Software development and maintenance are costly endeavors. The cost can be reduced if more software defects are detected earlier in the development cycle. This paper introduces the Extended Static Checker for Java (ESC/Java), an experimental compile-time program checker that finds common programming errors. The checker is powered by verification-condition generation and automatic theoremproving techniques. It provides programmers with a simple annotation language with which programmer design decisions can be expressed formally. ESC/Java examines the annotated software and warns of inconsistencies between the design decisions recorded in the annotations and the actual code, and also warns of potential runtime errors in the code. This paper gives an overview of the checker architecture and annotation language and describes our experience applying the checker to tens of thousands of lines of Java programs.
|
1314
|
Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints
– Cousot, Cousot
- 1977
|
|
1208
|
Object-Oriented Software Construction
– Meyer
- 1988
|
|
1179
|
A Discipline of Programming
– Dijkstra
- 1976
|
|
333
|
Proofs of correctness of data representations
– Hoare
|
|
296
|
Enforcing high-level protocols in low-level software
– DeLine, Fahndrich
- 2001
|
|
293
|
Automatically validating temporal safety properties of interfaces
– Ball, Rajamani
|
|
266
|
Model checking programs
– Visser, Havelund, et al.
- 2000
|
|
249
|
Extended static checking
– Detlefs, Leino, et al.
- 1998
|
|
246
|
Preliminary Design of JML: A Behavioral Interface Specification Language for Java
– Leavens, Baker, et al.
- 2003
|
|
221
|
Dependent types in practical programming
– Xi, Pfenning
- 1999
|
|
186
|
A static analyzer for finding dynamic programming errors. Software: Practice and Experience
– Bush, Pincus, et al.
- 2000
|
|
179
|
PVS: Combining specification, proof checking, and model checking
– Owre, Rajan, et al.
- 1997
|
|
102
|
Mercator: A Scalable, Extensible Web Crawler
– Heydon, Najork
- 1999
|
|
95
|
Lclint: A tool for using specifications to check code
– Evans, Guttag, et al.
- 1994
|
|
91
|
Data abstraction and information hiding
– Leino, Nelson
- 2000
|
|
83
|
ESC/Java user’s manual
– Leino, Nelson, et al.
|
|
80
|
an annotation assistant for esc/java
– Houdini
- 2001
|
|
75
|
The LOOP compiler for Java and JML
– Berg, Jacobs
|
|
63
|
a C program checker
– Lint
- 1977
|
|
61
|
Avoiding exponential explosion: Generating compact verification conditions
– Flanagan, Saxe
- 2001
|
|
59
|
Predicate abstraction for software verification
– Flanagan, Qadeer
- 2002
|
|
57
|
Jml: Notations and tools supporting detailed design in java
– Leavens, Leino, et al.
- 2000
|
|
54
|
A two-tiered approach to specifying programs
– Wing
- 1983
|
|
52
|
Data groups: Specifying the modification of extended state
– Leino
- 1998
|
|
47
|
Report on the programming language Euclid
– Lampson, Horning, et al.
- 1977
|
|
47
|
A static data race analysis tool
– Warlock
- 1993
|
|
33
|
Using data groups to specify and check side effects
– Leino, Poetzsch-Heffter, et al.
- 2002
|
|
31
|
Ecstatic: An object-oriented programming language with an axiomatic semantics
– Leino
- 1997
|
|
31
|
Checking Java programs via guarded commands
– Leino, Saxe, et al.
- 1999
|
|
31
|
Imperative Programming with Dependent Types
– Xi
- 2000
|
|
28
|
et al., Bandera: Extracting finite-state models from Java source code
– Corbett, Dwyer, et al.
- 2000
|
|
23
|
Software Engineering with B
– Wordsworth
- 1996
|
|
22
|
Extended static checking: A ten-year perspective
– Leino
- 2000
|
|
19
|
Annotation inference for modular checkers
– Flanagan, Joshi, et al.
- 2000
|
|
17
|
Checking object invariants
– Leino, Stata
- 1997
|
|
15
|
Specification of the JavaCard API in JML
– Poll, Berg, et al.
- 2000
|
|
9
|
Construction of abstract state graphs via PVS
– Graf, Saidi
- 1997
|
|
9
|
Automatic generation and checking of program specifications
– Nimmer, Ernst
- 2001
|
|
8
|
et al. Symbolic Model Checking: 10 20 States and Beyond
– Burch
- 1990
|
|
7
|
et al. Dynamically discovering likely program invariants to support program evolution
– Ernst
- 1999
|
|
6
|
Modular specification of frame properties in jml
– M€uller, Poetzsch-Heffter, et al.
- 2001
|
|
4
|
Formal specification of Gemplus’ electronic purse case study
– Cataño, Huisman
- 2002
|
|
4
|
Toward more informative ESC/Java warning messages
– Millstein
- 1999
|
|
4
|
La vérification des programmes d’ariane
– Turin, Deutsch, et al.
- 1998
|
|
3
|
et al. Bugs as deviant behavior: A general approach to inferring errors in systems code
– Engler
- 2001
|
|
3
|
Getting started with Perfect. Available from www.eschertech.com
– Technologies, Inc
- 2001
|
|
2
|
CIS 771: Software specification
– Dwyer, Hatcliff, et al.
- 2001
|
|
2
|
Joining specification statements
– Leino, Manohar
- 1999
|
