Invariant inference for static checking: an empirical evaluation

Static checking can verify the absence of errors in a program, but often requires written annotations or specifications. As a result, static checking can be difficult to use effectively: it can be difficult to determine a specification and tedious to annotate programs. Automated tools that aid the annotation process can decrease the cost of static checking and enable it to be more widely used.This paper describes an evaluation of the effectiveness of two techniques, one static and one dynamic, to assist the annotation process. We quantitatively and qualitatively evaluate 41 programmers using ESC/Java in a program verification task over three small programs, using Houdini for static inference and Daikon for dynamic inference. We also investigate the effect of unsoundness in the dynamic analysis.Statistically significant results show that both inference tools improve task completion; Daikon enables users to express more correct invariants; unsoundness of the dynamic analysis is little hindrance to users; and users imperfectly exploit Houdini. Interviews indicate that beginning users found Daikon to be helpful; Houdini to be neutral; static checking to be of potential practical use; and both assistance tools to have unique benefits.Our observations not only provide a critical evaluation of these two techniques, but also highlight important considerations for creating future assistance tools.

[1]  K. Rustan M. Leino,et al.  Houdini, an Annotation Assistant for ESC/Java , 2001, FME.

[2]  Mark Allen Weiss,et al.  Data structures and algorithm analysis in Ada , 1993 .

[3]  Lori A. Clarke,et al.  Data flow analysis for verifying properties of concurrent programs , 1994, SIGSOFT '94.

[4]  K. Rustan M. Leino,et al.  Extended static checking , 1998, PROCOMET.

[5]  Zohar Manna,et al.  Automatic Generation of Invariants and Intermediate Assertions , 1997, Theor. Comput. Sci..

[6]  Michael D. Ernst,et al.  Dynamically discovering likely program invariants , 2000 .

[7]  William G. Griswold,et al.  Dynamically discovering likely program invariants to support program evolution , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[8]  David E. Evans,et al.  Static detection of dynamic memory errors , 1996, PLDI '96.

[9]  William G. Griswold,et al.  Quickly detecting relevant program invariants , 2000, Proceedings of the 2000 International Conference on Software Engineering. ICSE 2000 the New Millennium.

[10]  Lori A. Clarke,et al.  Verification of concurrent software with FLAVERS , 1997, ICSE '97.

[11]  Yang Meng Tan,et al.  LCLint: a tool for using specifications to check code , 1994, SIGSOFT '94.

[12]  T. A. Ryan Multiple comparison in psychological research. , 1959 .

[13]  Cormac Flanagan,et al.  Avoiding exponential explosion: generating compact verification conditions , 2001, POPL '01.

[14]  Jeremy W. Nimmer Automatic Generation and Checking of Program Specifications , 2002 .

[15]  Michael D. Ernst,et al.  Static verification of dynamically detected program invariants: Integrating Daikon and ESC/Java , 2001, RV@CAV.

[16]  Nancy A. Lynch,et al.  Using I/O automata for developing distributed systems , 2000 .

[17]  Ken Arnold,et al.  The Java Programming Language , 1996 .

[18]  K. Rustan M. Leino,et al.  Annotation inference for modular checkers , 2001, Inf. Process. Lett..

[19]  Charles Gregory Nelson,et al.  Techniques for program verification , 1979 .

[20]  Albert L. Baker,et al.  JML: A Notation for Detailed Design , 1999, Behavioral Specifications of Businesses and Systems.

[21]  K. Rustan M. Leino,et al.  An Extended Static Checker for Modular-3 , 1998, CC.

[22]  Bernard Elspas,et al.  The Semiautomatic Generation of Inductive Assertions for Proving Program Correctness. , 1978 .

[23]  Ben Wegbreit,et al.  Proving Properties of Complex Data Structures , 1976, JACM.

[24]  Jussi Rintanen,et al.  An Iterative Algorithm for Synthesizing Invariants , 2000, AAAI/IAAI.

[25]  Ben Wegbreit,et al.  The synthesis of loop predicates , 1974, CACM.

[26]  Brian W. Kernighan,et al.  The C Programming Language , 1978 .

[27]  James H. Morris,et al.  Subgoal induction , 1977, CACM.

[28]  Gerard Salton,et al.  Automatic Information Organization And Retrieval , 1968 .

[29]  Hassen Saïdi,et al.  Powerful Techniques for the Automatic Generation of Invariants , 1996, CAV.

[30]  Frank Pfenning,et al.  Dependent Types in Logic Programming , 1992, Types in Logic Programming.

[31]  Michael D. Ernst,et al.  Automatic generation of program specifications , 2002, ISSTA '02.