Abstract
Auto-active verifiers provide a level of automation intermediate between fully automatic and interactive: users supply code with annotations as input while benefiting from a high level of automation in the back-end. This paper presents AutoProof, a state-of-the-art auto-active verifier for object-oriented sequential programs with complex functional specifications. AutoProof fully supports advanced object-oriented features and a powerful methodology for framing and class invariants, which make it applicable in practice to idiomatic object-oriented patterns. The paper focuses on describing AutoProof ’s interface, design, and implementation features, and demonstrates AutoProof ’s performance on a rich collection of benchmark problems. The results attest AutoProof ’s competitiveness among tools in its league on cutting-edge functional verification of object-oriented programs.
Similar content being viewed by others
Notes
Although inter-matic would be as good a name.
Maintaining invariants is the default, which can be overridden; see Sect. 4.5 for details.
Overflow checking can be disabled to treat integers as mathematical integers.
As usual, modulo bugs in the implementation.
Somewhat similarly to other verification techniques like bounded model checking [9].
Even though class
does not explicitly define any other model attributes, such attributes might be added in descendant classes; in addition, the invariant methodology described below equips each class with implicit model attributes
,
, and
.
This default is inspired by VCC’s static owns [10].
Since they are immutable, logic classes do not include state-modifying commands.
In accordance with common practices in verification competitions, we count tokens for the s/c ratio; but we provide other measures in lines, which are more naturally understandable.
See the course’s homepage at http://se.inf.ethz.ch/courses/2014b_fall/sv/.
A simple way to implement support of this kind could build atop Boogie’s smoke testing functionality.
References
Ahrendt, W., Beckert, B., Bruns, D., Bubel, R., Gladisch, C., Grebing, S., Hähnle, R., Hentschel, M., Herda, M., Klebanov, V., Mostowski, W., Scheben, C., Schmitt, P.H., Ulbrich, M.: The KeY platform for verification and analysis of Java programs. In: Verified Software: Theories, Tools, and Experiments (VSTTE 2014). Lecture Notes in Computer Science, no. 8471. Springer, Berlin (2014)
Barnett, M., Fähndrich, M., Leino, K.R.M., Müller, P., Schulte, W., Venter, H.: Specification and verification: the Spec# experience. Commun. ACM 54(6), 81–91 (2011). http://specsharp.codeplex.com/
Barnett, M., Naumann, D.A.: Friends need a bit more: maintaining invariants over shared state. In: Mathematics of Program Construction. Springer, Berlin (2004)
Beckert, B., Bruns, D., Klebanov, V., Scheben, C., Schmitt, P.H., Ulbrich, M.: Information flow in object-oriented software. In: Logic-Based Program Synthesis and Transformation, 23rd International Symposium, LOPSTR. Lecture Notes in Computer Science, vol. 8901. Springer, Berlin (2014)
Beckert, B., Hähnle, R., Schmitt, P.H., (eds.) Verification of object-oriented software: the KeY Approach. In: LNCS, vol. 4334. Springer, Berlin (2007)
Bormer, T., et al.: The COST IC0701 verification competition 2011. In: FoVeOOS. LNCS, vol. 7421. Springer, Berlin (2012). http://foveoos2011.cost-ic0701.org/verification-competition
Chalin, P., Kiniry, J.R., Leavens, G.T., Poll, E.: Beyond assertions: Advanced specification and verification with JML and ESC/Java2. In: FMCO, LNCS. Springer, Berlin. http://kindsoftware.com/products/opensource/ESCJava2/ (2006)
Chimento, J.M., Ahrendt, W., Pace, G.J., Schneider, G.: StaRVOOrS: a tool for combined static and runtime verification of Java. In: Bartocci, E., Majumdar, R. (eds.) Runtime Verification—6th International Conference, RV 2015. Lecture Notes in Computer Science, vol. 9333. Springer, Berlin (2015)
Clarke, E.M., Biere, A., Raimi, R., Zhu, Y.: Bounded model checking using satisfiability solving. Form. Methods. Syst. Des. 19(1), 7–34 (2001)
Cohen, E., Dahlweid, M., Hillebrand, M.A., Leinenbach, D., Moskal, M., Santen, T., Schulte, W., Tobies, S.: VCC: a practical system for verifying concurrent C. In: TPHOLs. LNCS, vol. 5674. Springer, Berlin (2009)
Cok, D.: The OpenJML toolset. In: NASA Formal Methods, vol. 6617. (2011)
Darvas, Á., Müller, P.: Faithful mapping of model classes to mathematical structures. IET Softw. 2(6), 477–499 (2008)
Dijkstra, E.W.: A Discipline of Programming. Prentice Hall, Upper Saddle River (1976)
EiffelBase2: A Fully Verified Container Library. https://github.com/nadia-polikarpova/eiffelbase2 (2015)
Ernst, G., Pfähler, J., Schellhorn, G., Haneberg, D., Reif, W.: KIV: overview and VerifyThis competition. Int. J. Softw. Tools Technol. Transf. 17(6), 677–694 (2015)
Filliâtre, J.C., Marché, C.L.: The Why/Krakatoa/Caduceus platform for deductive program verification. In: CAV. LNCS, vol. 4590. Springer, Berlin. http://krakatoa.lri.fr/ (2007)
Filliâtre, J.C., Paskevich, A.: Why3—where programs meet provers. In: ESOP. LNCS, vol. 7792. Springer, Berlin. http://why3.lri.fr/ (2013)
Filliâtre, J.-C., Paskevich, A., Stump, A.: The 2nd verified software competition: experience report. In: COMPARE. CEUR Workshop Proceedings, vol. 873. CEUR-WS.org, 2012. https://sites.google.com/site/vstte2012/compet (2012)
Furia, C.A.: Rotation of sequences: algorithms and proofs. http://arxiv.org/abs/1406.5453 (2014)
Furia, C.A., Poskitt, C.M., Tschannen, J.: The AutoProof verifier: Usability by non-experts and on standard code. In: Dubois, C., Masci, P., Mery, D. (eds.) Proceedings of the 2nd Workshop on Formal Integrated Development Environment (F-IDE). Electronic Proceedings in Theoretical Computer Science, vol. 187, pp. 42–55. EPTCS, June 2015. Workshop co-located with FM (2015)
Gamma, E., Helm, R., Johnson, R., Vlissides, J.: Design Patterns. Addison-Wesley, Boston (1995)
Huisman, M., Klebanov, V., Monahan, R.: VerifyThis verification competition. http://verifythis2012.cost-ic0701.org (2012)
Huisman, M., Klebanov, V., Monahan, R.: VerifyThis verification competition. http://etaps2015.verifythis.org/ (2015)
Jacobs, B., Smans, J., Piessens, F.: A quick tour of the VeriFast program verifier. In: APLAS. LNCS, vol. 6461. Springer, Berlin. http://people.cs.kuleuven.be/~bart.jacobs/verifast/ (2010)
Jacobs, B., Smans, J., Piessens, F.: VeriFast: Imperative programs as proofs. In: VS-Tools Workshop at VSTTE (2010)
Kassios, I.T.: Dynamic frames: Support for framing, dependencies and sharing without restrictions. In: FM. Springer, Berlin (2006)
Kiniry, J.R., Morkan, A.E., Cochran, D., Fairmichael, F., Chalin, P., Oostdijk, M., Hubbers, E.: The KOA remote voting system: a summary of work to date. In: TGC. LNCS, vol. 4661. Springer, Berlin (2007)
Klebanov, V., et al.: The 1st verified software competition: experience report. In: FM. LNCS, vol. 6664. Springer, Berlin. https://sites.google.com/a/vscomp.org/main/ (2011)
Leavens, G.T., Cheon, Y., Clifton, C., Ruby, C., Cok, D.R.: How the design of JML accommodates both runtime assertion checking and formal verification. Sci. Comput. Program. 55(1–3), 185–208 (2005)
Leavens, G.T., Leino, K.R.M., Müller, P.: Specification and verification challenges for sequential object-oriented programs. Form. Aspects Comput. 19(2), 159–189 (2007)
Leino, K.R.M.: This is boogie 2. Technical Report, Microsoft Research. http://research.microsoft.com/apps/pubs/default.aspx?id=147643 (2008)
Dafny: An automatic program verifier for functional correctness. In: LPAR-16. LNCS, vol. 6355. Springer, Berlin. http://research.microsoft.com/en-us/projects/dafny/ (2010)
Leino, K.R.M., Moskal, M.: Usable auto-active verification. In: Usable Verification Workshop. http://fm.csl.sri.com/UV10/ (2010)
Leino, K.R.M., Müller, P.: Object invariants in dynamic contexts. In: ECOOP 2004—Object-Oriented Programming, 18th European Conference, Oslo, Norway, June 14–18, 2004, Proceedings. Lecture Notes in Computer Science, vol. 3086. Springer, Berlin (2004)
Leino, K.R.M., Müller, P.: Object invariants in dynamic contexts. In: ECOOP. Springer, Berlin (2004)
Leino, K.R.M., Poetzsch-Heffter, A., Zhou, Y.: Using data groups to specify and check side effects. In: Proceedings of the 2002 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), Berlin, Germany, June 17–19, 2002, pp. 246–257 (2002)
Logozzo, F.: Our experience with the CodeContracts static checker. In: 241 VSTTE. LNCS, vol. 7152. Springer, Berlin. http://msdn.microsoft.com/en-us/devlabs/dd491992.aspx (2012)
The OpenJML Toolset. http://openjml.org/ (2013)
Pek, E., Qiu, X., Madhusudan, P.: Natural proofs for data structure manipulation in C using separation logic. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI ’14, Edinburgh, United Kingdom, June 09–11, 2014, p. 46 (2014)
Polikarpova, N., Furia, C.A., Meyer, B.: Specifying reusable components. In: VSTTE. LNCS, vol. 6217. Springer, Berlin (2010)
Polikarpova, N., Tschannen, J., Furia, C.A.: A fully verified container library. In: FM LNCS. Springer, Berlin (2015)
Polikarpova, N., Tschannen, J., Furia, C.A., Meyer, B.: Flexible invariants through semantic collaboration. In: FM. LNCS, vol. 8442. Springer, Berlin (2014)
SAVCBS workshop series. http://www.eecs.ucf.edu/~leavens/SAVCBS/ (2010)
Summers, A.J., Drossopoulou, S., Müller, P.: The need for flexible object invariants. In: IWACO, pp. 1–9. ACM, New York (2009)
Suter, P., Köksal, A.S., Kuncak, V.: Satisfiability modulo recursive programs. In: SAS. LNCS, vol. 6887. Springer, Berlin. http://leon.epfl.ch/ (2011)
Tschannen, J., Furia, C.A., Nordio, M.: AutoProof meets some verification challenges. Int. J. Softw. Tools Technol. Transf. 17(6), 745–755 (2015)
Tschannen, J., Furia, C.A., Nordio, M., Meyer, B.: Usable verification of object-oriented programs by combining static and dynamic techniques. In: SEFM. LNCS, vol. 7041. Springer, Berlin (2011)
Tschannen, J., Furia, C.A., Nordio, M., Meyer, B.: Automatic verification of advanced object-oriented features: the AutoProof approach. In: Tools for Practical Software Verification. LNCS, vol. 7682. Springer, Berlin (2012)
Tschannen, J., Furia, C.A., Nordio, M., Meyer, B.: Program checking with less hassle. In: VSTTE 2013, vol. 8164. Springer, Berlin (2014)
Tschannen, J., Furia, C.A., Nordio, M., Polikarpova, N.: AutoProof: auto-active functional verification of object-oriented programs. In: Baier, C., Tinelli, C., et al. (eds.) Proceedings of the 21st International Conference on Tools and Algorithms for the Construction and Analysis of systems (TACAS). Lecture Notes in Computer Science, vol. 9035, pp. 566–580. Springer, Berlin (2015)
Weide, B.W., Sitaraman, M., Harton, H.K., Adcock, B., Bucci, P., Bronish, D., Heym, W.D., Kirschenbaum, J., Frazier, D.: Incremental benchmarks for software verification tools and techniques. In: VSTTE. LNCS, no. 5295, pp. 84–98. Springer, Berlin (2008)
West, S., Nanz, S., Meyer, B.: Efficient and reasonable object-oriented concurrency. In Proceedings of the 10th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE ’15). ACM, New York (2015)
Author information
Authors and Affiliations
Corresponding author
Additional information
A preliminary version of this work appeared in the 21st International Conference on Tools and Algorithms for the Construction and Analysis of Systems in 2015 [50].
Julian Tschannen: work mainly done while all the authors were affiliated with ETH Zurich.
Rights and permissions
About this article
Cite this article
Furia, C.A., Nordio, M., Polikarpova, N. et al. AutoProof: auto-active functional verification of object-oriented programs. Int J Softw Tools Technol Transfer 19, 697–716 (2017). https://doi.org/10.1007/s10009-016-0419-0
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10009-016-0419-0