Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with.

Slides:

Advertisements

Similar presentations

Verification of object-oriented programs with invariants Mike Barnett, Robert DeLine, Manuel Fahndrich, K. Rustan M. Leino, Wolfram Schulte Formal techniques.

Advertisements

Advanced programming tools at Microsoft

Extended Static Checking for Java Cormac Flanagan K. Rustan M. Leino Mark Lillibridge Greg Nelson James B. Saxe Raymie Stata Compaq SRC 18 June 2002 PLDI02,

The Spec# programming system K. Rustan M. Leino Microsoft Research, Redmond, WA, USA Lunch seminar, Praxis Bath, UK 6 Dec 2005 joint work with Mike Barnett,

Demand-driven inference of loop invariants in a theorem prover

Technologies for finding errors in object-oriented software K. Rustan M. Leino Microsoft Research, Redmond, WA Lecture 0 Summer school on Formal Models.

Spec# K. Rustan M. Leino Senior Researcher Programming Languages and Methods Microsoft Research, Redmond, WA, USA Microsoft Research faculty summit, Redmond,

Challenges in increasing tool support for programming K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 23 Sep 2004 ICTAC Guiyang, Guizhou, PRC joint.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 8.

De necessariis pre condiciones consequentia sine machina P. Consobrinus, R. Consobrinus M. Aquilifer, F. Oratio.

The Dafny program verifier

K. Rustan M. Leino Research in Software Engineering (RiSE) Microsoft Research, Redmond, WA, USA 15 January 2009 Séminaire Digiteo Orsay, France.

The Spec# programming system K. Rustan M. Leino Microsoft Research, Redmond, WA, USA Distinguished Lecture Series Max Planck Institute for Software Systems.

50.530: Software Engineering Sun Jun SUTD. Week 10: Invariant Generation.

Verification of Multithreaded Object- Oriented Programs with Invariants Bart Jacobs, K. Rustan M. Leino, Wolfram Schulte.

Looping while … do …. Condition Process 2 Process 1 Y Repeated Loop.

Computer and Programming

1 ADT and Data Structure Example Generics / Parameterized Classes Using a Set Implementing a Set with an Array Example: SetADT interface Example: ArraySet.

Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.

Avoiding Exponential Explosion: Generating Compact Verification Conditions Cormac Flanagan and James B. Saxe Compaq Systems Research Center With help from.

1 Automatic Software Model Checking via Constraint Logic Programming Cormac Flanagan Systems Research Center HP Labs.

C. FlanaganSAS’04: Type Inference Against Races1 Type Inference Against Races Cormac Flanagan UC Santa Cruz Stephen N. Freund Williams College.

An overview of JML tools and applications Lilian Burdy Gemplus Yoonsik Cheon, Gary Leavens Iowa Univ. David Cok Kodak Michael Ernst MIT Rustan Leino Microsoft.

1 Thread Modular Model Checking Cormac Flanagan Systems Research Center HP Labs Joint work with Shaz Qadeer (Microsoft Research)

Modular Verification of Multithreaded Software Shaz Qadeer Compaq Systems Research Center Shaz Qadeer Compaq Systems Research Center Joint work with Cormac.

Structured Programming and UML Overview Session 2 LBSC 790 / INFM 718B Building the Human-Computer Interface.

Houdini: An Annotation Assistant for ESC/Java Cormac Flanagan and K. Rustan M. Leino Compaq Systems Research Center.

Using data groups to specify and check side effects K. Rustan M. Leino Microsoft Research Arnd Poetzsch-Heffter Universität Kaiserslautern Yunhong Zhou.

Predicate Abstraction for Software Verification Cormac Flanagan Shaz Qadeer Compaq Systems Research Center.

1 A Modular Checker for Multithreaded Programs Cormac Flanagan HP Systems Research Center Joint work with Shaz Qadeer Sanjit A. Seshia.

1 Lab Session-9 CSIT-121 Fall 2003 w Random Number Generation w Designing a Game.

Cmp Sci 187: Midterm Review Based on Lecture Notes.

10 ThinkOfANumber program1July ThinkOfANumber program CE : Fundamental Programming Techniques.

Jonathan Kuhn Robin Mange EPFL-SSC Compaq Systems Research Center Flanagan, Leino, Lillibridge, Nelson, Saxe and Stata.

Extended Static Checking for Java or Light-weight formal methods: from objects to components Joint work with Cormac Flanagan, Mark Lillibridge, Greg Nelson,

Software Engineering Prof. Dr. Bertrand Meyer March 2007 – June 2007 Chair of Software Engineering Static program checking and verification Slides: Based.

Array Cs212: DataStructures Lab 2. Array Group of contiguous memory locations Each memory location has same name Each memory location has same type a.

ROBERT BOCCHINO, ET AL. UNIVERSAL PARALLEL COMPUTING RESEARCH CENTER UNIVERSITY OF ILLINOIS A Type and Effect System for Deterministic Parallel Java *Based.

Extended Static Checking for Java  ESC/Java finds common errors in Java programs: null dereferences, array index bounds errors, type cast errors, race.

The Daikon system for dynamic detection of likely invariants MIT Computer Science and Artificial Intelligence Lab. 16 January 2007 Presented by Chervet.

Applications of extended static checking K. Rustan M. Leino Compaq SRC K. Rustan M. Leino Compaq SRC Systems Research Center Invited talk, SAS’01, Paris,

CS Data Structures I Chapter 2 Principles of Programming & Software Engineering.

Homework Assignment #1 J. H. Wang Oct. 13, Homework #1 Chap.1: 1.24 Chap.2: 2.13 Chap.3: 3.5, 3.13* (or 3.14*) Chap.4: 4.6, 4.12* –(*: optional.

Georgia Institute of Technology More on Creating Classes part 2 Barb Ericson Georgia Institute of Technology Oct 2005.

Sheet 3 HANDLING EXCEPTIONS Advanced Programming using Java By Nora Alaqeel.

Institute for Applied Information Processing and Communications (IAIK) – Secure & Correct Systems 1 Verification & Testing UEKönighofer, Khalimov, Rabensteiner2015.

Extended Static Checking for Java or Light-weight formal methods: from objects to components Joint work with Cormac Flanagan, Mark Lillibridge, Greg Nelson,

Extended Static Checking for Java Cormac Flanagan Joint work with: Rustan Leino, Mark Lillibridge, Greg Nelson, Jim Saxe, and Raymie Stata.

Inculcating Invariants in Introductory Courses David Evans and Michael Peck University of Virginia ICSE 2006 Education Track Shanghai, 24 May

Verificare şi Validarea Sistemelor Soft Tem ă Laborator 1 ESC/Java2 Extended Static Checker for Java Dat ă primire laborator: Lab 1 Dat ă predare laborator:

Software Development Introduction

Institute for Applied Information Processing and Communications (IAIK) – Secure & Correct Systems 1 Static Checking  note for.

David Evans CS201j: Engineering Software University of Virginia Computer Science Lecture 9: Designing Exceptionally.

ESCJ 15: Design issues for ESC/Java April 2nd, 1997 Private variables in spec’s? Modifies clauses? Specifications for interfaces? Vector-bounds checking?

Extended Static Checking for Java Cormac Flanagan Joint work with: Rustan Leino, Mark Lillibridge, Greg Nelson, Jim Saxe, and Raymie Stata Compaq Systems.

Combining Static and Dynamic Reasoning for Bug Detection Yannis Smaragdakis and Christoph Csallner Elnatan Reisner – April 17, 2008.

Special Methods in Java. Mathematical methods The Math library is extensive, has many methods that you can call to aid you in your programming. Math.pow(double.

ESCJ 14: ESC/Java Project Review Slides March 6th, 1997.

Debugging, bug finding and bug avoidance Part 2 Alan Dix

Given a set of data points as input Randomly assign each point to one of the k clusters Repeat until convergence – Calculate model of each of the k clusters.

Programming for Beginners Martin Nelson Elizabeth FitzGerald Lecture 9: Arrays; Revision Session.

Debugging and Testing Hussein Suleman March 2007 UCT Department of Computer Science Computer Science 1015F.

Jeremy Nimmer, page 1 Automatic Generation of Program Specifications Jeremy Nimmer MIT Lab for Computer Science Joint work with.

escj 28 Compaq Confidential - Need to Know Required.

Testing and Debugging UCT Department of Computer Science Computer Science 1015F Hussein Suleman March 2009.

Extended Static Checking for Java

Accessible Formal Methods A Study of the Java Modeling Language

Spec# Writing and checking contracts in a .NET language

Hoare-style program verification

Learning Intention I will learn about the standard algorithm for input validation.

Presentation transcript:

Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan Systems Research Center Oxford University, 15 January 2001

Static program checking

Static program checkers

ESC/Java architecture

ESC/Java example Warning: Index possibly too big

Annotation assistant

HoudiniHoudini The great ESC wizard!

Annotation assistant Unannotated Java program Inference engine Annotated Java program ESC/Java Warning messages

Basic Houdini algorithm generate candidate set of annotations ; repeat invoke ESC/Java to refute annotations ; remove refuted annotations until quiescence ; invoke ESC/Java to identify possible defects

Candidate annotations  integer f invariant f cmp expr ; cmp  { =,>}  reference f invariant f != null ;  array f invariant \nonnullelements(f) ; invariant (\forall int i; 0 f[i] != null) ; invariant f.length cmp expr ;

Houdini input Houdini “program” “specified library” “library” Houdini guesses “optimistic” annotations Houdini infers annotations, and reports warnings … and Houdini always uses any given annotations

Houdini output

ExperienceExperience

Static program checkers HoudiniHoudini

Future (ongoing) work  Streamline guessing  Increase performance  Rev up user interface

ConclusionsConclusions  Houdini can apply the power of ESC/Java to legacy code  Houdini is a tool by itself  Inferred non-properties are useful in debugging See also