Faster and More Complete Extended Static Checking for the Java Modeling Language

Article

Abstract

Extended Static Checking (ESC) is a fully automated formal verification technique. Verification in ESC is achieved by translating programs and their specifications into verification conditions (VCs). Proof of a VC establishes the correctness of the program. The implementations of many seemingly simple algorithms are beyond the ability of traditional Extended Static Checking (ESC) tools to verify. Not being able to verify toy examples is often enough to turn users off of the idea of using formal methods. ESC4, the ESC component of the JML4 project, is able to verify many more kinds of methods in part because of its use of novel techniques which apply multiple theorem provers. In particular, we present Offline User-Assisted ESC (OUA-ESC), a new form of verification that lies between ESC and Full Static Program Verification (FSPV). ESC is generally quite efficient, as far as verification tools go, but it is still orders of magnitude slower than simple compilation. As can be imagined, proving VCs is computationally expensive: While small classes can be verified in seconds, verifying larger programs of 50 KLOC can take hours. To help address the added cost of using multiple provers and this lack of scalability, we present the multi-threaded version of ESC4 and its distributed prover back-end.

Keywords

Extended static checking Static verification Theorem provers Java Modeling Language JML4 ESC ESC4 

References

  1. 1.
    Flanagan, C., Leino, K.R.M., Lillibridge, M., Nelson, G., Saxe, J.B., Stata, R.: Extended static checking for Java. In: PLDI ’02: Proceedings of the ACM SIGPLAN 2002 Conference, pp. 234–245. ACM, New York (2002). doi:http://doi.acm.org/10.1145/512529.512558 CrossRefGoogle Scholar
  2. 2.
    Chalin, P., James, P.R., Karabotsos, G.: JML4: Towards an industrial grade IVE for Java and next generation research platform for JML. In: VSTTE ’08: Proceedings of the 2008 Conference on Verified Systems: Theories, Tools, and Experiments (2008)Google Scholar
  3. 3.
    Cok, D.R., Kiniry, J.R.: ESC/Java2: Uniting ESC/Java and JML. In: Construction and Analysis of Safe, Secure, and Interoperable Smart Devices. LNCS, vol. 3362/2005, pp. 108–128. Springer, Berlin (2005)Google Scholar
  4. 4.
    Leavens, G.T., Poll, E., Clifton, C., Cheon, Y., Ruby, C., Cok, D.R., Müller, P., Kiniry, J.R., Chalin, P.: JML reference manual. http://www.jmlspecs.org (2008)
  5. 5.
    Barnett, M., Leino, K.R.M., Schulte, W.: The Spec# programming system: an overview. In: Barthe, G., Burdy, L., Huisman, M., Lanet, J.L., Muntean, T. (eds.) CASSIS 2004: Construction and Analysis of Safe, Secure, and Interoperable Smart Devices, International Workshop, Marseille, France, March 10–14, 2004, Revised Selected Papers. Lecture Notes in Computer Science, vol. 3362, pp. 49–69. Springer, New York (2004)Google Scholar
  6. 6.
    Chalin, P., James, P.R., Karabotsos, G.: An integrated verification environment for JML: architecture and early results. In: SAVCBS ’07: Proceedings of the 2007 Workshop on Specification and Verification of Component-Based Systems, pp. 47–53 (2007)Google Scholar
  7. 7.
    Leino, K.R.M.: Toward reliable modular programs. Ph.D. thesis, California Institute of Technology, Pasadena (1995)Google Scholar
  8. 8.
    Nipkow, T., Paulson, L.C., Wenzel, M.: Isabelle/HOL—A Proof Assistant for Higher-Order Logic. LNCS, vol. 2283. Springer, New York (2002)MATHGoogle Scholar
  9. 9.
    Kolman, B., Busby, R.C.: Discrete Mathematical Structures for Computer Science, 2nd edn. Prentice-Hall, Upper Saddle River (1986)Google Scholar
  10. 10.
    Chalin, P., James, P.R.: Non-null references by default in Java: alleviating the nullity annotation burden. In: Proceedings of the 21st European Conference on Object-Oriented Programming (ECOOP’07). Berlin, Germany (2007)Google Scholar
  11. 11.
    James, P.R., Chalin, P.: Enhanced extended static checking in JML4: benefits of multiple-prover support. In: ACM SAC 2009 (24th Annual ACM Symposium on Applied Computing) (2009)Google Scholar
  12. 12.
    Barnett, M., Leino, K.R.M.: Weakest-precondition of unstructured programs. In: PASTE ’05: The 6th ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering, pp. 82–87. ACM, New York (2005)CrossRefGoogle Scholar
  13. 13.
    Flanagan, C., Saxe, J.B.: Avoiding exponential explosion: generating compact verification conditions. In: POPL ’01: Proceedings of the 28th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 193–205. ACM, New York (2001). doi:http://doi.acm.org/10.1145/360204.360220 CrossRefGoogle Scholar
  14. 14.
    Dijkstra, E.W.: A Discipline of Programming. Prentice-Hall, Englewood Cliffs (1976)MATHGoogle Scholar
  15. 15.
    Isabelle: Isabelle homepage. http://isabelle.in.tum.de (2008)
  16. 16.
    Paulson, L.C., Susanto, K.W.: Source-level proof reconstruction for interactive theorem proving. In: Schneider, K., Brandt, J. (eds.) Theorem Proving in Higher Order Logics: TPHOLs 2007. LNCS, vol. 4732, pp. 232–245. Springer, New York (2007). doi: 10.1007/978-3-540-74591-4. URL:http://www.cl.cam.ac.uk/~lp15/papers/Automation/reconstruction.pdf CrossRefGoogle Scholar
  17. 17.
    Why: Software verification platform: why homepage. http://why.lri.fr (2008)
  18. 18.
    Metis theorem prover: Metis homepage. http://www.gilith.com/software/metis/ (2008)
  19. 19.
    Wenzel, M.: Isar - a generic interpretative approach to readable formal proof documents. In: TPHOLs ’99: Proceedings of the 12th International Conference on Theorem Proving in Higher Order Logics, pp. 167–184. Springer, London (1999)CrossRefGoogle Scholar
  20. 20.
    Eclipse: Bug 142126—utilizing multiple CPUs for Java compiler. https://bugs.eclipse.org/bugs/show_bug.cgi?id=142126 (2008)
  21. 21.
    Amdahl, G.M.: Validity of the single processor approach to achieving large scale computing capabilities. In: Proceedings of AFIPS Conference, pp. 79–81. San Francisco, CA (1967)Google Scholar
  22. 22.
    Krishnaprasad, S.: Uses and abuses of Amdahl’s law. J. Comput. Small Coll. 17(2), 288–293 (2001)Google Scholar
  23. 23.
    Grigore, R., Moskal, M.: Edit and verify. In: Proceedings of the 6th International Workshop on First-Order Theorem Proving (FTP 2007), Liverpool (2007)Google Scholar
  24. 24.
    Leino, K.R.M., Monahan, R.: Reasoning about comprehensions with first-order smt solvers. In: ACM SAC 2009 SVT (Software Verification and Testing Track of the 24th Annual ACM Symposium on Applied Computing) (2009)Google Scholar
  25. 25.
    Böhme, S., Leino, R., Wolff, B.: HOL-Boogie—an interactive prover for the Boogie program verifier. In: Proceedings of the 21th International Conference on Theorem proving in Higher-Order Logics (TPHOLs 2008). LNCS, vol. 5170. Springer, New York (2008). url:http://www-wjp.cs.uni-sb.de/publikationen/boehme_tphols_2008.pdf CrossRefGoogle Scholar
  26. 26.
    Filliâtre, J.C., Hubert, T., Marché, C.: The Caduceus verification tool for C programs: tutorial and reference manual. http://caduceus.lri.fr (2008)
  27. 27.
    Filliâtre, J.C.: The WHY verification tool: tutorial and reference manual. http://why.lri.fr (2008)
  28. 28.
    Karabotsos, G., Chalin, P., James, P.R., Giannas, L.: Total correctness of recursive functions using JML4 FSPV. In: SAVCBS ’08: Proceedings of the 2008 Workshop on Specification and Verification of Component-Based Systems (2008)Google Scholar
  29. 29.
    Wilson, T., Maharaj, S., Clark, R.G.: Omnibus: a clean language and supporting tool for integrating different assertion-based verification techniques. In: Proceedings of REFT 2005. Newcastle, UK (2005). url:http://www.cs.stir.ac.uk/~twi/omni/papers/reft2005.pdf
  30. 30.
    Wilson, T., Maharaj, S., Clark, R.G.: Omnibus verification policies: A flexible, configurable approach to assertion-based software verification. In: SEFM’05, The 3rd IEEE International Conference on Software Engineering and Formal Methods (2005). url:http://www.cs.stir.ac.uk/~twi/omni/papers/sefm2005.pdf
  31. 31.
    Wilson, T.: The omnibus language and integrated verification approach. Ph.D. thesis, University of Stirling, Stirling (2008)Google Scholar
  32. 32.
    Wilson, T., Maharaj, S., Clark, R.G.: Push-button tools for application developers, full formal verification for component vendors. Tech. rep., Department of Computing Science and Mathematics, University of Stirling, Stirling (2006)Google Scholar
  33. 33.
    Burdy, L., Requet, A.: JACK: Java applet correctness kit. In: 4th Gemplus Developer Conference (2002)Google Scholar
  34. 34.
    Burdy, L., Requet, A., Lanet, J.L.: Java applet correctness: a developer-oriented approach. In: Formal Methods (FME’03). LNCS, vol. 2805, pp. 422–439 (2003)Google Scholar
  35. 35.
    GNUO Perating System: Parallel - GNU ‘make’. http://www.gnu.org/software/automake/manual/make/Parallel.html (2006)
  36. 36.
  37. 37.
    distcc: Distcc: a fast, free distributed C/C++ compiler. distcc.org (2008)
  38. 38.
    openSUSE: Icecream—openSUSE. http://en.opensuse.org/Icecream (2006)
  39. 39.
    Hickey, J., Nogin, A., Constable, R.L., Aydemir, B.E., Barzilay, E., Bryukhov, Y., Eaton, R., Granicz, A., Kopylov, A., Kreitz, C., Krupski, V.N., Lorigo, L., Schmitt, S., Witty, C., Yu, X.: MetaPRL—a modular logical environment. In: Basin, D., Wolff, B. (eds.) Proceedings of the 16th International Conference on Theorem Proving in Higher Order Logics (TPHOLs 2003), pp. 287–303. Springer, London (2003)CrossRefGoogle Scholar
  40. 40.
    Hickey, J.: Fault-tolerant distributed theorem proving. In: CADE-16: Proceedings of the 16th International Conference on Automated Deduction, pp. 227–231. Springer, London (1999)CrossRefGoogle Scholar
  41. 41.
    Rodeh, O., Birman, K., Dolev, D.: The architecture and performance of security protocols in the ensemble group communication system: Using diamonds to guard the castle. J. ACM Trans. Info. Syst. Sec. (TISSEC) 4(3), 289–319 (2001). doi:http://doi.acm.org/10.1145/501978.501982 CrossRefGoogle Scholar
  42. 42.
    Vandevoorde, M.T., Kapur, D.: Distributed Larch Prover (DLP): an experiment in parallelizing a rewrite-rule based prover. In: RTA ’96: Proceedings of the 7th International Conference on Rewriting Techniques and Applications, pp. 420–423. Springer, London (1996)Google Scholar
  43. 43.
    Hunter, C., Robinson, P., Strooper, P.: Agent-based distributed software verification. In: ACSC ’05: Proceedings of the Twenty-eighth Australasian Conference on Computer Science, pp. 159–164, Darlinghurst (2005)Google Scholar

Copyright information

© Springer Science+Business Media B.V. 2009

Authors and Affiliations

  1. 1.Dependable Software Research Group, Department of Computer Science and Software EngineeringConcordia UniversityMontrealCanada

Personalised recommendations