Advertisement

A Tool-Supported Proof System for Multithreaded Java

  • Erika Ábrahám
  • Frank S. de Boer
  • Willem-Paul de Roever
  • Martin Steffen
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2852)

Abstract

Besides the features of a class-based object-oriented language, Java integrates concurrency via its thread classes. The concurrency model includes shared-variable concurrency via instance variables, coordination via reentrant synchronization monitors, synchronous message passing, and dynamic thread creation.

To reason about safety properties of multithreaded Java programs, we introduce an assertional proof method for a multithreaded sublanguage of Java, covering the mentioned concurrency issues as well as the object-based core of Java.

The verification method is formulated in terms of proof-outlines, where the assertions are layered into local ones specifying the behavior of a single instance, and global ones taking care of the connections between objects. From the annotated program, a translator tool generates a number of verification conditions which are handed over to the interactive theorem prover PVS.

Keywords

Control Point Operational Semantic Proof System Object Constraint Language Abstract Syntax 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [AC96]
    Abadi, M., Cardelli, L.: A Theory of Objects. Monographs in Computer Science. Springer, Heidelberg (1996)zbMATHGoogle Scholar
  2. [ÁdBdRS03]
    Ábrahám, E., de Boer, F.S., de Roever, W.-P., Steffen, M.: A Hoare logic for monitors in Java. Techical report TR-ST- 03-1, Lehrstuhl für Software-Technologie, Institut für Informatik und Praktische Mathematik, Christian-Albrechts-Universität zu Kiel (April 2003)Google Scholar
  3. [AF99]
    Alves-Foss, J. (ed.): Formal Syntax and Semantics of Java. LNCS State-of-the-Art-Survey, vol. 1523. Springer, Heidelberg (1999)Google Scholar
  4. [AFdR80]
    Apt, K.R., Francez, N., de Roever, W.-P.: A proof system for communicating sequential processes. ACM Transactions on Programming Languages and Systems 2, 359–385 (1980)zbMATHCrossRefGoogle Scholar
  5. [AL97]
    Abadi, M., Rustan, K., Leino, M.: A logic of object-oriented programs. In: Bidoit, M., Dauchet, M. (eds.) CAAP 1997, FASE 1997, and TAPSOFT 1997. LNCS, vol. 1214, pp. 682–696. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  6. [ÁMdB00]
    Ábrahám-Mumm, E., de Boer, F.S.: Proof-outlines for threads in Java. In: Palamidessi, C. (ed.) CONCUR 2000. LNCS, vol. 1877, p. 229. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  7. [ÁMdBdRS02]
    Ábrahám-Mumm, E., de Boer, F.S., de Roever, W.-P., Steffen, M.: Verification for Java’s reentrant multithreading concept. In: Nielsen, M., Engberg, U. (eds.) FOSSACS 2002. LNCS, vol. 2303, pp. 4–20. Springer, Heidelberg (2002); A longer version, including the proofs for soundness and completeness, appeared as Technical Report TR-ST-02-1 (March 2002)CrossRefGoogle Scholar
  8. [Ame89]
    America, P.: A behavioural approach to subtyping in objectoriented programming languages. 443, Phillips Research Laboratories (January/April 1989)Google Scholar
  9. [And00]
    Andrews, G.R.: Foundations of Multithreaded, Parallel, and Distributed Programming. Addison-Wesley, Reading (2000)Google Scholar
  10. [BdBdRG03]
    Bosangue, M., de Boer, F.S., de Roever, W.-P., Graf, S. (eds.): FMCO 2002. LNCS, vol. 2852. Springer, Heidelberg (2003)Google Scholar
  11. [BFC95]
    Buhr, P.A., Fortier, M., Coffin, M.H.: Monitor classification. ACM Computing Surveys 27(1), 63–107 (1995)CrossRefGoogle Scholar
  12. [BFG02]
    Basin, D., Friedrich, S., Gawkowski, M.: Verified bytecode model checkers. In: Carreño, V.A., Muñoz, C.A., Tahar, S. (eds.) TPHOLs 2002. LNCS, vol. 2410, pp. 47–66. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  13. [CKRW99]
    Cenciarelli, P., Knapp, A., Reus, B., Wirsing, M.: An event-based structural operational semantics of multi-threaded Java. In: Alves-Foss [AF99], pp. 157–200Google Scholar
  14. [dB99]
    de Boer, F.S.: A WP-calculus for OO. In: Thomas, W. (ed.) FOSSACS 1999. LNCS, vol. 1578, pp. 135–156. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  15. [dBP02]
    de Boer, F.S., Pierik, C.: Computer-aided specification and verification of annotated object-oriented programs. In: Jacobs, B., Rensink, A. (eds.) Proceedings of the Fifth International Conference on Formal Methods for Open Object-Based Distributed Systems (FMOODS 2002), vol. 209, pp. 163–177. Kluwer, Dordrecht (2002)Google Scholar
  16. [dBP03]
    de Boer, F.S., Pierik, C.: Towards an environment for the verification of annotated object-oriented programs. Technical report UU-CS-2003-002, Institute of Information and Computing Sciences, University of Utrecht (January 2003)Google Scholar
  17. [dF95]
    de Figueiredo, C.C.: A proof system for a sequential object-oriented language. Technical Report UMCS-95-1-1, University of Manchester (1995)Google Scholar
  18. [Flo67]
    Floyd, R.W.: Assigning meanings to programs. In: Schwartz, J.T. (ed.) Proc. Symp. in Applied Mathematics, vol. 19, pp. 19–32 (1967)Google Scholar
  19. [GJS96]
    Gosling, J., Joy, B., Steele, G.: The Java Language Specification. Addison-Wesley, Reading (1996)zbMATHGoogle Scholar
  20. [HJ89]
    Hoare, C.A.R., Jones, C.B. (eds.): Essays in Computing Science. International Series in Computer Science. Prentice Hall, Englewood Cliffs (1989)zbMATHGoogle Scholar
  21. [Hoa69]
    Hoare, C.A.R.: An axiomatic basis for computer programming. Communications of the ACM 12, 576–580 (1969); Also in [HJ89]zbMATHCrossRefGoogle Scholar
  22. [Hui01]
    Huisman, M.: Java Program Verification in Higher-Order Logic with PVS and Isabelle. PhD thesis, University of Nijmegen (2001)Google Scholar
  23. [JKW03]
    Jacobs, B., Kiniry, J., Warnier, M.: Java program verification challenges. In: Bosangue et al. [BdBdRG03]Google Scholar
  24. [JvdBH+98]
    Jacobs, B., van den Berg, J., Huisman, M., van Barkum, M., Hensel, U., Tews, H.: Reasoning about classes in Java (preliminary report). In: Object Oriented Programing: Systems, Languages, and Applications (OOPSLA) 1998, pp. 329–340. ACM, New York (1998) (in SIGPLAN Notices)Google Scholar
  25. [LBR98]
    Leavens, G.T., Baker, A.L., Ruby, C.: JML: a Java modelling language. In: Formal Underpinnings of Java Workshop, at OOPSLA 1998 (1998)Google Scholar
  26. [LCC+03]
    Leavens, G.T., Cheon, Y., Clifton, C., Ruby, C., Cok, D.R.: How the design of jml accommodates both runtime assertion checking and formal verification. In: Bosangue, et al. [BdBdRG03]Google Scholar
  27. [LG81]
    Levin, G.M., Gries, D.: A proof technique for communicating sequential processes. Acta Informatica 15(3), 281–302 (1981)zbMATHCrossRefMathSciNetGoogle Scholar
  28. [Loo01]
    The LOOP project: Formal methods for object-oriented systems (2001), http://www.cs.kun.nl/~bart/LOOP/
  29. [LW90]
    Leavens, G.T., Wheil, W.E.: Reasoning about objectoriented programs that use subtypes. In: Object Oriented Programing: Systems, Languages, and Applications (OOPSLA) 1990, Ottawa, Canada, pp. 212–223. ACM, New York (1990); Extended AbstractCrossRefGoogle Scholar
  30. [LW94]
    Leavens, G.T., Wheil, W.E.: Specification and verification of object-oriented programs using supertype abstraction. Acta Informatica (1994); An expanded version appeared as Iowa State Unversity Report, 92-28dGoogle Scholar
  31. [OG76]
    Owicki, S., Gries, D.: An axiomatic proof technique for parallel programs. Acta Informatica 6(4), 319–340 (1976)zbMATHCrossRefMathSciNetGoogle Scholar
  32. [ORS92]
    Owre, S., Rushby, J.M., Shankar, N.: PVS: A prototype verification system. In: Kapur, D. (ed.) CADE 1992. LNCS, vol. 607, pp. 748–752. Springer, Heidelberg (1992)Google Scholar
  33. [PdB03]
    Pierik, C., de Boer, F.S.: A syntax-directed Hoare logic for object-oriented programming concepts. Technical report UU-CS-2003- 010, Institute of Information and Computing Sciences, University of Utrecht (2003)Google Scholar
  34. [PH97a]
    Poetzsch-Heffter, A.: A logic for the verification of object-oriented programs. In: Berghammer, R., Simon, F. (eds.) Proceedings of Programming Languages and Fundamentals of Programming, Institut für Informatik und Praktische Mathematik, Christian-Albrechts-Universität Kiel, November 1997. Bericht Nr. 9717, pp. 31–42 (1997)Google Scholar
  35. [PH97b]
    Poetzsch-Heffter, A.: Specification and Verification of Object- Oriented Programs. Technische Universität München, Habilitationsschrift (January 1997)Google Scholar
  36. [PHM98]
    Poetzsch-Heffter, A., Müller, P.: Logical foundations for typed object-oriented languages. In: Gries, D., de Roever, W.-P. (eds.) Proceedings of PROCOMET 1998. International Federation for Information Processing (IFIP). Chapman & Hall, Boca Raton (1998)Google Scholar
  37. [PHM99]
    Poetzsch-Heffter, A., Müller, P.: A programming logic for sequential Java. In: Swierstra, S.D. (ed.) ESOP 1999. LNCS, vol. 1576, pp. 162–176. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  38. [RHW01]
    Reus, B., Hennicker, R., Wirsing, M.: A Hoare calculus for verifying Java realizations of OCL-constrained design models. In: Hussmann, H. (ed.) FASE 2001. LNCS, vol. 2029, pp. 300–316. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  39. [RW00]
    Reus, B., Wirsing, M.: A Hoare-logic for object-oriented programs. Technical report, LMU München (2000)Google Scholar
  40. [SSB01]
    Stärk, R., Schmid, J., Börger, E.: Java and the Java Virtual Machine. Springer, Heidelberg (2001)zbMATHGoogle Scholar
  41. [TH02]
    Tang, F., Hofmann, M.: Generation of verification conditions for Abadi and Leino’s logic of objects (extended abstract). In: Proceedings of the 9th International Workshop on Foundations of Object- Oriented Languages, FOOL 2002 (2002); A longer version is available as LFCS technical reportGoogle Scholar
  42. [vO01]
    von Oheimb, D.: Hoare logic for Java in Isabelle/HOL. Concurrency and Computation: Practice and Experience 13(13), 1173–1214 (2001)zbMATHCrossRefGoogle Scholar
  43. [vON02]
    von Oheimb, D., Nipkow, T.: Hoare logic for NanoJava: Auxiliary variables, side effects and virtual methods revisited. In: Eriksson, L.-H., Lindsay, P.A. (eds.) FME 2002. LNCS, vol. 2391, pp. 89–105. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  44. [WK99]
    Warmer, J.B., Kleppe, A.G.: The Object Constraint Language: Precise Modeling With Uml. Object Technology Series. Addison-Wesley, Reading (1999)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Erika Ábrahám
    • 1
  • Frank S. de Boer
    • 2
  • Willem-Paul de Roever
    • 1
  • Martin Steffen
    • 1
  1. 1.Christian-Albrechts-University KielGermany
  2. 2.CWI AmsterdamThe Netherlands

Personalised recommendations