Static program checking and verification

Similar documents
Advances in Programming Languages

ESC/Java2 extended static checking for Java Erik Poll Radboud University Nijmegen

JML tool-supported specification for Java Erik Poll Radboud University Nijmegen

ESC/Java extended static checking for Java Erik Poll, Joe Kiniry, David Cok University of Nijmegen; Eastman Kodak Company

Extended Static Checking for Java

Assertions & Design-by-Contract using JML Erik Poll University of Nijmegen

Checking Program Properties with ESC/Java

ESC/Java2 Use and Features

ESC/Java2 Use and Features

Java Modelling Language (JML) References

Advances in Programming Languages

Formal Methods for Java

Introduction to JML David Cok, Joe Kiniry, and Erik Poll Eastman Kodak Company, University College Dublin, and Radboud University Nijmegen

ESC/Java 2. Checker for Java 2. Extended. Static. B y K ats man Andrey S oftware E ngineering S em inar

Program Verification (6EC version only)

Advances in Programming Languages

Advances in Programming Languages

ESC/Java2 Use and Features David Cok, Joe Kiniry, Erik Poll Eastman Kodak Company, University College Dublin, and Radboud University Nijmegen

Lecture 10 Design by Contract

Dafny: An Automatic Program Verifier for Functional Correctness Paper by K. Rustan M. Leino (Microsoft Research)

Code Contracts. Pavel Parízek. CHARLES UNIVERSITY IN PRAGUE faculty of mathematics and physics

Lecture 4. Towards a Verifying Compiler: Data Abstraction

Assertions, pre/postconditions

JML. Outline. Métodos Formais em Engenharia de Software. MI, Braga these slides were prepared by adopting/adapting teaching material

Runtime Checking and Test Case Generation for Python

Automatic Generation of Program Specifications

Cover Page. The handle holds various files of this Leiden University dissertation

Analysis of Software Artifacts

ESC/Java2 Warnings David Cok, Joe Kiniry, and Erik Poll Eastman Kodak Company, University College Dublin, and Radboud University Nijmegen

Formale Entwicklung objektorientierter Software

FAKULTÄT FÜR INFORMATIK

Formal Methods for Java

The JML Tool. Faculty of Engineering Pontificia Universidad Javeriana. The JML Tool p.1/23

Program Verification. Aarti Gupta

Java Modeling Language (JML)

Motivation. Correct and maintainable software Cost effective software production Implicit assumptions easily broken

ESC/Java2 vs. JMLForge. Juan Pablo Galeotti, Alessandra Gorla, Andreas Rau Saarland University, Germany

Software Security: Vulnerability Analysis

Formal Specification and Verification

Runtime Checking for Program Verification Systems

Trends in Automated Verification

The Spec# Programming System: Challenges and Directions

Correctness of specifications. Correctness. Correctness of specifications (2) Example of a Correctness Proof. Testing versus Correctness Proofs

Reasoning about Object Structures Using Ownership

Design by Contract: An Overview

Self-checking software insert specifications about the intent of a system

ExplainHoudini: Making Houdini inference transparent

Reachability Analysis for Annotated Code

CnC: Check n Crash. Combining static checking and testing. Christoph Csallner and Yannis Smaragdakis

Separation Logic 2: project: Annotation Assistant for Partially Specified Programs plus some high-level observations. Hengle Jiang & John-Paul Ore

BOOGIE. Presentation by Itsik Hefez A MODULAR REUSABLE VERIFIER FOR OBJECT-ORIENTED PROGRAMS MICROSOFT RESEARCH

A Small Survey of Java Specification Languages *

Testing, Debugging, Program Verification

Principles of Software Construction: Objects, Design and Concurrency. Static Analysis. toad Spring 2013

Verification Condition Generation

Course Content. Objectives of Lecture 18 Black box testing and planned debugging. Outline of Lecture 18

Part II. Hoare Logic and Program Verification. Why specify programs? Specification and Verification. Code Verification. Why verify programs?

Principles of Software Construction: Objects, Design, and Concurrency (Part 2: Designing (Sub )Systems)

CSE 403: Software Engineering, Fall courses.cs.washington.edu/courses/cse403/16au/ Static Analysis. Emina Torlak

Java Modelling Language (JML) References

JPred-P 2. Josh Choi, Michael Welch {joshchoi,

Korat: Automated Testing Based on Java Predicates. Jeff Stuckman

CHAPTER 6. Slide 6.1 TESTING

Simulink 모델과 C/C++ 코드에대한매스웍스의정형검증툴소개 The MathWorks, Inc. 1

Bounded Verification of Voting Software

Modular verification of static class invariants

Software Model Checking with Abstraction Refinement

Formal Specification and Verification

The Java Modeling Language JML

6. Hoare Logic and Weakest Preconditions

Recap. Juan Pablo Galeotti,Alessandra Gorla, Software Engineering Chair Computer Science Saarland University, Germany

Proof Carrying Code(PCC)

n Specifying what each method does q Specify it in a comment before method's header n Precondition q Caller obligation n Postcondition

Overview The Java Modeling Language (Part 1) Related Work

The Pointer Assertion Logic Engine

JML. Java Modeling Language

Static Analysis in C/C++ code with Polyspace

CITS5501 Software Testing and Quality Assurance Formal methods

Why. an intermediate language for deductive program verification

Finding and Fixing Bugs in Liquid Haskell. Anish Tondwalkar

Today Program Analysis for finding bugs, especially security bugs problem specification motivation approaches remaining issues

An Aspect-Oriented Approach. Henrique Rebêlo Informatics Center

CIS 890: Safety Critical Systems

Testing, Debugging, and Verification

Developing Reliable Software using Object-Oriented Formal Specification and Refinement [Extended abstract prepared 24 March 2003]

Programming with Contracts. Juan Pablo Galeotti, Alessandra Gorla Saarland University, Germany

UC Santa Barbara. CS189A - Capstone. Christopher Kruegel Department of Computer Science UC Santa Barbara

Lectures 20, 21: Axiomatic Semantics

Overview of the KeY System

Formal Methods for Software Development

Data Structures. Subodh Kumar. Dept of Computer Sc. & Engg. IIT Delhi

JMLCUTE: Automated JML-Based Unit Test Case Generation

Seminar in Software Engineering Presented by Dima Pavlov, November 2010

Modular and Verified Automatic Program Repairs

Automatic Software Verification

Testing Library Specifications by Verifying Conformance Tests

Homework #1, on the class web pages later today

Fundamentals of Software Engineering

Verifying JML specifications with model fields

DSD-Crasher: A Hybrid Analysis Tool for Bug Finding

Transcription:

Chair of Software Engineering Software Engineering Prof. Dr. Bertrand Meyer March 2007 June 2007 Slides: Based on KSE06 With kind permission of Peter Müller Static program checking and verification

Correctness class ArraySet implements Set { private int[ ] array; private int next; public void insert( int i ) { for ( int j = 0; j < next; j-- ) if array[ j ] == i then return true; return false; } } Behavioral Specification Semantic Rules Context Conditions Syntax Rules Software Engineering, lecture 20: Static program checking and verification 2

Aspects of correctness Semantics Behavioral Specification Semantic Rules Test, Verification Syntax Context Conditions Syntax Rules Semantic Analysis, Type Checking Scanning, Parsing Software Engineering, lecture 20: Static program checking and verification 3

Test and verification Test Objective Detect bugs Examples White box test Black box test Problems Successful test does not guarantee correctness Verification Objective Prove correctness Examples Formal verification based on a logic Symbolic execution Problems Expensive Formal specification of behavior is required Software Engineering, lecture 20: Static program checking and verification 4

Levels of coverage Coverage Extended static checking Program verification Type checking Decidability ceiling Effort Software Engineering, lecture 20: Static program checking and verification 5

Extended static checking ESC/Java developed at DEC, Compaq, and HP Research Fully automated tool Tries to verify Absence of runtime exceptions and common mistakes e.g. null dereference, array bounds, type cast errors, deadlocks Simple user-specified contracts invariants, pre/postconditions, loop invariants, assertions Program with specifications Program Checker/Verifier Error messages Bag.java:18: Array index possibly too large Software Engineering, lecture 20: Static program checking and verification 6

Program checker design tradeoffs Objectives Fully automated reasoning As little annotation overhead as possible Performance Not sound Errors may be missed Not complete Main reason why it s called checker and not verifier Warnings do not always report errors (false alarms) Goal Cost-effective tool Find source of possible bugs quickly Software Engineering, lecture 20: Static program checking and verification 7

Tool architecture Annotated Java program Translator Verification condition Automatic Theorem Prover Counterexample context Valid Resource exhausted Post Processor Warning messages Software Engineering, lecture 20: Static program checking and verification 8

Theorem prover: Simplify Automatic: No user interaction Refutation based: To prove ϕ it will attempt to satisfy ϕ If this is possible, a counterexample is found, and we know a reason why ϕ is invalid If it fails to satisfy ϕ then ϕ is considered to be valid Software Engineering, lecture 20: Static program checking and verification 9

Time limits Logic used in Simplify is semi-decidable Each procedure that proves all valid formulas loops forever on some invalid ones Simplify works with a time limit When time limit is reached, counterexample is returned Longer computation might show that returned counterexample is inconsistent Time limits are a source of incompleteness Spurious counterexamples lead to spurious warnings Software Engineering, lecture 20: Static program checking and verification 10

ESC/Java2 Successor of ESC/Java Eclipse integration Made specification language compatible with JML Made open source Give it a try! http://secure.ucd.ie/products/opensource/escjava2 Software Engineering, lecture 20: Static program checking and verification 11

Spec# Program verification tool developed at MS Research Superset of C# non-null types pre- and postconditions object invariants C# contracts everywhere into the future type checking run-time checks Tool support more type checking compiler-emitted run-time checks static program verification fully integrated into Visual Studio.NET 2005 static verification degree of checking, effort Software Engineering, lecture 20: Static program checking and verification 12

Spec# vs. ESC/Java(2) Similarities Architecture Full automation (even theorem prover is the same) Essential contract language Differences Spec# is sound Spec# does modular reasoning price to pay: need to understand methodology Software Engineering, lecture 20: Static program checking and verification 13

Non-null types T x; The value of x is -null or - reference to object whose type is a subtype of T. T! y; The value of y is - reference to object whose type is a subtype of T, and not null. Software Engineering, lecture 20: Static program checking and verification 14

Types versus assertions Without non-null types: Person(string name) requires name!= null; With non-null types: Person(string! name) Software Engineering, lecture 20: Static program checking and verification 15

Comparing against null public void M(T x){ if (x == null) { } else { T! y = x; } } Spec# performs a data-flow analysis to allow this Software Engineering, lecture 20: Static program checking and verification 16

Spec# DEMO

References ESC/Java Flanagan et al.: Extended Static Checking for Java ESC/Java2 http://secure.ucd.ie/products/opensource/escjava2 Spec# Barnett et al.: Boogie: A Modular Reusable Verifier for Object-Oriented Programs http://research.microsoft.com/specsharp Rustan Leino s lectures http://research.microsoft.com/~leino/talks.html Software Engineering, lecture 20: Static program checking and verification 18

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback