extended static checking for java
play

Extended Static Checking for Java Lukas Erlacher TU Mnchen - - PowerPoint PPT Presentation

Feb 22, 2024 •322 likes •662 views

Motivation Example Architecture Discussion Extended Static Checking for Java Lukas Erlacher TU Mnchen - Seminar Verification 14. Juli 2011 Erlacher Extended Static Checking for Java Motivation Example Architecture Discussion Outline

  1. Motivation Example Architecture Discussion Extended Static Checking for Java Lukas Erlacher TU München - Seminar Verification 14. Juli 2011 Erlacher Extended Static Checking for Java

  2. Motivation Example Architecture Discussion Outline 1 Motivation Motivation for static checking 2 Example ESC/Java example 3 Architecture ESC/JAVA architecture VC generator Simplify 4 Discussion JML + ESC/Java annotation language JML What ESC/Java checks Erlacher Extended Static Checking for Java

  3. Motivation Example Motivation for static checking Architecture Discussion Motivation for static checking Why check a program’s behaviour? Erlacher Extended Static Checking for Java

  4. Motivation Example Motivation for static checking Architecture Discussion Motivation for static checking Why check a program’s behaviour? Errors / program does not do what we want Testing is incomplete and unsound Testing is expensive Erlacher Extended Static Checking for Java

  5. Motivation Example Motivation for static checking Architecture Discussion Motivation for static checking Why check a program’s behaviour? Errors / program does not do what we want Testing is incomplete and unsound Testing is expensive Why static checking? Erlacher Extended Static Checking for Java

  6. Motivation Example Motivation for static checking Architecture Discussion Motivation for static checking Why check a program’s behaviour? Errors / program does not do what we want Testing is incomplete and unsound Testing is expensive Why static checking? Does not require executing program Can cover all code paths Erlacher Extended Static Checking for Java

  7. Motivation Example Motivation for static checking Architecture Discussion Motivation for static checking Why check a program’s behaviour? Errors / program does not do what we want Testing is incomplete and unsound Testing is expensive Why static checking? Does not require executing program Can cover all code paths Why ESC/JAVA? Erlacher Extended Static Checking for Java

  8. Motivation Example Motivation for static checking Architecture Discussion Motivation for static checking Why check a program’s behaviour? Errors / program does not do what we want Testing is incomplete and unsound Testing is expensive Why static checking? Does not require executing program Can cover all code paths Why ESC/JAVA? First static checker for Java Architecture and working principle very clear and structured Is applicable in practice Annotation language allows to specify design that can also be checked Erlacher Extended Static Checking for Java

  9. Motivation Example Motivation for static checking Architecture Discussion What is static checking? Erlacher Extended Static Checking for Java

  10. Motivation Example Motivation for static checking Architecture Discussion What is static checking? No checking: Program execution breaks on segfault / null pointer dereference / array bounds violation. Erlacher Extended Static Checking for Java

  11. Motivation Example Motivation for static checking Architecture Discussion What is static checking? No checking: Program execution breaks on segfault / null pointer dereference / array bounds violation. Type checking: Compiler notices illegal code and violation of specification embedded in type information. Erlacher Extended Static Checking for Java

  12. Motivation Example Motivation for static checking Architecture Discussion What is static checking? No checking: Program execution breaks on segfault / null pointer dereference / array bounds violation. Type checking: Compiler notices illegal code and violation of specification embedded in type information. Primitive static checking: Flags easily-detected “suspicious” code such as use of uninitialized variables or unreachable code. Erlacher Extended Static Checking for Java

  13. Motivation Example Motivation for static checking Architecture Discussion What is static checking? No checking: Program execution breaks on segfault / null pointer dereference / array bounds violation. Type checking: Compiler notices illegal code and violation of specification embedded in type information. Primitive static checking: Flags easily-detected “suspicious” code such as use of uninitialized variables or unreachable code. Formal methods: Formally prove that program is correct. Erlacher Extended Static Checking for Java

  14. Motivation Example Motivation for static checking Architecture Discussion What is static checking? No checking: Program execution breaks on segfault / null pointer dereference / array bounds violation. Type checking: Compiler notices illegal code and violation of specification embedded in type information. Primitive static checking: Flags easily-detected “suspicious” code such as use of uninitialized variables or unreachable code. Formal methods: Formally prove that program is correct. Extended static checking uses annotations and generic formal methods to show whether a program behaves within the constraints of its specification. Erlacher Extended Static Checking for Java

  15. Motivation Example Motivation for static checking Architecture Discussion Comparison of checking methods coverage program verification extended static checking decidability ceiling type checking effort Erlacher Extended Static Checking for Java

  16. Motivation Example Motivation for static checking Architecture Discussion ESC/JAVA history Developed at Compaq Systems Research by Flanagan, Leino, Lillibridge, Nelson, Saxe, and Stata Descended from ESC/Modula-3 Developed as practical tool to check programs for semantic errors, specification violations, and synchronization errors in concurrent programs Exploits the space between fast, but primitive syntactic checkers like lint and comprehensive, but costly formal program verification Erlacher Extended Static Checking for Java

  17. Motivation Example ESC/Java example Architecture Discussion ESC/Java example public class Bag { 1 int [] elements; 2 int size; 3 4 Bag( int [] input) { 5 size = input.length; 6 elements = new int [size]; 7 System.arraycopy(input, 0 , elements, 0 , size); 8 } 9 10 .. 11 } 12 Erlacher Extended Static Checking for Java

  18. Motivation Example ESC/Java example Architecture Discussion ESC/Java example public class Bag { 1 int [] elements; 2 int size; 3 4 Bag( int [] input) { 5 size = input.length; 6 elements = new int [size]; 7 System.arraycopy(input, 0 , elements, 0 , size); 8 } 9 10 .. 11 } 12 Bag.java:6: Warning: Possible null dereference (Null) size = input.length; ^ Erlacher Extended Static Checking for Java

  19. Motivation Example ESC/Java example Architecture Discussion ESC/Java example public class Bag { 1 /*@non_null*/ int [] elements; 2 int size; 3 4 Bag(/*@non_null*/ int [] input) { 5 size = input.length; 6 elements = new int [size]; 7 System.arraycopy(input, 0 , elements, 0 , size); 8 } 9 10 .. 11 } 12 Bag.java:6: Warning: Possible null dereference (Null) size = input.length; ^ Erlacher Extended Static Checking for Java

  20. Motivation Example ESC/Java example Architecture Discussion ESC/Java example public class Bag { 1 /*@non_null*/ int [] elements; 2 int size; 3 4 Bag(/*@non_null*/ int [] input) { 5 size = input.length; 6 elements = new int [size]; 7 System.arraycopy(input, 0 , elements, 0 , size); 8 } 9 10 .. 11 } 12 Erlacher Extended Static Checking for Java

  21. Motivation Example ESC/Java example Architecture Discussion ESC/Java example public class Bag { 1 int [] elements; int size; 2 .. 3 int extractMin () { 4 int m = Integer.MAX_VALUE; 5 int mindex = 0 ; 6 for ( int i = 0 ; i < size; i++) { 7 if (elements[i] < m) { 8 mindex = i; 9 m = elements[i]; 10 } 11 } 12 size--; 13 elements[mindex] = elements[size]; 14 return m; 15 } 16 } 17 Erlacher Extended Static Checking for Java

  22. Motivation Example ESC/Java example Architecture Discussion ESC/Java example public class Bag { 1 int [] elements; int size; 2 .. 3 int extractMin () { 4 int m = Integer.MAX_VALUE; 5 int mindex = 0 ; 6 for ( int i = 0 ; i < size; i++) { 7 if (elements[i] < m) { 8 mindex = i; 9 m = elements[i]; 10 } 11 } 12 size--; 13 elements[mindex] = elements[size]; 14 return m; 15 } 16 } 17 Bag1.java:8: Warning: Array index possibly too large (IndexTooBig) if (elements[i] < m) { ^ Erlacher Extended Static Checking for Java

  23. Motivation Example ESC/Java example Architecture Discussion ESC/Java example /*@invariant size >= 0 && size <= elements.length; */ public class Bag { 1 int [] elements; int size; 2 .. 3 int extractMin () { 4 int m = Integer.MAX_VALUE; 5 int mindex = 0 ; 6 for ( int i = 0 ; i < size; i++) { 7 if (elements[i] < m) { 8 mindex = i; 9 m = elements[i]; 10 } 11 } 12 size--; 13 elements[mindex] = elements[size]; 14 return m; 15 } 16 } 17 Erlacher Extended Static Checking for Java

  24. Motivation Example ESC/Java example Architecture Discussion Recap: Examples non_null: Forces assigners to always assign a valid instance - allows users to assume that instance is always valid invariant: introduces the invariant as precondition and post-condition to every method call precondition: forces caller to establish precondition before calling postcondition: forces method to establish post-condition before returning Erlacher Extended Static Checking for Java

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

ESC/Java extended static checking for Java Erik Poll, Joe Kiniry, David Cok University of

ESC/Java extended static checking for Java Erik Poll, Joe Kiniry, David Cok University of

ESC/Java extended static checking for Java Erik Poll, Joe Kiniry, David Cok University of Nijmegen; Eastman Kodak Company Erik Poll - JML p.1/17 ESC/Java Extended static checker by Rustan Leino et.al. [Compaq]. tries to prove

334 views • 22 slides
Extended Static Checking Extended Static Checking Greg Nelson MJ 6 James B. Saxe MJ 6

Extended Static Checking Extended Static Checking Greg Nelson MJ 6 James B. Saxe MJ 6

Authors Authors Author Defn. Num.* K. Rustan M. Leino MJS 13 Extended Static Checking Extended Static Checking Greg Nelson MJ 6 James B. Saxe MJ 6 Wolfram Schulte S 3 David Detlefs M 2 Raymie Stata J 2 Mike Barnett S 2

239 views • 5 slides
Extended Static Checking with ESC/Java2 1. Overview Wolfgang Schreiner

Extended Static Checking with ESC/Java2 1. Overview Wolfgang Schreiner

Extended Static Checking with ESC/Java2 1. Overview Wolfgang Schreiner Wolfgang.Schreiner@risc.uni-linz.ac.at 2. Examples Research Institute for Symbolic Computation (RISC) Johannes Kepler University, Linz, Austria

653 views • 12 slides
ESC/Java Approach Wishnu Prasetya wishnu@cs.uu.nl www.cs.uu.nl/docs/vakken/pv ESC/Java

ESC/Java Approach Wishnu Prasetya wishnu@cs.uu.nl www.cs.uu.nl/docs/vakken/pv ESC/Java

ESC/Java Approach Wishnu Prasetya wishnu@cs.uu.nl www.cs.uu.nl/docs/vakken/pv ESC/Java Extended Static Checker for Java an implementation of Hoare Logic. Semi-automatic theorem prover back-end. It is not intended to verify

331 views • 32 slides
The Mobius Program Verification Environment Recent Advances in Extended Static Checking Joe

The Mobius Program Verification Environment Recent Advances in Extended Static Checking Joe

The Mobius Program Verification Environment Recent Advances in Extended Static Checking Joe Kiniry, University College Dublin Joe Kiniry, University College Dublin http://mobius.inria.fr/ http://mobius.inria.fr/ Contract n IST 015905

534 views • 21 slides
Introduction Goal: Use programmers design decisions with automatic checking todetect potential

Introduction Goal: Use programmers design decisions with automatic checking todetect potential

0.5 setgray0 0.5 setgray1 Introduction Goal: Use programmers design decisions with automatic checking todetect potential errors. Extended Static Checking (ESC) tries to prove correctness at compile-time helps finding run-time exceptions

302 views • 11 slides
Model Checking Java Programs (Java PathFinder) Slides partially compiled from the NASA

Model Checking Java Programs (Java PathFinder) Slides partially compiled from the NASA

Model Checking Java Programs (Java PathFinder) Slides partially compiled from the NASA JavaPathFinder project and E. Clarkes course material Java PathFinder JPF is an explicit state software model checker for Java bytecode JPF is a Java

888 views • 35 slides
Static code checking In the Linux kernel Presented by Arnd Bergmann Date April 6, 2016 Event

Static code checking In the Linux kernel Presented by Arnd Bergmann Date April 6, 2016 Event

Static code checking In the Linux kernel Presented by Arnd Bergmann Date April 6, 2016 Event Embedded Linux Conference Static code checking in the Linux kernel 1. Overview 2. Randconfig issues 3. Checking tools 4. Automated checking

586 views • 48 slides
Server (TCP) import java.io.*; import java.net.*; public class SimpleServer { public static

Server (TCP) import java.io.*; import java.net.*; public class SimpleServer { public static

Server (TCP) import java.io.*; import java.net.*; public class SimpleServer { public static final int PORT = 8080; public static void main(String[] args) throws IOException { ServerSocket s = new ServerSocket(PORT);

300 views • 10 slides
Ja Java vs Pyt ython interactivepython.org/runestone/static/java4python/index.html Why should

Ja Java vs Pyt ython interactivepython.org/runestone/static/java4python/index.html Why should

Ja Java vs Pyt ython interactivepython.org/runestone/static/java4python/index.html Why should you know something about Ja Java? Java is an example of a statically typed object oriented language (like C and C++) opposed to Pythons being

889 views • 23 slides
Checking Extended CTL Properties Using Guarded Quotient Structure Xiaodong Wang advised by:

Checking Extended CTL Properties Using Guarded Quotient Structure Xiaodong Wang advised by:

Checking Extended CTL Properties Using Guarded Quotient Structure Xiaodong Wang advised by: Professor Sistla Outline Part I: Symmetry based method Part II: CCTL logic Part III: Input language Part IV: Model checking algorithm

630 views • 60 slides
Static verification framework for Go Overview 2 Model checking Behavioural mCRL2 model checker

Static verification framework for Go Overview 2 Model checking Behavioural mCRL2 model checker

Concurrency in Go Behavioural type inference Model checking behavioural types Termination checking Summary Static verification framework for Go Overview 2 Model checking Behavioural mCRL2 model checker Types Transform Check safety and

681 views • 67 slides
Java Applications FYI FYI for now for now Java Applications Always include a class

Java Applications FYI FYI for now for now Java Applications Always include a class

Java Applications FYI FYI for now for now Java Applications Always include a class with a main method e.g., public static void main(String args[]){ } Huh? public can be invoked from another package static same for all

206 views • 16 slides
Type Checking General properties of type systems Types in programming languages

Type Checking General properties of type systems Types in programming languages

Outline Type Checking General properties of type systems Types in programming languages Notation for type rules Logical rules of inference Common type rules 2 Static Checking Static Checking (Cont.) Refers to

896 views • 10 slides
Software Model Checking Software Model Checking via Static and Dynamic via Static and Dynamic

Software Model Checking Software Model Checking via Static and Dynamic via Static and Dynamic

Software Model Checking Software Model Checking via Static and Dynamic via Static and Dynamic Program Analysis Program Analysis Patrice Godefroid Godefroid Patrice Bell Laboratories, Lucent Technologies Bell Laboratories, Lucent

1.05k views • 56 slides
Methods http://xkcd.com/221/ Not actually a valid Java static method Fundamentals of Computer

Methods http://xkcd.com/221/ Not actually a valid Java static method Fundamentals of Computer

Methods http://xkcd.com/221/ Not actually a valid Java static method Fundamentals of Computer Science Outline Methods Static Methods Helper functions Perform calculations Output data Consolidate similar code to one

631 views • 28 slides
What CLIR researchers assume User is User needs Machine happy (or information. searches.

What CLIR researchers assume User is User needs Machine happy (or information. searches.

iCLEF 2009 overview tags : image_search, multilinguality, interactivity, log_analysis, web2.0 J U LI O G O N ZA LO V CTO R P E I N A D O J U LI O G O N ZA LO , V CTO R P E I N A D O , P A U L CLO U G H &amp; J U S S I K A R LG R E N

683 views • 41 slides
Cordery Deputy Director of Director of Policy &amp; Chair - Skills for Care Policy, NHS England

Cordery Deputy Director of Director of Policy &amp; Chair - Skills for Care Policy, NHS England

What Does Full Integration Look Like? Chaired by David Brindle Dame Moira Saffron Phil Gibb DBE McCarvill Cordery Deputy Director of Director of Policy &amp; Chair - Skills for Care Policy, NHS England strategy, NHS England What Does

434 views • 9 slides
Workshop `Pauli2016 University of Oxford 12-15 April 2016 Welcome! Reduced Density Matrices

Workshop `Pauli2016 University of Oxford 12-15 April 2016 Welcome! Reduced Density Matrices

Workshop `Pauli2016 University of Oxford 12-15 April 2016 Welcome! Reduced Density Matrices in Quantum Physics and Role of Fermionic Exchange Symmetry Motivation? fermionic ground states: energy minimization antisymmetry concept of

638 views • 9 slides
Directories &amp; Continuation This Week: How to program with directories more Reading:

Directories &amp; Continuation This Week: How to program with directories more Reading:

Overview Last Week: Efficiency read/write The File File pointer Unix System Programming File control/access Permissions, Meta Data, Ownership, umask, holes Directories &amp; Continuation This Week: How to program with

518 views • 9 slides
Wheeled Mobile Robots 1 Mechanics of Mobile Robots companion slides for the blackboard lecture

Wheeled Mobile Robots 1 Mechanics of Mobile Robots companion slides for the blackboard lecture

Autonomous and Mobile Robotics Prof. Giuseppe Oriolo Wheeled Mobile Robots 1 Mechanics of Mobile Robots companion slides for the blackboard lecture wheels three basic types orientable fixed caster (steerable) Oriolo: Autonomous and Mobile

361 views • 9 slides
Performance characteristics of a small animal PET camera for molecular imaging Hastings DL 1 ,

Performance characteristics of a small animal PET camera for molecular imaging Hastings DL 1 ,

Performance characteristics of a small animal PET camera for molecular imaging Hastings DL 1 , Reader AJ 2 , Julyan PJ 1 , Zweit J 2,3 Jeavons AP 4 , Jones T 5 1 North Western Medical Physics, Christie Hospital, Manchester 2 Chemical Engineering

468 views • 23 slides
Natural Language Processing The Speech Signal Dan Klein UC Berkeley Speech in a Slide Frequency

Natural Language Processing The Speech Signal Dan Klein UC Berkeley Speech in a Slide Frequency

Natural Language Processing The Speech Signal Dan Klein UC Berkeley Speech in a Slide Frequency gives pitch; amplitude gives volume s p ee ch l a b amplitude Frequencies at each time slice

437 views • 41 slides
Intro to FreeSurfer Jargon Intro to FreeSurfer Jargon voxel surface volume vertex

Intro to FreeSurfer Jargon Intro to FreeSurfer Jargon voxel surface volume vertex

Intro to FreeSurfer Jargon Intro to FreeSurfer Jargon voxel surface volume vertex surface-based recon cortical, subcortical parcellation/segmentation registration, morph, deform, transforms (computing vs. resampling) Intro to FreeSurfer

614 views • 25 slides

More recommend