1 / 23

Applications of extended static checking

In this talk presented by K. Rustan M. Leino at SAS '01 in Paris, the focus is on the Extended Static Checking (ESC) technique, its implementation in ESC/Java, and other potential applications. The goals are to enhance software development productivity through static program checking, addressing issues such as run-time errors, null dereferences, synchronization errors, and more. The presentation also explores evaluation tradeoffs, strengths and weaknesses of the ESC technique, including modular checking and annotation burdens, along with promising future applications in programming language design and education.

pascale-prince
Download Presentation

Applications of extended static checking

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Systems Research Center Applications of extended static checking K. Rustan M. Leino Compaq SRC Invited talk, SAS’01, Paris, France, 17 July 2001

  2. Talk outline • The extended static checking (ESC) technique • ESC/Java • Other possible applications of the ESC technique

  3. Goal Increase productivity in software development

  4. Static program checking

  5. Static program checkers

  6. ESC architecture

  7. ESC/Java Joint work withCormac Flanagan,Mark Lillibridge,Todd Millstein,Greg Nelson, Jim Saxe,Raymie Stata • Checked run-time errors • Null dereferences • Array index bounds errors • Type cast errors • … • Synchronization errors • Race conditions • Deadlocks • Consistency with annotations • Preconditions • Object invariants • …

  8. Modular checking

  9. ESC/Java demo: Bag.java

  10. Checker design tradeoffs • Soundness • Spurious warnings • Annotation burden • Performance

  11. Evaluation of the ESC technique • Strengths: • Local analysis offers precision • Modular checking performs well and scales • Weaknesses: • Modularity requires annotations

  12. Change modularity boundaries • Reduce annotation burden by changing grain of modularity?

  13. Use ESC as a subroutine generate candidate set of annotations ;repeat invoke ESC to refute annotations ; remove refuted annotationsuntil quiescence ; invoke ESC to identify possible defects Houdini: joint work with Cormac Flanagan and Michael LevinDaikon: Michael Ernst, et al.

  14. Check only the annotations /*@modifies isOpen; ensures isOpen; */void open(String filename); /*@requires isOpen; */int getChar(); /*@requires isOpen; modifies isOpen; */void close(); Other protocol checking: Tom Ball & Sriram Rajamani; andRob DeLine & Manuel Fähndrich

  15. Principle of programming language design syntactic restrictions+ static checks+ dynamic checks= guaranteed program invariants

  16. Example program invariants enforced by popular programming languages • each program variable holds a value of its type • program counter is a valid program location • each live local variable has a value • …

  17. Null or not? • T+ a possibly-null T object • T- a non-null T object • t.f defined only if t is of type T- • can cast from T+ to T- at the cost of a dynamic check • CLU [Liskov & Guttag 1986]

  18. Verbosity • if (t instanceof T-) { T- tm = (T-)t; … tm.f …} • if (t instanceof T- && ((T-)t).f instanceof T-) { … ((T-)((T-)t).f)).g …}

  19. ESC technique to the rescue • Use T+ and T- types • Define dereference only for static type T- • Require explicit cast from T+ to T- only if ESC technique is unable to prove value to be non-null

  20. Examples revisited • if (t != null) { … t.f …} • if (t != null && t.f != null) { … t.f.g … }

  21. Obstacles to applying ESC technique • Soundness • What can be modified? • How does a programming language prescribe ESC checks?

  22. Conclusions • ESC is a powerful program analysis technique • Used in ESC/Modula-3, ESC/Java, Houdini • Future applications include programming language design • ESC/Java in teaching http://research.compaq.com/SRC/esc/

More Related