Reducing the barriers to writing verified specifications

Formally verifying a program requires significant skill not only because of complex interactions between program subcomponents, but also because of deficiencies in current verification interfaces. These skill barriers make verification economically unattractive by preventing the use of less-skilled (less-expensive) workers and distributed workflows (i.e., crowdsourcing). This paper presents VeriWeb, a web-based IDE for verification that decomposes the task of writing verifiable specifications into manageable subproblems. To overcome the information loss caused by task decomposition, and to reduce the skill required to verify a program, VeriWeb incorporates several innovative user interface features: drag and drop condition construction, concrete counterexamples, and specification inlining. To evaluate VeriWeb, we performed three experiments. First, we show that VeriWeb lowers the time and monetary cost of verification by performing a comparative study of VeriWeb and a traditional tool using 14 paid subjects contracted hourly from Exhedra Solution's vWorker online marketplace. Second, we demonstrate the dearth and insufficiency of current ad-hoc labor marketplaces for verification by recruiting workers from Amazon's Mechanical Turk to perform verification with VeriWeb. Finally, we characterize the minimal communication overhead incurred when VeriWeb is used collaboratively by observing two pairs of developers each use the tool simultaneously to verify a single program.

[1]  Mark Allen Weiss,et al.  Data structures and algorithm analysis in Ada , 1993 .

[2]  Michael D. Ernst,et al.  Building and using pluggable type-checkers , 2011, 2011 33rd International Conference on Software Engineering (ICSE).

[3]  Nikolai Tillmann,et al.  Pex for Fun: Engineering an Automated Testing Tool for Serious Games in Computer Science , 2011 .

[4]  Michael D. Ernst,et al.  Invariant inference for static checking: , 2002, SIGSOFT '02/FSE-10.

[5]  Michael D. Ernst,et al.  Rethinking the economics of software engineering , 2010, FoSER '10.

[6]  K. Rustan M. Leino,et al.  The Spec# Programming System: An Overview , 2004, CASSIS.

[7]  Lydia B. Chilton,et al.  The labor economics of paid crowdsourcing , 2010, EC '10.

[8]  K. Rustan M. Leino,et al.  Extended static checking , 1998, PROCOMET.

[9]  K. Rustan M. Leino,et al.  Dafny: An Automatic Program Verifier for Functional Correctness , 2010, LPAR.

[10]  David L. Detlefs,et al.  An Overview of the Extended Static Checking System , 2007 .

[11]  Duncan J. Watts,et al.  Financial incentives and the "performance of crowds" , 2009, HCOMP '09.

[12]  David R. Cok,et al.  ESC/Java2: Uniting ESC/Java and JML , 2004, CASSIS.

[13]  Bor-Yuh Evan Chang,et al.  Boogie: A Modular Reusable Verifier for Object-Oriented Programs , 2005, FMCO.

[14]  Joseph R. Kiniry,et al.  Soundness and completeness warnings in ESC/Java2 , 2006, SAVCBS '06.

[15]  Stephen McCamant,et al.  The Daikon system for dynamic detection of likely invariants , 2007, Sci. Comput. Program..

[16]  Bertrand Meyer,et al.  Inferring better contracts , 2011, 2011 33rd International Conference on Software Engineering (ICSE).

[17]  Brian Chess,et al.  Improving computer security using extended static checking , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[18]  Kathryn T. Stolee,et al.  Exploring the use of crowdsourcing to support empirical studies in software engineering , 2010, ESEM '10.

[19]  Peng Dai,et al.  Decision-Theoretic Control of Crowd-Sourced Workflows , 2010, AAAI.

[20]  Charles Gregory Nelson,et al.  Techniques for program verification , 1979 .

[21]  K. Rustan M. Leino,et al.  Houdini, an Annotation Assistant for ESC/Java , 2001, FME.

[22]  Michael D. Ernst,et al.  Practical pluggable types for java , 2008, ISSTA '08.

[23]  Albert L. Baker,et al.  Preliminary design of JML: a behavioral interface specification language for java , 2006, SOEN.

[24]  Greg Nelson,et al.  Extended static checking for Java , 2002, PLDI '02.

[25]  Michael D. Ernst,et al.  Invariant inference for static checking: an empirical evaluation , 2002, SOEN.

[26]  Clifford A. Shaffer Data Structures and Algorithm Analysis in Java , 2011 .

[27]  David Detlefs,et al.  Simplify: a theorem prover for program checking , 2005, JACM.

[28]  William G. Griswold,et al.  Dynamically discovering likely program invariants to support program evolution , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[29]  Lydia B. Chilton,et al.  TurKit: Tools for iterative tasks on mechanical turk , 2009, 2009 IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC).

[30]  Nikolai Tillmann,et al.  Exploiting the synergy between automated-test-generation and programming-by-contract , 2009, 2009 31st International Conference on Software Engineering - Companion Volume.

[31]  Michael S. Bernstein,et al.  Soylent: a word processor with a crowd inside , 2010, UIST.

[32]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[33]  K. Rustan M. Leino,et al.  An Extended Static Checker for Modular-3 , 1998, CC.

[34]  Stephanie Weirich,et al.  Language-based verification will change the world , 2010, FoSER '10.

[35]  Michael D. Ernst,et al.  An overview of JML tools and applications , 2003, International Journal on Software Tools for Technology Transfer.