AutoProof: auto-active functional verification of object-oriented programs

  • Carlo A. Furia
  • Martin Nordio
  • Nadia PolikarpovaEmail author
  • Julian Tschannen
TACAS 2015


Auto-active verifiers provide a level of automation intermediate between fully automatic and interactive: users supply code with annotations as input while benefiting from a high level of automation in the back-end. This paper presents AutoProof, a state-of-the-art auto-active verifier for object-oriented sequential programs with complex functional specifications. AutoProof fully supports advanced object-oriented features and a powerful methodology for framing and class invariants, which make it applicable in practice to idiomatic object-oriented patterns. The paper focuses on describing AutoProof ’s interface, design, and implementation features, and demonstrates AutoProof ’s performance on a rich collection of benchmark problems. The results attest AutoProof ’s competitiveness among tools in its league on cutting-edge functional verification of object-oriented programs.


Functional verification Auto-active verification Object-oriented verification Verification benchmarks 


  1. 1.
    Ahrendt, W., Beckert, B., Bruns, D., Bubel, R., Gladisch, C., Grebing, S., Hähnle, R., Hentschel, M., Herda, M., Klebanov, V., Mostowski, W., Scheben, C., Schmitt, P.H., Ulbrich, M.: The KeY platform for verification and analysis of Java programs. In: Verified Software: Theories, Tools, and Experiments (VSTTE 2014). Lecture Notes in Computer Science, no. 8471. Springer, Berlin (2014)Google Scholar
  2. 2.
    Barnett, M., Fähndrich, M., Leino, K.R.M., Müller, P., Schulte, W., Venter, H.: Specification and verification: the Spec# experience. Commun. ACM 54(6), 81–91 (2011).
  3. 3.
    Barnett, M., Naumann, D.A.: Friends need a bit more: maintaining invariants over shared state. In: Mathematics of Program Construction. Springer, Berlin (2004)Google Scholar
  4. 4.
    Beckert, B., Bruns, D., Klebanov, V., Scheben, C., Schmitt, P.H., Ulbrich, M.: Information flow in object-oriented software. In: Logic-Based Program Synthesis and Transformation, 23rd International Symposium, LOPSTR. Lecture Notes in Computer Science, vol. 8901. Springer, Berlin (2014)Google Scholar
  5. 5.
    Beckert, B., Hähnle, R., Schmitt, P.H., (eds.) Verification of object-oriented software: the KeY Approach. In: LNCS, vol. 4334. Springer, Berlin (2007)Google Scholar
  6. 6.
    Bormer, T., et al.: The COST IC0701 verification competition 2011. In: FoVeOOS. LNCS, vol. 7421. Springer, Berlin (2012).
  7. 7.
    Chalin, P., Kiniry, J.R., Leavens, G.T., Poll, E.: Beyond assertions: Advanced specification and verification with JML and ESC/Java2. In: FMCO, LNCS. Springer, Berlin. (2006)
  8. 8.
    Chimento, J.M., Ahrendt, W., Pace, G.J., Schneider, G.: StaRVOOrS: a tool for combined static and runtime verification of Java. In: Bartocci, E., Majumdar, R. (eds.) Runtime Verification—6th International Conference, RV 2015. Lecture Notes in Computer Science, vol. 9333. Springer, Berlin (2015)Google Scholar
  9. 9.
    Clarke, E.M., Biere, A., Raimi, R., Zhu, Y.: Bounded model checking using satisfiability solving. Form. Methods. Syst. Des. 19(1), 7–34 (2001)CrossRefzbMATHGoogle Scholar
  10. 10.
    Cohen, E., Dahlweid, M., Hillebrand, M.A., Leinenbach, D., Moskal, M., Santen, T., Schulte, W., Tobies, S.: VCC: a practical system for verifying concurrent C. In: TPHOLs. LNCS, vol. 5674. Springer, Berlin (2009)Google Scholar
  11. 11.
    Cok, D.: The OpenJML toolset. In: NASA Formal Methods, vol. 6617. (2011)Google Scholar
  12. 12.
    Darvas, Á., Müller, P.: Faithful mapping of model classes to mathematical structures. IET Softw. 2(6), 477–499 (2008)CrossRefGoogle Scholar
  13. 13.
    Dijkstra, E.W.: A Discipline of Programming. Prentice Hall, Upper Saddle River (1976)Google Scholar
  14. 14.
    EiffelBase2: A Fully Verified Container Library. (2015)
  15. 15.
    Ernst, G., Pfähler, J., Schellhorn, G., Haneberg, D., Reif, W.: KIV: overview and VerifyThis competition. Int. J. Softw. Tools Technol. Transf. 17(6), 677–694 (2015)Google Scholar
  16. 16.
    Filliâtre, J.C., Marché, C.L.: The Why/Krakatoa/Caduceus platform for deductive program verification. In: CAV. LNCS, vol. 4590. Springer, Berlin. (2007)
  17. 17.
    Filliâtre, J.C., Paskevich, A.: Why3—where programs meet provers. In: ESOP. LNCS, vol. 7792. Springer, Berlin. (2013)
  18. 18.
    Filliâtre, J.-C., Paskevich, A., Stump, A.: The 2nd verified software competition: experience report. In: COMPARE. CEUR Workshop Proceedings, vol. 873., 2012. (2012)
  19. 19.
    Furia, C.A.: Rotation of sequences: algorithms and proofs. (2014)
  20. 20.
    Furia, C.A., Poskitt, C.M., Tschannen, J.: The AutoProof verifier: Usability by non-experts and on standard code. In: Dubois, C., Masci, P., Mery, D. (eds.) Proceedings of the 2nd Workshop on Formal Integrated Development Environment (F-IDE). Electronic Proceedings in Theoretical Computer Science, vol. 187, pp. 42–55. EPTCS, June 2015. Workshop co-located with FM (2015)Google Scholar
  21. 21.
    Gamma, E., Helm, R., Johnson, R., Vlissides, J.: Design Patterns. Addison-Wesley, Boston (1995)Google Scholar
  22. 22.
    Huisman, M., Klebanov, V., Monahan, R.: VerifyThis verification competition. (2012)
  23. 23.
    Huisman, M., Klebanov, V., Monahan, R.: VerifyThis verification competition. (2015)
  24. 24.
    Jacobs, B., Smans, J., Piessens, F.: A quick tour of the VeriFast program verifier. In: APLAS. LNCS, vol. 6461. Springer, Berlin. (2010)
  25. 25.
    Jacobs, B., Smans, J., Piessens, F.: VeriFast: Imperative programs as proofs. In: VS-Tools Workshop at VSTTE (2010)Google Scholar
  26. 26.
    Kassios, I.T.: Dynamic frames: Support for framing, dependencies and sharing without restrictions. In: FM. Springer, Berlin (2006)Google Scholar
  27. 27.
    Kiniry, J.R., Morkan, A.E., Cochran, D., Fairmichael, F., Chalin, P., Oostdijk, M., Hubbers, E.: The KOA remote voting system: a summary of work to date. In: TGC. LNCS, vol. 4661. Springer, Berlin (2007)Google Scholar
  28. 28.
    Klebanov, V., et al.: The 1st verified software competition: experience report. In: FM. LNCS, vol. 6664. Springer, Berlin. (2011)
  29. 29.
    Leavens, G.T., Cheon, Y., Clifton, C., Ruby, C., Cok, D.R.: How the design of JML accommodates both runtime assertion checking and formal verification. Sci. Comput. Program. 55(1–3), 185–208 (2005)MathSciNetCrossRefzbMATHGoogle Scholar
  30. 30.
    Leavens, G.T., Leino, K.R.M., Müller, P.: Specification and verification challenges for sequential object-oriented programs. Form. Aspects Comput. 19(2), 159–189 (2007)CrossRefzbMATHGoogle Scholar
  31. 31.
    Leino, K.R.M.: This is boogie 2. Technical Report, Microsoft Research. (2008)
  32. 32.
    Dafny: An automatic program verifier for functional correctness. In: LPAR-16. LNCS, vol. 6355. Springer, Berlin. (2010)
  33. 33.
    Leino, K.R.M., Moskal, M.: Usable auto-active verification. In: Usable Verification Workshop. (2010)
  34. 34.
    Leino, K.R.M., Müller, P.: Object invariants in dynamic contexts. In: ECOOP 2004—Object-Oriented Programming, 18th European Conference, Oslo, Norway, June 14–18, 2004, Proceedings. Lecture Notes in Computer Science, vol. 3086. Springer, Berlin (2004)Google Scholar
  35. 35.
    Leino, K.R.M., Müller, P.: Object invariants in dynamic contexts. In: ECOOP. Springer, Berlin (2004)Google Scholar
  36. 36.
    Leino, K.R.M., Poetzsch-Heffter, A., Zhou, Y.: Using data groups to specify and check side effects. In: Proceedings of the 2002 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), Berlin, Germany, June 17–19, 2002, pp. 246–257 (2002)Google Scholar
  37. 37.
    Logozzo, F.: Our experience with the CodeContracts static checker. In: 241 VSTTE. LNCS, vol. 7152. Springer, Berlin. (2012)
  38. 38.
    The OpenJML Toolset. (2013)
  39. 39.
    Pek, E., Qiu, X., Madhusudan, P.: Natural proofs for data structure manipulation in C using separation logic. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI ’14, Edinburgh, United Kingdom, June 09–11, 2014, p. 46 (2014)Google Scholar
  40. 40.
    Polikarpova, N., Furia, C.A., Meyer, B.: Specifying reusable components. In: VSTTE. LNCS, vol. 6217. Springer, Berlin (2010)Google Scholar
  41. 41.
    Polikarpova, N., Tschannen, J., Furia, C.A.: A fully verified container library. In: FM LNCS. Springer, Berlin (2015)Google Scholar
  42. 42.
    Polikarpova, N., Tschannen, J., Furia, C.A., Meyer, B.: Flexible invariants through semantic collaboration. In: FM. LNCS, vol. 8442. Springer, Berlin (2014)Google Scholar
  43. 43.
    SAVCBS workshop series. (2010)
  44. 44.
    Summers, A.J., Drossopoulou, S., Müller, P.: The need for flexible object invariants. In: IWACO, pp. 1–9. ACM, New York (2009)Google Scholar
  45. 45.
    Suter, P., Köksal, A.S., Kuncak, V.: Satisfiability modulo recursive programs. In: SAS. LNCS, vol. 6887. Springer, Berlin. (2011)
  46. 46.
    Tschannen, J., Furia, C.A., Nordio, M.: AutoProof meets some verification challenges. Int. J. Softw. Tools Technol. Transf. 17(6), 745–755 (2015)Google Scholar
  47. 47.
    Tschannen, J., Furia, C.A., Nordio, M., Meyer, B.: Usable verification of object-oriented programs by combining static and dynamic techniques. In: SEFM. LNCS, vol. 7041. Springer, Berlin (2011)Google Scholar
  48. 48.
    Tschannen, J., Furia, C.A., Nordio, M., Meyer, B.: Automatic verification of advanced object-oriented features: the AutoProof approach. In: Tools for Practical Software Verification. LNCS, vol. 7682. Springer, Berlin (2012)Google Scholar
  49. 49.
    Tschannen, J., Furia, C.A., Nordio, M., Meyer, B.: Program checking with less hassle. In: VSTTE 2013, vol. 8164. Springer, Berlin (2014)Google Scholar
  50. 50.
    Tschannen, J., Furia, C.A., Nordio, M., Polikarpova, N.: AutoProof: auto-active functional verification of object-oriented programs. In: Baier, C., Tinelli, C., et al. (eds.) Proceedings of the 21st International Conference on Tools and Algorithms for the Construction and Analysis of systems (TACAS). Lecture Notes in Computer Science, vol. 9035, pp. 566–580. Springer, Berlin (2015)Google Scholar
  51. 51.
    Weide, B.W., Sitaraman, M., Harton, H.K., Adcock, B., Bucci, P., Bronish, D., Heym, W.D., Kirschenbaum, J., Frazier, D.: Incremental benchmarks for software verification tools and techniques. In: VSTTE. LNCS, no. 5295, pp. 84–98. Springer, Berlin (2008)Google Scholar
  52. 52.
    West, S., Nanz, S., Meyer, B.: Efficient and reasonable object-oriented concurrency. In Proceedings of the 10th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE ’15). ACM, New York (2015)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2016

Authors and Affiliations

  • Carlo A. Furia
    • 1
  • Martin Nordio
    • 2
  • Nadia Polikarpova
    • 3
    Email author
  • Julian Tschannen
    • 2
  1. 1.Chalmers University of TechnologyGothenburgSweden
  2. 2.Chair of Software EngineeringETH ZurichZurichSwitzerland
  3. 3.MIT CSAILCambridgeUSA

Personalised recommendations