109 research outputs found
An Assertional Proof System for Multithreaded Java - Theory and Tool Support
Besides the features of a class-based object-oriented language, Java integrates concurrency via its thread classes, allowing for a multithreaded flow of control. The concurrency model includes shared-variable concurrency via instance variables, coordination via reentrant synchronization monitors, synchronous message passing, and dynamic thread creation. To reason about safety properties of multithreaded Java programs, we introduce a tool-supported assertional proof method for JavaMT ("Multi-Threaded Java"), a small sublanguage of Java, covering the mentioned concurrency issues as well as the object-based core of Java. The verification method is formulated in terms of proof-outlines, where the assertions are layered into local ones specifying the behavior of a single instance, and global ones taking care of the connections between objects. We establish the soundness and the completeness of the proof system. From an annotated program, a number of verification conditions are generated and handed over to the interactive theorem prover PVS.IST project Omega (IST-2001-33522) NWO/DFG project Mobi-J (RO 1122/9-1, RO 1122/9-2)UBL - phd migration 201
Simple and Effective Static Analysis to Find Bugs
Much research in recent years has focused on using static analysis to
find bugs in software. Many new approaches employing sophisticated
program analysis techniques---inter-procedural, context-sensitive, or
path-sensitive---have been developed. However, comparatively little
work has been done on determining what bugs can be found using
<i>simple</i> analysis techniques. We have found that simple static
analysis techniques are effective at finding hundreds or thousands
of serious software defects in several large commercial software
applications.
In our research, we have attempted to characterize the bugs that can be
found in production software using simple analysis techniques. Examples
of simple analysis techniques include inspection of class hierarchies
and method signatures, sequential scanning of program instructions
using a state machine recognizer, intra-procedural dataflow analysis,
and flow-insensitive whole program analysis. To determine what bugs may
be found using these techniques, we performed <i>bug-driven</i> research.
Starting from examples of real bugs, we tried to develop simple analysis
techniques to find similar bugs. Using this approach, we found a large
number of serious bugs in production applications and libraries with
a relatively low percentage of false positives. The types of bugs our
analysis uncovered in production code include null pointer dereferences,
infinite recursive loops, data races, deadlocks, and missed thread
notifications. One product of this work is a static analysis tool
called FindBugs, which analyzes Java programs at the bytecode level.
We have distributed FindBugs under an open-source license, and it has
been widely adopted by commercial organizations and open-source projects.
FindBugs has been downloaded more than 110,000 times since its initial
release.
Our work makes several contributions to the field. First, we have
cataloged many commonly-occurring bug patterns, described effective ways
of finding occurrences of those patterns automatically, and classified
common reasons why these bugs occur. Second, we have measured the
accuracy of our bug detectors on production software and student
programming projects, validating the effectiveness of the underlying
static analysis techniques. Finally, we have described techniques
for determining when static analysis warnings are added or removed as
software evolves
- …