Presentation is loading. Please wait.

Presentation is loading. Please wait.

Jonathan Kuhn Robin Mange EPFL-SSC Compaq Systems Research Center Flanagan, Leino, Lillibridge, Nelson, Saxe and Stata.

Published byGerard Davis Modified over 9 years ago

Similar presentations

Presentation on theme: "Jonathan Kuhn Robin Mange EPFL-SSC Compaq Systems Research Center Flanagan, Leino, Lillibridge, Nelson, Saxe and Stata."— Presentation transcript:

1 Jonathan Kuhn Robin Mange EPFL-SSC Compaq Systems Research Center Flanagan, Leino, Lillibridge, Nelson, Saxe and Stata

2  Software developement and maintenance are expensive tasks  Detecting errors at early stage using static checkers can improve productivity  This paper discusses about one of those, called ESC/Java

3  ESC/Java is a compile time checker featuring VC generation and automatic TP techniques  It provides a simple annotation language to users  It is a « static » and « extended » checker

4 Objectives:  To produce a cost-effective tool that catches as many errors as possible  In between common type checkers and full program verifiers  Providing Modular Checking

5  Modular Checking allows checking of single pieces of code  Annotations are required to provide specifications  Ideal Static Checker attributes:  Soundness  Completeness  Trade-off on both to remain cost-effective

6 1: class Bag { 2: int size ; 3: Int[ ] elements; 4: 5: Bag(int[ ] input) { 6: size = input.length ; 7: elements = new int[size] ; 8: System.arraycopy(input, 0, elements, 0, size) ; 9: } 10: 11: int extractMin() { 12: int min = Integer.MAX VALUE ; 13: int minIndex = 0; 14: for (int i= 1; i <= size ; i++) { 15: if (elements[i ] < min) { 16: min = elements[i] ; 17: minIndex = i ; 18: } 19: } 20: size−−; 21: elements[minIndex]= elements[size] ; 22: return min ; 23: } 24: }

7 1: class Bag { 2: int size ; 3: Int[ ] elements; 4: 5: Bag(int[ ] input) { 6: size = input.length ; 7: elements = new int[size] ; 8: System.arraycopy(input, 0, elements, 0, size) ; 9: } 10: 11: int extractMin() { 12: int min = Integer.MAX VALUE ; 13: int minIndex = 0; 14: for (int i= 1; i <= size ; i++) { 15: if (elements[i ] < min) { 16: min = elements[i] ; 17: minIndex = i ; 18: } 19: } 20: size−−; 21: elements[minIndex]= elements[size] ; 22: return min ; 23: } 24: } 6: Warning: Possible null deference 15: Warning: Possible null deference / Array index possibly too large 21: Warning: Possible null deference / Possible negative Array index

8 1: class Bag { 2: int size ; 3: Int[ ] elements; 4: 5: Bag(int[ ] input) { 6: size = input.length ; 7: elements = new int[size] ; 8: System.arraycopy(input, 0, elements, 0, size) ; 9: } 10: 11: int extractMin() { 12: int min = Integer.MAX VALUE ; 13: int minIndex = 0; 14: for (int i= 1; i <= size ; i++) { 15: if (elements[i ] < min) { 16: min = elements[i] ; 17: minIndex = i ; 18: } 19: } 20: size−−; 21: elements[minIndex]= elements[size] ; 22: return min ; 23: } 24: } //@ invariant 0<=size && size<=elements.length /*@non_null*/ int[] elements; //@requires input!=null 6: Warning: Possible null deference 15: Warning: Possible null deference / Array index possibly too large 21: Warning: Possible null deference / Possible negative Array index

9 Here is a schema of the steps performed by ESC/Java Front End: act like normal compiler Translator: AST => guarded commands (modular checking, loop unrolling) VC Generator: generate verification conditions for each guarder commands. Theorem Prover: TP is invoked for each routine using UBP & SBP

10  Design  Made as Java-like as possible  Captures design decision of the user  Similar as JML annotations  Work similary as Jahob specification (ghost vars, routine specifications, invariant, …)

11  Potential problem: Could be too slow for interactive usage  Annoting appropriately during developpement saves time and catches errors earlier  Optimization made its use satisfactory and sufficient  Require about 50-100 annotations per thousand lines of code

12  Mercator: A part of the code failed on a null pointer array. This was missed during code review and took 6h for ESC/Java to catch it.  JavaFE: 3 weeks spent annoting the code permited to catch dozens of previouly undetected errors.

13  Can be extended static checker made automatic?  How simple can the annotation language be?

14  ESC/Java is easy to use and can detect significant software errors  The concept and the usage is similar to jahob

15 Thomas Wies (Software Engineering) Albert-Ludwigs-University Freiburg

Download ppt "Jonathan Kuhn Robin Mange EPFL-SSC Compaq Systems Research Center Flanagan, Leino, Lillibridge, Nelson, Saxe and Stata."

Similar presentations

Static Analysis for Security

Static Analysis for Security
Verification of object-oriented programs with invariants Mike Barnett, Robert DeLine, Manuel Fahndrich, K. Rustan M. Leino, Wolfram Schulte Formal techniques.

Verification of object-oriented programs with invariants Mike Barnett, Robert DeLine, Manuel Fahndrich, K. Rustan M. Leino, Wolfram Schulte Formal techniques.
Advanced programming tools at Microsoft

Advanced programming tools at Microsoft
Joint work with Mike Barnett, Robert DeLine, Manuel Fahndrich, and Wolfram Schulte Verifying invariants in object-oriented programs K. Rustan M. Leino.

Joint work with Mike Barnett, Robert DeLine, Manuel Fahndrich, and Wolfram Schulte Verifying invariants in object-oriented programs K. Rustan M. Leino.
Extended Static Checking for Java Cormac Flanagan K. Rustan M. Leino Mark Lillibridge Greg Nelson James B. Saxe Raymie Stata Compaq SRC 18 June 2002 PLDI02,

Extended Static Checking for Java Cormac Flanagan K. Rustan M. Leino Mark Lillibridge Greg Nelson James B. Saxe Raymie Stata Compaq SRC 18 June 2002 PLDI02,
Demand-driven inference of loop invariants in a theorem prover

Demand-driven inference of loop invariants in a theorem prover
Object Invariants in Specification and Verification K. Rustan M. Leino Microsoft Research, Redmond, WA Joint work with: Mike Barnett, Ádám Darvas, Manuel.

Object Invariants in Specification and Verification K. Rustan M. Leino Microsoft Research, Redmond, WA Joint work with: Mike Barnett, Ádám Darvas, Manuel.
Technologies for finding errors in object-oriented software K. Rustan M. Leino Microsoft Research, Redmond, WA Lecture 0 Summer school on Formal Models.

Technologies for finding errors in object-oriented software K. Rustan M. Leino Microsoft Research, Redmond, WA Lecture 0 Summer school on Formal Models.
Spec# K. Rustan M. Leino Senior Researcher Programming Languages and Methods Microsoft Research, Redmond, WA, USA Microsoft Research faculty summit, Redmond,

Spec# K. Rustan M. Leino Senior Researcher Programming Languages and Methods Microsoft Research, Redmond, WA, USA Microsoft Research faculty summit, Redmond,
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Challenges in increasing tool support for programming K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 23 Sep 2004 ICTAC Guiyang, Guizhou, PRC joint.

Challenges in increasing tool support for programming K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 23 Sep 2004 ICTAC Guiyang, Guizhou, PRC joint.
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 8.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 8.
Omnibus: A clean language and supporting tool for integrating different assertion-based verification techniques Thomas Wilson, Savi Maharaj, Robert G.

Omnibus: A clean language and supporting tool for integrating different assertion-based verification techniques Thomas Wilson, Savi Maharaj, Robert G.
Modular and Verified Automatic Program Repair Francesco Logozzo, Thomas Ball RiSE - Microsoft Research Redmond.

Modular and Verified Automatic Program Repair Francesco Logozzo, Thomas Ball RiSE - Microsoft Research Redmond.
The Spec# programming system K. Rustan M. Leino Microsoft Research, Redmond, WA, USA Distinguished Lecture Series Max Planck Institute for Software Systems.

The Spec# programming system K. Rustan M. Leino Microsoft Research, Redmond, WA, USA Distinguished Lecture Series Max Planck Institute for Software Systems.
Extended Static Checking for Haskell (ESC/Haskell) Dana N. Xu University of Cambridge advised by Simon Peyton Jones Microsoft Research, Cambridge.

Extended Static Checking for Haskell (ESC/Haskell) Dana N. Xu University of Cambridge advised by Simon Peyton Jones Microsoft Research, Cambridge.
Imperative Programming with Dependent Types Hongwei Xi University of Cincinnati.

Imperative Programming with Dependent Types Hongwei Xi University of Cincinnati.
Verification of Multithreaded Object- Oriented Programs with Invariants Bart Jacobs, K. Rustan M. Leino, Wolfram Schulte.

Verification of Multithreaded Object- Oriented Programs with Invariants Bart Jacobs, K. Rustan M. Leino, Wolfram Schulte.
JML and ESC/Java2: An Introduction Karl Meinke School of Computer Science and Communication, KTH.

JML and ESC/Java2: An Introduction Karl Meinke School of Computer Science and Communication, KTH.
272: Software Engineering Fall 2008 Instructor: Tevfik Bultan Lecture 3: Java Modeling Language and Extended Static Checking.

272: Software Engineering Fall 2008 Instructor: Tevfik Bultan Lecture 3: Java Modeling Language and Extended Static Checking.

Similar presentations

Ads by Google