Abstract
Software development and maintenance are costly endeavors. The cost can be reduced if more software defects are detected earlier in the development cycle. This paper introduces the Extended Static Checker for Java (ESC/Java), an experimental compile-time program checker that finds common programming errors. The checker is powered by verification-condition generation and automatic theoremproving techniques. It provides programmers with a simple annotation language with which programmer design decisions can be expressed formally. ESC/Java examines the annotated software and warns of inconsistencies between the design decisions recorded in the annotations and the actual code, and also warns of potential runtime errors in the code. This paper gives an overview of the checker architecture and annotation language and describes our experience applying the checker to tens of thousands of lines of Java programs.
- T. Ball and S. K. Rajamani. Automatically validating temporal safety properties of interfaces. In M. B. Dwyer, editor, Proc. 8th SPIN Workshop, volume 2057 of LNCS, pages 103--122. Springer, May 2001. Google Scholar
Digital Library
- J. R. Burch et al. Symbolic model checking: 1020 states and beyond. Information and Computation, 98(2):142--170, 1992. Google Scholar
Digital Library
- W. R. Bush, J. D. Pincus, and D. J. Sielaff. A static analyzer for finding dynamic programming errors. SP&E, 30(7):775--802, June 2000. Google Scholar
Digital Library
- N. Cataño and M. Huisman. Formal specification of Gemplus' electronic purse case study. In Proc. of Formal Methods Europe (FME 2002). Springer-Verlag, 2002. To Appear. Google Scholar
Digital Library
- J. Corbett et al. Bandera: Extracting finite-state models from Java source code. In Proc. 22nd ICSE, June 2000. Google Scholar
Digital Library
- P. Cousot and R. Cousot. Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In Proc. 4th POPL, pages 238--252. ACM, 1977. Google Scholar
Digital Library
- R. DeLine and M. Fähndrich. Enforcing high-level protocols in low-level software. In Proc. PLDI 2001, pages 59--69, 2001. Google Scholar
Digital Library
- D. L. Detlefs, K. R. M. Leino, G. Nelson, and J. B. Saxe. Extended static checking. Research Report 159, Compaq SRC, Dec. 1998.Google Scholar
- D. L. Detlefs, G. Nelson, and J. B. Saxe. A theorem prover for program checking. Research Report 178, Compaq SRC, 2002. In preparation.Google Scholar
- E. W. Dijkstra. A Discipline of Programming. Prentice Hall, Englewood Cliffs, NJ, 1976. Google Scholar
Digital Library
- M. Dwyer, J. Hatcliff, and R. Howell. CIS 771: Software specification. Kansas State Univ., Dept. of Comp. and Inf. Sciences, Spring 2001.Google Scholar
- D. Engler et al. Bugs as deviant behavior: A general approach to inferring errors in systems code. In Proc. 18th SOSP, pages 57--72. ACM, 2001. Google Scholar
Digital Library
- M. D. Ernst et al. Dynamically discovering likely program invariants to support program evolution. In Proc. ICSE 1999, pages 213--224. ACM, 1999. Google Scholar
Digital Library
- Escher Technologies, Inc. Getting started with Perfect. Available from www.eschertech.com, 2001.Google Scholar
- D. Evans, J. V. Guttag, J. J. Horning, and Y. M. Tan. LCLint: A tool for using specifications to check code. In D. S. Wile, editor, Proc. 2nd SIGSOFT FSE, pages 87--96. ACM, 1994. Google Scholar
Digital Library
- C. Flanagan, R. Joshi, and K. R. M. Leino. Annotation inference for modular checkers. Inf. Process. Lett., 77(2--4):97--108, Feb. 2001. Google Scholar
Digital Library
- C. Flanagan and K. R. M. Leino. Houdini, an annotation assistant for ESC/Java. In J. N. Oliveira and P. Zave, editors, FME 2001: Formal Methods for Increasing Software Productivity, volume 2021 of LNCS, pages 500--517. Springer, Mar. 2001. Google Scholar
Digital Library
- C. Flanagan and S. Qadeer. Predicate abstraction for software verification. In Proc. 29th POPL, page to appear. ACM, Jan. 2002. Google Scholar
Digital Library
- C. Flanagan and J. B. Saxe. Avoiding exponential explosion: Generating compact verification conditions. In Proc. 28th POPL, pages 193--205. ACM, 2001. Google Scholar
Digital Library
- S. Graf and H. Saïdi. Construction of abstract state graphs via PVS. In O. Grumberg, editor, Proc. 9th CAV, volume 1254 of LNCS, pages 72--83. Springer, 1997. Google Scholar
Digital Library
- A. Heydon and M. A. Najork. Mercator: A scalable, extensible web crawler. World Wide Web, 2(4):219--229, Dec. 1999. Google Scholar
Digital Library
- C. A. R. Hoare. Proof of correctness of data representations. Acta Inf., 1(4):271--81, 1972.Google Scholar
Digital Library
- S. C. Johnson. Lint, a C program checker. Comp. Sci. Tech. Rep. 65, Bell Laboratories, 1978.Google Scholar
- B. W. Lampson, J. J. Horning, R. L. London, J. G. Mitchell, and G. J. Popek. Report on the programming language Euclid. Technical Report CSL-81-12, Xerox PARC, Oct. 1981.Google Scholar
- G. T. Leavens, A. L. Baker, and C. Ruby. Preliminary design of JML: A behavioral interface specification language for Java. Technical Report 98-06f, Dept. of Comp. Sci., Iowa State Univ., July 1999.Google Scholar
- G. T. Leavens, K. R. M. Leino, E. Poll, C. Ruby, and B. Jacobs. JML: notations and tools supporting detailed design in Java. In OOPSLA 2000 Companion, pages 105--106. ACM, 2000. Google Scholar
Digital Library
- K. R. M. Leino. Ecstatic: An object-oriented programming language with an axiomatic semantics. In FOOL 4, 1997.Google Scholar
- K. R. M. Leino. Data groups: Specifying the modification of extended state. In Proc. OOPSLA '98, pages 144--153. ACM, 1998. Google Scholar
Digital Library
- K. R. M. Leino. Applications of extended static checking. In P. Cousot, editor, 8th Intl. Static Analysis Symp., volume 2126 of LNCS, pages 185--193. Springer, July 2001. Google Scholar
Digital Library
- K. R. M. Leino. Extended static checking: A ten-year perspective. In R. Wilhelm, editor, Informatics'10 Years Back, 10 Years Ahead, volume 2000 of LNCS, pages 157--175. Springer, Jan. 2001. Google Scholar
Digital Library
- K. R. M. Leino and R. Manohar. Joining specification statements. Theoretical Comp. Sci., 216(1--2):375--394, Mar. 1999. Google Scholar
Digital Library
- K. R. M. Leino and G. Nelson. Data abstraction and information hiding. Research Report 160, Compaq SRC, Nov. 2000.Google Scholar
- K. R. M. Leino, G. Nelson, and J. B. Saxe. ESC/Java user's manual. Tech. Note 2000-002, Compaq SRC, Oct. 2000.Google Scholar
- K. R. M. Leino, A. Poetzsch-Heffter, and Y. Zhou. Using data groups to specify and check side effects. In Proc. PLDI 2002, 2002. Google Scholar
Digital Library
- K. R. M. Leino, J. B. Saxe, and R. Stata. Checking Java programs via guarded commands. In B. Jacobs et al., editor, Formal Techniques for Java Programs, Tech. Report 251. Fernuniversität Hagen, May 1999.Google Scholar
- K. R. M. Leino and R. Stata. Checking object invariants. Tech. Note 1997-007, DEC SRC, Jan. 1997.Google Scholar
- B. Meyer. Object-oriented software construction. Series in Computer Science. Prentice-Hall Intl., 1988. Google Scholar
Digital Library
- T. Millstein. Toward more informative ESC/Java warning messages. In J. Mason, editor, Selected 1999 SRC summer intern reports, Tech. Note 1999-003. Compaq SRC, 1999.Google Scholar
- P. Müller, A. Poetzsch-Heffter, and G. T. Leavens. Modular specification of frame properties in JML. Technical Report 02-02, Dept. of Comp. Sci., Iowa State Univ., Feb. 2002. To appear in Concurrency, Practice and Experience.Google Scholar
- J. W. Nimmer and M. D. Ernst. Automatic generation and checking of program specifications. Technical Report 823, MIT Lab for Computer Science, Aug. 2001.Google Scholar
- S. Owre, S. Rajan, J. M. Rushby, N. Shankar, and M. K. Srivas. PVS: Combining specification, proof checking, and model checking. In R. Alur and T. A. Henzinger, editors, Proc. 8th CAV, volume 1102 of LNCS, pages 411--414. Springer, 1996. Google Scholar
Digital Library
- E. Poll, J. van den Berg, and B. Jacobs. Specification of the JavaCard API in JML. In J. Domingo-Ferrer, D. Chan, and A. Watson, editors, Fourth Smart Card Research and Advanced Application Conference (CARDIS'2000), pages 135--154. Kluwer Acad. Publ., 2000. Google Scholar
Digital Library
- N. Sterling. WARLOCK --- a static data race analysis tool. In Proc. Winter 1993 USENIX Conf., pages 97--106. USENIX Assoc., Jan. 1993.Google Scholar
- M. Turin, A. Deutsch, and G. Gonthier. La verification des programmes d'ariane. Pour la Science, 243:21--22, Jan. 1998. (In French).Google Scholar
- J. van den Berg and B. Jacobs. The LOOP compiler for Java and JML. In Proc. TACAS, volume 2031 of LNCS, pages 299--312. Springer, 2001. Google Scholar
Digital Library
- W. Visser, K. Havelund, G. Brat, and S. Park. Model checking programs. In International Conference on Automated Software Engineering, Sept. 2000. Google Scholar
Digital Library
- J. M. Wing. A Two-Tiered Approach to Specifying Programs. PhD thesis, MIT Laboratory for Computer Science, May 1983. (Available as MIT LCS tech. report no. 229). Google Scholar
Digital Library
- J. B. Wordsworth. Software Engineering with B. Addison-Wesley, 1996. Google Scholar
Digital Library
- H. Xi. Imperative programming with dependent types. In Proc. 15th LICS, pages 375--387, June 2000. Google Scholar
Digital Library
- H. Xi and F. Pfenning. Dependent types in practical programming. In Proc. 26th POPL, pages 214--227. ACM, Jan. 1999. Google Scholar
Digital Library
Index Terms
PLDI 2002: Extended static checking for Java
Recommendations
Extended static checking for Java
Software development and maintenance are costly endeavors. The cost can be reduced if more software defects are detected earlier in the development cycle. This paper introduces the Extended Static Checker for Java (ESC/Java), an experimental compile-...
Extended static checking for Java
PLDI '02: Proceedings of the ACM SIGPLAN 2002 conference on Programming language design and implementationSoftware development and maintenance are costly endeavors. The cost can be reduced if more software defects are detected earlier in the development cycle. This paper introduces the Extended Static Checker for Java (ESC/Java), an experimental compile-...






Comments