esc java
play

ESC/Java extended static checking for Java Erik Poll, Joe Kiniry, - PowerPoint PPT Presentation

Oct 12, 2023 •109 likes •334 views

ESC/Java extended static checking for Java Erik Poll, Joe Kiniry, David Cok University of Nijmegen; Eastman Kodak Company Erik Poll - JML p.1/17 ESC/Java Extended static checker by Rustan Leino et.al. [Compaq]. tries to prove

  1. ESC/Java extended static checking for Java Erik Poll, Joe Kiniry, David Cok University of Nijmegen; Eastman Kodak Company Erik Poll - JML – p.1/17

  2. ESC/Java Extended static checker by Rustan Leino et.al. [Compaq]. • tries to prove correctness of specifications, at compile-time, fully automatically Erik Poll - JML – p.2/17

  3. ESC/Java Extended static checker by Rustan Leino et.al. [Compaq]. • tries to prove correctness of specifications, at compile-time, fully automatically • not sound , not complete , but finds lots of potential bugs quickly Erik Poll - JML – p.2/17

  4. ESC/Java Extended static checker by Rustan Leino et.al. [Compaq]. • tries to prove correctness of specifications, at compile-time, fully automatically • not sound , not complete , but finds lots of potential bugs quickly • good at proving absence of runtime exceptions (eg Null-, ArrayIndexOutOfBounds-, ClassCast-) and verifying relatively simple properties. Erik Poll - JML – p.2/17

  5. ESC/Java Extended static checker by Rustan Leino et.al. [Compaq]. • tries to prove correctness of specifications, at compile-time, fully automatically • not sound , not complete , but finds lots of potential bugs quickly • good at proving absence of runtime exceptions (eg Null-, ArrayIndexOutOfBounds-, ClassCast-) and verifying relatively simple properties. • ESC/Java only supported a subset of full JML, but ESC/Java2 by Joe Kiniry [KUN] & David Cok [Kodak] remedies this. Erik Poll - JML – p.2/17

  6. static checking vs runtime checking Important differences: • ESC/Java checks specs at compile-time, jmlc checks specs at run-time • ESC/Java proves correctness of specs, jml only tests correctness of specs. Hence • ESC/Java independent of any test suite, results of runtime testing only as good as the test suite, • ESC/Java provided higher degree of confidence. Erik Poll - JML – p.3/17

  7. ESC/Java “demo” class Bag { int[] a; int n; int extractMin() { int m = Integer.MAX_VALUE; int mindex = 0; for (int i = 1; i <= n; i++) { if (a[i] < m) { mindex =i; m = a[i]; } } n--; a[mindex] = a[n]; return m; } Erik Poll - JML – p.4/17

  8. ESC/Java “demo” class Bag { int[] a; int n; int extractMin() { int m = Integer.MAX_VALUE; int mindex = 0; for (int i = 1; i <= n; i++) { if (a[i] < m) { mindex =i; m = a[i]; } } n--; a[mindex] = a[n]; return m; } Warning: possible null deference. Plus other warnings Erik Poll - JML – p.5/17

  9. ESC/Java “demo” class Bag { int[] a; //@ invariant a != null; int n; int extractMin() { int m = Integer.MAX_VALUE; int mindex = 0; for (int i = 1; i <= n; i++) { if (a[i] < m) { mindex =i; m = a[i]; } } n--; a[mindex] = a[n]; return m; } Erik Poll - JML – p.6/17

  10. ESC/Java “demo” class Bag { int[] a; //@ invariant a != null; int n; int extractMin() { int m = Integer.MAX_VALUE; int mindex = 0; for (int i = 1; i <= n; i++) { if (a[i] < m) { mindex =i; m = a[i]; } } n--; a[mindex] = a[n]; return m; } Warning: Array index possibly too large Erik Poll - JML – p.7/17

  11. ESC/Java “demo” class Bag { int[] a; //@ invariant a != null; int n; //@ invariant 0 <= n && n <= a.length; int extractMin() { int m = Integer.MAX_VALUE; int mindex = 0; for (int i = 1; i <= n; i++) { if (a[i] < m) { mindex =i; m = a[i]; } } n--; a[mindex] = a[n]; return m; } Erik Poll - JML – p.8/17

  12. ESC/Java “demo” class Bag { int[] a; //@ invariant a != null; int n; //@ invariant 0 <= n && n <= a.length; int extractMin() { int m = Integer.MAX_VALUE; int mindex = 0; for (int i = 1; i <= n; i++) { if (a[i] < m) { mindex =i; m = a[i]; } } n--; a[mindex] = a[n]; return m; } Warning: Array index possibly too large Erik Poll - JML – p.9/17

  13. ESC/Java “demo” class Bag { int[] a; //@ invariant a != null; int n; //@ invariant 0 <= n && n <= a.length; int extractMin() { int m = Integer.MAX_VALUE; int mindex = 0; for (int i = 0; i < n; i++) { if (a[i] < m) { mindex =i; m = a[i]; } } n--; a[mindex] = a[n]; return m; } Erik Poll - JML – p.10/17

  14. ESC/Java “demo” class Bag { int[] a; //@ invariant a != null; int n; //@ invariant 0 <= n && n <= a.length; int extractMin() { int m = Integer.MAX_VALUE; int mindex = 0; for (int i = 0; i < n; i++) { if (a[i] < m) { mindex =i; m = a[i]; } } n--; a[mindex] = a[n]; return m; } Warning: Possible negative array index Erik Poll - JML – p.11/17

  15. ESC/Java “demo” class Bag { int[] a; //@ invariant a != null; int n; //@ invariant 0 <= n && n <= a.length; //@ requires n > 0; int extractMin() { int m = Integer.MAX_VALUE; int mindex = 0; for (int i = 0; i < n; i++) { if (a[i] < m) { mindex =i; m = a[i]; } } n--; a[mindex] = a[n]; return m; } Erik Poll - JML – p.12/17

  16. ESC/Java “demo” class Bag { int[] a; //@ invariant a != null; int n; //@ invariant 0 <= n && n <= a.length; //@ requires n > 0; int extractMin() { int m = Integer.MAX_VALUE; int mindex = 0; for (int i = 0; i < n; i++) { if (a[i] < m) { mindex =i; m = a[i]; } } n--; a[mindex] = a[n]; return m; } No more warnings about this code Erik Poll - JML – p.13/17

  17. ESC/Java “demo” class Bag { int[] a; //@ invariant a != null; int n; //@ invariant 0 <= n && n <= a.length; //@ requires n > 0; int extractMin() { int m = Integer.MAX_VALUE; int mindex = 0; for (int i = 0; i < n; i++) { if (a[i] < m) { mindex =i; m = a[i]; } } n--; a[mindex] = a[n]; return m; } . . . but warnings about calls to extractMin() that do not ensure precondition Erik Poll - JML – p.14/17

  18. Some points to note • ESC/Java forces one to specify some properties. Erik Poll - JML – p.15/17

  19. Some points to note • ESC/Java forces one to specify some properties. • If you understand the code, then these properties are obvious. But for larger programs this may not be the case! Erik Poll - JML – p.15/17

  20. Some points to note • ESC/Java forces one to specify some properties. • If you understand the code, then these properties are obvious. But for larger programs this may not be the case! • If you have these properties documented, then understanding the code is easier. Erik Poll - JML – p.15/17

  21. ESC/Java vs runtime checking (cont.) • For runtime assertion checking, we could choose what we specify, e.g. all, one, or none of the properties we have written for Bag . • But for ESC/Java to accept a spec, we are forced to specify all properties (e.g. invariants, preconditions) that this spec relies on. Erik Poll - JML – p.16/17

  22. Limitations of ESC/Java Like most tools, ESC/Java is • not complete: it may complain about a correct spec • not sound: it may fail to warn about an incorrect spec ESC/Java warns about many potential bugs, but not about all actual bugs. These are unavoidable concessions to main goal: pointing out lots of potential bugs quickly & completely automatically In practice ESC/Java is quite good at checking simple specs, e.g. ruling out any NullPointer- and IndexOutOfBoundsExceptions Erik Poll - JML – p.17/17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

JAVA Java vs. Java Java Language Specification

JAVA Java vs. Java Java Language Specification

BR 10/05 JAVA Java vs. Java Java Language Specification http://java.sun.com/docs/books/jls/second_edition/html/j.title.doc.html Java programming language is compiled into java byte code Java Virtual Machine Specification

1.07k views • 44 slides
Multi-core in JVM/Java Concurrent programming in java Prior Java 5 Java 5 (2006)

Multi-core in JVM/Java Concurrent programming in java Prior Java 5 Java 5 (2006)

Multi-core in JVM/Java Concurrent programming in java Prior Java 5 Java 5 (2006) Java 7 (2010) Other topics Basic concurrency in Java Java Memory Model describes how threads interact through memory Single thread

812 views • 34 slides
Java Java Basics Java Program Statements Java Review Conditional statements

Java Java Basics Java Program Statements Java Review Conditional statements

Java Java Basics Java Program Statements Java Review Conditional statements Repetition statements (loops) Writing Classes in Java Selim Aksoy Class definitions Bilkent University Encapsulation and Java modifiers

346 views • 11 slides
1 Java compilation model Java bytecode format void spin () { int i; for (i = 0; i &lt; 100;

1 Java compilation model Java bytecode format void spin () { int i; for (i = 0; i &lt; 100;

The Java programming environment Introduction to JVM Based on material produced by Bill Venners 1 2 The Java platform The role of the virtual machime byte code generated by the Java front-end is an intermediate representation (IR)

834 views • 3 slides
TM Technology for Blu-ray and TV: Java Creating your own Blu-ray Java Discs The Blu-ray Java

TM Technology for Blu-ray and TV: Java Creating your own Blu-ray Java Discs The Blu-ray Java

TM Technology for Blu-ray and TV: Java Creating your own Blu-ray Java Discs The Blu-ray Java Authoring Team: Bill Foote, Chihiro Saito, A. Sundararajan, Jaya Hangal TS-5449 Talk Outline HD Cookbook Community Overview Target: Blu-ray

592 views • 44 slides
DTrace Topics: -&gt; java/lang/System.arraycopy &lt;- java/lang/System.arraycopy Java &lt;-

DTrace Topics: -&gt; java/lang/System.arraycopy &lt;- java/lang/System.arraycopy Java &lt;-

# ./jflow.d &lt;- java/lang/Thread.sleep -&gt; Greeting.greet -&gt; java/io/PrintStream.println -&gt; java/io/PrintStream.print -&gt; java/io/PrintStream.write -&gt; java/io/PrintStream.ensureOpen &lt;- java/io/PrintStream.ensureOpen -&gt;

632 views • 34 slides
Migrating to Java 9 Modules @Sander_Mak By Sander Mak Migrating to Java 9 Java 8 java -cp ..

Migrating to Java 9 Modules @Sander_Mak By Sander Mak Migrating to Java 9 Java 8 java -cp ..

Migrating to Java 9 Modules @Sander_Mak By Sander Mak Migrating to Java 9 Java 8 java -cp .. -jar myapp.jar Java 9 java -cp .. -jar myapp.jar Today's journey Running on Java 9 Java 9 modules Migrating to modules Modularising code

851 views • 45 slides
C vs Java Dalhousie University Winter 2019 Comparing C to Java Assumption: You know Java well.

C vs Java Dalhousie University Winter 2019 Comparing C to Java Assumption: You know Java well.

CSCI 2132: Software Development Norbert Zeh Faculty of Computer Science C vs Java Dalhousie University Winter 2019 Comparing C to Java Assumption: You know Java well. Focus on differences between C and Java. Arithmetic Operators Most

152 views • 14 slides
Actually, C++ and Java are much the same as C. C was designed in the 1970s. 1 Java 2 C 3

Actually, C++ and Java are much the same as C. C was designed in the 1970s. 1 Java 2 C 3

C is a high level language (HLL) Its syntax is much the same as Java and C++, but no objects. Actually, C++ and Java are much the same as C. C was designed in the 1970s. 1 Java 2 C 3 Why C ? 1. Millions of lines of code have been

377 views • 23 slides
JAVA Language Mapping Java IDL (CORBA) introduced in Version 1.2 of the Java 2 platform,

JAVA Language Mapping Java IDL (CORBA) introduced in Version 1.2 of the Java 2 platform,

BR 11/05 JAVA Language Mapping Java IDL (CORBA) introduced in Version 1.2 of the Java 2 platform, provides an interface between Java programs and distributed objects and services built using the Common Object Request Broker

355 views • 31 slides
JAVA Basics &amp; OOP 2020/3/14 Write Once, Run Anywhere Java Virtual Machine (JVM)

JAVA Basics &amp; OOP 2020/3/14 Write Once, Run Anywhere Java Virtual Machine (JVM)

Poly- mor- phism Abstra ction Class OOP Inheri -tance En- capsu- lation Kuan-Ting Lai JAVA Basics &amp; OOP 2020/3/14 Write Once, Run Anywhere Java Virtual Machine (JVM) http://net-informations.com/java/intro/jvm.htm Java Overview

660 views • 44 slides
RIDING THE JET STREAMS FUAD MALIKOV | HAZELCAST JAVA 8 STREAM API WHAT IS IT? JAVA 8 PRE JAVA

RIDING THE JET STREAMS FUAD MALIKOV | HAZELCAST JAVA 8 STREAM API WHAT IS IT? JAVA 8 PRE JAVA

RIDING THE JET STREAMS FUAD MALIKOV | HAZELCAST JAVA 8 STREAM API WHAT IS IT? JAVA 8 PRE JAVA 8 HISTORIC TIMES Collections Iterators For loops If-else statements WORD COUNT CODE Pre Java 8 Stream examples Get the unique

489 views • 19 slides
The testing pyramid Maurcio F. Aniche M.F.Aniche@tudelft.nl A.java ATest.java Thats what

The testing pyramid Maurcio F. Aniche M.F.Aniche@tudelft.nl A.java ATest.java Thats what

The testing pyramid Maurcio F. Aniche M.F.Aniche@tudelft.nl A.java ATest.java Thats what we have been calling B.java BTest.java Unit Testing . C.java CTest.java Some definitions ISQTB: Searches for defects in, and verifies the

604 views • 17 slides
C++ -&gt; Java Moving from C++ to Java Execu7ve

C++ -&gt; Java Moving from C++ to Java Execu7ve

C++ -&gt; Java Moving from C++ to Java Execu7ve Summary Introduces Java to a C++ programmer. Provides a roadmap for understanding advanced

798 views • 50 slides
Upgrading Past Java 9 Sounds Scary and I dont want to pay for Java Super happy with Java 8,

Upgrading Past Java 9 Sounds Scary and I dont want to pay for Java Super happy with Java 8,

Upgrading Past Java 9 Sounds Scary and I dont want to pay for Java Super happy with Java 8, Super happy with Java 8, thanks thanks Starting with Java 11, Oracle will provide JDK releases under the open source GNU General Public License

1.01k views • 71 slides
Todays topics Java Syntax and Grammars Sample Programs Upcoming More

Todays topics Java Syntax and Grammars Sample Programs Upcoming More

Todays topics Java Syntax and Grammars Sample Programs Upcoming More Java Reading Great Ideas , Chapter 2 Java! Java is a buzzword-enabled language From Sun (the developers of Java), Java is a simple,

582 views • 28 slides
Identifying Intention Posts in Discussion Forums Meichun Hsu Zhiyuan (Brett) Chen Malu

Identifying Intention Posts in Discussion Forums Meichun Hsu Zhiyuan (Brett) Chen Malu

Identifying Intention Posts in Discussion Forums Meichun Hsu Zhiyuan (Brett) Chen Malu Castellanos Bing Liu Riddhiman Ghosh What is Intention? Example Hello, I am going to buy a new high-end gaming laptop my budget is below than 1500$ ram

435 views • 32 slides
Trademark and Unfair Competition Law Slides 4: Acquired Distinctiveness LAWS 7341-001 Prof.

Trademark and Unfair Competition Law Slides 4: Acquired Distinctiveness LAWS 7341-001 Prof.

Trademark and Unfair Competition Law Slides 4: Acquired Distinctiveness LAWS 7341-001 Prof. Kristelia Garca Class Outline Descriptive Marks Secondary Meaning Informational slogans 2 For a mark to be deemed

194 views • 18 slides
About operator strategies and cooperation Jan Markendahl November 18, 2014 1 Cooperation:

About operator strategies and cooperation Jan Markendahl November 18, 2014 1 Cooperation:

About operator strategies and cooperation Jan Markendahl November 18, 2014 1 Cooperation: Market Actors and Relations Customer Customer Customer Company under study Supplier Supplier Supplier 2 1 Cooperation: Market Actors and

251 views • 22 slides
Page 1 Photodetectors Photodetector Performance Metrics (a) photodiode, (b) photogate Pixel

Page 1 Photodetectors Photodetector Performance Metrics (a) photodiode, (b) photogate Pixel

Organization lectures discussion of research papers student projects Imaging Sensors (1-2 student(s) per group) list of possible ideas presentation of ideas project proposal (2 pages) implementation presentation

371 views • 12 slides
Welcome to Engineering! Dr. Lee K. Rynearson, Assistant Professor Welcome! Welcome! You are one

Welcome to Engineering! Dr. Lee K. Rynearson, Assistant Professor Welcome! Welcome! You are one

Welcome to Engineering! Dr. Lee K. Rynearson, Assistant Professor Welcome! Welcome! You are one of ~100 students in our inaugural class this fall You have an opportunity to be part of history We will rely on you to help us design, create,

447 views • 33 slides
The next frontier: An open source RegTech stack Bhavesh Desai Head of UI @ Adaptive Who am I?

The next frontier: An open source RegTech stack Bhavesh Desai Head of UI @ Adaptive Who am I?

The next frontier: An open source RegTech stack Bhavesh Desai Head of UI @ Adaptive Who am I? My history Twenty years in the finance industry Started as a developer, then architect, then project manager Have worked at both vendors,

420 views • 28 slides
Thank you to our Sponsors Zeek Package Contest Winners First Prize EternalSafety Package - Lexi

Thank you to our Sponsors Zeek Package Contest Winners First Prize EternalSafety Package - Lexi

Thank you to our Sponsors Zeek Package Contest Winners First Prize EternalSafety Package - Lexi Brent Second Prize Intel-Limiter Package - Jan GrasHoefer Third Prize zeek-sniffpass Package - Andrew Klaus Fourth Prize Known-hosts-with-dns -

177 views • 7 slides
National Health Stack Open House Discussion #2 30th May 2020 iSPIRT Overview iSPIRT Foundation:

National Health Stack Open House Discussion #2 30th May 2020 iSPIRT Overview iSPIRT Foundation:

National Health Stack Open House Discussion #2 30th May 2020 iSPIRT Overview iSPIRT Foundation: a non-profit Tech Think-and-Do Tank Driving 30-year Orbit Shifts Think Tanks 30 yr Architects Universities Research Labs VCs

736 views • 45 slides

More recommend