{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

invariants-verify-rv2001 - RV01 Preliminary Version Static...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
RV’01 Preliminary Version Static verification of dynamically detected program invariants: Integrating Daikon and ESC/Java Jeremy W. Nimmer and Michael D. Ernst MIT Lab for Computer Science 200 Technology Square Cambridge, MA 02139 USA Email: { jwnimmer, mernst } @lcs.mit.edu Abstract This paper shows how to integrate two complementary techniques for manip- ulating program invariants: dynamic detection and static verification. Dynamic detection proposes likely invariants based on program executions, but the resulting properties are not guaranteed to be true over all possible executions. Static veri- fication checks that properties are always true, but it can be difficult and tedious to select a goal and to annotate programs for input to a static checker. Combining these techniques overcomes the weaknesses of each: dynamically detected invariants can annotate a program or provide goals for static verification, and static verification can confirm properties proposed by a dynamic tool. We have integrated a tool for dynamically detecting likely program invariants, Daikon, with a tool for statically verifying program properties, ESC/Java. Daikon examines run-time values of program variables; it looks for patterns and relation- ships in those values, and it reports properties that are never falsified during test runs and that satisfy certain other conditions, such as being statistically justified. ESC/Java takes as input a Java program annotated with preconditions, postcondi- tions, and other assertions, and it reports which annotations cannot be statically verified and also warns of potential runtime errors, such as null dereferences and out-of-bounds array indices. Our prototype system runs Daikon, inserts its output into code as ESC/Java annotations, and then runs ESC/Java, which reports unverifiable annotations. The entire process is completely automatic, though users may provide guidance in order to improve results if desired. In preliminary experiments, ESC/Java verified all or most of the invariants proposed by Daikon. This is a preliminary version. The final version will be published in Electronic Notes in Theoretical Computer Science URL: www.elsevier.nl/locate/entcs
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Nimmer and Ernst 1 Introduction Static and dynamic analyses have complementary strengths and weaknesses, so combining them has great promise. Static analysis operates by examin- ing program source code and reasoning about possible executions. It builds a model of the state of the program, such as values for variables and other expressions. Static analysis can be conservative and sound; however, it can be inefficient, can produce weak results, and can require explicit goals or an- notations. Dynamic analysis obtains information from program executions; examples include profiling and testing. Rather than modeling the state of the program, dynamic analysis uses actual values computed during program exe- cutions. Dynamic analysis can be efficient and precise, but the results may not generalize to future program executions. Our research integrates static and dy-
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}