soundness and completeness warnings in esc java2
play

Soundness and Completeness Warnings in ESC/Java2 Joe Kiniry, Alan - PowerPoint PPT Presentation

Dec 18, 2022 •282 likes •628 views

Soundness and Completeness Warnings in ESC/Java2 Joe Kiniry, Alan Morkan, and Barry Denby presented by David Cok Systems Research Group School of Computer Science and Informatics University College Dublin ESC/Java2 by design, neither sound

  1. Soundness and Completeness Warnings in ESC/Java2 Joe Kiniry, Alan Morkan, and Barry Denby presented by David Cok Systems Research Group School of Computer Science and Informatics University College Dublin

  2. ESC/Java2 by design, neither sound nor complete popularity of similar tools growing as (lightweight) static analysis tools become more widely used (e.g, Eclipse & FindBugs) developer comprehension and confidence are paramount ( program safety via programmer safety) complaints from “soundationalists” drives a desire for “tool honesty” and disclosure Systems Research Group School of Computer Science and Informatics 2 University College Dublin

  3. Checking Limitations a fast, automatic tool must “cheat” many scientific and engineering trade-offs several sources of soundness and completeness problems Java and JML semantic incompleteness unsound verification methodology limitations of dependent tools (provers) problems with user specifications Systems Research Group School of Computer Science and Informatics 3 University College Dublin

  4. Requirements on New Warning Subsystem contextually warn the user (in detail) about potential soundness and incompleteness e.g., must take into account the program code, annotations, execution path in tool, and theorem prover in use provide “tunable” feedback so as to not overwhelm the user with warnings be itself sound and complete have no false positives or negatives Systems Research Group School of Computer Science and Informatics 4 University College Dublin

  5. Detection Methodology manually analyze and classify all soundness and completeness issues define a type- and annotation-aware AST pattern match for each issue each issue implemented as a single “smart” visitor pattern (separation of concerns) customized warning levels, messages, and criticality per issue Systems Research Group School of Computer Science and Informatics 5 University College Dublin

  6. Example Warnings public class CreditCard { //@ invariant balance <= maxCredit; public double balance = 0, maxCredit = 100000; public static int STANDARD = 1, SILVER = 2, GOLD = 4; private int accountType = 1; //@ ensures accountType == 4; public void goldCard() { accountType = 4; } //@ requires cost < (maxCredit - balance); //@ ensures \result == \old(balance + cost); public double purchase(double cost) { return balance + cost; } //@ ensures (accountType == GOLD ? 1 : 0); public /*@ pure @*/ boolean isGoldCard() { return accountType | GOLD; } } Systems Research Group School of Computer Science and Informatics University College Dublin

  7. Example Warnings public class CreditCard { //@ invariant balance <= maxCredit; public double balance = 0, maxCredit = 100000; public static int STANDARD = 1, SILVER = 2, GOLD = 4; private int accountType = 1; //@ ensures accountType == 4; public void goldCard() { accountType = 4; } //@ requires cost < (maxCredit - balance); //@ ensures \result == \old(balance + cost); public double purchase(double cost) { return balance + cost; } //@ ensures (accountType == GOLD ? 1 : 0); public /*@ pure @*/ boolean isGoldCard() { return accountType | GOLD; } } Systems Research Group School of Computer Science and Informatics University College Dublin

  8. Example Warnings Incompleteness Warning: Simplify cannot deal with large integer values. public class CreditCard { //@ invariant balance <= maxCredit; public double balance = 0, maxCredit = 100000; public static int STANDARD = 1, SILVER = 2, GOLD = 4; private int accountType = 1; //@ ensures accountType == 4; public void goldCard() { accountType = 4; } //@ requires cost < (maxCredit - balance); //@ ensures \result == \old(balance + cost); public double purchase(double cost) { return balance + cost; } //@ ensures (accountType == GOLD ? 1 : 0); public /*@ pure @*/ boolean isGoldCard() { return accountType | GOLD; } } Systems Research Group School of Computer Science and Informatics University College Dublin

  9. Example Warnings public class CreditCard { //@ invariant balance <= maxCredit; public double balance = 0, maxCredit = 100000; public static int STANDARD = 1, SILVER = 2, GOLD = 4; private int accountType = 1; //@ ensures accountType == 4; public void goldCard() { accountType = 4; } //@ requires cost < (maxCredit - balance); //@ ensures \result == \old(balance + cost); public double purchase(double cost) { return balance + cost; } //@ ensures (accountType == GOLD ? 1 : 0); public /*@ pure @*/ boolean isGoldCard() { return accountType | GOLD; } } Systems Research Group School of Computer Science and Informatics University College Dublin

  10. Example Warnings public class CreditCard { //@ invariant balance <= maxCredit; public double balance = 0, maxCredit = 100000; public static int STANDARD = 1, SILVER = 2, GOLD = 4; private int accountType = 1; //@ ensures accountType == 4; public void goldCard() { accountType = 4; } //@ requires cost < (maxCredit - balance); //@ ensures \result == \old(balance + cost); public double purchase(double cost) { return balance + cost; } //@ ensures (accountType == GOLD ? 1 : 0); public /*@ pure @*/ boolean isGoldCard() { return accountType | GOLD; } } Systems Research Group School of Computer Science and Informatics University College Dublin

  11. Example Warnings Soundness Warning: Exposed field may be used in other class invariants. public class CreditCard { //@ invariant balance <= maxCredit; public double balance = 0, maxCredit = 100000; public static int STANDARD = 1, SILVER = 2, GOLD = 4; private int accountType = 1; //@ ensures accountType == 4; public void goldCard() { accountType = 4; } //@ requires cost < (maxCredit - balance); //@ ensures \result == \old(balance + cost); public double purchase(double cost) { return balance + cost; } //@ ensures (accountType == GOLD ? 1 : 0); public /*@ pure @*/ boolean isGoldCard() { return accountType | GOLD; } } Systems Research Group School of Computer Science and Informatics University College Dublin

  12. Example Warnings public class CreditCard { //@ invariant balance <= maxCredit; public double balance = 0, maxCredit = 100000; public static int STANDARD = 1, SILVER = 2, GOLD = 4; private int accountType = 1; //@ ensures accountType == 4; public void goldCard() { accountType = 4; } //@ requires cost < (maxCredit - balance); //@ ensures \result == \old(balance + cost); public double purchase(double cost) { return balance + cost; } //@ ensures (accountType == GOLD ? 1 : 0); public /*@ pure @*/ boolean isGoldCard() { return accountType | GOLD; } } Systems Research Group School of Computer Science and Informatics University College Dublin

  13. Example Warnings public class CreditCard { //@ invariant balance <= maxCredit; public double balance = 0, maxCredit = 100000; public static int STANDARD = 1, SILVER = 2, GOLD = 4; private int accountType = 1; //@ ensures accountType == 4; public void goldCard() { accountType = 4; } //@ requires cost < (maxCredit - balance); //@ ensures \result == \old(balance + cost); public double purchase(double cost) { return balance + cost; } //@ ensures (accountType == GOLD ? 1 : 0); public /*@ pure @*/ boolean isGoldCard() { return accountType | GOLD; } } Systems Research Group School of Computer Science and Informatics University College Dublin

  14. Example Warnings Soundness Warning: Heuristics for class invariant analysis are not sound. public class CreditCard { //@ invariant balance <= maxCredit; public double balance = 0, maxCredit = 100000; public static int STANDARD = 1, SILVER = 2, GOLD = 4; private int accountType = 1; //@ ensures accountType == 4; public void goldCard() { accountType = 4; } //@ requires cost < (maxCredit - balance); //@ ensures \result == \old(balance + cost); public double purchase(double cost) { return balance + cost; } //@ ensures (accountType == GOLD ? 1 : 0); public /*@ pure @*/ boolean isGoldCard() { return accountType | GOLD; } } Systems Research Group School of Computer Science and Informatics University College Dublin

  15. Example Warnings public class CreditCard { //@ invariant balance <= maxCredit; public double balance = 0, maxCredit = 100000; public static int STANDARD = 1, SILVER = 2, GOLD = 4; private int accountType = 1; //@ ensures accountType == 4; public void goldCard() { accountType = 4; } //@ requires cost < (maxCredit - balance); //@ ensures \result == \old(balance + cost); public double purchase(double cost) { return balance + cost; } //@ ensures (accountType == GOLD ? 1 : 0); public /*@ pure @*/ boolean isGoldCard() { return accountType | GOLD; } } Systems Research Group School of Computer Science and Informatics University College Dublin

  16. Example Warnings public class CreditCard { //@ invariant balance <= maxCredit; public double balance = 0, maxCredit = 100000; public static int STANDARD = 1, SILVER = 2, GOLD = 4; private int accountType = 1; //@ ensures accountType == 4; public void goldCard() { accountType = 4; } //@ requires cost < (maxCredit - balance); //@ ensures \result == \old(balance + cost); public double purchase(double cost) { return balance + cost; } //@ ensures (accountType == GOLD ? 1 : 0); public /*@ pure @*/ boolean isGoldCard() { return accountType | GOLD; } } Systems Research Group School of Computer Science and Informatics University College Dublin

Recommend

ESC/Java2 Warnings David Cok, Joe Kiniry, and Erik Poll Eastman Kodak Company, University College

ESC/Java2 Warnings David Cok, Joe Kiniry, and Erik Poll Eastman Kodak Company, University College

ESC/Java2 Warnings David Cok, Joe Kiniry, and Erik Poll Eastman Kodak Company, University College Dublin, and Radboud University Nijmegen David Cok, Joe Kiniry &amp; Erik Poll - ESC/Java2 &amp; JML Tutorial p.1/ ?? Types of ESC/Java2

1.15k views • 36 slides
The Modal Logic K Contents 1 Soundness and Completeness; Decidability 1 1.1 Soundness . . . .

The Modal Logic K Contents 1 Soundness and Completeness; Decidability 1 1.1 Soundness . . . .

The Modal Logic K Contents 1 Soundness and Completeness; Decidability 1 1.1 Soundness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.2 Completeness: Proof idea . . . . . . . . . . . . . . . . . . . . . . 2 2

361 views • 3 slides
INF3170 / INF4171 Soundness and completeness of sequent calculus Andreas Nakkerud September 14,

INF3170 / INF4171 Soundness and completeness of sequent calculus Andreas Nakkerud September 14,

Syntax of propositional logic Semantics of propositional logic Sequent calculus Soundness Completeness Model existence theorem INF3170 / INF4171 Soundness and completeness of sequent calculus Andreas Nakkerud September 14, 2016 Syntax of

1.13k views • 71 slides
Predicate Logic: Soundness and Completeness of Formal Deduction Alice Gao Lecture 17 CS 245

Predicate Logic: Soundness and Completeness of Formal Deduction Alice Gao Lecture 17 CS 245

Predicate Logic: Soundness and Completeness of Formal Deduction Alice Gao Lecture 17 CS 245 Logic and Computation Fall 2019 1 / 9 Outline The Learning Goals The Soundness of Formal Deduction Revisiting the Learning Goals CS 245 Logic and

243 views • 9 slides
Computational Properties of Resolution and First-Order Logic Soundness and Completeness:

Computational Properties of Resolution and First-Order Logic Soundness and Completeness:

Computational Properties of Resolution and First-Order Logic Soundness and Completeness: Definition: The symbol denotes the inference mechanism of first-order resolution (without paramodulation). Theorem: First-order

549 views • 16 slides
Soundness and Completeness of Infinitary Term Graph Rewriting Patrick Bahr paba@diku.dk

Soundness and Completeness of Infinitary Term Graph Rewriting Patrick Bahr paba@diku.dk

Soundness and Completeness of Infinitary Term Graph Rewriting Patrick Bahr paba@diku.dk University of Copenhagen Department of Computer Science 17th Informal Workshop on Term Rewriting, Aachen, March 28, 2012 From Terms to Term Graphs f f

426 views • 19 slides
Soundness and Completeness of Intuitionistic Dialogues Second Bachelor Seminar Talk Dominik Wehr

Soundness and Completeness of Intuitionistic Dialogues Second Bachelor Seminar Talk Dominik Wehr

Soundness and Completeness of Intuitionistic Dialogues Second Bachelor Seminar Talk Dominik Wehr Advisors: Dominik Kirst, Yannick Forster https://www.ps.uni-saarland.de/~wehr/bachelor.php Saarland University 20th March 2019 Model semantics

419 views • 22 slides
The ESC/Java2 Calculi and Object Logics Implications on Specification and Verification Joseph

The ESC/Java2 Calculi and Object Logics Implications on Specification and Verification Joseph

The ESC/Java2 Calculi and Object Logics Implications on Specification and Verification Joseph Kiniry Department of Computer Science University College Dublin ESC/Java2 ESC/Java2 is an extended static checker based upon DEC/Compaq SRC

278 views • 27 slides
ON THE COST OF TYPE-TAG SOUNDNESS Ben Greenman Zeina Migeed ON THE COST OF TYPE-TAG SOUNDNESS

ON THE COST OF TYPE-TAG SOUNDNESS Ben Greenman Zeina Migeed ON THE COST OF TYPE-TAG SOUNDNESS

ON THE COST OF TYPE-TAG SOUNDNESS Ben Greenman Zeina Migeed ON THE COST OF TYPE-TAG SOUNDNESS 1. Tag soundness 2. Performance cost of soundness 3. Evaluation method 4. Conclusions TYPE-TAG SOUNDNESS Type Soundness e : If

1.28k views • 64 slides
ESC/Java2 vs. JMLForge Juan Pablo Galeotti, Alessandra Gorla,

ESC/Java2 vs. JMLForge Juan Pablo Galeotti, Alessandra Gorla,

ESC/Java2 vs. JMLForge Juan Pablo Galeotti, Alessandra Gorla, Andreas Rau Saarland University, Germany ESC/Java2: the formula is built using Dijsktras

439 views • 43 slides
Computation and Deduction Lecture 19: Cut Elimination Tuesday March 18, 1997 1. Soundness of

Computation and Deduction Lecture 19: Cut Elimination Tuesday March 18, 1997 1. Soundness of

Computation and Deduction Lecture 19: Cut Elimination Tuesday March 18, 1997 1. Soundness of Sequent Calculus 2. Completeness of Sequent Calculus 3. Cut Elimination 19.1 Soundness of Sequent Calculus I ssdc : conc A -&gt; nd A -&gt; type.

583 views • 9 slides
1

1

{HEADSHOT}* * The*field*of*so3ware*analysis*is*highly*diverse:*there*are*many*approaches*with*different*strengths*and* limitaBons*in*aspects*such*as*soundness,*completeness,*applicability,*and*scalability.* * In* this* lesson,* we* will*

699 views • 47 slides
ESC/Java2 Use and Features David Cok, Joe Kiniry, Erik Poll Eastman Kodak Company, University

ESC/Java2 Use and Features David Cok, Joe Kiniry, Erik Poll Eastman Kodak Company, University

ESC/Java2 Use and Features David Cok, Joe Kiniry, Erik Poll Eastman Kodak Company, University College Dublin, and Radboud University Nijmegen David Cok, Joe Kiniry &amp; Erik Poll - ESC/Java2 &amp; JML Tutorial p.1/ ?? The ESC/Java2 tool

923 views • 24 slides
ESC/Java2 Use and Features David Cok, Joe Kiniry, Erik Poll Eastman Kodak Company, University

ESC/Java2 Use and Features David Cok, Joe Kiniry, Erik Poll Eastman Kodak Company, University

ESC/Java2 Use and Features David Cok, Joe Kiniry, Erik Poll Eastman Kodak Company, University College Dublin, and Radboud University Nijmegen David Cok, Joe Kiniry &amp; Erik Poll - ESC/Java2 &amp; JML Tutorial p.1/ ?? The ESC/Java2 tool

489 views • 19 slides
On 1 -soundness and Soundness of Workflow Nets Lu Ping, Hu Hao and L Jian Department of

On 1 -soundness and Soundness of Workflow Nets Lu Ping, Hu Hao and L Jian Department of

On 1 -soundness and Soundness of Workflow Nets Lu Ping, Hu Hao and L Jian Department of Computer Science Nanjing University luping@ics.nju.edu.cn, myou@ics.nju.edu.cn Contents Introduction to Workflow Nets Basic Properties of Workflow

558 views • 27 slides
Program Verification using JML and ESC/Java2 Erik Poll Radboud University Nijmegen p.1/36

Program Verification using JML and ESC/Java2 Erik Poll Radboud University Nijmegen p.1/36

Program Verification using JML and ESC/Java2 Erik Poll Radboud University Nijmegen p.1/36 Outline of this tutorial formal specifcation language JML program verification using ESC/Java2 p.2/36 The Java Modeling Language JML

471 views • 36 slides
Warnings-Based Claims in Product Liability Navigating U.S. Standards for Warnings; Leveraging the

Warnings-Based Claims in Product Liability Navigating U.S. Standards for Warnings; Leveraging the

Presenting a live 90-minute webinar with interactive Q&amp;A Warnings-Based Claims in Product Liability Navigating U.S. Standards for Warnings; Leveraging the Requirements in Litigation WEDNESDAY, APRIL 25, 2012 1pm Eastern | 12pm Central

768 views • 54 slides
-Wall found compilation errors Aditya Kumar Facebook Enable compiler warnings with -Wall

-Wall found compilation errors Aditya Kumar Facebook Enable compiler warnings with -Wall

-Wall found compilation errors Aditya Kumar Facebook Enable compiler warnings with -Wall -Werror Compiler warnings are precise static analysis tools -Wall enables most relevant compiler warnings Widely used warnings, well

917 views • 8 slides
NP-Completeness : Concepts Why Studying NP-Completeness ? Pursuing your

NP-Completeness : Concepts Why Studying NP-Completeness ? Pursuing your

NP-Completeness : Concepts Why Studying NP-Completeness ? Pursuing your Ph.D. Keeping your job Before studying NP-completeness : I cant find an efficient algorithm, I guess Im just too dumb. 1 After studying

770 views • 34 slides
Completeness of Resolution Theorem (Completeness) If a set of clauses S has no models then S *

Completeness of Resolution Theorem (Completeness) If a set of clauses S has no models then S *

5ai Completeness of Resolution Theorem (Completeness) If a set of clauses S has no models then S * [] (i.e. there is a resolution refutation of [] from S .) AUTOMATED REASONING Proof Structure for Resolution Completeness SLIDES 5: Assume

668 views • 7 slides
NP-completeness Evgenij Thorstensen V18 Evgenij Thorstensen NP-completeness V18 1 / 24 Recap

NP-completeness Evgenij Thorstensen V18 Evgenij Thorstensen NP-completeness V18 1 / 24 Recap

NP-completeness Evgenij Thorstensen V18 Evgenij Thorstensen NP-completeness V18 1 / 24 Recap completeness Recall A P B if there is a polynomial-time many-one reduction from A to B. Problems/strings in A can be transformed correctly into

580 views • 25 slides
CPSC 320: NP-Completeness CPSC 320 2013W2 CPSC 320: NP-Completeness Up to now: We have been

CPSC 320: NP-Completeness CPSC 320 2013W2 CPSC 320: NP-Completeness Up to now: We have been

CPSC 320: NP-Completeness CPSC 320 2013W2 CPSC 320: NP-Completeness Up to now: We have been learning recipes to design efficient algorithms. Every problem we looked at can be solved in O(n), or O(n log n), or O(n 2 ), or maybe O(n 3

739 views • 29 slides
Tobacco Package Health Warnings: International Developments and Best Practices Rob Cunningham

Tobacco Package Health Warnings: International Developments and Best Practices Rob Cunningham

Tobacco Package Health Warnings: International Developments and Best Practices Rob Cunningham UICC World Cancer Congress Aug. 30, 2012 Montreal, Canada Conclusions Use picture warnings Size as large as achievable Do not use

864 views • 68 slides
NL -completeness, NL = coNL Evgenij Thorstensen V18 Evgenij Thorstensen NL -completeness, NL =

NL -completeness, NL = coNL Evgenij Thorstensen V18 Evgenij Thorstensen NL -completeness, NL =

NL -completeness, NL = coNL Evgenij Thorstensen V18 Evgenij Thorstensen NL -completeness, NL = coNL V18 1 / 18 Logspace, recap Defined on machines that have an read-only input tape. In log space we can store a fixed number of pointers into

574 views • 21 slides

More recommend