SlideShare a Scribd company logo

Tailored source-code-transformation-synthesize-computationally-diverse-program-variants

FoCAS Initiative
FoCAS Initiative

Diversify presentation by Benoit Baudry, Simon Allier, Martin Monperrus

Technology
1 of 32
Download to read offline
Tailored Source Code Transformations to Synthesize Computationally Diverse Program Variants Benoit Baudry, Simon Allier, Martin Monperrus
• This talk is about the generation of very large quantities of sosie programs 2
sosie program • Given a specification S 3
sosie program 4 • Given a specification S • Given a program P that conforms to S specified correct behavior bugs, vulnerabilities expected behavior
sosie program 5 • Given a specification S • Given a program P that conforms to S • A sosie of P is a variant of P that also conforms to S a sosie
Motivation • Explore brittelness vs. plasticity of software • Large quantities of diverse variants • Moving target • Failure detection computation failure diversity 6 diversity
Software brittleness 7 SRSLSLRSRLLSSRRLRL G. Berry. « A la chasse aux bugs, la maladie du certain » (8 juin 2011)
Software brittleness hypothesis 8 SRSLSLRSRLLSSRRLRL G. Berry. « A la chasse aux bugs, la maladie du certain » (8 juin 2011)
Software brittleness hypothesis 9 SRSLSLRSRLLSSRRLRL SRSLSLSSRLLSSRRLRL G. Berry. « A la chasse aux bugs, la maladie du certain » (8 juin 2011)
Software brittleness hypothesis 10 SRSLSLRSRLLSSRRLRL SRSLSLSSRLLSSRRLRL G. Berry. « A la chasse aux bugs, la maladie du certain » (8 juin 2011)
Software brittleness 11
12
Software plasticity hypothesis 13
Software plasticity hypothesis 14 SRSLSLRSRLLSSRRLRL SRSLSLSSRLLSSRRLRL Rinard et al. ICSE’10, FSE’11 POPL’12, PLDI’14 sosie
Specification: data and properties fun : Function assert abs(fun(.5) - 0.25) < 0.05 assert abs(fun(.4) - 0.16) < 0.05 assert abs(fun(.3) - 0.09) < 0.05 l The test input data specifies the input domain l The assertions specify the level of abstraction
Research questions Do sosies exist? Can we automatically synthesize them? What are effective transformations? 16
Sosiefication process 17 7UDQVIRUPDWLRQ RQILJXUDWLRQ RYHUDJHKHFN RSWLRQDO
7UDQVIRUPDWLRQ 6RVLHKHFN 3URJUDP3 9DULDQW3¶ 6RVLH3¶ 6SHFLILFDWLRQ 7HVW6XLWH
3URJUDP 7UDQVIRUPDWLRQ GHJHQHUDWHG YDULDQW3¶ RPSLODWLRQ RN ,QSXW VWHS 2XWSXW VWHS VWHS PHWULFV
Automatic Synthesis of Sosies l We add/deleted/replace a given statement by another one and see whether all assertions remain satisfied l we pick code from the same program l Four strategies l random l wittgenstein: replace with variables that have the same name l reaction: replace with variables that have the same type l steroid: reaction + rename variables
Experimental data 19 #test cases #assert coverage #statement compile 1me test 1me Junit 721 1535 82% 2914 4.5 14.4 EasyMock 617 924 91% 2042 4 7.8 Dagger (core) 128 210 85% 674 5.1 11.2 JBehave-­‐core 485 1451 89% 4984 5.5 22.9 Metrics 214 312 79% 1471 4.7 7.7 commons-­‐ collec1ons 1121 5397 84% 9893 7.9 22.9 commons-­‐lang 2359 13681 94% 11715 6.3 24.6 commons-­‐math 3544 9559 92% 47065 9.2 144.2 clojure NA NA 71% 18533 105.1 185
20 nb of trial: 298938 nb of compile: 81394 nb of sosie: 28805 (10%) don’t compile don’t pass all test cases sosies
Computation diversity • Goal: unpredictability of execution flow • Computation monitoring: • method calls diversity • variable diversity 21 A.foo() IndexedCollection.retainAll(Collection) AbstractCollectionDecorator.retainAll(Collection) AbstractCollectionDecorator.decorated() other calls original call IndexedCollection.reindex() ... sosie call other calls
22 Easymock: 465 sosies Dagger: 481 sosies Junit: 446 sosies
Conclusion • Sosies exist • for all programs • Sosies can exhibit computation diversity • Next steps • variability-aware execution • is computational diversity unbounded? 23 https://github.com/DIVERSIFY-project/sosies-generator http://diversify-project.eu/sosiefied-programs/
References • Zeyuan Allen Zhu, Sasa Misailovic, Jonathan A. Kelner, Martin C. Rinard: Randomized accuracy-aware program transformations for efficient approximate computations. POPL 2012: 441-454 • Eric Schulte, Jonathan Dorn, Stephen Harding, Stephanie Forrest, Westley Weimer: Post-compiler software optimization for reducing energy. ASPLOS 2014: 639-652 • Frederick B Cohen: Operating system protection through program evolution. Computers Security 12, 6 (1993): 565–584. 24
25
Sosies on line • MDMS • simple blog app • JS on client and server sides • Server side stack • JS • Java • DB • environment 26 MDMS RingoJS Rhino JVM Redis DB OS
Sosies on line • Monoculture • multiple instances for performance • load balancer • all instances are clones 27 Internet http request Nginx load balancer config 0 config 0 config 0 config 0 config 0 config 0
Sosies on line • Diversified deployment • All server instances are different • Combine natural and artificial diversity 28 Internet http request Nginx load balancer config 1 config 2 config 3 config 4 config 5 config 6
29
Reactions graph • Reactions graph • one node per reaction • there is an edge between n1 and n2 if n2.in_context == n1.in_context ∨ n1.out_context 30 R1 (int) code (boolean) R2 (boolean) code (int)

Recommended

Access pattern of tags
Access pattern of tagsAccess pattern of tags
Access pattern of tags
Harish Chetty
 
VNUS Workshop Jordan2010
VNUS Workshop Jordan2010VNUS Workshop Jordan2010
VNUS Workshop Jordan2010
James Lawson MD /PhD
 
Advances In Varicose Vein Treatment
Advances In Varicose Vein TreatmentAdvances In Varicose Vein Treatment
Advances In Varicose Vein Treatment
guestad3816b5
 
It Does What You Say, Not What You Mean: Lessons From A Decade of Program Repair
It Does What You Say, Not What You Mean: Lessons From A Decade of Program RepairIt Does What You Say, Not What You Mean: Lessons From A Decade of Program Repair
It Does What You Say, Not What You Mean: Lessons From A Decade of Program Repair
Claire Le Goues
 
Blinkdb
BlinkdbBlinkdb
Blinkdb
Nitish Upreti
 
IA3_presentation.pptx
IA3_presentation.pptxIA3_presentation.pptx
IA3_presentation.pptx
KtonNguyn2
 
Declarative benchmarking of cassandra and it's data models
Declarative benchmarking of cassandra and it's data modelsDeclarative benchmarking of cassandra and it's data models
Declarative benchmarking of cassandra and it's data models
Monal Daxini
 
SAST, CWE, SEI CERT and other smart words from the information security world
SAST, CWE, SEI CERT and other smart words from the information security worldSAST, CWE, SEI CERT and other smart words from the information security world
SAST, CWE, SEI CERT and other smart words from the information security world
Andrey Karpov
 

Recommended

Access pattern of tags
Access pattern of tagsAccess pattern of tags
Access pattern of tags
Harish Chetty
 
VNUS Workshop Jordan2010
VNUS Workshop Jordan2010VNUS Workshop Jordan2010
VNUS Workshop Jordan2010
James Lawson MD /PhD
 
Advances In Varicose Vein Treatment
Advances In Varicose Vein TreatmentAdvances In Varicose Vein Treatment
Advances In Varicose Vein Treatment
guestad3816b5
 
It Does What You Say, Not What You Mean: Lessons From A Decade of Program Repair
It Does What You Say, Not What You Mean: Lessons From A Decade of Program RepairIt Does What You Say, Not What You Mean: Lessons From A Decade of Program Repair
It Does What You Say, Not What You Mean: Lessons From A Decade of Program Repair
Claire Le Goues
 
Blinkdb
BlinkdbBlinkdb
Blinkdb
Nitish Upreti
 
IA3_presentation.pptx
IA3_presentation.pptxIA3_presentation.pptx
IA3_presentation.pptx
KtonNguyn2
 
Declarative benchmarking of cassandra and it's data models
Declarative benchmarking of cassandra and it's data modelsDeclarative benchmarking of cassandra and it's data models
Declarative benchmarking of cassandra and it's data models
Monal Daxini
 
SAST, CWE, SEI CERT and other smart words from the information security world
SAST, CWE, SEI CERT and other smart words from the information security worldSAST, CWE, SEI CERT and other smart words from the information security world
SAST, CWE, SEI CERT and other smart words from the information security world
Andrey Karpov
 
ElasticSearch AJUG 2013
ElasticSearch AJUG 2013ElasticSearch AJUG 2013
ElasticSearch AJUG 2013
Roy Russo
 
Big Linked Data Federation - ExtremeEarth Open Workshop
Big Linked Data Federation - ExtremeEarth Open WorkshopBig Linked Data Federation - ExtremeEarth Open Workshop
Big Linked Data Federation - ExtremeEarth Open Workshop
ExtremeEarth
 
Graph-Based Source Code Analysis of JavaScript Repositories
Graph-Based Source Code Analysis of JavaScript Repositories Graph-Based Source Code Analysis of JavaScript Repositories
Graph-Based Source Code Analysis of JavaScript Repositories
Dániel Stein
 
MMDS 2014: Myria (and Scalable Graph Clustering with RelaxMap)
MMDS 2014: Myria (and Scalable Graph Clustering with RelaxMap)MMDS 2014: Myria (and Scalable Graph Clustering with RelaxMap)
MMDS 2014: Myria (and Scalable Graph Clustering with RelaxMap)
University of Washington
 
SERENE 2014 School: Daniel varro serene2014_school
SERENE 2014 School: Daniel varro serene2014_schoolSERENE 2014 School: Daniel varro serene2014_school
SERENE 2014 School: Daniel varro serene2014_school
Henry Muccini
 
SERENE 2014 School: Incremental Model Queries over the Cloud
SERENE 2014 School: Incremental Model Queries over the CloudSERENE 2014 School: Incremental Model Queries over the Cloud
SERENE 2014 School: Incremental Model Queries over the Cloud
SERENEWorkshop
 
Moving Toward Deep Learning Algorithms on HPCC Systems
Moving Toward Deep Learning Algorithms on HPCC SystemsMoving Toward Deep Learning Algorithms on HPCC Systems
Moving Toward Deep Learning Algorithms on HPCC Systems
HPCC Systems
 
The DEBS Grand Challenge 2017
The DEBS Grand Challenge 2017The DEBS Grand Challenge 2017
The DEBS Grand Challenge 2017
Roman Katerinenko
 
VRP2013 - Comp Aspects VRP
VRP2013 - Comp Aspects VRPVRP2013 - Comp Aspects VRP
VRP2013 - Comp Aspects VRP
Victor Pillac
 
Scalaz By Example (An IO Taster) -- PDXScala Meetup Jan 2014
Scalaz By Example (An IO Taster) -- PDXScala Meetup Jan 2014Scalaz By Example (An IO Taster) -- PDXScala Meetup Jan 2014
Scalaz By Example (An IO Taster) -- PDXScala Meetup Jan 2014
Susan Potter
 
Java se-7-evolves-toulouse-jug-2001-09-14
Java se-7-evolves-toulouse-jug-2001-09-14Java se-7-evolves-toulouse-jug-2001-09-14
Java se-7-evolves-toulouse-jug-2001-09-14
Baptiste Mathus
 
Towards a Macrobenchmark Framework for Performance Analysis of Java Applications
Towards a Macrobenchmark Framework for Performance Analysis of Java ApplicationsTowards a Macrobenchmark Framework for Performance Analysis of Java Applications
Towards a Macrobenchmark Framework for Performance Analysis of Java Applications
Gábor Szárnyas
 
DYNAMIC SLICING OF ASPECT-ORIENTED PROGRAMS
DYNAMIC SLICING OF ASPECT-ORIENTED PROGRAMSDYNAMIC SLICING OF ASPECT-ORIENTED PROGRAMS
DYNAMIC SLICING OF ASPECT-ORIENTED PROGRAMS
Praveen Penumathsa
 
DYNAMIC SLICING OF ASPECT-ORIENTED PROGRAMS
DYNAMIC SLICING OF ASPECT-ORIENTED PROGRAMSDYNAMIC SLICING OF ASPECT-ORIENTED PROGRAMS
DYNAMIC SLICING OF ASPECT-ORIENTED PROGRAMS
Praveen Penumathsa
 
ECMAScript 6 and the Node Driver
ECMAScript 6 and the Node DriverECMAScript 6 and the Node Driver
ECMAScript 6 and the Node Driver
MongoDB
 
Tech Talks_25.04.15_Session 3_Tibor Sulyan_Distributed coordination with zook...
Tech Talks_25.04.15_Session 3_Tibor Sulyan_Distributed coordination with zook...Tech Talks_25.04.15_Session 3_Tibor Sulyan_Distributed coordination with zook...
Tech Talks_25.04.15_Session 3_Tibor Sulyan_Distributed coordination with zook...
EPAM_Systems_Bulgaria
 
Ray: A Cluster Computing Engine for Reinforcement Learning Applications with ...
Ray: A Cluster Computing Engine for Reinforcement Learning Applications with ...Ray: A Cluster Computing Engine for Reinforcement Learning Applications with ...
Ray: A Cluster Computing Engine for Reinforcement Learning Applications with ...
Databricks
 
Terence Barr - jdk7+8 - 24mai2011
Terence Barr - jdk7+8 - 24mai2011Terence Barr - jdk7+8 - 24mai2011
Terence Barr - jdk7+8 - 24mai2011
Agora Group
 
A Scalable Dataflow Implementation of Curran's Approximation Algorithm
A Scalable Dataflow Implementation of Curran's Approximation AlgorithmA Scalable Dataflow Implementation of Curran's Approximation Algorithm
A Scalable Dataflow Implementation of Curran's Approximation Algorithm
NECST Lab @ Politecnico di Milano
 
Design Patterns Facilitated by Geode's WAN Distribution
Design Patterns Facilitated by Geode's WAN DistributionDesign Patterns Facilitated by Geode's WAN Distribution
Design Patterns Facilitated by Geode's WAN Distribution
VMware Tanzu
 
Fundamentals of Collective Adaptive Systems Manifesto
Fundamentals of Collective Adaptive Systems ManifestoFundamentals of Collective Adaptive Systems Manifesto
Fundamentals of Collective Adaptive Systems Manifesto
FoCAS Initiative
 
Final FoCAS Newsletter, Issue Eight, Winter 2016
Final FoCAS Newsletter, Issue Eight, Winter 2016Final FoCAS Newsletter, Issue Eight, Winter 2016
Final FoCAS Newsletter, Issue Eight, Winter 2016
FoCAS Initiative
 

More Related Content

Similar to Tailored source-code-transformation-synthesize-computationally-diverse-program-variants

VRP2013 - Comp Aspects VRP
VRP2013 - Comp Aspects VRPVRP2013 - Comp Aspects VRP
VRP2013 - Comp Aspects VRP
Victor Pillac
 
Ray: A Cluster Computing Engine for Reinforcement Learning Applications with ...
Ray: A Cluster Computing Engine for Reinforcement Learning Applications with ...Ray: A Cluster Computing Engine for Reinforcement Learning Applications with ...
Ray: A Cluster Computing Engine for Reinforcement Learning Applications with ...
Databricks
 
Terence Barr - jdk7+8 - 24mai2011
Terence Barr - jdk7+8 - 24mai2011Terence Barr - jdk7+8 - 24mai2011
Terence Barr - jdk7+8 - 24mai2011
Agora Group
 

Similar to Tailored source-code-transformation-synthesize-computationally-diverse-program-variants (20)

ElasticSearch AJUG 2013
ElasticSearch AJUG 2013ElasticSearch AJUG 2013
ElasticSearch AJUG 2013
 
Big Linked Data Federation - ExtremeEarth Open Workshop
Big Linked Data Federation - ExtremeEarth Open WorkshopBig Linked Data Federation - ExtremeEarth Open Workshop
Big Linked Data Federation - ExtremeEarth Open Workshop
 
Graph-Based Source Code Analysis of JavaScript Repositories
Graph-Based Source Code Analysis of JavaScript Repositories Graph-Based Source Code Analysis of JavaScript Repositories
Graph-Based Source Code Analysis of JavaScript Repositories
 
MMDS 2014: Myria (and Scalable Graph Clustering with RelaxMap)
MMDS 2014: Myria (and Scalable Graph Clustering with RelaxMap)MMDS 2014: Myria (and Scalable Graph Clustering with RelaxMap)
MMDS 2014: Myria (and Scalable Graph Clustering with RelaxMap)
 
SERENE 2014 School: Daniel varro serene2014_school
SERENE 2014 School: Daniel varro serene2014_schoolSERENE 2014 School: Daniel varro serene2014_school
SERENE 2014 School: Daniel varro serene2014_school
 
SERENE 2014 School: Incremental Model Queries over the Cloud
SERENE 2014 School: Incremental Model Queries over the CloudSERENE 2014 School: Incremental Model Queries over the Cloud
SERENE 2014 School: Incremental Model Queries over the Cloud
 
Moving Toward Deep Learning Algorithms on HPCC Systems
Moving Toward Deep Learning Algorithms on HPCC SystemsMoving Toward Deep Learning Algorithms on HPCC Systems
Moving Toward Deep Learning Algorithms on HPCC Systems
 
The DEBS Grand Challenge 2017
The DEBS Grand Challenge 2017The DEBS Grand Challenge 2017
The DEBS Grand Challenge 2017
 
VRP2013 - Comp Aspects VRP
VRP2013 - Comp Aspects VRPVRP2013 - Comp Aspects VRP
VRP2013 - Comp Aspects VRP
 
Scalaz By Example (An IO Taster) -- PDXScala Meetup Jan 2014
Scalaz By Example (An IO Taster) -- PDXScala Meetup Jan 2014Scalaz By Example (An IO Taster) -- PDXScala Meetup Jan 2014
Scalaz By Example (An IO Taster) -- PDXScala Meetup Jan 2014
 
Java se-7-evolves-toulouse-jug-2001-09-14
Java se-7-evolves-toulouse-jug-2001-09-14Java se-7-evolves-toulouse-jug-2001-09-14
Java se-7-evolves-toulouse-jug-2001-09-14
 
Towards a Macrobenchmark Framework for Performance Analysis of Java Applications
Towards a Macrobenchmark Framework for Performance Analysis of Java ApplicationsTowards a Macrobenchmark Framework for Performance Analysis of Java Applications
Towards a Macrobenchmark Framework for Performance Analysis of Java Applications
 
DYNAMIC SLICING OF ASPECT-ORIENTED PROGRAMS
DYNAMIC SLICING OF ASPECT-ORIENTED PROGRAMSDYNAMIC SLICING OF ASPECT-ORIENTED PROGRAMS
DYNAMIC SLICING OF ASPECT-ORIENTED PROGRAMS
 
DYNAMIC SLICING OF ASPECT-ORIENTED PROGRAMS
DYNAMIC SLICING OF ASPECT-ORIENTED PROGRAMSDYNAMIC SLICING OF ASPECT-ORIENTED PROGRAMS
DYNAMIC SLICING OF ASPECT-ORIENTED PROGRAMS
 
ECMAScript 6 and the Node Driver
ECMAScript 6 and the Node DriverECMAScript 6 and the Node Driver
ECMAScript 6 and the Node Driver
 
Tech Talks_25.04.15_Session 3_Tibor Sulyan_Distributed coordination with zook...
Tech Talks_25.04.15_Session 3_Tibor Sulyan_Distributed coordination with zook...Tech Talks_25.04.15_Session 3_Tibor Sulyan_Distributed coordination with zook...
Tech Talks_25.04.15_Session 3_Tibor Sulyan_Distributed coordination with zook...
 
Ray: A Cluster Computing Engine for Reinforcement Learning Applications with ...
Ray: A Cluster Computing Engine for Reinforcement Learning Applications with ...Ray: A Cluster Computing Engine for Reinforcement Learning Applications with ...
Ray: A Cluster Computing Engine for Reinforcement Learning Applications with ...
 
Terence Barr - jdk7+8 - 24mai2011
Terence Barr - jdk7+8 - 24mai2011Terence Barr - jdk7+8 - 24mai2011
Terence Barr - jdk7+8 - 24mai2011
 
A Scalable Dataflow Implementation of Curran's Approximation Algorithm
A Scalable Dataflow Implementation of Curran's Approximation AlgorithmA Scalable Dataflow Implementation of Curran's Approximation Algorithm
A Scalable Dataflow Implementation of Curran's Approximation Algorithm
 
Design Patterns Facilitated by Geode's WAN Distribution
Design Patterns Facilitated by Geode's WAN DistributionDesign Patterns Facilitated by Geode's WAN Distribution
Design Patterns Facilitated by Geode's WAN Distribution
 

More from FoCAS Initiative

Where Shall We Have Lunch? Problems For A Computer-aided Future
Where Shall We Have Lunch? Problems For A Computer-aided FutureWhere Shall We Have Lunch? Problems For A Computer-aided Future
Where Shall We Have Lunch? Problems For A Computer-aided Future
FoCAS Initiative
 

More from FoCAS Initiative (20)

Fundamentals of Collective Adaptive Systems Manifesto
Fundamentals of Collective Adaptive Systems ManifestoFundamentals of Collective Adaptive Systems Manifesto
Fundamentals of Collective Adaptive Systems Manifesto
 
Final FoCAS Newsletter, Issue Eight, Winter 2016
Final FoCAS Newsletter, Issue Eight, Winter 2016Final FoCAS Newsletter, Issue Eight, Winter 2016
Final FoCAS Newsletter, Issue Eight, Winter 2016
 
Optimal Floor Heating
Optimal Floor HeatingOptimal Floor Heating
Optimal Floor Heating
 
Advanced Manufacturing: An Industrial Application for Collective Adaptive Sys...
Advanced Manufacturing: An Industrial Application for Collective Adaptive Sys...Advanced Manufacturing: An Industrial Application for Collective Adaptive Sys...
Advanced Manufacturing: An Industrial Application for Collective Adaptive Sys...
 
FoCAS Newsletter Issue Seven
FoCAS Newsletter Issue SevenFoCAS Newsletter Issue Seven
FoCAS Newsletter Issue Seven
 
Wrangling Complex Systems
Wrangling Complex SystemsWrangling Complex Systems
Wrangling Complex Systems
 
Where Shall We Have Lunch? Problems For A Computer-aided Future
Where Shall We Have Lunch? Problems For A Computer-aided FutureWhere Shall We Have Lunch? Problems For A Computer-aided Future
Where Shall We Have Lunch? Problems For A Computer-aided Future
 
Sustainability Challenges In A Complex World
Sustainability Challenges In A Complex WorldSustainability Challenges In A Complex World
Sustainability Challenges In A Complex World
 
On Manipulating Attractors In Collective Behaviours Of Bio-hybrid Societies W...
On Manipulating Attractors In Collective Behaviours Of Bio-hybrid Societies W...On Manipulating Attractors In Collective Behaviours Of Bio-hybrid Societies W...
On Manipulating Attractors In Collective Behaviours Of Bio-hybrid Societies W...
 
The Liquid Computing Paradigm
The Liquid Computing ParadigmThe Liquid Computing Paradigm
The Liquid Computing Paradigm
 
Complexity And The Relationship Between Knowledge And Action
Complexity And The Relationship Between Knowledge And ActionComplexity And The Relationship Between Knowledge And Action
Complexity And The Relationship Between Knowledge And Action
 
FoCAS Newsletter Issue Six
FoCAS Newsletter Issue SixFoCAS Newsletter Issue Six
FoCAS Newsletter Issue Six
 
FoCAS Newsletter Issue Five
FoCAS Newsletter Issue FiveFoCAS Newsletter Issue Five
FoCAS Newsletter Issue Five
 
Temporal logics for multi-agent systems
Temporal logics for multi-agent systemsTemporal logics for multi-agent systems
Temporal logics for multi-agent systems
 
Advanced Systems Engineering
Advanced Systems EngineeringAdvanced Systems Engineering
Advanced Systems Engineering
 
Artificial software diversity: automatic synthesis of program sosies
Artificial software diversity: automatic synthesis of program sosiesArtificial software diversity: automatic synthesis of program sosies
Artificial software diversity: automatic synthesis of program sosies
 
Search Diverse Models for Proactive Software Diversification
Search Diverse Models for Proactive Software DiversificationSearch Diverse Models for Proactive Software Diversification
Search Diverse Models for Proactive Software Diversification
 
Modelling Adaptation Policies As Domain-Specific Constraints
Modelling Adaptation Policies As Domain-Specific ConstraintsModelling Adaptation Policies As Domain-Specific Constraints
Modelling Adaptation Policies As Domain-Specific Constraints
 
Quantified NTL
Quantified NTLQuantified NTL
Quantified NTL
 
SOCIAL ADAPTATION OF ROBOTS FOR MODULATING SELF-ORGANIZATION IN ANIMAL SOCIETIES
SOCIAL ADAPTATION OF ROBOTS FOR MODULATING SELF-ORGANIZATION IN ANIMAL SOCIETIESSOCIAL ADAPTATION OF ROBOTS FOR MODULATING SELF-ORGANIZATION IN ANIMAL SOCIETIES
SOCIAL ADAPTATION OF ROBOTS FOR MODULATING SELF-ORGANIZATION IN ANIMAL SOCIETIES
 

Recently uploaded

Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 

Recently uploaded (20)

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 

Tailored source-code-transformation-synthesize-computationally-diverse-program-variants

  • 1. Tailored Source Code Transformations to Synthesize Computationally Diverse Program Variants Benoit Baudry, Simon Allier, Martin Monperrus
  • 2. • This talk is about the generation of very large quantities of sosie programs 2
  • 3. sosie program • Given a specification S 3
  • 4. sosie program 4 • Given a specification S • Given a program P that conforms to S specified correct behavior bugs, vulnerabilities expected behavior
  • 5. sosie program 5 • Given a specification S • Given a program P that conforms to S • A sosie of P is a variant of P that also conforms to S a sosie
  • 6. Motivation • Explore brittelness vs. plasticity of software • Large quantities of diverse variants • Moving target • Failure detection computation failure diversity 6 diversity
  • 7. Software brittleness 7 SRSLSLRSRLLSSRRLRL G. Berry. « A la chasse aux bugs, la maladie du certain » (8 juin 2011)
  • 8. Software brittleness hypothesis 8 SRSLSLRSRLLSSRRLRL G. Berry. « A la chasse aux bugs, la maladie du certain » (8 juin 2011)
  • 9. Software brittleness hypothesis 9 SRSLSLRSRLLSSRRLRL SRSLSLSSRLLSSRRLRL G. Berry. « A la chasse aux bugs, la maladie du certain » (8 juin 2011)
  • 10. Software brittleness hypothesis 10 SRSLSLRSRLLSSRRLRL SRSLSLSSRLLSSRRLRL G. Berry. « A la chasse aux bugs, la maladie du certain » (8 juin 2011)
  • 12. 12
  • 14. Software plasticity hypothesis 14 SRSLSLRSRLLSSRRLRL SRSLSLSSRLLSSRRLRL Rinard et al. ICSE’10, FSE’11 POPL’12, PLDI’14 sosie
  • 15. Specification: data and properties fun : Function assert abs(fun(.5) - 0.25) < 0.05 assert abs(fun(.4) - 0.16) < 0.05 assert abs(fun(.3) - 0.09) < 0.05 l The test input data specifies the input domain l The assertions specify the level of abstraction
  • 16. Research questions Do sosies exist? Can we automatically synthesize them? What are effective transformations? 16
  • 17. Sosiefication process 17 7UDQVIRUPDWLRQ RQILJXUDWLRQ RYHUDJHKHFN RSWLRQDO
  • 18. 7UDQVIRUPDWLRQ 6RVLHKHFN 3URJUDP3 9DULDQW3¶ 6RVLH3¶ 6SHFLILFDWLRQ 7HVW6XLWH
  • 19. 3URJUDP 7UDQVIRUPDWLRQ GHJHQHUDWHG YDULDQW3¶ RPSLODWLRQ RN ,QSXW VWHS 2XWSXW VWHS VWHS PHWULFV
  • 20. Automatic Synthesis of Sosies l We add/deleted/replace a given statement by another one and see whether all assertions remain satisfied l we pick code from the same program l Four strategies l random l wittgenstein: replace with variables that have the same name l reaction: replace with variables that have the same type l steroid: reaction + rename variables
  • 21. Experimental data 19 #test cases #assert coverage #statement compile 1me test 1me Junit 721 1535 82% 2914 4.5 14.4 EasyMock 617 924 91% 2042 4 7.8 Dagger (core) 128 210 85% 674 5.1 11.2 JBehave-­‐core 485 1451 89% 4984 5.5 22.9 Metrics 214 312 79% 1471 4.7 7.7 commons-­‐ collec1ons 1121 5397 84% 9893 7.9 22.9 commons-­‐lang 2359 13681 94% 11715 6.3 24.6 commons-­‐math 3544 9559 92% 47065 9.2 144.2 clojure NA NA 71% 18533 105.1 185
  • 22. 20 nb of trial: 298938 nb of compile: 81394 nb of sosie: 28805 (10%) don’t compile don’t pass all test cases sosies
  • 23. Computation diversity • Goal: unpredictability of execution flow • Computation monitoring: • method calls diversity • variable diversity 21 A.foo() IndexedCollection.retainAll(Collection) AbstractCollectionDecorator.retainAll(Collection) AbstractCollectionDecorator.decorated() other calls original call IndexedCollection.reindex() ... sosie call other calls
  • 24. 22 Easymock: 465 sosies Dagger: 481 sosies Junit: 446 sosies
  • 25. Conclusion • Sosies exist • for all programs • Sosies can exhibit computation diversity • Next steps • variability-aware execution • is computational diversity unbounded? 23 https://github.com/DIVERSIFY-project/sosies-generator http://diversify-project.eu/sosiefied-programs/
  • 26. References • Zeyuan Allen Zhu, Sasa Misailovic, Jonathan A. Kelner, Martin C. Rinard: Randomized accuracy-aware program transformations for efficient approximate computations. POPL 2012: 441-454 • Eric Schulte, Jonathan Dorn, Stephen Harding, Stephanie Forrest, Westley Weimer: Post-compiler software optimization for reducing energy. ASPLOS 2014: 639-652 • Frederick B Cohen: Operating system protection through program evolution. Computers Security 12, 6 (1993): 565–584. 24
  • 27. 25
  • 28. Sosies on line • MDMS • simple blog app • JS on client and server sides • Server side stack • JS • Java • DB • environment 26 MDMS RingoJS Rhino JVM Redis DB OS
  • 29. Sosies on line • Monoculture • multiple instances for performance • load balancer • all instances are clones 27 Internet http request Nginx load balancer config 0 config 0 config 0 config 0 config 0 config 0
  • 30. Sosies on line • Diversified deployment • All server instances are different • Combine natural and artificial diversity 28 Internet http request Nginx load balancer config 1 config 2 config 3 config 4 config 5 config 6
  • 31. 29
  • 32. Reactions graph • Reactions graph • one node per reaction • there is an edge between n1 and n2 if n2.in_context == n1.in_context ∨ n1.out_context 30 R1 (int) code (boolean) R2 (boolean) code (int)
  • 33. 31
  • 34. Two reactions graph (apache.common) • Statement reactions graph • #edges = 12304 • #nodes = 863 • graph-diameter = 3 • avg path length = 1.466 • avg degree = 14.257 • Expression reactions graph • #edges = 37650 • #nodes = 1953 • graph-diameter = 4 • avg path length = 1.162 • avg degree = 19.278 32