Conditional equivalence

A typical software module evolves through many versions over the course of its development. To maintain compatibility with module clients, it is crucial that a module's behavior at its interface does not change in an undesirable manner across versions. The problem of introducing changes which break interface behavior remains one of the most daunting challenges in the maintenance of large software modules.

Static equivalence checking of sequential programs is a useful mechanism to validate semantic equivalence across refactoring changes. However, most changes corresponding to bug fixes and feature additions change the behavior of programs; equivalence checking tools are of limited help in such cases. In this work, we propose the notion of {\it conditional (partial) equivalence}, a more practical notion of equivalence in which two versions of a program need only be semantically equivalent under a subset of all inputs. We provide a compositional method for checking conditional equivalence and a fix-point procedure parameterized by an abstract domain for synthesizing non-trivial conditions under which two programs are equivalent. Additionally, we propose a method called {\it differential inlining} to lazily construct summaries of behavioral differences along differential paths interprocedurally, for recursion-free programs. We discuss preliminary experience of prototype implementation on a set of medium sized C benchmarks.

PDF file

Publisher  Microsoft Research
© 2009 Microsoft Corporation. All rights reserved.


> Publications > Conditional equivalence