Mathematically Rigorous Methods for Determining Software Quality

Current software development and testing methodologies are inadequate for validating software in mission-critical applications. As Dijstra famously stated: "testing can be used to show the presence of bugs, but never to show their absence." When lives and national security is at stake, there is a need for mathematically rigorous techniques that can verify the absence of bugs. We propose to develop a framework for software verification and validation using the technique of type-based static analysis. Type theory, and static analysis using types, has been extensively studied in the academic literature, but most of that research has not yet been used to build real-world tools for software verification. Type-based static analysis is both powerful and mathematically rigorous, and offers significant advantages in terms of scalability and modularity over competing techniques. Our proposed framework will be capable of analyzing code written in C, C++, Java, C#, and other languages, and will be able to analyze both source code and compiled binaries. The framework will use automatic type inference to derive appropriate safety properties for common programming patterns, but will also allow the user to supply annotations that guide the analysis algorithms when proving more difficult properties.