Abstract: A program verification process begins by converting a language of the program from a first language into an intermediate language representation. The loops of the program are eliminated. The program is converted from the intermediate language representation into a passive form. Dominators for the passive form of the program are determined. A verification condition is generated from the passive form of the program. The verification condition is structured according to the computed dominators such that when a theorem prover identifies a potential error, portions of the passive form of the program irrelevant to the potential error are ignored.

Abstract: Various new and non-obvious systems and methods for ensuring within a multi-threaded environment that object fields hold legal values are disclosed. One of the disclosed embodiments is a method for a thread locking the top object of an object hierarchy. The thread then gains ownership of the locked object and any children of the locked object, by successively unpacking child objects, allowing the thread to write to any unpacked object field. By owning the top hierarchical object, the thread also achieves transitive ownership to any descendants of the object, allowing the thread to read any object fields which it transitively owns. When a thread locks an object within this exemplary embodiment all other threads are denied access to the locked object and to any descendants of the locked object.

Abstract: Techniques and tools are described for analyzing software. For example, an analysis tool performs abstract interpretation with a congruence abstract domain and/or a heap succession abstract domain. For the congruence abstract domain, the tool tracks equivalence classes between alien expressions and base domain variables. For the heap succession abstract domain, the tool tracks updates to a heap. In either case, to preserve information after updates, the tool may identify an expression having an unreachable value then determine an equivalent expression that lacks the unreachable value.

Abstract: A system, method and computer program product for annotating a computer program. The method includes applying a program checking tool to the computer program to produce one or more warnings, mapping one of the warnings into an annotation modification, and modifying the computer program in accordance with the annotation modification. These steps are repeated until the program checking tool produces no warnings that are suitable for mapping into an annotation modification. The resulting modified computer program is then provided to a user for use or further development.

Abstract: In a system for statically analyzing a specified computer, a verification condition generator converts the program into a logical equation, called a verification condition, and inserts program flow control labels into the sub-equations of the verification condition. The flow control labels identify conditional branch points in the specified computer program. A theorem prover is applied to the logical equation to determine truth of the logical equation, and when the truth of the logical equation cannot be proved, the theorem prover generates at least one counter-example identifying one of the conditions, one or more variable values inconsistent with that condition, and any of the flow control labels for conditional branch points of the program associated with the identified variable values. A post processing module converts each counter-example into an error message that includes a program trace when the counter-example identifies one or more of the flow control labels.

Abstract: The present invention is a method and apparatus for organizing warning messages generated by a computer program analyzer. A computer program analyzer generates a set of warning messages based upon potentially erroneous portions of a computer program, where each warning message identifies at least one potential error in the computer program. An inference engine infers from a subset of the set of warning messages at least one suggested-fix heuristic corresponding to each identified potential error in the subset of the set of warning messages. An association module associates each suggested-fix heuristic with the warning message containing the corresponding identified potential error. A grouping module reorders the set of warning messages so as to group together sets of warning messages having substantially similar associated suggested-fix heuristics. A result file generates a result comprising a subset of the set of warning messages ordered in grouped sets.

Abstract: The present invention is a method and apparatus for organizing warning messages generated by a computer program analyzer. A computer program analyzer generates a set of warning messages based upon potentially erroneous portions of a computer program, where each warning message identifies at least one potential error in the computer program. An inference engine infers from a subset of the set of warning messages at least one suggested-fix heuristic corresponding to each identified potential error in the subset of the set of warning messages. An association module associates each suggested-fix heuristic with the warning message containing the corresponding identified potential error. A grouping module reorders the set of warning messages so as to group together sets of warning messages having substantially similar associated suggested-fix heuristics. A result file generates a result comprising a subset of the set of warning messages ordered in grouped sets.

Abstract: A system, method and computer program product for annotating a computer program. The method includes applying a program checking tool to the computer program to produce one or more warnings, mapping one of the warnings into an annotation modification, and modifying the computer program in accordance with the annotation modification. These steps are repeated until the program checking tool produces no warnings that are suitable for mapping into an annotation modification. The resulting modified computer program is then provided to a user for use or further development.

Abstract: A system, method and computer program product for annotating a computer program. The method includes inserting a set of heuristically derived candidate annotations into the computer program and converting the computer program into a verification condition-which includes a set of guards corresponding to the set of candidate annotations. Initial truth values are assigned to the guards. A theorem prover is applied to the verification condition, and the counter-examples are mapped into one or more annotation modifications. The truth value of at least one of the guards corresponding to the one or more annotation modifications is updated. The theorem proving, mapping and truth value updating steps are repeated until the theorem prover produces no counter-examples that are suitable for mapping into an annotation modification. The resulting annotation modifications are applied to the computer program. The system and computer program product implement this method of annotating a computer program.

Abstract: In a system for statically analyzing a specified computer, a verification condition generator converts the program into a logical equation, called a verification condition, and inserts program flow control labels into the sub-equations of the verification condition. The flow control labels identify conditional branch points in the specified computer program. A theorem prover is applied to the logical equation to determine truth of the logical equation, and when the truth of the logical equation cannot be proved, the theorem prover generates at least one counter-example identifying one of the conditions, one or more variable values inconsistent with that condition, and any of the flow control labels for conditional branch points of the program associated with the identified variable values. A post processing module converts each counter-example into an error message that includes a program trace when the counter-example identifies one or more of the flow control labels.

Abstract: When a source program containing annotations is processed by a user-selected tool, the annotations in the source program are detected by a lexer and passed to an annotation processor corresponding to the selected tool. The system contains a number of annotation processors and a number of program processing tools, and the annotation processor to which the annotations are passed is selected based upon the user-selected tool. The selected annotation processor converts annotations compatible with the user-selected tool into annotation tokens and returns the annotation tokens to the lexer. The lexer generates tokens based upon the programming-language statements in the source program, and passes both the tokens and annotation tokens to a parser. The parser, in turn, assembles the tokens and annotation tokens into an abstract syntax tree, which is then passed to the user-selected tool for further processing.

Abstract: A method and an apparatus analyze a computer program for dependencies of the program output on the program input. To analyze the program, the program is transformed by a function into a Boolean expression called a verification condition. An example of this function is the weakest liberal precondition. The verification condition characterizes a condition between the input and the output of the program that must be satisfied for the output to be independent of the input. A theorem prover evaluates the verification condition to determine whether the output would depend on the input if the program was executed. If the verification condition evaluates to true, then the output is independent of the input; false, then the output depends on the input.