An Overview of the Extended Static Checking System

The Extended Static Checking system (henceforth ESC) is a checker aimed at statically detecting simple errors in programs; e.g., NIL dereferences, out-of-bounds array indices, or simple deadlocks or race conditions in concurrent programs. ESC attempts to achieve these fairly modest goals using a quite general program verification framework. The user annotates the program being checked with specifications; a verification condition generator transforms the program and specification into a logical formula whose validity ensures the absence of the errors being considered. This formula is passed to an automatic theorem prover (called Simplify) developed expressly for ESC. If the prover is unable to prove that the errors do not occur, it returns (roughly) an assignment of values to program variables that falsifies the formula. This information can be presented to the programmer, giving information about the error somewhat akin to what a debugger provides when examining a core file left by a runtime occurrence of the error.

[1]  C. A. R. Hoare,et al.  Proof of correctness of data representations , 1972, Acta Informatica.

[2]  Wolfgang Polak,et al.  Formal Verification of Ada Programs , 1990, IEEE Trans. Software Eng..

[3]  Nicholas Sterling,et al.  WARLOCK - A Static Data Race Analysis Tool , 1993, USENIX Winter.

[4]  Robert W. Floyd,et al.  Assigning Meanings to Programs , 1993 .

[5]  David Evans Using specifications to check source code , 1994 .

[6]  Charles Gregory Nelson,et al.  Techniques for program verification , 1979 .

[7]  John Nagle,et al.  Practical program verification: automatic program proving for real-time embedded software , 1983, POPL '83.

[8]  Craig Schaffert,et al.  CLU Reference Manual , 1984, Lecture Notes in Computer Science.

[9]  Edsger W. Dijkstra,et al.  A Discipline of Programming , 1976 .

[10]  K. R Leino,et al.  Towards Reliable Modular Programs , 1995 .

[11]  Steven M. German,et al.  Stanford Pascal Verifier user manual , 1979 .

[12]  Mick J. Jordan An extensible programming environment for Modula-3 , 1990, SDE.

[13]  Randal E. Bryant,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 1986, IEEE Transactions on Computers.

[14]  Nesa L'abbe Wu,et al.  Linear programming and extensions , 1981 .

[15]  Daniel Jackson,et al.  Aspect: a formal specification language for detecting bugs , 1992 .

[16]  David R. Musser,et al.  Abstract Data Type Specification in the Affirm System , 1980, IEEE Transactions on Software Engineering.

[17]  Greg Nelson,et al.  Systems programming in modula-3 , 1991 .

[18]  Robert S. Boyer,et al.  Computational Logic , 1990, ESPRIT Basic Research Series.