Skip to main content
SpringerLink
Log in

Procedure-modular specification and verification of temporal safety properties

  • Special Section Paper
  • Published:
Software & Systems Modeling Aims and scope Submit manuscript

Abstract

This paper describes ProMoVer, a tool for fully automated procedure-modular verification of Java programs equipped with method-local and global assertions that specify safety properties of sequences of method invocations. Modularity at the procedure-level is a natural instantiation of the modular verification paradigm, where correctness of global properties is relativized on the local properties of the methods rather than on their implementations. Here, it is based on the construction of maximal models for a program model that abstracts away from program data. This approach allows global properties to be verified in the presence of code evolution, multiple method implementations (as arising from software product lines), or even unknown method implementations (as in mobile code for open platforms). ProMoVer automates a typical verification scenario for a previously developed tool set for compositional verification of control flow safety properties, and provides appropriate pre- and post-processing. Both linear-time temporal logic and finite automata are supported as formalisms for expressing local and global safety properties, allowing the user to choose a suitable format for the property at hand. Modularity is exploited by a mechanism for proof reuse that detects and minimizes the verification tasks resulting from changes in the code and the specifications. The verification task is relatively light-weight due to support for abstraction from private methods and automatic extraction of candidate specifications from method implementations. We evaluate the tool on a number of applications from the domains of Java Card and web-based application.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

Notes

  1. Unfortunately, not all tools that we use provide counterexamples.

  2. To simplify the presentation, the package names are removed from the configurations.

References

  1. Alur, R., Arenas, M., Barcelo, P., Etessami, K., Immerman, N., Libkin, L.: First-order and temporal logics for nested words. In: Logic in Computer Science (LICS ’07), pp. 151–160. IEEE Computer Society, Washington, DC (2007)

  2. Alur, R., Chaudhuri, S.: Temporal reasoning for procedural programs. In: Verification, Model Checking, and Abstract Interpretation (VMCAI ’10), vol. 5944 of LNCS, pp. 45–60. Springer, Berlin (2010)

  3. Alur, R., Etessami, K., Madhusudan, P.: A temporal logic for nested calls and returns. In: Tools and Algorithms for the Analysis and Construction of Software (TACAS ’04), vol. 2998 of LNCS, pp. 467–481. Springer, Berlin (2004)

  4. Amighi, A., de Carvalho Gomes, P., Gurov, D., Huisman, M.: Sound control-flow graph extraction for Java programs with exceptions. In: Software Engineering and Formal Methods (SEFM ’12), vol. 7504 of LNCS, pp. 33–47 (2012)

  5. Burkart, O., Caucal, D., Moller, F., Steffen, B.: Verification on infinite structures. In: Bergstra, J., Ponse, A., Smolka, S. (eds.) Handbook of Process Algebra, pp. 545–623. North Holland, Amsterdam (2000)

  6. Cleaveland, R., Parrow, J., Steffen, B.: A semantics based verification tool for finite state systems. In: International Symposium on Protocol Specification, Testing and Verification, pp. 287–302. North-Holland Publishing Co., Amsterdam (1990)

  7. Dam, M.: CTL* and ECTL* as fragments of the modal \(\mu \)-calculus. In :Colloquium on Trees in Algebra and Programming, (CAAP ’92), vol. 581 of LNCS, pp. 145–164. Springer, Berlin (1992)

  8. Das, M., Lerner, S., Seigle, M.: ESP: Path-sensitive program verification in polynomial time. In: Programming Language Design and Implementation (PLDI ’02), pp. 57–68. ACM (2002)

  9. Doclet overview. http://java.sun.com/j2se/1.3/docs/tooldocs/javadoc/overview.html

  10. Gawell, N.: Automatic verification of applet interaction properties. Master’s thesis, KTH Royal Institute of Technology, Stockholm, Sweden. Ref.: TRITA-CSC-E 2009:128 (2009)

  11. Goldman, M., Katz, S.: MAVEN: Modular aspect verification. In: Tools and Algorithms for the Construction and Analysis of Systems (TACAS ’07), vol. 4424 of LNCS, pp. 308–322. Springer, Berlin (2007)

  12. Gurov, D., Huisman, M.: Reducing behavioural to structural properties of programs with procedures. In: Verification, Model Checking, and Abstract Interpretation (VMCAI ’09), vol. 5403 of LNCS, pp. 136–150. Springer, Berlin (2009)

  13. Gurov, D., Huisman, M., Sprenger, C.: Compositional verification of sequential programs with procedures. Inf. Comput. 206(7), 840–868 (2008)

    Article  MATH  MathSciNet  Google Scholar 

  14. Hubbers, E., Poll, E.: Transactions and non-atomic API methods in Java Card: specification ambiguity and strange implementation behaviours. Technical Report NIII-R0438, Radboud University Nijmegen (2004)

  15. Hubert, L., Barré, N., Besson, F. Demange, D., Jensen, T., Monfort, V., Pichardie, D., Turpin, T.: Sawja: Static Analysis Workshop for Java. In: Formal Verification of Object-Oriented Software (FoVeOOS ’10), vol. 6528 of LNCS. Springer, Berlin (2010)

  16. Huisman, M., Aktug, I., Gurov, D.: Program models for compositional verification. In: International Conference on Formal Engineering Methods (ICFEM ’08), vol. 5256 of LNCS, pp. 147–166. Springer, Berlin (2008)

  17. Huisman, M., Gurov, D.: CVPP: A tool set for compositonal verification of control-flow safety properties. In: Formal Verification of Object-Oriented Software (FoVeOOS ’10), vol. 6528 of LNCS, pp. 107–121. Springer, Berlin (2010)

  18. Kiefer, S., Schwoon, S., Suwimonteerabuth, D.: Moped - a model-checker for pushdown systems. http://www.informatik.uni-stuttgart.de/fmi/szs/tools/moped/

  19. Kozen, D.: Results on the propositional \(\mu \)-calculus. Theo Comput Sci 27, 333–354 (1983)

    Article  MATH  MathSciNet  Google Scholar 

  20. Larsen, K.: Modal specifications. In: Automatic Verification Methods for Finite State Systems, vol. 407 of LNCS, pp. 232–246. Springer, Berlin (1989)

  21. Leavens, G., Poll, E., Clifton, C., Cheon, Y., Ruby, C., Cok, D., Müller, P., Kiniry, J., Chalin, P.: JML Reference Manual, Feb. 2007. Department of Computer Science, Iowa State University. Available from http://www.jmlspecs.org

  22. Müller, P.: Modular Specification and Verification of Object-Oriented Programs, vol. 2262 of LNCS. Springer, Berlin (2002)

  23. Pnueli, A.: The temporal logic of programs. In: IEEE Symposium on Foundations of Computer Science (FOCS ’77), pp. 46–57. IEEE Computer Society, Washington, DC (1977)

  24. Rot, J., de Boer, F., Bonsangue. M.: A pushdown system representation for unbounded object creation. In: Informal pre-proceedings of Formal Verification of Object-Oriented Software (FoVeOOS ’10) (2010)

  25. Sail-web application, 2012. https://code.google.com/p/sail-web/

  26. Schaefer, I., Gurov, D., Soleimanifard, S.: Compositional algorithmic verification of software product lines. In: Formal Methods for Components and Objects (FMCO ’10), vol. 6957 of LNCS, pp. 184–203. Springer, Berlin (2011)

  27. Schneider, F.B.: Enforceable security policies. ACM Trans. Infin Syst Security 3(1), 30–50 (2000)

    Article  Google Scholar 

  28. Soleimanifard, S., Gurov, D., Huisman, M.: PROMOVER web interface. http://www.csc.kth.se/~siavashs/ProMoVer

  29. Soleimanifard, S., Gurov, D., Huisman, M.: ProMoVer: Modular verification of temporal safety properties. In: Barthe, G., Pardo, A., Schneider, G. (eds.) Software Engineering and Formal Methods (SEFM ’11), vol. 7041 of LNCS, pp. 366–381. Springer, Berlin (2011)

  30. Stirling, C.: Modal and Temporal Logics of Processes. Springer, Berlin (2001)

    Book  Google Scholar 

Download references

Acknowledgments

We are indebted to Wojciech Mostowski, Erik Poll and Roberto Guanciale for their help in finding suitable case studies, to Afshin Amighi and Pedro de Carvalho Gomes for helping with the implementation of cvpp and ProMoVer, and to Stefan Schwoon for adapting the input language of Moped to our needs.

Author information

Authors and Affiliations

  1. KTH Royal Institute of Technology, Stockholm, Sweden

    Siavash Soleimanifard & Dilian Gurov

  2. University of Twente, Enschede, The Netherlands

    Marieke Huisman

Authors
  1. Siavash Soleimanifard
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dilian Gurov
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Marieke Huisman
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Siavash Soleimanifard.

Additional information

Communicated by Dr. Gerardo Schneider, Gilles Barthe, and Alberto Pardo.

Soleimanifard’s work is funded by the ContraST project of the Swedish Research Council VR, and Gurov’s work by the EU FET project FP7-ICT-2009-3 HATS. Huisman’s work is partially funded by ERC grant 258405 for the VerCors project.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Soleimanifard, S., Gurov, D. & Huisman, M. Procedure-modular specification and verification of temporal safety properties. Softw Syst Model 14, 83–100 (2015). https://doi.org/10.1007/s10270-013-0321-0

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10270-013-0321-0

Keywords

Search

Navigation