Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac...

22
Houdini, an annotation Houdini, an annotation assistant for ESC/Java assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan Systems Research Center Oxford University, 15 January 2001

Transcript of Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac...

Page 1: Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with.

Houdini, an annotation assistant Houdini, an annotation assistant for ESC/Javafor ESC/JavaHoudini, an annotation assistant Houdini, an annotation assistant for ESC/Javafor ESC/Java

K. Rustan M. Leino

Compaq SRC

Joint work with Cormac Flanagan

K. Rustan M. Leino

Compaq SRC

Joint work with Cormac Flanagan

Systems Research CenterSystems Research Center

Oxford University, 15 January 2001Oxford University, 15 January 2001

Page 2: Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with.

Static program checkingStatic program checkingStatic program checkingStatic program checking

Page 3: Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with.

Static program checkersStatic program checkersStatic program checkersStatic program checkers

Page 4: Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with.

ESC/Java architectureESC/Java architectureESC/Java architectureESC/Java architecture

Page 5: Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with.

ESC/Java exampleESC/Java exampleESC/Java exampleESC/Java example

Warning: Index possibly too big

Page 6: Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with.
Page 7: Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with.

Annotation assistantAnnotation assistantAnnotation assistantAnnotation assistant

Page 8: Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with.

Annotation assistantAnnotation assistantAnnotation assistantAnnotation assistant

Page 9: Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with.

Annotation assistantAnnotation assistantAnnotation assistantAnnotation assistant

Page 10: Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with.

Annotation assistantAnnotation assistantAnnotation assistantAnnotation assistant

Page 11: Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with.

Annotation assistantAnnotation assistantAnnotation assistantAnnotation assistant

Page 12: Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with.

Annotation assistantAnnotation assistantAnnotation assistantAnnotation assistant

HoudiniHoudiniHoudiniHoudini

The great ESC wizard!The great ESC wizard!The great ESC wizard!The great ESC wizard!

Page 13: Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with.

Annotation assistantAnnotation assistantAnnotation assistantAnnotation assistant

Unannotated Java program

Inference engine

Annotated Java program

ESC/Java

Warning messages

Page 14: Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with.

Basic Houdini algorithmBasic Houdini algorithmBasic Houdini algorithmBasic Houdini algorithm

generate candidate set of annotations ;repeat

invoke ESC/Java to refute annotations ;remove refuted annotations

until quiescence ;

invoke ESC/Java to identify possible defects

Page 15: Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with.

Candidate annotationsCandidate annotationsCandidate annotationsCandidate annotations

integer f

//@ invariant f cmp expr ; cmp {<,<=,==,!=,>=,>} reference f

//@ invariant f != null ; array f

//@ invariant \nonnullelements(f) ;

//@ invariant (\forall int i; 0 <= i && i < expr ==> f[i] != null) ;

//@ invariant f.length cmp expr ;

Page 16: Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with.

Houdini inputHoudini inputHoudini inputHoudini input

Houdini

“program”“program”

“specified library”“specified library”

“library”“library”

Houdini guesses“optimistic” annotations

Houdini infers annotations,and reports warnings

… and Houdini always uses any given annotations

Page 17: Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with.

Houdini outputHoudini outputHoudini outputHoudini output

Page 18: Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with.

ExperienceExperienceExperienceExperienceProgram Lines Warnings Errors

Java2Html 500 4 4/4WebSampler 2,000 38 3/38

PachyClient 11,000 443 2/12“Cobalt” 36,000 540 3/100

Page 19: Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with.

Static program checkersStatic program checkersStatic program checkersStatic program checkers

HoudiniHoudiniHoudiniHoudini

Page 20: Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with.

Future (ongoing) workFuture (ongoing) workFuture (ongoing) workFuture (ongoing) work

Streamline guessing Increase performance Rev up user interface

Page 21: Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with.

ConclusionsConclusionsConclusionsConclusions

Houdini can apply the power of ESC/Java to legacy code

Houdini is a tool by itself Inferred non-properties are useful in debugging

See also http://research.compaq.com/SRC/esc/

Page 22: Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with.

A SAT characterization of boolean-program correctness K. Rustan M. Leino Microsoft Research, Redmond, WA 14 Nov 2002 IFIP WG 2.4 meeting, Schloβ Dagstuhl,

A SAT characterization of boolean-program correctness K. Rustan M. Leino Microsoft Research, Redmond, WA 14 Nov 2002 IFIP WG 2.4 meeting, Schloβ Dagstuhl,

Hoare-style program verification K. Rustan M. Leino Guest lecturer Rob DeLines CSE 503, Software Engineering University of Washington 28 Apr 2004.

Hoare-style program verification K. Rustan M. Leino Guest lecturer Rob DeLines CSE 503, Software Engineering University of Washington 28 Apr 2004.

1 Towards a Verifying Compiler: The Spec# Approach Wolfram Schulte Microsoft Research Formal Methods 2006 Joint work with Rustan Leino, Mike Barnett, Manuel.

1 Towards a Verifying Compiler: The Spec# Approach Wolfram Schulte Microsoft Research Formal Methods 2006 Joint work with Rustan Leino, Mike Barnett, Manuel.

Program Verification Using the Spec# Programming System ETAPS Tutorial K. Rustan M. Leino, Microsoft Research, Redmond Rosemary Monahan, NUIM Maynooth.

Program Verification Using the Spec# Programming System ETAPS Tutorial K. Rustan M. Leino, Microsoft Research, Redmond Rosemary Monahan, NUIM Maynooth.

Technologies for finding errors in object-oriented software K. Rustan M. Leino Microsoft Research, Redmond, WA Lecture 3 Summer school on Formal Models.

Technologies for finding errors in object-oriented software K. Rustan M. Leino Microsoft Research, Redmond, WA Lecture 3 Summer school on Formal Models.

Specification and Verification of Object-Oriented Software · Specification and Verification of Object-Oriented Software K. Rustan M. LEINO Microsoft Research, Redmond, WA, USA

Specification and Verification of Object-Oriented Software · Specification and Verification of Object-Oriented Software K. Rustan M. LEINO Microsoft Research, Redmond, WA, USA

Using data groups to specify and check side effects K. Rustan M. Leino Microsoft Research Arnd Poetzsch-Heffter Universität Kaiserslautern Yunhong Zhou.

Using data groups to specify and check side effects K. Rustan M. Leino Microsoft Research Arnd Poetzsch-Heffter Universität Kaiserslautern Yunhong Zhou.

The Dafny program verifier K. Rustan M. Leino Research in Software Engineering Microsoft Research, Redmond Victoria University of Wellington Wellington,

The Dafny program verifier K. Rustan M. Leino Research in Software Engineering Microsoft Research, Redmond Victoria University of Wellington Wellington,

The Spec# programming system K. Rustan M. Leino Microsoft Research, Redmond, WA, USA Distinguished Lecture Series Max Planck Institute for Software Systems.

The Spec# programming system K. Rustan M. Leino Microsoft Research, Redmond, WA, USA Distinguished Lecture Series Max Planck Institute for Software Systems.

Checking correctness properties of object-oriented programs K. Rustan M. Leino Microsoft Research, Redmond, WA Lecture 1 EEF summer school on Specification,

Checking correctness properties of object-oriented programs K. Rustan M. Leino Microsoft Research, Redmond, WA Lecture 1 EEF summer school on Specification,

K. Rustan M. Leino Peter Müller IFIP WG 2.3 meeting 49 10 June 2009 Boston, MA.

K. Rustan M. Leino Peter Müller IFIP WG 2.3 meeting 49 10 June 2009 Boston, MA.

Challenges in increasing tool support for programming K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 23 Sep 2004 ICTAC Guiyang, Guizhou, PRC joint.

Challenges in increasing tool support for programming K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 23 Sep 2004 ICTAC Guiyang, Guizhou, PRC joint.

Program Verification via an Intermediate Verification …...Program Verification via an Intermediate Verification Language K. Rustan M. Leino Principal Researcher Research in Software

Program Verification via an Intermediate Verification …...Program Verification via an Intermediate Verification Language K. Rustan M. Leino Principal Researcher Research in Software

Hoare-style program verification K. Rustan M. Leino Guest lecturer Rob DeLine’s CSE 503, Software Engineering University of Washington 28 Apr 2004.

Hoare-style program verification K. Rustan M. Leino Guest lecturer Rob DeLine’s CSE 503, Software Engineering University of Washington 28 Apr 2004.

The Spec# programming system K. Rustan M. Leino Microsoft Research, Redmond, WA, USA Lunch seminar, Praxis Bath, UK 6 Dec 2005 joint work with Mike Barnett,

The Spec# programming system K. Rustan M. Leino Microsoft Research, Redmond, WA, USA Lunch seminar, Praxis Bath, UK 6 Dec 2005 joint work with Mike Barnett,

Program Verification using the Spec# Programming System ECOOP Tutorial Rosemary Monahan, NUIM, Maynooth and K. Rustan M. Leino, Microsoft Research, Redmond.

Program Verification using the Spec# Programming System ECOOP Tutorial Rosemary Monahan, NUIM, Maynooth and K. Rustan M. Leino, Microsoft Research, Redmond.

K. Rustan M. Leino RiSE, Joint work with: Peter Müller (ETH Zurich) Jan Smans (KU Leuven) Special thanks to Mike Barnett VMCAI, Madrid, Spain, 18 January.

K. Rustan M. Leino RiSE, Joint work with: Peter Müller (ETH Zurich) Jan Smans (KU Leuven) Special thanks to Mike Barnett VMCAI, Madrid, Spain, 18 January.

Spec# K. Rustan M. Leino Senior Researcher Programming Languages and Methods Microsoft Research, Redmond, WA, USA Microsoft Research faculty summit, Redmond,

Spec# K. Rustan M. Leino Senior Researcher Programming Languages and Methods Microsoft Research, Redmond, WA, USA Microsoft Research faculty summit, Redmond,

Program synthesis with Jennisys K. Rustan M. Leino Research in Software Engineering (RiSE), Microsoft Research, Redmond Aleksandar Milicevic MIT IFIP Working.

Program synthesis with Jennisys K. Rustan M. Leino Research in Software Engineering (RiSE), Microsoft Research, Redmond Aleksandar Milicevic MIT IFIP Working.

Technologies for finding errors in object-oriented software K. Rustan M. Leino Microsoft Research, Redmond, WA Lecture 2 Summer school on Formal Models.

Technologies for finding errors in object-oriented software K. Rustan M. Leino Microsoft Research, Redmond, WA Lecture 2 Summer school on Formal Models.