extended static checking for java
play

Extended Static Checking for Java Lukas Erlacher TU Mnchen - - PowerPoint PPT Presentation

Feb 22, 2024 •322 likes •662 views

Motivation Example Architecture Discussion Extended Static Checking for Java Lukas Erlacher TU Mnchen - Seminar Verification 14. Juli 2011 Erlacher Extended Static Checking for Java Motivation Example Architecture Discussion Outline

  1. Motivation Example Architecture Discussion Extended Static Checking for Java Lukas Erlacher TU München - Seminar Verification 14. Juli 2011 Erlacher Extended Static Checking for Java

  2. Motivation Example Architecture Discussion Outline 1 Motivation Motivation for static checking 2 Example ESC/Java example 3 Architecture ESC/JAVA architecture VC generator Simplify 4 Discussion JML + ESC/Java annotation language JML What ESC/Java checks Erlacher Extended Static Checking for Java

  3. Motivation Example Motivation for static checking Architecture Discussion Motivation for static checking Why check a program’s behaviour? Erlacher Extended Static Checking for Java

  4. Motivation Example Motivation for static checking Architecture Discussion Motivation for static checking Why check a program’s behaviour? Errors / program does not do what we want Testing is incomplete and unsound Testing is expensive Erlacher Extended Static Checking for Java

  5. Motivation Example Motivation for static checking Architecture Discussion Motivation for static checking Why check a program’s behaviour? Errors / program does not do what we want Testing is incomplete and unsound Testing is expensive Why static checking? Erlacher Extended Static Checking for Java

  6. Motivation Example Motivation for static checking Architecture Discussion Motivation for static checking Why check a program’s behaviour? Errors / program does not do what we want Testing is incomplete and unsound Testing is expensive Why static checking? Does not require executing program Can cover all code paths Erlacher Extended Static Checking for Java

  7. Motivation Example Motivation for static checking Architecture Discussion Motivation for static checking Why check a program’s behaviour? Errors / program does not do what we want Testing is incomplete and unsound Testing is expensive Why static checking? Does not require executing program Can cover all code paths Why ESC/JAVA? Erlacher Extended Static Checking for Java

  8. Motivation Example Motivation for static checking Architecture Discussion Motivation for static checking Why check a program’s behaviour? Errors / program does not do what we want Testing is incomplete and unsound Testing is expensive Why static checking? Does not require executing program Can cover all code paths Why ESC/JAVA? First static checker for Java Architecture and working principle very clear and structured Is applicable in practice Annotation language allows to specify design that can also be checked Erlacher Extended Static Checking for Java

  9. Motivation Example Motivation for static checking Architecture Discussion What is static checking? Erlacher Extended Static Checking for Java

  10. Motivation Example Motivation for static checking Architecture Discussion What is static checking? No checking: Program execution breaks on segfault / null pointer dereference / array bounds violation. Erlacher Extended Static Checking for Java

  11. Motivation Example Motivation for static checking Architecture Discussion What is static checking? No checking: Program execution breaks on segfault / null pointer dereference / array bounds violation. Type checking: Compiler notices illegal code and violation of specification embedded in type information. Erlacher Extended Static Checking for Java

  12. Motivation Example Motivation for static checking Architecture Discussion What is static checking? No checking: Program execution breaks on segfault / null pointer dereference / array bounds violation. Type checking: Compiler notices illegal code and violation of specification embedded in type information. Primitive static checking: Flags easily-detected “suspicious” code such as use of uninitialized variables or unreachable code. Erlacher Extended Static Checking for Java

  13. Motivation Example Motivation for static checking Architecture Discussion What is static checking? No checking: Program execution breaks on segfault / null pointer dereference / array bounds violation. Type checking: Compiler notices illegal code and violation of specification embedded in type information. Primitive static checking: Flags easily-detected “suspicious” code such as use of uninitialized variables or unreachable code. Formal methods: Formally prove that program is correct. Erlacher Extended Static Checking for Java

  14. Motivation Example Motivation for static checking Architecture Discussion What is static checking? No checking: Program execution breaks on segfault / null pointer dereference / array bounds violation. Type checking: Compiler notices illegal code and violation of specification embedded in type information. Primitive static checking: Flags easily-detected “suspicious” code such as use of uninitialized variables or unreachable code. Formal methods: Formally prove that program is correct. Extended static checking uses annotations and generic formal methods to show whether a program behaves within the constraints of its specification. Erlacher Extended Static Checking for Java

  15. Motivation Example Motivation for static checking Architecture Discussion Comparison of checking methods coverage program verification extended static checking decidability ceiling type checking effort Erlacher Extended Static Checking for Java

  16. Motivation Example Motivation for static checking Architecture Discussion ESC/JAVA history Developed at Compaq Systems Research by Flanagan, Leino, Lillibridge, Nelson, Saxe, and Stata Descended from ESC/Modula-3 Developed as practical tool to check programs for semantic errors, specification violations, and synchronization errors in concurrent programs Exploits the space between fast, but primitive syntactic checkers like lint and comprehensive, but costly formal program verification Erlacher Extended Static Checking for Java

  17. Motivation Example ESC/Java example Architecture Discussion ESC/Java example public class Bag { 1 int [] elements; 2 int size; 3 4 Bag( int [] input) { 5 size = input.length; 6 elements = new int [size]; 7 System.arraycopy(input, 0 , elements, 0 , size); 8 } 9 10 .. 11 } 12 Erlacher Extended Static Checking for Java

  18. Motivation Example ESC/Java example Architecture Discussion ESC/Java example public class Bag { 1 int [] elements; 2 int size; 3 4 Bag( int [] input) { 5 size = input.length; 6 elements = new int [size]; 7 System.arraycopy(input, 0 , elements, 0 , size); 8 } 9 10 .. 11 } 12 Bag.java:6: Warning: Possible null dereference (Null) size = input.length; ^ Erlacher Extended Static Checking for Java

  19. Motivation Example ESC/Java example Architecture Discussion ESC/Java example public class Bag { 1 /*@non_null*/ int [] elements; 2 int size; 3 4 Bag(/*@non_null*/ int [] input) { 5 size = input.length; 6 elements = new int [size]; 7 System.arraycopy(input, 0 , elements, 0 , size); 8 } 9 10 .. 11 } 12 Bag.java:6: Warning: Possible null dereference (Null) size = input.length; ^ Erlacher Extended Static Checking for Java

  20. Motivation Example ESC/Java example Architecture Discussion ESC/Java example public class Bag { 1 /*@non_null*/ int [] elements; 2 int size; 3 4 Bag(/*@non_null*/ int [] input) { 5 size = input.length; 6 elements = new int [size]; 7 System.arraycopy(input, 0 , elements, 0 , size); 8 } 9 10 .. 11 } 12 Erlacher Extended Static Checking for Java

  21. Motivation Example ESC/Java example Architecture Discussion ESC/Java example public class Bag { 1 int [] elements; int size; 2 .. 3 int extractMin () { 4 int m = Integer.MAX_VALUE; 5 int mindex = 0 ; 6 for ( int i = 0 ; i < size; i++) { 7 if (elements[i] < m) { 8 mindex = i; 9 m = elements[i]; 10 } 11 } 12 size--; 13 elements[mindex] = elements[size]; 14 return m; 15 } 16 } 17 Erlacher Extended Static Checking for Java

  22. Motivation Example ESC/Java example Architecture Discussion ESC/Java example public class Bag { 1 int [] elements; int size; 2 .. 3 int extractMin () { 4 int m = Integer.MAX_VALUE; 5 int mindex = 0 ; 6 for ( int i = 0 ; i < size; i++) { 7 if (elements[i] < m) { 8 mindex = i; 9 m = elements[i]; 10 } 11 } 12 size--; 13 elements[mindex] = elements[size]; 14 return m; 15 } 16 } 17 Bag1.java:8: Warning: Array index possibly too large (IndexTooBig) if (elements[i] < m) { ^ Erlacher Extended Static Checking for Java

  23. Motivation Example ESC/Java example Architecture Discussion ESC/Java example /*@invariant size >= 0 && size <= elements.length; */ public class Bag { 1 int [] elements; int size; 2 .. 3 int extractMin () { 4 int m = Integer.MAX_VALUE; 5 int mindex = 0 ; 6 for ( int i = 0 ; i < size; i++) { 7 if (elements[i] < m) { 8 mindex = i; 9 m = elements[i]; 10 } 11 } 12 size--; 13 elements[mindex] = elements[size]; 14 return m; 15 } 16 } 17 Erlacher Extended Static Checking for Java

  24. Motivation Example ESC/Java example Architecture Discussion Recap: Examples non_null: Forces assigners to always assign a valid instance - allows users to assume that instance is always valid invariant: introduces the invariant as precondition and post-condition to every method call precondition: forces caller to establish precondition before calling postcondition: forces method to establish post-condition before returning Erlacher Extended Static Checking for Java

Recommend

ESC/Java extended static checking for Java Erik Poll, Joe Kiniry, David Cok University of

ESC/Java extended static checking for Java Erik Poll, Joe Kiniry, David Cok University of

ESC/Java extended static checking for Java Erik Poll, Joe Kiniry, David Cok University of Nijmegen; Eastman Kodak Company Erik Poll - JML p.1/17 ESC/Java Extended static checker by Rustan Leino et.al. [Compaq]. tries to prove

334 views • 22 slides
Extended Static Checking Extended Static Checking Greg Nelson MJ 6 James B. Saxe MJ 6

Extended Static Checking Extended Static Checking Greg Nelson MJ 6 James B. Saxe MJ 6

Authors Authors Author Defn. Num.* K. Rustan M. Leino MJS 13 Extended Static Checking Extended Static Checking Greg Nelson MJ 6 James B. Saxe MJ 6 Wolfram Schulte S 3 David Detlefs M 2 Raymie Stata J 2 Mike Barnett S 2

239 views • 5 slides
Extended Static Checking with ESC/Java2 1. Overview Wolfgang Schreiner

Extended Static Checking with ESC/Java2 1. Overview Wolfgang Schreiner

Extended Static Checking with ESC/Java2 1. Overview Wolfgang Schreiner Wolfgang.Schreiner@risc.uni-linz.ac.at 2. Examples Research Institute for Symbolic Computation (RISC) Johannes Kepler University, Linz, Austria

653 views • 12 slides
ESC/Java Approach Wishnu Prasetya wishnu@cs.uu.nl www.cs.uu.nl/docs/vakken/pv ESC/Java

ESC/Java Approach Wishnu Prasetya wishnu@cs.uu.nl www.cs.uu.nl/docs/vakken/pv ESC/Java

ESC/Java Approach Wishnu Prasetya wishnu@cs.uu.nl www.cs.uu.nl/docs/vakken/pv ESC/Java Extended Static Checker for Java an implementation of Hoare Logic. Semi-automatic theorem prover back-end. It is not intended to verify

331 views • 32 slides
The Mobius Program Verification Environment Recent Advances in Extended Static Checking Joe

The Mobius Program Verification Environment Recent Advances in Extended Static Checking Joe

The Mobius Program Verification Environment Recent Advances in Extended Static Checking Joe Kiniry, University College Dublin Joe Kiniry, University College Dublin http://mobius.inria.fr/ http://mobius.inria.fr/ Contract n IST 015905

534 views • 21 slides
Introduction Goal: Use programmers design decisions with automatic checking todetect potential

Introduction Goal: Use programmers design decisions with automatic checking todetect potential

0.5 setgray0 0.5 setgray1 Introduction Goal: Use programmers design decisions with automatic checking todetect potential errors. Extended Static Checking (ESC) tries to prove correctness at compile-time helps finding run-time exceptions

302 views • 11 slides
Model Checking Java Programs (Java PathFinder) Slides partially compiled from the NASA

Model Checking Java Programs (Java PathFinder) Slides partially compiled from the NASA

Model Checking Java Programs (Java PathFinder) Slides partially compiled from the NASA JavaPathFinder project and E. Clarkes course material Java PathFinder JPF is an explicit state software model checker for Java bytecode JPF is a Java

888 views • 35 slides
Static code checking In the Linux kernel Presented by Arnd Bergmann Date April 6, 2016 Event

Static code checking In the Linux kernel Presented by Arnd Bergmann Date April 6, 2016 Event

Static code checking In the Linux kernel Presented by Arnd Bergmann Date April 6, 2016 Event Embedded Linux Conference Static code checking in the Linux kernel 1. Overview 2. Randconfig issues 3. Checking tools 4. Automated checking

586 views • 48 slides
Server (TCP) import java.io.*; import java.net.*; public class SimpleServer { public static

Server (TCP) import java.io.*; import java.net.*; public class SimpleServer { public static

Server (TCP) import java.io.*; import java.net.*; public class SimpleServer { public static final int PORT = 8080; public static void main(String[] args) throws IOException { ServerSocket s = new ServerSocket(PORT);

300 views • 10 slides
Ja Java vs Pyt ython interactivepython.org/runestone/static/java4python/index.html Why should

Ja Java vs Pyt ython interactivepython.org/runestone/static/java4python/index.html Why should

Ja Java vs Pyt ython interactivepython.org/runestone/static/java4python/index.html Why should you know something about Ja Java? Java is an example of a statically typed object oriented language (like C and C++) opposed to Pythons being

889 views • 23 slides
Checking Extended CTL Properties Using Guarded Quotient Structure Xiaodong Wang advised by:

Checking Extended CTL Properties Using Guarded Quotient Structure Xiaodong Wang advised by:

Checking Extended CTL Properties Using Guarded Quotient Structure Xiaodong Wang advised by: Professor Sistla Outline Part I: Symmetry based method Part II: CCTL logic Part III: Input language Part IV: Model checking algorithm

630 views • 60 slides
Static verification framework for Go Overview 2 Model checking Behavioural mCRL2 model checker

Static verification framework for Go Overview 2 Model checking Behavioural mCRL2 model checker

Concurrency in Go Behavioural type inference Model checking behavioural types Termination checking Summary Static verification framework for Go Overview 2 Model checking Behavioural mCRL2 model checker Types Transform Check safety and

681 views • 67 slides
Java Applications FYI FYI for now for now Java Applications Always include a class

Java Applications FYI FYI for now for now Java Applications Always include a class

Java Applications FYI FYI for now for now Java Applications Always include a class with a main method e.g., public static void main(String args[]){ } Huh? public can be invoked from another package static same for all

206 views • 16 slides
Type Checking General properties of type systems Types in programming languages

Type Checking General properties of type systems Types in programming languages

Outline Type Checking General properties of type systems Types in programming languages Notation for type rules Logical rules of inference Common type rules 2 Static Checking Static Checking (Cont.) Refers to

896 views • 10 slides
Software Model Checking Software Model Checking via Static and Dynamic via Static and Dynamic

Software Model Checking Software Model Checking via Static and Dynamic via Static and Dynamic

Software Model Checking Software Model Checking via Static and Dynamic via Static and Dynamic Program Analysis Program Analysis Patrice Godefroid Godefroid Patrice Bell Laboratories, Lucent Technologies Bell Laboratories, Lucent

1.05k views • 56 slides
Methods http://xkcd.com/221/ Not actually a valid Java static method Fundamentals of Computer

Methods http://xkcd.com/221/ Not actually a valid Java static method Fundamentals of Computer

Methods http://xkcd.com/221/ Not actually a valid Java static method Fundamentals of Computer Science Outline Methods Static Methods Helper functions Perform calculations Output data Consolidate similar code to one

631 views • 28 slides
Towards practical reactive security audit using extended static checkers 1 Julien Vanegue 1

Towards practical reactive security audit using extended static checkers 1 Julien Vanegue 1

Towards practical reactive security audit using extended static checkers 1 Julien Vanegue 1 Shuvendu K. Lahiri 2 1 Bloomberg LP, New York 2 Microsoft Research, Redmond May 20, 2013 1 The work was conducted while the first author was employed at

300 views • 28 slides
Combining Static and Dynamic Contract Checking for Curry Michael Hanus University of Kiel

Combining Static and Dynamic Contract Checking for Curry Michael Hanus University of Kiel

Combining Static and Dynamic Contract Checking for Curry Michael Hanus University of Kiel Programming Languages and Compiler Construction LOPSTR 2017 Michael Hanus (CAU Kiel) Combining Static and Dynamic Contract Checking for Curry LOPSTR

463 views • 20 slides
Static program checking and verification Correctness class ArraySet implements Set { class

Static program checking and verification Correctness class ArraySet implements Set { class

Chair of Softw are Engineering Software Engineering Prof. Dr. Bertrand Meyer March 2007 June 2007 Slides: Based on KSE06 With kind permission of Peter Mller Static program checking and verification Correctness class ArraySet

445 views • 18 slides
Static Data Race Detection for SPMD Programs via an Extended Polyhedral Representation Prasanth

Static Data Race Detection for SPMD Programs via an Extended Polyhedral Representation Prasanth

Static Data Race Detection for SPMD Programs via an Extended Polyhedral Representation Prasanth Chatarasi, Jun Shirako, Vivek Sarkar Habanero Extreme Scale Software Research Group Department of Computer Science Rice University 6th

657 views • 37 slides
Data Structures Summary Today In-class work on Java: Gnome Static data and methods

Data Structures Summary Today In-class work on Java: Gnome Static data and methods

Computer Science 210 Data Structures Summary Today In-class work on Java: Gnome Static data and methods Compiling and running Java main Arrays Input and output for loops break, continue Writing a

255 views • 9 slides
Wrap Up Static, Packages, Exceptions Static methods // Example: // Java's built in Math class

Wrap Up Static, Packages, Exceptions Static methods // Example: // Java's built in Math class

Wrap Up Static, Packages, Exceptions Static methods // Example: // Java's built in Math class public class Math { public static int abs(int a) { if (a &gt;= 0) { return a; } else { return -a; } } public static double toDegrees(double

488 views • 21 slides
Types and Static Type Checking (Introducing Micro-Haskell) Informatics 2A: Lecture 13 Alex

Types and Static Type Checking (Introducing Micro-Haskell) Informatics 2A: Lecture 13 Alex

Types Micro-Haskell: crash course MH Types &amp; Abstract Syntax Type Checking Types and Static Type Checking (Introducing Micro-Haskell) Informatics 2A: Lecture 13 Alex Simpson School of Informatics University of Edinburgh

574 views • 26 slides
A Type System for Checking Applet Isolation in Java Card Peter Mller ETH Zrich Joint work

A Type System for Checking Applet Isolation in Java Card Peter Mller ETH Zrich Joint work

A Type System for Checking Applet Isolation in Java Card Peter Mller ETH Zrich Joint work with Werner Dietl and Arnd Poetzsch-Heffter 2 A Type System for Checking Applet Isolation in Java Card Applet Isolation Firewall Applet Context 1

398 views • 15 slides

More recommend