1 Software Model Checking Guillaume Brat, Dimitra Giannakopoulou, Klaus Havelund, Mike Lowry, Phil Oh, Corina Pasareanu, Charles Pecheur, John Penix, Willem.

Slides:



Advertisements
Similar presentations
A Survey of Runtime Verification Jonathan Amir 2004.
Advertisements

Abstraction of Source Code (from Bandera lectures and talks)
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Mahadevan Subramaniam and Bo Guo University of Nebraska at Omaha An Approach for Selecting Tests with Provable Guarantees.
A Randomized Dynamic Program Analysis for Detecting Real Deadlocks Koushik Sen CS 265.
1 Symbolic Execution for Model Checking and Testing Corina Păsăreanu (Kestrel) Joint work with Sarfraz Khurshid (MIT) and Willem Visser (RIACS)
1/20 Generalized Symbolic Execution for Model Checking and Testing Charngki PSWLAB Generalized Symbolic Execution for Model Checking and Testing.
Model Checker In-The-Loop Flavio Lerda, Edmund M. Clarke Computer Science Department Jim Kapinski, Bruce H. Krogh Electrical & Computer Engineering MURI.
Carnegie Mellon University Java PathFinder and Model Checking of Programs Guillaume Brat, Dimitra Giannakopoulou, Klaus Havelund, Mike Lowry, Phil Oh,
Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha.
1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.
1 Program Slicing Purvi Patel. 2 Contents Introduction What is program slicing? Principle of dependences Variants of program slicing Slicing classifications.
Software Model Checking for Embedded Systems PIs: Matthew Dwyer 1, John Hatcliff 1, and George Avrunin 2 Post-docs: Steven Seigel 2, Radu Iosif 1 Students:
Software Model Checking
1 Model Checking, Abstraction- Refinement, and Their Implementation Based on slides by: Orna Grumberg Presented by: Yael Meller June 2008.
1 Carnegie Mellon UniversitySPINFlavio Lerda SPIN An explicit state model checker.
1 Predicate Abstraction of ANSI-C Programs using SAT Edmund Clarke Daniel Kroening Natalia Sharygina Karen Yorav (modified by Zaher Andraus for presentation.
CS 267: Automated Verification Lectures 14: Predicate Abstraction, Counter- Example Guided Abstraction Refinement, Abstract Interpretation Instructor:
What Went Wrong? Alex Groce Carnegie Mellon University Willem Visser NASA Ames Research Center.
Toward Dependable Software: Cyberinfrastructure Support for Controlled Experimentation with Testing and Analysis Techniques Gregg Rothermel and Matt Dwyer.
1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.
Formal Verification of SpecC Programs using Predicate Abstraction Himanshu Jain Daniel Kroening Edmund Clarke Carnegie Mellon University.
Scalable and Flexible Static Analysis of Flight-Critical Software Guillaume P. Brat Arnaud J. Venet Carnegie.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu, October, 2001 Thesis Committee: Matthew Dwyer, Major Advisor David.
272: Software Engineering Fall 2012 Instructor: Tevfik Bultan Lecture 4: SMT-based Bounded Model Checking of Concurrent Software.
Software Testing Verification and validation planning Software inspections Software Inspection vs. Testing Automated static analysis Cleanroom software.
Lifecycle Verification of the NASA Ames K9 Rover Executive Dimitra Giannakopoulou Mike Lowry Corina Păsăreanu Rich Washington.
Scientific Computing By: Fatima Hallak To: Dr. Guy Tel-Zur.
Java Pathfinder JPF Tutorial - Test Input Generation With Java Pathfinder.
CIS 842: Specification and Verification of Reactive Systems Lecture Specifications: LTL Model Checking Copyright , Matt Dwyer, John Hatcliff,
CS527 Topics in Software Engineering (Software Testing and Analysis) Darko Marinov September 9, 2010.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 22 Slide 1 Software Verification, Validation and Testing.
1 Bisimulations as a Technique for State Space Reductions.
Bandera: Extracting Finite-state Models from Java Source Code James Corbett Matthew Dwyer John Hatcliff Shawn Laubach Corina Pasareanu Robby Hongjun Zheng.
Finding Feasible Counter-examples when Model Checking Abstracted Java Programs Corina S. Pasareanu, Matthew B. Dwyer (Kansas State University) and Willem.
Copyright 2001, Matt Dwyer, John Hatcliff, and Radu Iosif. The syllabus and all lectures for this course are copyrighted materials and may not be used.
CIS 842: Specification and Verification of Reactive Systems Lecture 1: Course Overview Copyright 2001, Matt Dwyer, John Hatcliff, and Radu Iosif. The.
Model Checking Java Programs using Structural Heuristics
Symbolic Execution with Abstract Subsumption Checking Saswat Anand College of Computing, Georgia Institute of Technology Corina Păsăreanu QSS, NASA Ames.
1 CSEP590 – Model Checking and Automated Verification Lecture outline for August 6, 2003.
1 Model Checking of Robotic Control Systems Presenting: Sebastian Scherer Authors: Sebastian Scherer, Flavio Lerda, and Edmund M. Clarke.
CIS 842: Specification and Verification of Reactive Systems Lecture INTRO-Examples: Simple BIR-Lite Examples Copyright 2004, Matt Dwyer, John Hatcliff,
Tool-supported Program Abstraction for Finite-state Verification Matthew Dwyer 1, John Hatcliff 1, Corina Pasareanu 1, Robby 1, Roby Joehanes 1, Shawn.
Model-checking Concurrent Java Software Using the Bandera Tool Set Matthew Dwyer John Hatcliff Radu Iosif Yu Chen Georg Jung Todd Wallentine FacultyStudents.
CAPP: Change-Aware Preemption Prioritization Vilas Jagannath, Qingzhou Luo, Darko Marinov Sep 6 th 2011.
USING MODEL CHECKING TO DISCOVER AUTOMATION SURPRISES Java class User: - getExpectation() - checkExpectation() FAULTY EXECUTION start incrMCPAlt pullAltKnob.
November 27, 2007 Verification of a Concurrent Priority Queue Bart Verzijlenberg.
Concrete Model Checking with Abstract Matching and Refinement Corina Păsăreanu QSS, NASA Ames Research Center Radek Pelánek Masaryk University, Brno, Czech.
Software Systems Verification and Validation Laboratory Assignment 4 Model checking Assignment date: Lab 4 Delivery date: Lab 4, 5.
Tool-supported Program Abstraction for Finite-state Verification Matthew Dwyer 1, John Hatcliff 1, Corina Pasareanu 1, Robby 1, Roby Joehanes 1, Shawn.
( = “unknown yet”) Our novel symbolic execution framework: - extends model checking to programs that have complex inputs with unbounded (very large) data.
Model-checking Concurrent Java Software Using the Bandera Tool Set Matthew Dwyer John Hatcliff Radu Iosif Hongjun Zheng Shawn Laubach Corina Pasareanu.
Agenda  Quick Review  Finish Introduction  Java Threads.
1 Autopilot Tutor. 2 Model Checking the Autopilot GUI Program Program Automatically Replace GUI methods with stubs Instrument Event Handling (Semi-automated)
Symbolic Model Checking of Software Nishant Sinha with Edmund Clarke, Flavio Lerda, Michael Theobald Carnegie Mellon University.
24 September 2002© Willem Visser Program Model Checking Enabling Technology Abstraction void add(Object o) { buffer[head] = o; head = (head+1)%size;
Table of Contents Program Model Checking: Case Studies and Practitioner’s Guide John Penix, ARC Owen O’Malley, QSS Lawrence Markosian, QSS Peter Mehlitz,
SS 2017 Software Verification Bounded Model Checking, Outlook
Model Checking Java Programs (Java PathFinder)
Abstraction of Source Code
Input Space Partition Testing CS 4501 / 6501 Software Testing
Abstraction Data type based abstractions
Software Model Checking
runtime verification Brief Overview Grigore Rosu
Over-Approximating Boolean Programs with Unbounded Thread Creation
Generating Optimal Linear Temporal Logic Monitors by Coinduction
An explicit state model checker
Symbolic Execution and Test-input Generation
Presentation transcript:

1 Software Model Checking Guillaume Brat, Dimitra Giannakopoulou, Klaus Havelund, Mike Lowry, Phil Oh, Corina Pasareanu, Charles Pecheur, John Penix, Willem Visser and Matt Dwyer, John Hatcliff (Kansas State) Alex Groce, Flavio Lerda (CMU) NASA Ames Automated Software Engineering Group

2 Relevant Milestone: Demonstrate scalable analytic verification technology on a major subsystem for Aerospace avionics. (Project,Milestone,Date) Shown: The application of model checking to the DEOS real-time embedded aerospace operating system from Honeywell to discover a subtle error not uncovered using the testing techniques required for FAA certification. This impact of this error during flight could have been starvation of critical real-time flight calculations. Indicate the scaling of model checking by showing the average factor of increase in lines of code (yellow) and state- space handled (white) by each technique developed and, in the middle, a graph indicating the impact of these techniques with respect to the time taken to analyze a 1000 lines of code. Accomplishment / Relation to Milestone and ETG: Development of the Java PathFinder model checker, with accompanying set of synergistic verification technologies (including, abstractions, slicing, partial-order reduction, intelligent search and environment generation techniques) to enable the efficient analysis of object-oriented, concurrent programs such as those found in the next generation of avionics systems (e.g. the DEOS O/S for Integrated Modular Avionic systems). These model checking technologies have significantly reduced the effort required to analyze avionics software: currently we analyze 1000 lines of code per day compared to state of practice of 50 LOC/day in Future Plans: Develop techniques to allow guarantees for correct behavior under certain assumptions that can be checked during actual execution using run-time program monitoring. Also, development of “learning” algorithms whereby the model checker’s search strategy can be adapted according to the structure of the program being analyzed. High-Assurance Software Design POC: Michael Lowry (Ames Research Center) ETG: Provide increased confidence and lower the cost of development of next generation avionics software Strategic Investments Research Program Technical Accomplishment

3 High-Assurance Software Design Case 0: new(); Case 1: Stop(); Case 2: Remove(); Case 3: Wait(); Case 0: new(); Case 2: Remove(); Slicing Abstraction Environment JPF Model Checker Repair DEOS lines to 1500 Property preserving DEOS Infinite state to 1,000,000 states Semi-automated and requires domain knowledge Heuristic search Focused search for errors Partial-order reduction Spurious error elimination during abstraction State compression Bandera code-level debugging of error-path 3x30x 5x100x 2x15x2x10x 2x10x Combined techniques allows O(10 2 ) source line and O(10 6 ) state-space increase over state of practice Generation

4 Motivation Ariane 501 Mars Polar Lander Software Errors can be very costly

5 Software Error-Detection public boolean ConceptualObjectConstructor(int period) { itsPeriodIndex = period; itsCurrentPriority = Scheduler.priorityForPeriodIndex(its PeriodIndex); itsPeriodicEvent = StartOfPeriodEvent.eventForPer iodIndex(itsPeriodIndex); itsCurrentBudget = itsBudget; itsCreationStatus = threadStatusDormant; return true; } public void ConceptualObjectDestructor() { itsCreationStatus = threadStatusNotCreated; } public Budget budget() { return itsBudget; } public int currentPriority() { return itsCurrentPriority; } public void setCurrentPriority(int p) { //System.out.println("Thread.setCurrentPriority " + p); itsCurrentPriority = p; } public void startThread(int theCPUBudget) { //System.out.println("Thread.StartThread"); itsCurrentPriority = Scheduler.priorityForPeriodIndex( itsPeriodIndex ); itsBudget.setTotalBudgetInUsec(theCPUBudget); startThreadInternal(); itsLastCompletion = itsPeriodicEvent.currentPeriod()-1; waitForNextTriggeringEvent(); // assumes critical! itsLastExecution = itsPeriodicEvent.currentPeriod(); itsLastCompletion = itsPeriodicEvent.currentPeriod(); } Static Checking Type checking Runtime-error Checking Dynamic Checking Testing Model Checking

6 OK Error trace or Finite-state model Temporal logic formula Model Checker  Line 5: … Line 12: … Line 15:… Line 21:… Line 25:… Line 27:… … Line 41:… Line 47:…

7 The Dream Program Requirement Checker OK Error trace or void add(Object o) { buffer[head] = o; head = (head+1)%size; } Object take() { … tail=(tail+1)%size; return buffer[tail]; } Property 1: … Property 2: … …

8 Model Construction Problem Semantic gap: Model Description Model Checker Program void add(Object o) { buffer[head] = o; head = (head+1)%size; } Object take() { … tail=(tail+1)%size; return buffer[tail]; } Gap Programming Languages Model Description Languages methods, inheritance, dynamic creation, exceptions, etc. automata

9 Research Agenda Goal –Demonstrate Scalable Analytic verification technology on a major aerospace subsystem Direction –Show model checking can be included in an iterative development cycle –Develop a model checker for Java All the features of modern programming languages (objects,threads,exceptions etc.) But none of the unnecessary complications (Pointers, direct memory access, etc.) Accomplishments –Java Pathfinder Model checker –Synergistic Verification technologies –Analysis of the DEOS Real-time Operating system

10 Java PathFinder void add(Object o) { buffer[head] = o; head = (head+1)%size; } Object take() { … tail=(tail+1)%size; return buffer[tail]; } 0: iconst_0 1: istore_2 2: goto#39 5: getstatic 8: aload_0 9: iload_2 10: aaload JVM Special JVMModel Checker

11 Key Points Models can be infinite state –Depth-first state graph generation (Explicit-state model checking) –Errors are real –Verification can be problematic (Abstraction required) All of Java is handled except native code Nondeterministic Environments –JPF traps special nondeterministic methods Properties –User-defined assertions and deadlock –LTL properties (integrated with Bandera) Source level error analysis (with Bandera tool)

12 Manual Code Simplification Case 0: new(); Case 1: Stop(); Case 2: Remove(); Case 3: Wait(); Case 0: new(); Case 1: Remove(); Reduce sizes: e.g. Queues, arrays etc. Reduce variable ranges to singleton Group statements together in atomic blocks to reduce interleaving Remove irrelevant code Queue_size = 5; B = new Buffer[4]; Queue_size = 2; B = new Buffer[3]; MessageType = {ack : bool ;c : Int} MessageType = {ack : bool } X := Z; X := X +1; Y = X * 5; Z = Y; X := Z; Atomic{ X := X +1; Y = X * 5; } Z = Y; These techniques make model checking tractable, hence we need (semi-) automated counterparts for them when doing automatic translations

13 Enabling Technologies Abstraction Under-approximations Over-approximations Partial-order Reductions Property Preserving Slicing Reduce sizes: e.g. Queues, arrays etc. Reduce variable ranges to singleton Remove irrelevant code Group statements together in atomic blocks to reduce interleaving Heuristic Search State Compression

14 Technology Overview Slicing Abstraction State Compression Partial-order Reduction Heuristic Search

15 Technology Overview Slicing Abstraction State Compression Partial-order Reduction Heuristic Search

16 Property-directed Slicing slicing criterion generated automatically from observables mentioned in the property backwards slicing automatically finds all components that might influence the observables. Source program Resulting slice Slice mentioned in property indirectly relevant

17 Property-directed Slicing /** EXP Full: (head == tail) */ class BoundedBuffer { Object [] buffer_; int bound; int head, tail; public synchronized void add(Object o) { while ( tail == head ) try { wait(); } catch ( InterruptedException ex) {} buffer_[head] = o; head = (head+1) % bound; notifyAll(); }... } Included in slicing criterion indirectly relevant removed by slicing Slicing Criterion All statements that assign to head, tail.

18 Technology Overview Slicing Abstraction – Under-Approximations – Over-Approximations Predicate Abstraction Data Type Abstractions State Compression Partial-order Reduction Heuristic Search

19 Technology Overview Slicing Abstraction – Under-Approximations – Over-Approximations Predicate Abstraction Data Type Abstractions State Compression Partial-order Reduction Heuristic Search

20 Abstraction Remove behaviors Preserves errors –“Exists” paths Transform code –Size changes –Manual Filtered Environments –Don’t allow all environment actions –Semi-automated Add behaviors Preserves correctness –“For all” paths Type-based abstractions –Semi-automated Predicate Abstraction –Semi-automated Under-approximations Over-approximations

21 Predicate Abstraction x  y Abstract Concrete x  y F T  int  int bool EQ = T x = 0 y = 0 x = 0 y = 1 y++ EQ  (x = y) EQ = FEQ := F EQ  (x = y) Mapping of a concrete system to an abstract system, whose states correspond to truth values of a set of predicate

22 Calculating Abstraction Predicate: B  (x = y) Concrete Statement y := y + 1 Abstract Statement y := y + 1 {x = y} y := y + 1 {x  y} {x  y + 1} {x = y + 1} Step 1: Calculate pre-images Step 2: Rewrite in terms of predicates Step 2a: Use Decision Procedures x = y  x = y + 1 x  y  x = y + 1 x = y  x  y + 1 x  y  x  y + 1 {x = y + 1} y := y + 1 {B} {B} y := y + 1 {~B} Step 3: Abstract Code IF B THEN B := false ELSE B := true | false

23 JPF Predicate Abstraction Annotations used to indicate abstractions –Abstract.remove(x); Abstract.remove(y); Abstract.addBoolean(“EQ”, x==y); Tool generates abstract Java program –Using Stanford Validity Checker (SVC) –JVM is extended with nondeterminism to handle over approximation Abstractions can be local to a class or global across multiple classes –Abstract.addBoolean(“EQ”, A.x==B.y); –Dynamic predicate abstraction - works across instances

24 Data Type Abstraction int x = 0; if (x == 0) x = x + 1; Data domains (n<0) : NEG (n==0): ZERO (n>0) : POS Signs NEGPOSZERO int Code Signs x = ZERO; if (Signs.eq(x,ZERO)) x = Signs.add(x,POS); Collapses data domains via abstract interpretation:

25 Abstract Interpretation abstraction Signs abstracts int TOKENS = { neg, zero, pos }; abstraction mapping: n {neg}; n == 0 -> {zero}; n > 0 -> {pos}; public class Signs { public static final int NEG = 0; public static final int ZERO = 1; public static final int POS = 2; public static int abs(int n) { if (n < 0) return NEG; if (n == 0) return ZERO; if (n > 0) return POS; } public static int add(int a, int b){ int r; Verify.beginAtomic(); if (a==NEG && b==NEG) r=NEG; if (a==NEG && b==ZERO) r=NEG; if (a==ZERO && b==NEG) r=NEG; if (a==ZERO && b==ZERO) r=ZERO; if (a==ZERO && b==POS) r=POS; if (a==POS && b==ZERO) r=POS; if (a==POS && b==POS) r=POS; else r=Verify.choose(2); Verify.endAtomic(); return r; }} neg{zero,pos,neg}neg {zero,pos,neg}pos negposzero negposzero + abs

26 Technology Overview Slicing Abstraction – Under-Approximations – Over-Approximations Infeasible/Spurious Errors State Compression Partial-order Reduction Heuristic Search

27 {NEG,ZERO,POS} [1] if(Signs.gt(Signs.add(NEG,POS),ZERO)) then [2] assert(true); else [3] assert(false); Example of Infeasible Counter-example [1]: [2]: [ 1] if ( > 0) then [2] assert(true); else [3] assert(false); Signs: n neg 0 -> zero n > 0 -> pos Infeasible counter-example [1]: [2]: [3]: X

28 Choose-free state space search Theorem [Saidi:SAS’00] Every path in the abstracted program where all assignments are deterministic is a path in the concrete program. Bias the model checker –to look only at paths that do not include instructions that introduce non-determinism JPF model checker modified –to detect non-deterministic choice and backtrack from those points

29 Choice-bounded Search choose() X X Detectable Violation Undetectable Violation State space searched

30 Technology Overview Slicing Abstraction – Under-Approximations – Over-Approximations Predicate Abstraction Data Type Abstractions State Compression Partial-order Reduction Heuristic Search

31 Technology Overview Slicing Abstraction – Under-Approximations – Over-Approximations Predicate Abstraction Data Type Abstractions State Compression Partial-order Reduction Heuristic Search

32 State Compression Threads Thread Frames StaticDynamic Monitor Fields Pool Monitor Pool Thread Pool Integer State Vector Forward Backward Allows 2x source lines and 15x state-space increase

33 Technology Overview Slicing Abstraction – Under-Approximations – Over-Approximations Predicate Abstraction Data Type Abstractions State Compression Partial-order Reduction Heuristic Search

34 Reducing Interleavings T 1 || T 2 T1T1 T2T2 T2T2 T1T1 T1T1 T2T2 Unnecessary Interleavings cause State-explosion – Interleaving independent statements Partial-order Reduction Eliminates unnecessary interleavings – Only interleave dependent statements during model checking Require Static analysis phase before model checking to determine statements that are globally independent – Advanced alias-analysis

35 Partial-order Reduction class FirstTask extends Thread { public void run() { int x; S1 s1; x = 1; s1 = new S1(); x = 3; } class S1 {int x;} class S2 {int y;} public class Example { public static void main (String[] args) { FirstTask t1 = new FirstTask(); SecondTask t2 = new SecondTask(); t1.start(); t2.start(); }} class SecondTask extends Thread { public void run() { int x; S2 s2; x = 2; s2 = new S2(); x = 3; } 43 states with no reduction 18 states With partial-order reduction all statements are globally independent (safe)

36 Partial-order Reduction class FirstTask extends Thread { public void run() { int x; S1 s1; Example.x = 1; s1 = new S1(); x = 3; } class S1 {int x;} class S2 {int y;} public class Example { public static int x = 10; public static void main (String[] args) { FirstTask t1 = new FirstTask(); SecondTask t2 = new SecondTask(); t1.start(); t2.start(); }} class SecondTask extends Thread { public void run() { int x; S2 s2; Example.x = 2; s2 = new S2(); x = 3; } 43 states with no reduction 27 states With partial-order reduction 2 statements are not globally independent Not Safe

37 Technology Overview Slicing Abstraction State Compression Partial-order Reduction Heuristic Search

Heuristic Search Breadth-first (BFS) like state-generation Priority queue according to fitness function Queue limit parameter Priority Queue with limit

39 Heuristic Search Best-First, Beam and A* Search Heuristics based on property – deadlock Maximize number of blocked threads – Assertions Minimize distance to assertion Heuristics on structure of Program –Interleaving heuristic Maximize different thread scheduling –Branch Exploration Maximize the coverage of new branches –Choose-free heuristic Minimize non-deterministic choice User-defined heuristics –Full access to JVM’s state via API Combine heuristics

40 Choose-free Heuristic Infeasible error elimination during abstraction Heuristic function returns best value for states with least number of non-deterministic choices enabled If no “deterministic” error exists it also searches rest of the state space X State space searched first

41 Scaling Program Model Checking Error-Detection Remote Agent Hand-translation SPIN DEOS Systematic Hand-translation SPIN DEOS Java-translation JPF Autopilot JPF

42 JPF Released JPF released to collaborators and beta testers in February worldwide downloads

43 Future Work Combined Property and Heuristic specification languages –“DFS until full(queue) then show no-deadlock using branch-exploration” –Allow model checker to “learn” how to search the state-space Combine Coverage, Model Checking and Runtime analysis to give bounded correctness guarantees –Check a system under certain environment assumptions, if property holds, then use runtime analysis to check assumptions during execution C/C++ Version under development

44 High-Assurance Software Design Case 0: new(); Case 1: Stop(); Case 2: Remove(); Case 3: Wait(); Case 0: new(); Case 2: Remove(); Slicing Abstraction Environment JPF Model Checker Repair DEOS lines to 1500 Property preserving DEOS Infinite state to 1,000,000 states Semi-automated and requires domain knowledge Heuristic search Focused search for errors Partial-order reduction Spurious error elimination during abstraction State compression Bandera code-level debugging of error-path 3x30x 5x100x 2x15x2x10x 2x10x Combined techniques allows O(10 2 ) source line and O(10 6 ) state-space increase over state of practice Generation

45 DEOS Real-time O/S from Honeywell Subtle error 1500 lines of Java –C++ originally Dependency Analysis Apply Type Abstraction Spurious errors exist Use choose-free heuristic timer delete timer preempt User2: 16/21

46 Autopilot Tutor

47 Model Checking the Autopilot GUI Program Program Automatically Replace GUI methods with stubs Instrument Event Handling (Semi-automated) Pilot Task Regular Expr JPF JPF Java Program Compiler + Pilot Mental Model + No Mode Confusion Error Script

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.