Interaction analysis of annotated specification and program codes in Extended Static Checking

Abstract

Software cost can be reduced if more software defects are detected earlier in the development phase. Motivated by the Extended Static Checking (ESC) technique, many programming errors have been discovered by ESC tools. In a typical ESC procedure, the source code of a program written in a high-level programming language, e.g. Java [1] or C#, Spec# [2], is translated into some logical imperative-style language, resp. Guarded Commands [1] or BoogiePL [2]. At the same time, associated annotated specifications which state constraints of the program are also translated into the same logical language. This two-fold translation phase induces code-interleaving phenomenon of annotated specification and program. The subsequent phases in ESC relies on the interleaving codes while there is a possibility that logical imperative codes translated from annotated specification may change behavior of the original program. This paper proposes a formal analysis approach of possible interaction between specification and program codes. It does not only show the range of specification categories which are safe in this ESC procedure, but also presents cases for potential ESC unsoundness.