esc java
play

ESC/Java extended static checking for Java Erik Poll, Joe Kiniry, - PowerPoint PPT Presentation

Oct 12, 2023 •109 likes •334 views

ESC/Java extended static checking for Java Erik Poll, Joe Kiniry, David Cok University of Nijmegen; Eastman Kodak Company Erik Poll - JML p.1/17 ESC/Java Extended static checker by Rustan Leino et.al. [Compaq]. tries to prove

  1. ESC/Java extended static checking for Java Erik Poll, Joe Kiniry, David Cok University of Nijmegen; Eastman Kodak Company Erik Poll - JML – p.1/17

  2. ESC/Java Extended static checker by Rustan Leino et.al. [Compaq]. • tries to prove correctness of specifications, at compile-time, fully automatically Erik Poll - JML – p.2/17

  3. ESC/Java Extended static checker by Rustan Leino et.al. [Compaq]. • tries to prove correctness of specifications, at compile-time, fully automatically • not sound , not complete , but finds lots of potential bugs quickly Erik Poll - JML – p.2/17

  4. ESC/Java Extended static checker by Rustan Leino et.al. [Compaq]. • tries to prove correctness of specifications, at compile-time, fully automatically • not sound , not complete , but finds lots of potential bugs quickly • good at proving absence of runtime exceptions (eg Null-, ArrayIndexOutOfBounds-, ClassCast-) and verifying relatively simple properties. Erik Poll - JML – p.2/17

  5. ESC/Java Extended static checker by Rustan Leino et.al. [Compaq]. • tries to prove correctness of specifications, at compile-time, fully automatically • not sound , not complete , but finds lots of potential bugs quickly • good at proving absence of runtime exceptions (eg Null-, ArrayIndexOutOfBounds-, ClassCast-) and verifying relatively simple properties. • ESC/Java only supported a subset of full JML, but ESC/Java2 by Joe Kiniry [KUN] & David Cok [Kodak] remedies this. Erik Poll - JML – p.2/17

  6. static checking vs runtime checking Important differences: • ESC/Java checks specs at compile-time, jmlc checks specs at run-time • ESC/Java proves correctness of specs, jml only tests correctness of specs. Hence • ESC/Java independent of any test suite, results of runtime testing only as good as the test suite, • ESC/Java provided higher degree of confidence. Erik Poll - JML – p.3/17

  7. ESC/Java “demo” class Bag { int[] a; int n; int extractMin() { int m = Integer.MAX_VALUE; int mindex = 0; for (int i = 1; i <= n; i++) { if (a[i] < m) { mindex =i; m = a[i]; } } n--; a[mindex] = a[n]; return m; } Erik Poll - JML – p.4/17

  8. ESC/Java “demo” class Bag { int[] a; int n; int extractMin() { int m = Integer.MAX_VALUE; int mindex = 0; for (int i = 1; i <= n; i++) { if (a[i] < m) { mindex =i; m = a[i]; } } n--; a[mindex] = a[n]; return m; } Warning: possible null deference. Plus other warnings Erik Poll - JML – p.5/17

  9. ESC/Java “demo” class Bag { int[] a; //@ invariant a != null; int n; int extractMin() { int m = Integer.MAX_VALUE; int mindex = 0; for (int i = 1; i <= n; i++) { if (a[i] < m) { mindex =i; m = a[i]; } } n--; a[mindex] = a[n]; return m; } Erik Poll - JML – p.6/17

  10. ESC/Java “demo” class Bag { int[] a; //@ invariant a != null; int n; int extractMin() { int m = Integer.MAX_VALUE; int mindex = 0; for (int i = 1; i <= n; i++) { if (a[i] < m) { mindex =i; m = a[i]; } } n--; a[mindex] = a[n]; return m; } Warning: Array index possibly too large Erik Poll - JML – p.7/17

  11. ESC/Java “demo” class Bag { int[] a; //@ invariant a != null; int n; //@ invariant 0 <= n && n <= a.length; int extractMin() { int m = Integer.MAX_VALUE; int mindex = 0; for (int i = 1; i <= n; i++) { if (a[i] < m) { mindex =i; m = a[i]; } } n--; a[mindex] = a[n]; return m; } Erik Poll - JML – p.8/17

  12. ESC/Java “demo” class Bag { int[] a; //@ invariant a != null; int n; //@ invariant 0 <= n && n <= a.length; int extractMin() { int m = Integer.MAX_VALUE; int mindex = 0; for (int i = 1; i <= n; i++) { if (a[i] < m) { mindex =i; m = a[i]; } } n--; a[mindex] = a[n]; return m; } Warning: Array index possibly too large Erik Poll - JML – p.9/17

  13. ESC/Java “demo” class Bag { int[] a; //@ invariant a != null; int n; //@ invariant 0 <= n && n <= a.length; int extractMin() { int m = Integer.MAX_VALUE; int mindex = 0; for (int i = 0; i < n; i++) { if (a[i] < m) { mindex =i; m = a[i]; } } n--; a[mindex] = a[n]; return m; } Erik Poll - JML – p.10/17

  14. ESC/Java “demo” class Bag { int[] a; //@ invariant a != null; int n; //@ invariant 0 <= n && n <= a.length; int extractMin() { int m = Integer.MAX_VALUE; int mindex = 0; for (int i = 0; i < n; i++) { if (a[i] < m) { mindex =i; m = a[i]; } } n--; a[mindex] = a[n]; return m; } Warning: Possible negative array index Erik Poll - JML – p.11/17

  15. ESC/Java “demo” class Bag { int[] a; //@ invariant a != null; int n; //@ invariant 0 <= n && n <= a.length; //@ requires n > 0; int extractMin() { int m = Integer.MAX_VALUE; int mindex = 0; for (int i = 0; i < n; i++) { if (a[i] < m) { mindex =i; m = a[i]; } } n--; a[mindex] = a[n]; return m; } Erik Poll - JML – p.12/17

  16. ESC/Java “demo” class Bag { int[] a; //@ invariant a != null; int n; //@ invariant 0 <= n && n <= a.length; //@ requires n > 0; int extractMin() { int m = Integer.MAX_VALUE; int mindex = 0; for (int i = 0; i < n; i++) { if (a[i] < m) { mindex =i; m = a[i]; } } n--; a[mindex] = a[n]; return m; } No more warnings about this code Erik Poll - JML – p.13/17

  17. ESC/Java “demo” class Bag { int[] a; //@ invariant a != null; int n; //@ invariant 0 <= n && n <= a.length; //@ requires n > 0; int extractMin() { int m = Integer.MAX_VALUE; int mindex = 0; for (int i = 0; i < n; i++) { if (a[i] < m) { mindex =i; m = a[i]; } } n--; a[mindex] = a[n]; return m; } . . . but warnings about calls to extractMin() that do not ensure precondition Erik Poll - JML – p.14/17

  18. Some points to note • ESC/Java forces one to specify some properties. Erik Poll - JML – p.15/17

  19. Some points to note • ESC/Java forces one to specify some properties. • If you understand the code, then these properties are obvious. But for larger programs this may not be the case! Erik Poll - JML – p.15/17

  20. Some points to note • ESC/Java forces one to specify some properties. • If you understand the code, then these properties are obvious. But for larger programs this may not be the case! • If you have these properties documented, then understanding the code is easier. Erik Poll - JML – p.15/17

  21. ESC/Java vs runtime checking (cont.) • For runtime assertion checking, we could choose what we specify, e.g. all, one, or none of the properties we have written for Bag . • But for ESC/Java to accept a spec, we are forced to specify all properties (e.g. invariants, preconditions) that this spec relies on. Erik Poll - JML – p.16/17

  22. Limitations of ESC/Java Like most tools, ESC/Java is • not complete: it may complain about a correct spec • not sound: it may fail to warn about an incorrect spec ESC/Java warns about many potential bugs, but not about all actual bugs. These are unavoidable concessions to main goal: pointing out lots of potential bugs quickly & completely automatically In practice ESC/Java is quite good at checking simple specs, e.g. ruling out any NullPointer- and IndexOutOfBoundsExceptions Erik Poll - JML – p.17/17

Recommend

JAVA Java vs. Java Java Language Specification

JAVA Java vs. Java Java Language Specification

BR 10/05 JAVA Java vs. Java Java Language Specification http://java.sun.com/docs/books/jls/second_edition/html/j.title.doc.html Java programming language is compiled into java byte code Java Virtual Machine Specification

1.07k views • 44 slides
Multi-core in JVM/Java Concurrent programming in java Prior Java 5 Java 5 (2006)

Multi-core in JVM/Java Concurrent programming in java Prior Java 5 Java 5 (2006)

Multi-core in JVM/Java Concurrent programming in java Prior Java 5 Java 5 (2006) Java 7 (2010) Other topics Basic concurrency in Java Java Memory Model describes how threads interact through memory Single thread

812 views • 34 slides
Java Java Basics Java Program Statements Java Review Conditional statements

Java Java Basics Java Program Statements Java Review Conditional statements

Java Java Basics Java Program Statements Java Review Conditional statements Repetition statements (loops) Writing Classes in Java Selim Aksoy Class definitions Bilkent University Encapsulation and Java modifiers

346 views • 11 slides
1 Java compilation model Java bytecode format void spin () { int i; for (i = 0; i &lt; 100;

1 Java compilation model Java bytecode format void spin () { int i; for (i = 0; i &lt; 100;

The Java programming environment Introduction to JVM Based on material produced by Bill Venners 1 2 The Java platform The role of the virtual machime byte code generated by the Java front-end is an intermediate representation (IR)

834 views • 3 slides
TM Technology for Blu-ray and TV: Java Creating your own Blu-ray Java Discs The Blu-ray Java

TM Technology for Blu-ray and TV: Java Creating your own Blu-ray Java Discs The Blu-ray Java

TM Technology for Blu-ray and TV: Java Creating your own Blu-ray Java Discs The Blu-ray Java Authoring Team: Bill Foote, Chihiro Saito, A. Sundararajan, Jaya Hangal TS-5449 Talk Outline HD Cookbook Community Overview Target: Blu-ray

592 views • 44 slides
DTrace Topics: -&gt; java/lang/System.arraycopy &lt;- java/lang/System.arraycopy Java &lt;-

DTrace Topics: -&gt; java/lang/System.arraycopy &lt;- java/lang/System.arraycopy Java &lt;-

# ./jflow.d &lt;- java/lang/Thread.sleep -&gt; Greeting.greet -&gt; java/io/PrintStream.println -&gt; java/io/PrintStream.print -&gt; java/io/PrintStream.write -&gt; java/io/PrintStream.ensureOpen &lt;- java/io/PrintStream.ensureOpen -&gt;

632 views • 34 slides
Migrating to Java 9 Modules @Sander_Mak By Sander Mak Migrating to Java 9 Java 8 java -cp ..

Migrating to Java 9 Modules @Sander_Mak By Sander Mak Migrating to Java 9 Java 8 java -cp ..

Migrating to Java 9 Modules @Sander_Mak By Sander Mak Migrating to Java 9 Java 8 java -cp .. -jar myapp.jar Java 9 java -cp .. -jar myapp.jar Today's journey Running on Java 9 Java 9 modules Migrating to modules Modularising code

851 views • 45 slides
C vs Java Dalhousie University Winter 2019 Comparing C to Java Assumption: You know Java well.

C vs Java Dalhousie University Winter 2019 Comparing C to Java Assumption: You know Java well.

CSCI 2132: Software Development Norbert Zeh Faculty of Computer Science C vs Java Dalhousie University Winter 2019 Comparing C to Java Assumption: You know Java well. Focus on differences between C and Java. Arithmetic Operators Most

152 views • 14 slides
Actually, C++ and Java are much the same as C. C was designed in the 1970s. 1 Java 2 C 3

Actually, C++ and Java are much the same as C. C was designed in the 1970s. 1 Java 2 C 3

C is a high level language (HLL) Its syntax is much the same as Java and C++, but no objects. Actually, C++ and Java are much the same as C. C was designed in the 1970s. 1 Java 2 C 3 Why C ? 1. Millions of lines of code have been

377 views • 23 slides
JAVA Language Mapping Java IDL (CORBA) introduced in Version 1.2 of the Java 2 platform,

JAVA Language Mapping Java IDL (CORBA) introduced in Version 1.2 of the Java 2 platform,

BR 11/05 JAVA Language Mapping Java IDL (CORBA) introduced in Version 1.2 of the Java 2 platform, provides an interface between Java programs and distributed objects and services built using the Common Object Request Broker

355 views • 31 slides
JAVA Basics &amp; OOP 2020/3/14 Write Once, Run Anywhere Java Virtual Machine (JVM)

JAVA Basics &amp; OOP 2020/3/14 Write Once, Run Anywhere Java Virtual Machine (JVM)

Poly- mor- phism Abstra ction Class OOP Inheri -tance En- capsu- lation Kuan-Ting Lai JAVA Basics &amp; OOP 2020/3/14 Write Once, Run Anywhere Java Virtual Machine (JVM) http://net-informations.com/java/intro/jvm.htm Java Overview

660 views • 44 slides
RIDING THE JET STREAMS FUAD MALIKOV | HAZELCAST JAVA 8 STREAM API WHAT IS IT? JAVA 8 PRE JAVA

RIDING THE JET STREAMS FUAD MALIKOV | HAZELCAST JAVA 8 STREAM API WHAT IS IT? JAVA 8 PRE JAVA

RIDING THE JET STREAMS FUAD MALIKOV | HAZELCAST JAVA 8 STREAM API WHAT IS IT? JAVA 8 PRE JAVA 8 HISTORIC TIMES Collections Iterators For loops If-else statements WORD COUNT CODE Pre Java 8 Stream examples Get the unique

489 views • 19 slides
The testing pyramid Maurcio F. Aniche M.F.Aniche@tudelft.nl A.java ATest.java Thats what

The testing pyramid Maurcio F. Aniche M.F.Aniche@tudelft.nl A.java ATest.java Thats what

The testing pyramid Maurcio F. Aniche M.F.Aniche@tudelft.nl A.java ATest.java Thats what we have been calling B.java BTest.java Unit Testing . C.java CTest.java Some definitions ISQTB: Searches for defects in, and verifies the

604 views • 17 slides
C++ -&gt; Java Moving from C++ to Java Execu7ve

C++ -&gt; Java Moving from C++ to Java Execu7ve

C++ -&gt; Java Moving from C++ to Java Execu7ve Summary Introduces Java to a C++ programmer. Provides a roadmap for understanding advanced

798 views • 50 slides
Upgrading Past Java 9 Sounds Scary and I dont want to pay for Java Super happy with Java 8,

Upgrading Past Java 9 Sounds Scary and I dont want to pay for Java Super happy with Java 8,

Upgrading Past Java 9 Sounds Scary and I dont want to pay for Java Super happy with Java 8, Super happy with Java 8, thanks thanks Starting with Java 11, Oracle will provide JDK releases under the open source GNU General Public License

1.01k views • 71 slides
Todays topics Java Syntax and Grammars Sample Programs Upcoming More

Todays topics Java Syntax and Grammars Sample Programs Upcoming More

Todays topics Java Syntax and Grammars Sample Programs Upcoming More Java Reading Great Ideas , Chapter 2 Java! Java is a buzzword-enabled language From Sun (the developers of Java), Java is a simple,

582 views • 28 slides
Introduction to Java Brief history of Java Sample Java Program Compiling &amp;

Introduction to Java Brief history of Java Sample Java Program Compiling &amp;

Introduction to Java Brief history of Java Sample Java Program Compiling &amp; Executing Reading: =&gt; Section 1.1 1 Introduction to Java History Invented in 1991 - Sun Microsystems, Inc (James Gosling). Sun

593 views • 12 slides
Java SE 9 and the Application Server Kevin Sutter MicroProfile and Java EE Architect

Java SE 9 and the Application Server Kevin Sutter MicroProfile and Java EE Architect

InterConnect EclipseCon Europe 2017 2017 Java SE 9 and the Application Server Kevin Sutter MicroProfile and Java EE Architect @kwsutter 1 Java SE 9 Standalone 2 10/30/17 Java 9 Standard Features JSR 379: Java SE 9 Release

468 views • 32 slides
Java I/O For the next couple of classes we will be Java I/O talking about Java I/O Last

Java I/O For the next couple of classes we will be Java I/O talking about Java I/O Last

Java I/O For the next couple of classes we will be Java I/O talking about Java I/O Last class: basics and low level I/O This class: wrappers and high level I/O Reading, Writing, and stuff Pt II All Java I/O classes

251 views • 8 slides
e Java Memory Model . Jesper qvist . . . e Java Environment . . . 2 . . e Java

e Java Memory Model . Jesper qvist . . . e Java Environment . . . 2 . . e Java

. e Java Memory Model . Jesper qvist . . . e Java Environment . . . 2 . . e Java Environment . . . 3 . . Java Execution . Possible reordering due to Compiler, JVM, or CPU! Plus visibility problems due to CPU caches! .

473 views • 21 slides
How Java works The java compiler takes a .java file and generates a .class file The .class

How Java works The java compiler takes a .java file and generates a .class file The .class

How Java works The java compiler takes a .java file and generates a .class file The .class file contains Java bytecodes, the assembler language for Java programs Bytecodes are executed in a JVM (java virtual machine), the valid

426 views • 8 slides
Professional Java Projects CS1331 Professional Java Projects You know the basics of Java. Today

Professional Java Projects CS1331 Professional Java Projects You know the basics of Java. Today

Professional Java Projects CS1331 Professional Java Projects You know the basics of Java. Today youll learn the basic elements of professional Java projects, including the classpath, separating source and compiler output, project

388 views • 10 slides
OpenJDK The Future of Open Source Java on GNU/Linux Dalibor Topi Java F/OSS Ambassador

OpenJDK The Future of Open Source Java on GNU/Linux Dalibor Topi Java F/OSS Ambassador

OpenJDK The Future of Open Source Java on GNU/Linux Dalibor Topi Java F/OSS Ambassador Blog aggregated on http://planetjdk.org Java Implementations Become Open Source Java ME, Java SE, and Java EE 2 Why now? Java is everywhere

660 views • 39 slides
Java 8 in Anger Trisha Gee Developer &amp; Technical Advocate, JetBrains java.lang and

Java 8 in Anger Trisha Gee Developer &amp; Technical Advocate, JetBrains java.lang and

#QConNewYork Java 8 in Anger Trisha Gee Developer &amp; Technical Advocate, JetBrains java.lang and java.util Packages Parallel Array Sorting Standard Encoding and Decoding Base64 Java 8 has many new features Unsigned Arithmetic

324 views • 31 slides

More recommend