Extended static checking

Abstract: The talk provides an overview and demonstration of an Extended Static Checker for the Java programming language, a program checker that finds errors statically but has a much more accurate semantic model than existing static checkers like type checkers and data flow analysers. For example, ESC/Java uses an automatic theorem-prover and reasons about the semantics of assignments and tests in the same way that a program verifier does. But the checker is fully automatic, and feels to the programmer more like a type checker than like a program verifier. A more detailed account of ESC/Java is contained in a recent PLDI paper [1]. The checker described in the talk and in the PLDI paper is a research prototype on which work ceased several years ago, but Joe Kiniry and David Cok have recently produced a more up-to-date checker, ESC/Java 2 [2].

Abstract: Traditionally, the full verification of a program's functional correctness has been obtained with pen and paper or with interactive proof assistants, whereas only reduced verification tasks, such as extended static checking, have enjoyed the automation offered by satisfiability-modulo-theories (SMT) solvers. More recently, powerful SMT solvers and well-designed program verifiers are starting to break that tradition, thus reducing the effort involved in doing full verification. This paper gives a tour of the language and verifier Dafny, which has been used to verify the functional correctness of a number of challenging pointer-based programs. The paper describes the features incorporated in Dafny, illustrating their use by small examples and giving a taste of how they are coded for an SMT solver. As a larger case study, the paper shows the full functional specification of the Schorr-Waite algorithm in Dafny.

Abstract: Extended static checking (ESC) is a static program analysis technique that attempts to find common programming errors like null-dereferences, array index bounds errors, type cast errors, deadlocks, and race conditions. An ESC tool is powered by program verification technology, yet it feels to the programmer like a type checker because of the limited ambition of finding only certain kinds of errors. This talk reports on some of the research results of and the current state of the Extended Static Checking project at DEC SRC.

Abstract: A static program checker that performs modular checking can check one program module for errors without needing to analyze the entire program. Modular checking requires that each module be accompanied by annotations that specify the module. To help reduce the cost of writing specifications, this paper presents Houdini, an annotation assistant for the modular checker ESC/Java. To infer suitable ESC/Java annotations for a given program, Houdini generates a large number of candidate annotations and uses ESC/Java to verify or refute each of these annotations. The paper describes the design, implementation, and preliminary evaluation of Houdini.