Home

The Daikon Invariant Detector

Daikon

Daikon is an implementation of dynamic detection of likely invariants; that is, the Daikon invariant detector reports likely program invariants. An invariant is a property that holds at a certain point or points in a program; these are often seen in assert statements, documentation, and formal specifications. Invariants can be useful in program understanding and a host of other applications. Examples include “.field > abs(y)”; “y = 2*x+3”; “array a is sorted”; “for all list objects lst, lst.next.prev = lst”; “for all treenode objects n, n.left.value < n.right.value”; “p != null => p.content in myArray”; and many more. You can extend Daikon to add new properties (see Enhancing Daikon output).

Dynamic invariant detection runs a program, observes the values that the program computes, and then reports properties that were true over the observed executions.

Daikon can detect properties in C, C++, Java, Perl, and IOA programs; in spreadsheet files; and in other data sources. (Dynamic invariant detection is a machine learning technique that can be applied to arbitrary data.) It is easy to extend Daikon to other applications; as one example, an interface exists to the Java PathFinder model checker.

I spend a lot of time here talking about static typing, but let's face it: most often we're dealing with existing code that probably isn't written in a language with a very expressive type system, and rarely has been formally specified, whether through an expressive type system or otherwise. Daikon is interesting because it attempts to learn important properties of a piece of software by execution and observation. Combine it with a model checker like Java PathFinder, and you have an unusually powerful means of evolving the correctness of even quite complex code. There's also a relationship to the already-mentioned JML and ESC/Java 2, which in turn has a connection to the popular JUnit unit-testing framework. In short, the gap between compile time and runtime, and static vs. dynamic typing, seems to be narrowed in powerful ways by these, and related, tools.

By Paul Snively at 2006-08-28 01:12 | Semantics | Software Engineering | other blogs | 10147 reads

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

DSD-crasher

Recently I attended a talk on DSD-crasher tool. (link).

AFAIK it works in three phases (dynaminc, static, dynamic; hence its name):
- run Daikon to detect likely invariants
- run JML + ESC/Java for those invariants to disprove them
- for each disproof, create JUnit test to verify and pinpoint "bug" found

I haven't tried to use it myself, however.

I don't know the details of Daikon. Say, a function sqrt(n) is run with values of n=0,1,4,25. Will Daikon detect invariants n>=0 and n<=25? The first is accurate, the second too narrow.

By Marcin Stefaniak at Mon, 2006-08-28 02:55 | login or register to post comments