Presentation is loading. Please wait.

Presentation is loading. Please wait.

Usable code verification: balancing costs and benefits Two nuggets: User-defined verifiers Crowd-sourced verification Michael D. Ernst University of Washington.

Published byLesley Wilkinson Modified over 9 years ago

Similar presentations

Presentation on theme: "Usable code verification: balancing costs and benefits Two nuggets: User-defined verifiers Crowd-sourced verification Michael D. Ernst University of Washington."— Presentation transcript:

1 Usable code verification: balancing costs and benefits Two nuggets: User-defined verifiers Crowd-sourced verification Michael D. Ernst University of Washington with: Mahmood Ali, Steph Dietzel, Werner Dietl, Kivanc Muslu, Matt Papi, Todd Schiller, …

2 Goals for usable verification: scalability to real programs and programmers Natural: fits into developer mindset and IDE – Usable by first-year college students – Comprehensible, predictable success/failure Incremental benefit: instant gratification – Fast verification – Partial correctness domain-specific properties loopholes (hand-checked) – Partial programs: modular Customizable: user can create/extend verifiers

3 Type systems The (only) shining success of formal verification The built-in type system prevents too few bugs java.lang.NullPointerException

4 Solution: Pluggable type systems Design a type system to solve a specific problem Write type qualifiers in code (or, use type inference) @Immutable Date date = new Date(0); date.setTime(70); // compile-time error Type checker warns about violations (bugs) % javac -processor NullnessChecker MyFile.java MyFile.java:149: dereference of possibly-null reference bb2 allVars = bb2.vars; ^

5 What bugs can you detect & prevent? Null dereferences @NonNull Mutation and side-effects @Immutable Concurrency: locking @GuardedBy Security: encryption, @Encrypted tainting @Untainted Aliasing @Linear Equality tests @Interned Strings: localization, @Localized regular expression syntax, @Regex signature format @FullyQualified Typestate (e.g., open/closed files) @State Users can write their own checkers! The annotation you write: 5 The property you care about:

6 Using a checker Run in IDE or on command line Works as a compiler plug-in (annotation processor) Uses familiar error messages % javac –processor NullnessChecker MyFile.java MyFile.java:9: incompatible types. nonNullVar = nullableValue; ^ found : @Nullable String required: @NonNull String 6

7 Features Tool support Full type system – Inheritance – Overriding – Type and qualifier polymorphism Pre-/post-conditions Local type inference Qualifier defaults Warning suppression Tool integration: javac, Eclipse, Ant, Maven, … Global inference tools: nullness, mutability Type annotations planned for Java 8 – Write in comments today

8 Taint checker To use it: 1.Write @Untainted in your program List getPosts(@Untainted String category) {…} 2.Compile your program javac -processor BasicChecker -Aquals=Untainted MyProgram.java @TypeQualifier @SubtypeOf(Unqualified.class) @ImplicitFor(trees = {STRING_LITERAL}) public @interface Untainted { } The complete code Writing a new checker: Simple type-checkers are very easy to write; complicated ones are possible to write

9 Results: Effective and easy to use Easy to use – Used by students in the first CS majors class at UW – In use industrially – My group has annotated 3 million lines of code Effective: found >300 bugs, in the JDK, Google Collections, Lucene, Xerces, ASM, SVNKit, … Annotations are not verbose – Fewer than 1 per 75 lines – Few false positive warnings

10 Verification from the genesis Post-hoc annotation and verification is painful Writing annotations with the code is painless Must both write and verify from the beginning (A generalized approach: Ductile subsumes hybrid and gradual typing: http://code.google.com/p/ductilej/)http://code.google.com/p/ductilej/

11 Type systems complement other verification strategies There is a place for both Types are more limited in expressiveness – cf. arbitrary assertions, first-order logic Many important properties are expressible

12 Nugget 2: Making software correctness profitable Leveraging comparative advantage in software engineering tools

13 Software bugs cost the US economy an estimated $59.5 billion annually Testing and verification are labor intensive Skilled labor is expensive

14 An Abundance of Cheap(er) Labor Average software developer$43.00 / hr Average Mechanical Turk worker$1.40 / hr

15 Adaptive Semi-Automated (ASA) tools use less-skilled, less-expensive, workers Decompose large tasks into automated and human-performed subtasks

16 Using less-skilled labor can be clean and simple What happens when you can’t cleanly create simple subtasks? http://labelme.csail.mit.edu/mechanicalturk.html

17 Design Principles 1.Target well-defined skill sets 2.Exploit parallelism between subtasks 3.Create labor markets to minimize costs

18 Research Questions What skill sets are required for Einstein and John to use the tool? What is the learning curve for Einstein and John to use the tool? Given a task and salaries, how much time and money is saved by using the tool? Given a fixed resource budget, can the tool provide benefits beyond those provided by other methods?

19 Tool design is an optimization problem ASA tool design requires empirical studies

20 Checker Framework for creating type checkers – Featureful, effective, easy to use, scalable Prevent bugs at compile time Create custom type- checkers Ask me for a demo, or download: types.cs.washington.edu/ Reduce the cost of software engineering by using less-skilled labor Adaptive to make up for imperfect task decomposition Tool analysis is an optimization problem Pluggable type systems Adaptive semi- automated verification Balancing costs and benefits for widespread verification: Natural, incremental, customizable

Download ppt "Usable code verification: balancing costs and benefits Two nuggets: User-defined verifiers Crowd-sourced verification Michael D. Ernst University of Washington."

Similar presentations

Static Analysis for Security

Static Analysis for Security
Top 10 User Mistakes with Static Analysis Sate IV March 2012.

Top 10 User Mistakes with Static Analysis Sate IV March 2012.
Javascript Code Quality Check Tools Javascript Code Quality Check Tools JavaScript was originally intended to do small tasks in webpages, but now JavaScript.

Javascript Code Quality Check Tools Javascript Code Quality Check Tools JavaScript was originally intended to do small tasks in webpages, but now JavaScript.
Identity and Equality Based on material by Michael Ernst, University of Washington.

Identity and Equality Based on material by Michael Ernst, University of Washington.
MAHDI OMAR JUNIT TUTORIAL. CONTENTS Installation of Junit Eclipse support for Junit Using Junit exercise JUnit options Questions Links and Literature.

MAHDI OMAR JUNIT TUTORIAL. CONTENTS Installation of Junit Eclipse support for Junit Using Junit exercise JUnit options Questions Links and Literature.
Alternate Software Development Methodologies

Alternate Software Development Methodologies
Preventing bugs with pluggable type checking Michael D. Ernst University of Washington Object x)

Preventing bugs with pluggable type checking Michael D. Ernst University of Washington Object x)
GUI Threading Explained and Verified Michael Ernst U. of Washington, Seattle, USA IMDEA Software Institute, Madrid, Spain joint work with Colin Gordon,

GUI Threading Explained and Verified Michael Ernst U. of Washington, Seattle, USA IMDEA Software Institute, Madrid, Spain joint work with Colin Gordon,
Static code check – Klocwork

Static code check – Klocwork
Detecting and preventing bugs with pluggable type-checking Michael D. Ernst University of Washington Joint work with Mahmood Ali, Werner Dietl, …

Detecting and preventing bugs with pluggable type-checking Michael D. Ernst University of Washington Joint work with Mahmood Ali, Werner Dietl, …
1 The JQuery Tool A Generic Query-Based Code browser for Eclipse Project leaders: Kris De Volder, Gregor Kiczales Students: Doug Janzen, Rajeswari Rajagopalan,

1 The JQuery Tool A Generic Query-Based Code browser for Eclipse Project leaders: Kris De Volder, Gregor Kiczales Students: Doug Janzen, Rajeswari Rajagopalan,
Software Practices Lab. -- The University of British Columbia 1 The JQuery Tool A Generic Query-Based Code browser for Eclipse Project leaders: Kris De.

Software Practices Lab. -- The University of British Columbia 1 The JQuery Tool A Generic Query-Based Code browser for Eclipse Project leaders: Kris De.
Software Engineering and Design Principles Chapter 1.

Software Engineering and Design Principles Chapter 1.
C. FlanaganSAS’04: Type Inference Against Races1 Type Inference Against Races Cormac Flanagan UC Santa Cruz Stephen N. Freund Williams College.

C. FlanaganSAS’04: Type Inference Against Races1 Type Inference Against Races Cormac Flanagan UC Santa Cruz Stephen N. Freund Williams College.
Software Quality Metrics

Software Quality Metrics
Visualizing Type Qualifier Inference with Eclipse David Greenfieldboyce Jeffrey S. Foster University of Maryland.

Visualizing Type Qualifier Inference with Eclipse David Greenfieldboyce Jeffrey S. Foster University of Maryland.
CQual: A Tool for Adding Type Qualifiers to C Jeff Foster et al UC Berkeley OSQ Retreat, May 21-23 2002.

CQual: A Tool for Adding Type Qualifiers to C Jeff Foster et al UC Berkeley OSQ Retreat, May
2007 Adobe Systems Incorporated. All Rights Reserved. 1 Joe Berkovitz VP Engineering Allurent, Inc. Continuous Integration with Flex, FlexUnit, and Ant.

2007 Adobe Systems Incorporated. All Rights Reserved. 1 Joe Berkovitz VP Engineering Allurent, Inc. Continuous Integration with Flex, FlexUnit, and Ant.
CSE 403 Lecture 11 Static Code Analysis Reading: IEEE Xplore, Using Static Analysis to Find Bugs slides created by Marty Stepp

CSE 403 Lecture 11 Static Code Analysis Reading: IEEE Xplore, "Using Static Analysis to Find Bugs" slides created by Marty Stepp
Getting Started With Java Downloading and installing software Running your first program Dr. DwyerFall 2012.

Getting Started With Java Downloading and installing software Running your first program Dr. DwyerFall 2012.

Similar presentations

Ads by Google