Extended static checking for Java

Software development and maintenance are costly endeavors. The cost can be reduced if more software defects are detected earlier in the development cycle. This paper introduces the Extended Static Checker for Java (ESC/Java), an experimental compile-time program checker that finds common programming errors. The checker is powered by verification-condition generation and automatic theorem-proving techniques. It provides programmers with a simple annotation language with which programmer design decisions can be expressed formally. ESC/Java examines the annotated software and warns of inconsistencies between the design decisions recorded in the annotations and the actual code, and also warns of potential runtime errors in the code. This paper gives an overview of the checker architecture and annotation language and describes our experience applying the checker to tens of thousands of lines of Java programs.

[1]  Bart Jacobs,et al.  Specification of the JavaCard API in JML , 2000, CARDIS.

[2]  Cormac Flanagan,et al.  Avoiding exponential explosion: generating compact verification conditions , 2001, POPL '01.

[3]  James C. Corbett,et al.  Bandera: extracting finite-state models from Java source code , 2000, ICSE.

[4]  J. B. Wordsworth Software Engineering with B , 1996 .

[5]  C. A. R. Hoare,et al.  Proof of correctness of data representations , 1972, Acta Informatica.

[6]  K. Rustan M. Leino,et al.  Annotation inference for modular checkers , 2001, Inf. Process. Lett..

[7]  K. Rustan M. Leino Applications of Extended Static Checking , 2001, SAS.

[8]  K. Rustan M. Leino,et al.  Extended Static Checking: A Ten-Year Perspective , 2001, Informatics.

[9]  Dawson R. Engler,et al.  Bugs as deviant behavior: a general approach to inferring errors in systems code , 2001, SOSP.

[10]  William R. Bush,et al.  A static analyzer for finding dynamic programming errors , 2000 .

[11]  Gary T. Leavens,et al.  Modular specification of frame properties in JML , 2003, Concurr. Comput. Pract. Exp..

[12]  Murray Hill,et al.  Lint, a C Program Checker , 1978 .

[13]  簡聰富,et al.  物件導向軟體之架構(Object-Oriented Software Construction)探討 , 1989 .

[14]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[15]  Natarajan Shankar,et al.  PVS: Combining Specification, Proof Checking, and Model Checking , 1996, FMCAD.

[16]  Nicholas Sterling,et al.  WARLOCK - A Static Data Race Analysis Tool , 1993, USENIX Winter.

[17]  J. J. Horning,et al.  Report on the programming language Euclid , 1977, SIGP.

[18]  Frank Pfenning,et al.  Dependent types in practical programming , 1999, POPL '99.

[19]  Edsger W. Dijkstra,et al.  A Discipline of Programming , 1976 .

[20]  Yang Meng Tan,et al.  LCLint: a tool for using specifications to check code , 1994, SIGSOFT '94.

[21]  Jeannette M. Wing A TWO-TIERED APPROACH TO SPECIFYING PROGRAMS , 1983 .

[22]  K. Rustan M. Leino,et al.  Data abstraction and information hiding , 2002, TOPL.

[23]  Klaus Havelund,et al.  Model Checking Programs , 2004, Automated Software Engineering.

[24]  Edmund M. Clarke,et al.  Symbolic Model Checking: 10^20 States and Beyond , 1990, Inf. Comput..

[25]  K. Rustan M. Leino,et al.  Data groups: specifying the modification of extended state , 1998, OOPSLA '98.

[26]  Robert DeLine,et al.  Enforcing high-level protocols in low-level software , 2001, PLDI '01.

[27]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[28]  Sriram K. Rajamani,et al.  Automatically validating temporal safety properties of interfaces , 2001, SPIN '01.

[29]  K. Rustan M. Leino,et al.  Extended static checking , 1998, PROCOMET.

[30]  Bart Jacobs,et al.  JML (poster session): notations and tools supporting detailed design in Java , 2000, OOPSLA '00.

[31]  Raymie Stata,et al.  Checking object invariants , 1997 .

[32]  Marc Najork,et al.  Mercator: A scalable, extensible Web crawler , 1999, World Wide Web.

[33]  K. Rustan M. Leino,et al.  Checking Java Programs via Guarded Commands , 1999, ECOOP Workshops.

[34]  K. Rustan M. Leino,et al.  Using data groups to specify and check side effects , 2002, PLDI '02.

[35]  Bart Jacobs,et al.  The LOOP Compiler for Java and JML , 2001, TACAS.

[36]  Hongwei Xi,et al.  Imperative programming with dependent types , 2000, Proceedings Fifteenth Annual IEEE Symposium on Logic in Computer Science (Cat. No.99CB36332).

[37]  William G. Griswold,et al.  Dynamically discovering likely program invariants to support program evolution , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[38]  K. Rustan M. Leino,et al.  Joining Specification Statements , 1999, Theor. Comput. Sci..

[39]  Gary T. Leavens,et al.  JML: notations and tools supporting detailed design in Java , 2000 .

[40]  K. Rustan M. Leino,et al.  Houdini, an Annotation Assistant for ESC/Java , 2001, FME.

[41]  Cormac Flanagan,et al.  Predicate abstraction for software verification , 2002, POPL '02.

[42]  Jeremy W. Nimmer Automatic Generation and Checking of Program Specifications , 2002 .