Extended static checking (ESC) is a collective name in computer science for a range of techniques for statically checking the correctness of various program constraints.[1] ESC can be thought of as an extended form of type checking. As with type checking, ESC is performed automatically at compile time (i.e. without human intervention). This distinguishes it from more general approaches to the formal verification of software, which typically rely on human-generated proofs. Furthermore, it promotes practicality over soundness, in that it aims to dramatically reduce the number of false positives (overestimated errors that are not real errors, that is, ESC over strictness) at the cost of introducing some false negatives (real ESC underestimation error, but that need no programmer's attention, or are not targeted by ESC).[2][3] ESC can identify a range of errors that are currently outside the scope of a type checker, including division by zero, array out of bounds, integer overflow and null dereferences.
The techniques used in extended static checking come from various fields of computer science, including static program analysis, symbolic simulation, model checking, abstract interpretation, SAT solving and automated theorem proving and type checking. Extended static checking is generally performed only at an intraprocedural, rather than interprocedural, level in order to scale to large programs.[2] Furthermore, extended static checking aims to report errors by exploiting user-supplied specifications, in the form of pre- and post-conditions, loop invariants and class invariants.
Extended static checkers typically operate by propagating strongest postconditions (respectively weakest preconditions) intraprocedurally through a method starting from the precondition (respectively postcondition). At each point during this process an intermediate condition is generated that captures what is known at that program point. This is combined with the necessary conditions of the program statement at that point to form a verification condition. An example of this is a statement involving a division, whose necessary condition is that the divisor be non-zero. The verification condition arising from this effectively states: given the intermediate condition at this point, it must follow that the divisor is non-zero. All verification conditions must be shown to be false (hence correct by means of excluded third) in order for a method to pass extended static checking (or "unable to find more errors"). Typically, some form of automated theorem prover is used to discharge verification conditions.
Extended static checking was pioneered in ESC/Modula-3[4] and, later, ESC/Java. Its roots originate from more simplistic static checking techniques, such as static debugging[5] or lint and FindBugs. A number of other languages have adopted ESC, including Spec# and SPARKada and VHDL VSPEC. However, there is currently no widely used software programming language that provides extended static checking in its base development environment.
^C. Flanagan, K.R.M. Leino, M. Lillibridge, G. Nelson, J. B. Saxe and R. Stata. "Extended static checking for Java". In Proceedings of the Conference on Programming Language Design and Implementation, pages 234-245, 2002. doi: http://doi.acm.org/10.1145/512529.512558
^ ab"Extended Static Checking". UWTV. Retrieved 2012-02-01.[permanent dead link]
^Babic, Domagoj; Hu, Alan J. (2008). Calysto: Scalable and Precise Extended Static Checking. Proceedings of the International Conference on Software Engineering (ICSE). ACM Press. doi:10.1145/1368088.1368118.
^Rustan, K.; Leino, M.; Nelson, Greg (1998). "An extended static checker for modula-3". Lecture Notes in Computer Science - International Conference on Compiler Construction. Springer. pp. 302–305. doi:10.1007/bfb0026441. ISBN 978-3-540-64304-3. ISSN 0302-9743.
^Flanagan, Cormac; Flatt, Matthew; Krishnamurthi, Shriram; Weirich, Stephanie; Felleisen, Matthias (1996). "Catching bugs in the web of program invariants" (PDF). ACM SIGPLAN Notices. 31 (5). Association for Computing Machinery (ACM): 23–32. doi:10.1145/249069.231387. ISSN 0362-1340.
and 21 Related for: Extended static checking information
Extendedstaticchecking (ESC) is a collective name in computer science for a range of techniques for staticallychecking the correctness of various program...
computer program, and then checking that the parts have been connected in a consistent way. This checking can happen statically (at compile time), dynamically...
keyboard Escape character in the C0 control code set Escape sequence Extendedstaticchecking Einstein summation convention Electronic speed control Electronic...
uninterpreted functions, and quantifiers. Its main applications are extendedstaticchecking, test case generation, and predicate abstraction.[citation needed]...
In computer science, model checking or property checking is a method for checking whether a finite-state model of a system meets a given specification...
reliability verification to the language: extendedstaticchecking, dependent typing, information flow control, static thread safety. Alternative mechanisms...
In computer science, static program analysis (also known as static analysis or static simulation) is the analysis of computer programs performed without...
Matt Welsh, Eric Brewer, and David E. Culler 2012 (for 2002): ExtendedStaticChecking for Java, Cormac Flanagan, K. Rustan M. Leino, Mark Lillibridge...
purely functional data structures, an expressive type system, extendedstaticchecking and property-based testing. In addition, we describe the use of...
Flanagan, Cormac; Leino, K. Rustan M.; Lillibridge, Mark (2002). Extendedstaticchecking for Java. Vol. 37. pp. 234–245. CiteSeerX 10.1.1.19.162. doi:10...
static caravan needs to take particular care in checking that their site is not liable to flooding. Static caravans can be rented on an ad-hoc basis or purchased...
conventional, static detection-based defenses being used by most organizations today. Over the years many employees who worked at Check Point have left...
emphasis on performance. Its static type system prevents runtime type mismatches and thus obviates runtime type and safety checks that burden the performance...
These include: ESC/Java2 [1], an extendedstatic checker which uses JML annotations to perform more rigorous staticchecking than is otherwise possible. OpenJML...
meaning "extended") filtering mechanism in Linux and is also used in other parts of the Linux kernel as well. It is used to safely and efficiently extend the...