escj 28 Compaq Confidential - Need to Know Required.

Slides:

Advertisements

Similar presentations

Extended Static Checking for Java Cormac Flanagan K. Rustan M. Leino Mark Lillibridge Greg Nelson James B. Saxe Raymie Stata Compaq SRC 18 June 2002 PLDI02,

Advertisements

The Spec# programming system K. Rustan M. Leino Microsoft Research, Redmond, WA, USA Lunch seminar, Praxis Bath, UK 6 Dec 2005 joint work with Mike Barnett,

Writing specifications for object-oriented programs K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 21 Jan 2005 Invited talk, AIOOL 2005 Paris,

Technologies for finding errors in object-oriented software K. Rustan M. Leino Microsoft Research, Redmond, WA Lecture 0 Summer school on Formal Models.

Spec# K. Rustan M. Leino Senior Researcher Programming Languages and Methods Microsoft Research, Redmond, WA, USA Microsoft Research faculty summit, Redmond,

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 8.

The Spec# programming system K. Rustan M. Leino Microsoft Research, Redmond, WA, USA Distinguished Lecture Series Max Planck Institute for Software Systems.

Copyright © 2000, Daniel W. Lewis. All Rights Reserved. CHAPTER 10 SHARED MEMORY.

Control Structures Ranga Rodrigo. Control Structures in Brief C++ or JavaEiffel if-elseif-elseif-else-end caseinspect for, while, do-whilefrom-until-loop-end.

Extended Static Checking for Haskell (ESC/Haskell) Dana N. Xu University of Cambridge advised by Simon Peyton Jones Microsoft Research, Cambridge.

CS 31003: Compilers ANIRUDDHA GUPTA 11CS10004 G2 CLASS DATE : 24/07/2013.

Tutorial 6 & 7 Symbol Table

Repetition Statements repeat block of code until a condition is satisfied also called loops Java supports 3 kinds of loops: while statement – repeats a.

RubyPolish: Static Bug Detection in Ruby Programs John Locke Alex Mont.

Houdini: An Annotation Assistant for ESC/Java Cormac Flanagan and K. Rustan M. Leino Compaq Systems Research Center.

OOP #10: Correctness Fritz Henglein. Wrap-up: Types A type is a collection of objects with common behavior (operations and properties). (Abstract) types.

K. Rustan M. Leino Microsoft Research, Redmond, WA, USA with Mike Barnett, Robert DeLine, Manuel Fahndrich, and Wolfram Schulte Toward enforceable contracts.

Well-cooked Spaghetti: Weakest-Precondition of Unstructured Programs Mike Barnett and Rustan Leino Microsoft Research Redmond, WA, USA.

Declaring and Checking Non-null Types in an Object-Oriented Language Authors: Manuel Fahndrich K. Rustan M. Leino OOPSLA’03 Presenter: Alexander Landau.

Cmp Sci 187: Midterm Review Based on Lecture Notes.

Suzanna Schmeelk October 27, 2014 Bertrand Meyers C. A. R. Hoare Android 4.4 KitKat.

1 Chapter 8 Scope, Lifetime, and More on Functions Dale/Weems/Headington.

UNIT II Decision Making And Branching Decision Making And Looping

Jonathan Kuhn Robin Mange EPFL-SSC Compaq Systems Research Center Flanagan, Leino, Lillibridge, Nelson, Saxe and Stata.

Extended Static Checking for Java or Light-weight formal methods: from objects to components Joint work with Cormac Flanagan, Mark Lillibridge, Greg Nelson,

Using a Debugger. SWC What is ”debugging”? An error in a computer program is often called a ”bug”… …so, to ”debug” is to find and get rid of errors in.

Software Engineering Prof. Dr. Bertrand Meyer March 2007 – June 2007 Chair of Software Engineering Static program checking and verification Slides: Based.

© 2007 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 1 Operation, Algorithm, and Data Structure Specification, and Design Finalization.

Macros. There are three basic phases for C programming. preprocessing, compiling, and linking. C input file is first passed to a preprocessing program.

Program documentation Using the Doxygen tool Program documentation1.

Tammy Dahlgren with Tom Epperly, Scott Kohn, and Gary Kumfert Center for Applied Scientific Computing Common Component Architecture Working Group October.

Extended Static Checking for Java  ESC/Java finds common errors in Java programs: null dereferences, array index bounds errors, type cast errors, race.

Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with.

Applications of extended static checking K. Rustan M. Leino Compaq SRC K. Rustan M. Leino Compaq SRC Systems Research Center Invited talk, SAS’01, Paris,

User-defined type checkers for error detection and prevention in Java Michael D. Ernst MIT Computer Science & AI Lab

CIS 771: Software Specifications Lecture 18: Specifying and Checking Partial Properties of Java Code Copyright , Matt Dwyer, John Hatcliff, and.

Specialization Tools and Techniques for Systematic Optimization of System Software Presented By: Ashwini Kulkarni Operating Systems Winter 2006.

Demo of Scalable Pluggable Types Michael Ernst MIT Dagstuhl Seminar “Scalable Program Analysis” April 17, 2008.

Extended Static Checking for Java Cormac Flanagan Joint work with: Rustan Leino, Mark Lillibridge, Greg Nelson, Jim Saxe, and Raymie Stata.

Verificare şi Validarea Sistemelor Soft Tem ă Laborator 1 ESC/Java2 Extended Static Checker for Java Dat ă primire laborator: Lab 1 Dat ă predare laborator:

Chapter 4 Grouping Objects. Flexible Sized Collections  When writing a program, we often need to be able to group objects into collections  It is typical.

ICS3U_FileIO.ppt File Input/Output (I/O)‏ ICS3U_FileIO.ppt File I/O Declare a file object File myFile = new File("billy.txt"); a file object whose name.

Java Annotations for Types and Expressions Mathias Ricken October 24, 2008 COMP 617 Seminar.

Institute for Applied Information Processing and Communications (IAIK) – Secure & Correct Systems 1 Static Checking  note for.

ESCJ 15: Design issues for ESC/Java April 2nd, 1997 Private variables in spec’s? Modifies clauses? Specifications for interfaces? Vector-bounds checking?

Extended Static Checking for Java Cormac Flanagan Joint work with: Rustan Leino, Mark Lillibridge, Greg Nelson, Jim Saxe, and Raymie Stata Compaq Systems.

COMP Loop Statements Yi Hong May 21, 2015.

Combining Static and Dynamic Reasoning for Bug Detection Yannis Smaragdakis and Christoph Csallner Elnatan Reisner – April 17, 2008.

ESCJ 14: ESC/Java Project Review Slides March 6th, 1997.

CMPSC 16 Problem Solving with Computers I Spring 2014 Instructor: Lucas Bang Lecture 11: Pointers.

David Evans CS201j: Engineering Software University of Virginia Computer Science Lecture 10: Programming Exceptionally.

Jeremy Nimmer, page 1 Automatic Generation of Program Specifications Jeremy Nimmer MIT Lab for Computer Science Joint work with.

A loop is a repetition control structure. it causes a single statement or block to be executed repeatedly What is a loop?

Extended Static Checking for Java

SWEN421 – Lecture 3 Building High Integrity Software with SPARK Ada

Chapter 6 CS 3370 – C++ Functions.

3 Introduction to Classes and Objects.

ECE Application Programming

CSE 374 Programming Concepts & Tools

Accessible Formal Methods A Study of the Java Modeling Language

ENEE150 Discussion 13 Section 0101 Adam Wang.

Lecture 9: Exceptions in Java CS201j: Engineering Software

Hoare-style program verification

ReSharper Dainius Kreivys.

STL Iterators Separating Container from Data Access.

60 MINUTES REMAINING.

Java Modeling Language (JML)

Troubleshooting Compiler Errors

Java Annotations for Invariant Specification

Presentation transcript:

escj 28

Compaq Confidential - Need to Know Required

Static checkers

Compaq Confidential - Need to Know Required Type checking vs. extended static checking  Are annotations needed?  How many annotations per variable/method?  Escape hatch for when annotation gets too complicated? Type checkingE.s.c. yes many dynamic castsassume, nowarn

Compaq Confidential - Need to Know Required

Annotation assistant

Compaq Confidential - Need to Know Required Annotation assistant

Compaq Confidential - Need to Know Required Annotation assistant

Compaq Confidential - Need to Know Required Annotation assistant

Compaq Confidential - Need to Know Required Annotation assistant

Compaq Confidential - Need to Know Required Annotation assistant

Compaq Confidential - Need to Know Required -suggest switch  Use simple (possibly bogus) heuristics Cup.java:18: Warning: possible null dereference (Null) x = o.f; ^

Compaq Confidential - Need to Know Required -suggest switch  Use simple (possibly bogus) heuristics Cup.java:18: Warning: possible null dereference (Null) x = o.f; ^ Suggestion: perhaps declare ‘o’ as ‘non_null’

Compaq Confidential - Need to Know Required Annotation wizard design repeat call ESC/Java -suggest on sources; distill output into update instructions; act on update instructions until quiescence

Compaq Confidential - Need to Know Required Update instructions insert … */” at 6,12 in Cup.java else nowarn … */” at 28,17 in Client.java

Compaq Confidential - Need to Know Required Pachyclient case study  ~11,000 lines of code  ~650 methods  43 files  110 minutes (2.5 minutes to compile)  13 iterations  971 annotations

Compaq Confidential - Need to Know Required How were the 110 minutes spent? Iteration Warnings Minutes TOTAL:

Compaq Confidential - Need to Know Required What became of the 971 warnings?  non_null instance fields304 instance fields304 parameters219 parameters219 local variables108(later: 27) local variables108(later: 27) static fields5 static fields5  postcondition RES != null49  requires 0 <= x2  ensures 0 <= RES2  invariant 0 <= x1  no heuristic null related47(29 for ‘null’) null related47(29 for ‘null’) negative related16 negative related16  suggestion in different file169  annotation inserter gives up49

Compaq Confidential - Need to Know Required Did the wizard help?  null and negative checking only warnings on unannotated code:938 warnings on unannotated code:938 warnings on wizard-annotated code:274 warnings on wizard-annotated code:274  all checking (but heuristics only for null and negative) warnings on unannotated code:>1100 warnings on unannotated code:>1100 warnings on wizard-annotated code:488 warnings on wizard-annotated code:488

Compaq Confidential - Need to Know Required What kinds of warnings remain?  Null121(83)  NonNull131(83)  NonNullInit5  IndexNegative15  NegSize2(1)  Cast111  Pre48  IndexTooBig32  Post14  ZeroDiv7  Invariant2 (Numbers in parentheses indicate how many of the warnings have annotation suggestions in libraries.)

Compaq Confidential - Need to Know Required Annotating libraries Suggestion [359,52]: perhaps declare method 'getText' in /tmp_mnt/bill/r/dlusers14/sanjay/srcjava1.1/files/../files/jdk-114.zip: java/awt/TextComponent.class with 'ensures RES != null;'

Compaq Confidential - Need to Know Required

Compaq Research Harder questions