soundness and completeness warnings in esc java2
play

Soundness and Completeness Warnings in ESC/Java2 Joe Kiniry, Alan - PowerPoint PPT Presentation

Dec 18, 2022 •282 likes •628 views

Soundness and Completeness Warnings in ESC/Java2 Joe Kiniry, Alan Morkan, and Barry Denby presented by David Cok Systems Research Group School of Computer Science and Informatics University College Dublin ESC/Java2 by design, neither sound

  1. Soundness and Completeness Warnings in ESC/Java2 Joe Kiniry, Alan Morkan, and Barry Denby presented by David Cok Systems Research Group School of Computer Science and Informatics University College Dublin

  2. ESC/Java2 by design, neither sound nor complete popularity of similar tools growing as (lightweight) static analysis tools become more widely used (e.g, Eclipse & FindBugs) developer comprehension and confidence are paramount ( program safety via programmer safety) complaints from “soundationalists” drives a desire for “tool honesty” and disclosure Systems Research Group School of Computer Science and Informatics 2 University College Dublin

  3. Checking Limitations a fast, automatic tool must “cheat” many scientific and engineering trade-offs several sources of soundness and completeness problems Java and JML semantic incompleteness unsound verification methodology limitations of dependent tools (provers) problems with user specifications Systems Research Group School of Computer Science and Informatics 3 University College Dublin

  4. Requirements on New Warning Subsystem contextually warn the user (in detail) about potential soundness and incompleteness e.g., must take into account the program code, annotations, execution path in tool, and theorem prover in use provide “tunable” feedback so as to not overwhelm the user with warnings be itself sound and complete have no false positives or negatives Systems Research Group School of Computer Science and Informatics 4 University College Dublin

  5. Detection Methodology manually analyze and classify all soundness and completeness issues define a type- and annotation-aware AST pattern match for each issue each issue implemented as a single “smart” visitor pattern (separation of concerns) customized warning levels, messages, and criticality per issue Systems Research Group School of Computer Science and Informatics 5 University College Dublin

  6. Example Warnings public class CreditCard { //@ invariant balance <= maxCredit; public double balance = 0, maxCredit = 100000; public static int STANDARD = 1, SILVER = 2, GOLD = 4; private int accountType = 1; //@ ensures accountType == 4; public void goldCard() { accountType = 4; } //@ requires cost < (maxCredit - balance); //@ ensures \result == \old(balance + cost); public double purchase(double cost) { return balance + cost; } //@ ensures (accountType == GOLD ? 1 : 0); public /*@ pure @*/ boolean isGoldCard() { return accountType | GOLD; } } Systems Research Group School of Computer Science and Informatics University College Dublin

  7. Example Warnings public class CreditCard { //@ invariant balance <= maxCredit; public double balance = 0, maxCredit = 100000; public static int STANDARD = 1, SILVER = 2, GOLD = 4; private int accountType = 1; //@ ensures accountType == 4; public void goldCard() { accountType = 4; } //@ requires cost < (maxCredit - balance); //@ ensures \result == \old(balance + cost); public double purchase(double cost) { return balance + cost; } //@ ensures (accountType == GOLD ? 1 : 0); public /*@ pure @*/ boolean isGoldCard() { return accountType | GOLD; } } Systems Research Group School of Computer Science and Informatics University College Dublin

  8. Example Warnings Incompleteness Warning: Simplify cannot deal with large integer values. public class CreditCard { //@ invariant balance <= maxCredit; public double balance = 0, maxCredit = 100000; public static int STANDARD = 1, SILVER = 2, GOLD = 4; private int accountType = 1; //@ ensures accountType == 4; public void goldCard() { accountType = 4; } //@ requires cost < (maxCredit - balance); //@ ensures \result == \old(balance + cost); public double purchase(double cost) { return balance + cost; } //@ ensures (accountType == GOLD ? 1 : 0); public /*@ pure @*/ boolean isGoldCard() { return accountType | GOLD; } } Systems Research Group School of Computer Science and Informatics University College Dublin

  9. Example Warnings public class CreditCard { //@ invariant balance <= maxCredit; public double balance = 0, maxCredit = 100000; public static int STANDARD = 1, SILVER = 2, GOLD = 4; private int accountType = 1; //@ ensures accountType == 4; public void goldCard() { accountType = 4; } //@ requires cost < (maxCredit - balance); //@ ensures \result == \old(balance + cost); public double purchase(double cost) { return balance + cost; } //@ ensures (accountType == GOLD ? 1 : 0); public /*@ pure @*/ boolean isGoldCard() { return accountType | GOLD; } } Systems Research Group School of Computer Science and Informatics University College Dublin

  10. Example Warnings public class CreditCard { //@ invariant balance <= maxCredit; public double balance = 0, maxCredit = 100000; public static int STANDARD = 1, SILVER = 2, GOLD = 4; private int accountType = 1; //@ ensures accountType == 4; public void goldCard() { accountType = 4; } //@ requires cost < (maxCredit - balance); //@ ensures \result == \old(balance + cost); public double purchase(double cost) { return balance + cost; } //@ ensures (accountType == GOLD ? 1 : 0); public /*@ pure @*/ boolean isGoldCard() { return accountType | GOLD; } } Systems Research Group School of Computer Science and Informatics University College Dublin

  11. Example Warnings Soundness Warning: Exposed field may be used in other class invariants. public class CreditCard { //@ invariant balance <= maxCredit; public double balance = 0, maxCredit = 100000; public static int STANDARD = 1, SILVER = 2, GOLD = 4; private int accountType = 1; //@ ensures accountType == 4; public void goldCard() { accountType = 4; } //@ requires cost < (maxCredit - balance); //@ ensures \result == \old(balance + cost); public double purchase(double cost) { return balance + cost; } //@ ensures (accountType == GOLD ? 1 : 0); public /*@ pure @*/ boolean isGoldCard() { return accountType | GOLD; } } Systems Research Group School of Computer Science and Informatics University College Dublin

  12. Example Warnings public class CreditCard { //@ invariant balance <= maxCredit; public double balance = 0, maxCredit = 100000; public static int STANDARD = 1, SILVER = 2, GOLD = 4; private int accountType = 1; //@ ensures accountType == 4; public void goldCard() { accountType = 4; } //@ requires cost < (maxCredit - balance); //@ ensures \result == \old(balance + cost); public double purchase(double cost) { return balance + cost; } //@ ensures (accountType == GOLD ? 1 : 0); public /*@ pure @*/ boolean isGoldCard() { return accountType | GOLD; } } Systems Research Group School of Computer Science and Informatics University College Dublin

  13. Example Warnings public class CreditCard { //@ invariant balance <= maxCredit; public double balance = 0, maxCredit = 100000; public static int STANDARD = 1, SILVER = 2, GOLD = 4; private int accountType = 1; //@ ensures accountType == 4; public void goldCard() { accountType = 4; } //@ requires cost < (maxCredit - balance); //@ ensures \result == \old(balance + cost); public double purchase(double cost) { return balance + cost; } //@ ensures (accountType == GOLD ? 1 : 0); public /*@ pure @*/ boolean isGoldCard() { return accountType | GOLD; } } Systems Research Group School of Computer Science and Informatics University College Dublin

  14. Example Warnings Soundness Warning: Heuristics for class invariant analysis are not sound. public class CreditCard { //@ invariant balance <= maxCredit; public double balance = 0, maxCredit = 100000; public static int STANDARD = 1, SILVER = 2, GOLD = 4; private int accountType = 1; //@ ensures accountType == 4; public void goldCard() { accountType = 4; } //@ requires cost < (maxCredit - balance); //@ ensures \result == \old(balance + cost); public double purchase(double cost) { return balance + cost; } //@ ensures (accountType == GOLD ? 1 : 0); public /*@ pure @*/ boolean isGoldCard() { return accountType | GOLD; } } Systems Research Group School of Computer Science and Informatics University College Dublin

  15. Example Warnings public class CreditCard { //@ invariant balance <= maxCredit; public double balance = 0, maxCredit = 100000; public static int STANDARD = 1, SILVER = 2, GOLD = 4; private int accountType = 1; //@ ensures accountType == 4; public void goldCard() { accountType = 4; } //@ requires cost < (maxCredit - balance); //@ ensures \result == \old(balance + cost); public double purchase(double cost) { return balance + cost; } //@ ensures (accountType == GOLD ? 1 : 0); public /*@ pure @*/ boolean isGoldCard() { return accountType | GOLD; } } Systems Research Group School of Computer Science and Informatics University College Dublin

  16. Example Warnings public class CreditCard { //@ invariant balance <= maxCredit; public double balance = 0, maxCredit = 100000; public static int STANDARD = 1, SILVER = 2, GOLD = 4; private int accountType = 1; //@ ensures accountType == 4; public void goldCard() { accountType = 4; } //@ requires cost < (maxCredit - balance); //@ ensures \result == \old(balance + cost); public double purchase(double cost) { return balance + cost; } //@ ensures (accountType == GOLD ? 1 : 0); public /*@ pure @*/ boolean isGoldCard() { return accountType | GOLD; } } Systems Research Group School of Computer Science and Informatics University College Dublin

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

ESC/Java2 Warnings David Cok, Joe Kiniry, and Erik Poll Eastman Kodak Company, University College

ESC/Java2 Warnings David Cok, Joe Kiniry, and Erik Poll Eastman Kodak Company, University College

ESC/Java2 Warnings David Cok, Joe Kiniry, and Erik Poll Eastman Kodak Company, University College Dublin, and Radboud University Nijmegen David Cok, Joe Kiniry &amp; Erik Poll - ESC/Java2 &amp; JML Tutorial p.1/ ?? Types of ESC/Java2

1.15k views • 36 slides
The Modal Logic K Contents 1 Soundness and Completeness; Decidability 1 1.1 Soundness . . . .

The Modal Logic K Contents 1 Soundness and Completeness; Decidability 1 1.1 Soundness . . . .

The Modal Logic K Contents 1 Soundness and Completeness; Decidability 1 1.1 Soundness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.2 Completeness: Proof idea . . . . . . . . . . . . . . . . . . . . . . 2 2

361 views • 3 slides
INF3170 / INF4171 Soundness and completeness of sequent calculus Andreas Nakkerud September 14,

INF3170 / INF4171 Soundness and completeness of sequent calculus Andreas Nakkerud September 14,

Syntax of propositional logic Semantics of propositional logic Sequent calculus Soundness Completeness Model existence theorem INF3170 / INF4171 Soundness and completeness of sequent calculus Andreas Nakkerud September 14, 2016 Syntax of

1.13k views • 71 slides
Predicate Logic: Soundness and Completeness of Formal Deduction Alice Gao Lecture 17 CS 245

Predicate Logic: Soundness and Completeness of Formal Deduction Alice Gao Lecture 17 CS 245

Predicate Logic: Soundness and Completeness of Formal Deduction Alice Gao Lecture 17 CS 245 Logic and Computation Fall 2019 1 / 9 Outline The Learning Goals The Soundness of Formal Deduction Revisiting the Learning Goals CS 245 Logic and

243 views • 9 slides
Computational Properties of Resolution and First-Order Logic Soundness and Completeness:

Computational Properties of Resolution and First-Order Logic Soundness and Completeness:

Computational Properties of Resolution and First-Order Logic Soundness and Completeness: Definition: The symbol denotes the inference mechanism of first-order resolution (without paramodulation). Theorem: First-order

549 views • 16 slides
Soundness and Completeness of Infinitary Term Graph Rewriting Patrick Bahr paba@diku.dk

Soundness and Completeness of Infinitary Term Graph Rewriting Patrick Bahr paba@diku.dk

Soundness and Completeness of Infinitary Term Graph Rewriting Patrick Bahr paba@diku.dk University of Copenhagen Department of Computer Science 17th Informal Workshop on Term Rewriting, Aachen, March 28, 2012 From Terms to Term Graphs f f

426 views • 19 slides
Soundness and Completeness of Intuitionistic Dialogues Second Bachelor Seminar Talk Dominik Wehr

Soundness and Completeness of Intuitionistic Dialogues Second Bachelor Seminar Talk Dominik Wehr

Soundness and Completeness of Intuitionistic Dialogues Second Bachelor Seminar Talk Dominik Wehr Advisors: Dominik Kirst, Yannick Forster https://www.ps.uni-saarland.de/~wehr/bachelor.php Saarland University 20th March 2019 Model semantics

419 views • 22 slides
The ESC/Java2 Calculi and Object Logics Implications on Specification and Verification Joseph

The ESC/Java2 Calculi and Object Logics Implications on Specification and Verification Joseph

The ESC/Java2 Calculi and Object Logics Implications on Specification and Verification Joseph Kiniry Department of Computer Science University College Dublin ESC/Java2 ESC/Java2 is an extended static checker based upon DEC/Compaq SRC

278 views • 27 slides
ON THE COST OF TYPE-TAG SOUNDNESS Ben Greenman Zeina Migeed ON THE COST OF TYPE-TAG SOUNDNESS

ON THE COST OF TYPE-TAG SOUNDNESS Ben Greenman Zeina Migeed ON THE COST OF TYPE-TAG SOUNDNESS

ON THE COST OF TYPE-TAG SOUNDNESS Ben Greenman Zeina Migeed ON THE COST OF TYPE-TAG SOUNDNESS 1. Tag soundness 2. Performance cost of soundness 3. Evaluation method 4. Conclusions TYPE-TAG SOUNDNESS Type Soundness e : If

1.28k views • 64 slides
ESC/Java2 vs. JMLForge Juan Pablo Galeotti, Alessandra Gorla,

ESC/Java2 vs. JMLForge Juan Pablo Galeotti, Alessandra Gorla,

ESC/Java2 vs. JMLForge Juan Pablo Galeotti, Alessandra Gorla, Andreas Rau Saarland University, Germany ESC/Java2: the formula is built using Dijsktras

439 views • 43 slides
Computation and Deduction Lecture 19: Cut Elimination Tuesday March 18, 1997 1. Soundness of

Computation and Deduction Lecture 19: Cut Elimination Tuesday March 18, 1997 1. Soundness of

Computation and Deduction Lecture 19: Cut Elimination Tuesday March 18, 1997 1. Soundness of Sequent Calculus 2. Completeness of Sequent Calculus 3. Cut Elimination 19.1 Soundness of Sequent Calculus I ssdc : conc A -&gt; nd A -&gt; type.

583 views • 9 slides
1

1

{HEADSHOT}* * The*field*of*so3ware*analysis*is*highly*diverse:*there*are*many*approaches*with*different*strengths*and* limitaBons*in*aspects*such*as*soundness,*completeness,*applicability,*and*scalability.* * In* this* lesson,* we* will*

699 views • 47 slides
ESC/Java2 Use and Features David Cok, Joe Kiniry, Erik Poll Eastman Kodak Company, University

ESC/Java2 Use and Features David Cok, Joe Kiniry, Erik Poll Eastman Kodak Company, University

ESC/Java2 Use and Features David Cok, Joe Kiniry, Erik Poll Eastman Kodak Company, University College Dublin, and Radboud University Nijmegen David Cok, Joe Kiniry &amp; Erik Poll - ESC/Java2 &amp; JML Tutorial p.1/ ?? The ESC/Java2 tool

923 views • 24 slides
ESC/Java2 Use and Features David Cok, Joe Kiniry, Erik Poll Eastman Kodak Company, University

ESC/Java2 Use and Features David Cok, Joe Kiniry, Erik Poll Eastman Kodak Company, University

ESC/Java2 Use and Features David Cok, Joe Kiniry, Erik Poll Eastman Kodak Company, University College Dublin, and Radboud University Nijmegen David Cok, Joe Kiniry &amp; Erik Poll - ESC/Java2 &amp; JML Tutorial p.1/ ?? The ESC/Java2 tool

489 views • 19 slides
On 1 -soundness and Soundness of Workflow Nets Lu Ping, Hu Hao and L Jian Department of

On 1 -soundness and Soundness of Workflow Nets Lu Ping, Hu Hao and L Jian Department of

On 1 -soundness and Soundness of Workflow Nets Lu Ping, Hu Hao and L Jian Department of Computer Science Nanjing University luping@ics.nju.edu.cn, myou@ics.nju.edu.cn Contents Introduction to Workflow Nets Basic Properties of Workflow

558 views • 27 slides
Program Verification using JML and ESC/Java2 Erik Poll Radboud University Nijmegen p.1/36

Program Verification using JML and ESC/Java2 Erik Poll Radboud University Nijmegen p.1/36

Program Verification using JML and ESC/Java2 Erik Poll Radboud University Nijmegen p.1/36 Outline of this tutorial formal specifcation language JML program verification using ESC/Java2 p.2/36 The Java Modeling Language JML

471 views • 36 slides
Pay As You Throw (PAYT) Lakes Region Solid Waste Roundtable June 14, 2018 PAYT - Overview

Pay As You Throw (PAYT) Lakes Region Solid Waste Roundtable June 14, 2018 PAYT - Overview

Pay As You Throw (PAYT) Lakes Region Solid Waste Roundtable June 14, 2018 PAYT - Overview Flat Rate Waste Disposal What is PAYT? Design Variations What are the pros? What are the cons? Examples/Case Studies Implementation

292 views • 18 slides
Enhancements Discussion Keith Johnson Infrastructure &amp; Regulatory Policy Manager Market

Enhancements Discussion Keith Johnson Infrastructure &amp; Regulatory Policy Manager Market

Reliability Must-Run and Capacity Procurement Mechanism Enhancements Discussion Keith Johnson Infrastructure &amp; Regulatory Policy Manager Market Surveillance Committee Meeting General Session January 25, 2019 ISO PUBLIC ISO PUBLIC ISO

681 views • 16 slides
Getting the Word Out: Marketing Your Product to the People Who Need It November 2011 I am what

Getting the Word Out: Marketing Your Product to the People Who Need It November 2011 I am what

Getting the Word Out: Marketing Your Product to the People Who Need It November 2011 I am what happens when its time to tell people about your products. Before you start Begin your marketing planning and process by understanding and

578 views • 19 slides
The Role of Microeconomics in Heterodox Economics Professor Frederic S. Lee University of

The Role of Microeconomics in Heterodox Economics Professor Frederic S. Lee University of

The Role of Microeconomics in Heterodox Economics Professor Frederic S. Lee University of MissouriKanas City Introduction Micro-foundations of Macroeconomics Debate The debate revolves around three arguments: 1. microeconomics is

783 views • 27 slides
CHS Dual Credit Meeting March 2 1 , 2 0 1 9 Canyon High Chris Fant, dual credit counselor

CHS Dual Credit Meeting March 2 1 , 2 0 1 9 Canyon High Chris Fant, dual credit counselor

CHS Dual Credit Meeting March 2 1 , 2 0 1 9 Canyon High Chris Fant, dual credit counselor W est Texas A&amp;M PUP Program Lindy Pasley, Admissions Counselor Am arillo College Jason Norman, Director of P-16 Career Pathways

570 views • 25 slides
Go Green with OZZI and CBORD Presented By: Sue Chaffee, CBORD Tom Wright, OZZI Whos On The

Go Green with OZZI and CBORD Presented By: Sue Chaffee, CBORD Tom Wright, OZZI Whos On The

Go Green with OZZI and CBORD Presented By: Sue Chaffee, CBORD Tom Wright, OZZI Whos On The Line? Tom Wright Sheri Pape Sue Chaffee OZZI CBORD CBORD Associate Director Higher Education Director of Product Business Services Marketing

568 views • 18 slides
Gold Fields West Africa ALFRED BAKU Executive Vice President and Head of Region May 2019

Gold Fields West Africa ALFRED BAKU Executive Vice President and Head of Region May 2019

d all Asanko e picture and send to back Gold Fields West Africa ALFRED BAKU Executive Vice President and Head of Region May 2019 Forward Looking Statements Certain statements in this document constitute forward looking statements

415 views • 13 slides
Okvau Gold Project, Cambodia ASX:EMR ASX:EMR Emerald to Become +100,000ozpa Gold Producer

Okvau Gold Project, Cambodia ASX:EMR ASX:EMR Emerald to Become +100,000ozpa Gold Producer

Okvau Gold Project, Cambodia ASX:EMR ASX:EMR Emerald to Become +100,000ozpa Gold Producer Capital Raising Presentation January 2020 Not for Release to US wire services or distribution in the United States Presentation Disclaimer Forward

421 views • 38 slides

More recommend