diversity: automatic synthesis of program sosies
Artificial software diversity: automatic synthesis of program sosiesArtificial software diversity: automatic synthesis of program sosies
Artificial software diversity: automatic synthesis of program sosies
 
Search Diverse Models for Proactive Software Diversification
Search Diverse Models for Proactive Software DiversificationSearch Diverse Models for Proactive Software Diversification
Search Diverse Models for Proactive Software Diversification
 
Modelling Adaptation Policies As Domain-Specific Constraints
Modelling Adaptation Policies As Domain-Specific ConstraintsModelling Adaptation Policies As Domain-Specific Constraints
Modelling Adaptation Policies As Domain-Specific Constraints
 
Quantified NTL
Quantified NTLQuantified NTL
Quantified NTL
 
SOCIAL ADAPTATION OF ROBOTS FOR MODULATING SELF-ORGANIZATION IN ANIMAL SOCIETIES
SOCIAL ADAPTATION OF ROBOTS FOR MODULATING SELF-ORGANIZATION IN ANIMAL SOCIETIESSOCIAL ADAPTATION OF ROBOTS FOR MODULATING SELF-ORGANIZATION IN ANIMAL SOCIETIES
SOCIAL ADAPTATION OF ROBOTS FOR MODULATING SELF-ORGANIZATION IN ANIMAL SOCIETIES
 

Recently uploaded

Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 

Recently uploaded (20)

Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

Tailored source-code-transformation-synthesize-computationally-diverse-program-variants

  • 1. Tailored Source Code Transformations to Synthesize Computationally Diverse Program Variants Benoit Baudry, Simon Allier, Martin Monperrus
  • 2. • This talk is about the generation of very large quantities of sosie programs 2
  • 3. sosie program • Given a specification S 3
  • 4. sosie program 4 • Given a specification S • Given a program P that conforms to S specified correct behavior bugs, vulnerabilities expected behavior
  • 5. sosie program 5 • Given a specification S • Given a program P that conforms to S • A sosie of P is a variant of P that also conforms to S a sosie
  • 6. Motivation • Explore brittelness vs. plasticity of software • Large quantities of diverse variants • Moving target • Failure detection computation failure diversity 6 diversity
  • 7. Software brittleness 7 SRSLSLRSRLLSSRRLRL G. Berry. « A la chasse aux bugs, la maladie du certain » (8 juin 2011)
  • 8. Software brittleness hypothesis 8 SRSLSLRSRLLSSRRLRL G. Berry. « A la chasse aux bugs, la maladie du certain » (8 juin 2011)
  • 9. Software brittleness hypothesis 9 SRSLSLRSRLLSSRRLRL SRSLSLSSRLLSSRRLRL G. Berry. « A la chasse aux bugs, la maladie du certain » (8 juin 2011)
  • 10. Software brittleness hypothesis 10 SRSLSLRSRLLSSRRLRL SRSLSLSSRLLSSRRLRL G. Berry. « A la chasse aux bugs, la maladie du certain » (8 juin 2011)
  • 12. 12
  • 14. Software plasticity hypothesis 14 SRSLSLRSRLLSSRRLRL SRSLSLSSRLLSSRRLRL Rinard et al. ICSE’10, FSE’11 POPL’12, PLDI’14 sosie
  • 15. Specification: data and properties fun : Function assert abs(fun(.5) - 0.25) < 0.05 assert abs(fun(.4) - 0.16) < 0.05 assert abs(fun(.3) - 0.09) < 0.05 l The test input data specifies the input domain l The assertions specify the level of abstraction
  • 16. Research questions Do sosies exist? Can we automatically synthesize them? What are effective transformations? 16
  • 17. Sosiefication process 17 7UDQVIRUPDWLRQ RQILJXUDWLRQ RYHUDJHKHFN RSWLRQDO
  • 18. 7UDQVIRUPDWLRQ 6RVLHKHFN 3URJUDP3 9DULDQW3¶ 6RVLH3¶ 6SHFLILFDWLRQ 7HVW6XLWH
  • 19. 3URJUDP 7UDQVIRUPDWLRQ GHJHQHUDWHG YDULDQW3¶ RPSLODWLRQ RN ,QSXW VWHS 2XWSXW VWHS VWHS PHWULFV
  • 20. Automatic Synthesis of Sosies l We add/deleted/replace a given statement by another one and see whether all assertions remain satisfied l we pick code from the same program l Four strategies l random l wittgenstein: replace with variables that have the same name l reaction: replace with variables that have the same type l steroid: reaction + rename variables
  • 21. Experimental data 19 #test cases #assert coverage #statement compile 1me test 1me Junit 721 1535 82% 2914 4.5 14.4 EasyMock 617 924 91% 2042 4 7.8 Dagger (core) 128 210 85% 674 5.1 11.2 JBehave-­‐core 485 1451 89% 4984 5.5 22.9 Metrics 214 312 79% 1471 4.7 7.7 commons-­‐ collec1ons 1121 5397 84% 9893 7.9 22.9 commons-­‐lang 2359 13681 94% 11715 6.3 24.6 commons-­‐math 3544 9559 92% 47065 9.2 144.2 clojure NA NA 71% 18533 105.1 185
  • 22. 20 nb of trial: 298938 nb of compile: 81394 nb of sosie: 28805 (10%) don’t compile don’t pass all test cases sosies
  • 23. Computation diversity • Goal: unpredictability of execution flow • Computation monitoring: • method calls diversity • variable diversity 21 A.foo() IndexedCollection.retainAll(Collection) AbstractCollectionDecorator.retainAll(Collection) AbstractCollectionDecorator.decorated() other calls original call IndexedCollection.reindex() ... sosie call other calls
  • 24. 22 Easymock: 465 sosies Dagger: 481 sosies Junit: 446 sosies
  • 25. Conclusion • Sosies exist • for all programs • Sosies can exhibit computation diversity • Next steps • variability-aware execution • is computational diversity unbounded? 23 https://github.com/DIVERSIFY-project/sosies-generator http://diversify-project.eu/sosiefied-programs/
  • 26. References • Zeyuan Allen Zhu, Sasa Misailovic, Jonathan A. Kelner, Martin C. Rinard: Randomized accuracy-aware program transformations for efficient approximate computations. POPL 2012: 441-454 • Eric Schulte, Jonathan Dorn, Stephen Harding, Stephanie Forrest, Westley Weimer: Post-compiler software optimization for reducing energy. ASPLOS 2014: 639-652 • Frederick B Cohen: Operating system protection through program evolution. Computers Security 12, 6 (1993): 565–584. 24
  • 27. 25
  • 28. Sosies on line • MDMS • simple blog app • JS on client and server sides • Server side stack • JS • Java • DB • environment 26 MDMS RingoJS Rhino JVM Redis DB OS
  • 29. Sosies on line • Monoculture • multiple instances for performance • load balancer • all instances are clones 27 Internet http request Nginx load balancer config 0 config 0 config 0 config 0 config 0 config 0
  • 30. Sosies on line • Diversified deployment • All server instances are different • Combine natural and artificial diversity 28 Internet http request Nginx load balancer config 1 config 2 config 3 config 4 config 5 config 6
  • 31. 29
  • 32. Reactions graph • Reactions graph • one node per reaction • there is an edge between n1 and n2 if n2.in_context == n1.in_context ∨ n1.out_context 30 R1 (int) code (boolean) R2 (boolean) code (int)
  • 33. 31
  • 34. Two reactions graph (apache.common) • Statement reactions graph • #edges = 12304 • #nodes = 863 • graph-diameter = 3 • avg path length = 1.466 • avg degree = 14.257 • Expression reactions graph • #edges = 37650 • #nodes = 1953 • graph-diameter = 4 • avg path length = 1.162 • avg degree = 19.278 32