Software development and maintenance are costly endeavors. The cost can be reduced if more software defects are detected earlier in the development cycle. This paper introduces the Extended Static Checker for Java (ESC/Java), an experimental compile-time program checker that finds common programming errors. The checker is powered by verification-condition generation and automatic theoremproving techniques. It provides programmers with a simple annotation language with which programmer design decisions can be expressed formally. ESC/Java examines the annotated software and warns of inconsistencies between the design decisions recorded in the annotations and the actual code, and also warns of potential runtime errors in the code. This paper gives an overview of the checker architecture and annotation language and describes our experience applying the checker to tens of thousands of lines of Java programs.

Today's mainstream object-oriented compilers and tools do not support declaring and statically checking simple pre- and postconditions on methods and invariants on object representations. The main technical problem preventing static verification is reasoning about the sharing relationships among objects as well as where object invariants should hold. We have developed a programming model of typestates for objects with a sound modular checking algorithm. The programming model handles typical aspects of object-oriented programs such as downcasting, virtual dispatch, direct calls, and subclassing. The model also permits subclasses to extend the interpretation of typestates and to introduce additional typestates. We handle aliasing by adapting our previous work on practical linear types developed in the context of the Vault system. We have implemented these ideas in a tool called Fugue for specifying and checking typestates on Microsoft .NET-based programs.

This paper describes a sound technique that combines the precision of theorem proving with the loop-invariant inference of abstract interpretation. The loop-invariant computations are invoked on demand when the need for a stronger loop invariant arises, which allows a gradual increase in the level of precision used by the abstract interpreter. The technique generates loop invariants that are specific to a subset of a program’s executions, achieving a dynamic and automatic form of value-based trace partitioning. Finally, the technique can be incorporated into a lemmas-on-demand theorem prover, where the loop-invariant inference happens after the generation of verification conditions.

Abstract not found

Abstract not found

This paper presents an invariant-based generic tool to statically analyze Java programs in order to detect potential errors (bugs). We briefly discuss the supporting theoretical framework and highlight the results of the tool in statically analyzing Java code. The tool can automatically detect potential bugs such as illegal dereferences and array bounds and report them before the program is executed. For a Java class, invariants related to the category of error under examination are automatically generated and used to assess the validity of variable usage in the implementation of this class. The tool provides a practical and extensible generic mechanism for error detection to help industry practitioners who work with an object oriented language such as Java. The presented mechanism is capable of addressing error detection for a variety of error categories that can not be caught by flow-based static analysis tools.

This paper presents a generic approach to statically analyze Java programs in order to detect potential errors (bugs). We discuss a framework that supports our approach and carries out the static analysis of Java code automatically. Our approach can automatically detect potential bugs and report them before the program is executed. For a Java class, invariants related to the category of error under examination are automatically generated and used to assess the validity of variable usage in the implementation of this class. Our approach is distinctive in its emphasis to provide apractical generic mechanism for error detection that is capable of addressing error detection for a variety of error categories via a web of specialized components. A research prototype has been developed that demonstrates the feasibility and effectiveness of our approach. 1.

We develop an approach to apply formal methods to represent the program source codes as a model, after that, using automated theorem prover to try to detect runtime violations in those codes by doing static analysis. Unlike other proof based program verification approaches, this approach is based on hypothesis to develop the formal specification information implied by source codes, such as invariants, preconditions, postconditions and other runtime assertions, then using automated theorem prover to verify the correctness of each statement in the program. Our research work is an extension to compilers, can catch those runtime exceptions which are out of bound of the capability of compiler’s control-flow based analysis.

This paper describes an approach for verifying programs in the presence of data abstraction and information hiding, which are key features of modern programming languages with objects and modules. The paper draws on our experience building and using an automatic program checker, and focuses on the property of modular soundness: that is, the property that the separate verifications of the individual modules of a program suffice to ensure the correctness of the composite program. We found this desirable property surprisingly difficult to achieve. A key feature of our methodology for modular soundness is a new specification construct: the abstraction dependency, which reveals which concrete variables appear in the representation of a given abstract variable, without revealing the abstraction function itself. This paper discusses in detail two varieties of abstraction dependencies: static and dynamic. The paper also presents a new technical definition of modular soundness as a monotonicity property of verifiability with respect to scope and uses this technical definition to formally prove the modular soundness of a programming discipline for

The use of formal methods has been growing steadily and therehavebeen a number of successful applications of formal methods in a range of application areas. It seems agreed that quality should be assured by applying testing, analysis and formal methods to rigorously defined precode artifacts. The detection of null pointer violation errors is definitely such a goal. This way of applying formal methods has a great potential to increase our confidence in the software. Our goal is to provide a practical mechanism to assist the application of formal methods in the early detection of null pointer violation errors in programs. Our solution is theorem proving based and is focused on the identification of the possible places in which atheorem prover could assist in the detection of null pointer violation errors and the formulation of the necessary proof obligations.