Post on 13-Jan-2016
transcript
Houdini, an annotation assistant Houdini, an annotation assistant for ESC/Javafor ESC/JavaHoudini, an annotation assistant Houdini, an annotation assistant for ESC/Javafor ESC/Java
K. Rustan M. Leino
Compaq SRC
Joint work with Cormac Flanagan
K. Rustan M. Leino
Compaq SRC
Joint work with Cormac Flanagan
Systems Research CenterSystems Research Center
Oxford University, 15 January 2001Oxford University, 15 January 2001
Static program checkingStatic program checkingStatic program checkingStatic program checking
Static program checkersStatic program checkersStatic program checkersStatic program checkers
ESC/Java architectureESC/Java architectureESC/Java architectureESC/Java architecture
ESC/Java exampleESC/Java exampleESC/Java exampleESC/Java example
Warning: Index possibly too big
Annotation assistantAnnotation assistantAnnotation assistantAnnotation assistant
Annotation assistantAnnotation assistantAnnotation assistantAnnotation assistant
Annotation assistantAnnotation assistantAnnotation assistantAnnotation assistant
Annotation assistantAnnotation assistantAnnotation assistantAnnotation assistant
Annotation assistantAnnotation assistantAnnotation assistantAnnotation assistant
Annotation assistantAnnotation assistantAnnotation assistantAnnotation assistant
HoudiniHoudiniHoudiniHoudini
The great ESC wizard!The great ESC wizard!The great ESC wizard!The great ESC wizard!
Annotation assistantAnnotation assistantAnnotation assistantAnnotation assistant
Unannotated Java program
Inference engine
Annotated Java program
ESC/Java
Warning messages
Basic Houdini algorithmBasic Houdini algorithmBasic Houdini algorithmBasic Houdini algorithm
generate candidate set of annotations ;repeat
invoke ESC/Java to refute annotations ;remove refuted annotations
until quiescence ;
invoke ESC/Java to identify possible defects
Candidate annotationsCandidate annotationsCandidate annotationsCandidate annotations
integer f
//@ invariant f cmp expr ; cmp {<,<=,==,!=,>=,>} reference f
//@ invariant f != null ; array f
//@ invariant \nonnullelements(f) ;
//@ invariant (\forall int i; 0 <= i && i < expr ==> f[i] != null) ;
//@ invariant f.length cmp expr ;
Houdini inputHoudini inputHoudini inputHoudini input
Houdini
“program”“program”
“specified library”“specified library”
“library”“library”
Houdini guesses“optimistic” annotations
Houdini infers annotations,and reports warnings
… and Houdini always uses any given annotations
Houdini outputHoudini outputHoudini outputHoudini output
ExperienceExperienceExperienceExperienceProgram Lines Warnings Errors
Java2Html 500 4 4/4WebSampler 2,000 38 3/38
PachyClient 11,000 443 2/12“Cobalt” 36,000 540 3/100
Static program checkersStatic program checkersStatic program checkersStatic program checkers
HoudiniHoudiniHoudiniHoudini
Future (ongoing) workFuture (ongoing) workFuture (ongoing) workFuture (ongoing) work
Streamline guessing Increase performance Rev up user interface
ConclusionsConclusionsConclusionsConclusions
Houdini can apply the power of ESC/Java to legacy code
Houdini is a tool by itself Inferred non-properties are useful in debugging
See also http://research.compaq.com/SRC/esc/