invariants-verify-rv2001 - RV’01 Preliminary Version...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: RV’01 Preliminary Version Static verification of dynamically detected program invariants: Integrating Daikon and ESC/Java Jeremy W. Nimmer and Michael D. Ernst MIT Lab for Computer Science 200 Technology Square Cambridge, MA 02139 USA Email: { jwnimmer, mernst } Abstract This paper shows how to integrate two complementary techniques for manip- ulating program invariants: dynamic detection and static verification. Dynamic detection proposes likely invariants based on program executions, but the resulting properties are not guaranteed to be true over all possible executions. Static veri- fication checks that properties are always true, but it can be difficult and tedious to select a goal and to annotate programs for input to a static checker. Combining these techniques overcomes the weaknesses of each: dynamically detected invariants can annotate a program or provide goals for static verification, and static verification can confirm properties proposed by a dynamic tool. We have integrated a tool for dynamically detecting likely program invariants, Daikon, with a tool for statically verifying program properties, ESC/Java. Daikon examines run-time values of program variables; it looks for patterns and relation- ships in those values, and it reports properties that are never falsified during test runs and that satisfy certain other conditions, such as being statistically justified. ESC/Java takes as input a Java program annotated with preconditions, postcondi- tions, and other assertions, and it reports which annotations cannot be statically verified and also warns of potential runtime errors, such as null dereferences and out-of-bounds array indices. Our prototype system runs Daikon, inserts its output into code as ESC/Java annotations, and then runs ESC/Java, which reports unverifiable annotations. The entire process is completely automatic, though users may provide guidance in order to improve results if desired. In preliminary experiments, ESC/Java verified all or most of the invariants proposed by Daikon. This is a preliminary version. The final version will be published in Electronic Notes in Theoretical Computer Science URL: Nimmer and Ernst 1 Introduction Static and dynamic analyses have complementary strengths and weaknesses, so combining them has great promise. Static analysis operates by examin- ing program source code and reasoning about possible executions. It builds a model of the state of the program, such as values for variables and other expressions. Static analysis can be conservative and sound; however, it can be inefficient, can produce weak results, and can require explicit goals or an- notations. Dynamic analysis obtains information from program executions; examples include profiling and testing. Rather than modeling the state of the program, dynamic analysis uses actual values computed during program exe- cutions. Dynamic analysis can be efficient and precise, but the results may not generalize to future program executions. Our research integrates static and dy-generalize to future program executions....
View Full Document

This note was uploaded on 02/24/2012 for the course CSE 503 taught by Professor Davidnotikin during the Spring '11 term at University of Washington.

Page1 / 22

invariants-verify-rv2001 - RV’01 Preliminary Version...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online