houdini, an annotation assistant for esc/java k. rustan m. leino compaq src joint work with cormac...
TRANSCRIPT
![Page 1: Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649efb5503460f94c0d7ad/html5/thumbnails/1.jpg)
Houdini, an annotation assistant Houdini, an annotation assistant for ESC/Javafor ESC/JavaHoudini, an annotation assistant Houdini, an annotation assistant for ESC/Javafor ESC/Java
K. Rustan M. Leino
Compaq SRC
Joint work with Cormac Flanagan
K. Rustan M. Leino
Compaq SRC
Joint work with Cormac Flanagan
Systems Research CenterSystems Research Center
Oxford University, 15 January 2001Oxford University, 15 January 2001
![Page 2: Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649efb5503460f94c0d7ad/html5/thumbnails/2.jpg)
Static program checkingStatic program checkingStatic program checkingStatic program checking
![Page 3: Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649efb5503460f94c0d7ad/html5/thumbnails/3.jpg)
Static program checkersStatic program checkersStatic program checkersStatic program checkers
![Page 4: Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649efb5503460f94c0d7ad/html5/thumbnails/4.jpg)
ESC/Java architectureESC/Java architectureESC/Java architectureESC/Java architecture
![Page 5: Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649efb5503460f94c0d7ad/html5/thumbnails/5.jpg)
ESC/Java exampleESC/Java exampleESC/Java exampleESC/Java example
Warning: Index possibly too big
![Page 6: Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649efb5503460f94c0d7ad/html5/thumbnails/6.jpg)
![Page 7: Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649efb5503460f94c0d7ad/html5/thumbnails/7.jpg)
Annotation assistantAnnotation assistantAnnotation assistantAnnotation assistant
![Page 8: Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649efb5503460f94c0d7ad/html5/thumbnails/8.jpg)
Annotation assistantAnnotation assistantAnnotation assistantAnnotation assistant
![Page 9: Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649efb5503460f94c0d7ad/html5/thumbnails/9.jpg)
Annotation assistantAnnotation assistantAnnotation assistantAnnotation assistant
![Page 10: Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649efb5503460f94c0d7ad/html5/thumbnails/10.jpg)
Annotation assistantAnnotation assistantAnnotation assistantAnnotation assistant
![Page 11: Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649efb5503460f94c0d7ad/html5/thumbnails/11.jpg)
Annotation assistantAnnotation assistantAnnotation assistantAnnotation assistant
![Page 12: Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649efb5503460f94c0d7ad/html5/thumbnails/12.jpg)
Annotation assistantAnnotation assistantAnnotation assistantAnnotation assistant
HoudiniHoudiniHoudiniHoudini
The great ESC wizard!The great ESC wizard!The great ESC wizard!The great ESC wizard!
![Page 13: Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649efb5503460f94c0d7ad/html5/thumbnails/13.jpg)
Annotation assistantAnnotation assistantAnnotation assistantAnnotation assistant
Unannotated Java program
Inference engine
Annotated Java program
ESC/Java
Warning messages
![Page 14: Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649efb5503460f94c0d7ad/html5/thumbnails/14.jpg)
Basic Houdini algorithmBasic Houdini algorithmBasic Houdini algorithmBasic Houdini algorithm
generate candidate set of annotations ;repeat
invoke ESC/Java to refute annotations ;remove refuted annotations
until quiescence ;
invoke ESC/Java to identify possible defects
![Page 15: Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649efb5503460f94c0d7ad/html5/thumbnails/15.jpg)
Candidate annotationsCandidate annotationsCandidate annotationsCandidate annotations
integer f
//@ invariant f cmp expr ; cmp {<,<=,==,!=,>=,>} reference f
//@ invariant f != null ; array f
//@ invariant \nonnullelements(f) ;
//@ invariant (\forall int i; 0 <= i && i < expr ==> f[i] != null) ;
//@ invariant f.length cmp expr ;
![Page 16: Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649efb5503460f94c0d7ad/html5/thumbnails/16.jpg)
Houdini inputHoudini inputHoudini inputHoudini input
Houdini
“program”“program”
“specified library”“specified library”
“library”“library”
Houdini guesses“optimistic” annotations
Houdini infers annotations,and reports warnings
… and Houdini always uses any given annotations
![Page 17: Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649efb5503460f94c0d7ad/html5/thumbnails/17.jpg)
Houdini outputHoudini outputHoudini outputHoudini output
![Page 18: Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649efb5503460f94c0d7ad/html5/thumbnails/18.jpg)
ExperienceExperienceExperienceExperienceProgram Lines Warnings Errors
Java2Html 500 4 4/4WebSampler 2,000 38 3/38
PachyClient 11,000 443 2/12“Cobalt” 36,000 540 3/100
![Page 19: Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649efb5503460f94c0d7ad/html5/thumbnails/19.jpg)
Static program checkersStatic program checkersStatic program checkersStatic program checkers
HoudiniHoudiniHoudiniHoudini
![Page 20: Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649efb5503460f94c0d7ad/html5/thumbnails/20.jpg)
Future (ongoing) workFuture (ongoing) workFuture (ongoing) workFuture (ongoing) work
Streamline guessing Increase performance Rev up user interface
![Page 21: Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649efb5503460f94c0d7ad/html5/thumbnails/21.jpg)
ConclusionsConclusionsConclusionsConclusions
Houdini can apply the power of ESC/Java to legacy code
Houdini is a tool by itself Inferred non-properties are useful in debugging
See also http://research.compaq.com/SRC/esc/
![Page 22: Houdini, an annotation assistant for ESC/Java K. Rustan M. Leino Compaq SRC Joint work with Cormac Flanagan K. Rustan M. Leino Compaq SRC Joint work with](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649efb5503460f94c0d7ad/html5/thumbnails/22.jpg)