Advertisement

Proving Consistency of Pure Methods and Model Fields

  • K. Rustan M. Leino
  • Ronald Middelkoop
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5503)

Abstract

Pure methods and model fields are useful and common specification constructs that can be interpreted by the introduction of axioms in a program verifier’s underlying proof system. Care has to be taken that these axioms do not introduce an inconsistency into the proof system. This paper describes and proves sound an approach that ensures no inconsistencies are introduced. Unlike some previous syntax-based approaches, this approach is based on semantics, which lets it admit some natural but previously problematical specifications. The semantic conditions are discharged by the program verifier using an SMT solver, and the paper describes heuristics that help avoid common problems in finding witnesses with trigger-based SMT solvers. The paper reports on the positive experience with using this approach in Spec# for over a year.

Keywords

Model Field Proof System Deduction System Proof Obligation Program Verifier 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Cok, D.R.: Reasoning with specifications containing method calls and model fields. Journal of Object Technology 4(8), 77–103 (2005) (FTfJP 2004 Special Issue)CrossRefGoogle Scholar
  2. 2.
    Cheon, Y., Leavens, G., Sitaraman, M., Edwards, S.: Model variables: cleanly supporting abstraction in design by contract. Softw. Pract. Exper. 35(6), 583–599 (2005)CrossRefGoogle Scholar
  3. 3.
    Darvas, Á., Leino, K.R.M.: Practical reasoning about invocations and implementations of pure methods. In: Dwyer, M.B., Lopes, A. (eds.) FASE 2007. LNCS, vol. 4422, pp. 336–351. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  4. 4.
    Darvas, Á., Müller, P.: Reasoning About Method Calls in Interface Specifications. Journal of Object Technology 5(5), 59–85 (2006) (FTfJP 2005 Special Issue)CrossRefGoogle Scholar
  5. 5.
    Detlefs, D., Nelson, G., Saxe, J.B.: Simplify: a theorem prover for program checking. J. ACM 52(3), 365–473 (2005)MathSciNetCrossRefzbMATHGoogle Scholar
  6. 6.
    de Moura, L., Bjørner, N.: Z3: An Efficient SMT Solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  7. 7.
    Leino, K.R.M., Müller, P.: A verification methodology for model fields. In: Sestoft, P. (ed.) ESOP 2006. LNCS, vol. 3924, pp. 115–130. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  8. 8.
    Leino, K.R.M., Middelkoop, R.: Proving consistency of pure methods and model fields. Technical report, Microsoft Research (2009)Google Scholar
  9. 9.
    Clarke, D.: Object Ownership and Containment. PhD thesis, University of New South Wales (2001)Google Scholar
  10. 10.
    Müller, P.: Modular Specification and Verification of Object-Oriented Programs. LNCS, vol. 2262. Springer, Heidelberg (2002)zbMATHGoogle Scholar
  11. 11.
    Barnett, M., DeLine, R., Fähndrich, M., Leino, K.R.M., Schulte, W.: Verification of object-oriented programs with invariants. Journal of Object Technology 3(6), 27–56 (2004) (FTfJP 2003 Special Issue)CrossRefGoogle Scholar
  12. 12.
    Leino, K.R.M., Müller, P.: Object invariants in dynamic contexts. In: Odersky, M. (ed.) ECOOP 2004. LNCS, vol. 3086, pp. 491–515. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  13. 13.
    Middelkoop, R., Huizing, C., Kuiper, R., Luit, E.J.: Specification and Verification of Invariants by Exploiting Layers in OO Designs. Fundamenta Informaticae 85(1-4), 377–398 (2008) (CS&P 2007 Special Issue)MathSciNetzbMATHGoogle Scholar
  14. 14.
    Müller, P., Poetzsch-Heffter, A., Leavens, G.T.: Modular invariants for layered object structures. Science of Computer Programming 62(3), 253–286 (2006)MathSciNetCrossRefzbMATHGoogle Scholar
  15. 15.
    Clarke, D.G., Potter, J.M., Noble, J.: Ownership types for flexible alias protection. In: OOPSLA 1998, pp. 48–64. ACM Press, New York (1998)Google Scholar
  16. 16.
    Fähndrich, M., Leino, K.R.M.: Declaring and checking non-null types in an object-oriented language. In: OOPSLA, pp. 302–312. ACM, New York (2003)Google Scholar
  17. 17.
    Breunesse, C.B., Poll, E.: Verifying JML specifications with model fields. In: FTfJP 2003, Technical Report 408, ETH Zurich, 51–60 (2003)Google Scholar
  18. 18.
    Chalin, P.: Are the logical foundations of verifying compiler prototypes matching user expectations? Form. Asp. Comput. 19(2), 139–158 (2007)CrossRefzbMATHGoogle Scholar
  19. 19.
    Rudich, A., Darvas, Á., Müller, P.: Checking well-formedness of pure-method specifications. In: Cuellar, J., Maibaum, T., Sere, K. (eds.) FM 2008. LNCS, vol. 5014, pp. 68–83. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  20. 20.
    Naumann, D.A.: Observational purity and encapsulation. Theor. Comput. Sci. 376(3), 205–224 (2007)MathSciNetCrossRefzbMATHGoogle Scholar
  21. 21.
    Barnett, M., Naumann, D.A., Schulte, W., Sun, Q.: 99.44% pure: Useful abstractions in specifications. In: FTfJP 2004, Technical Report NIII-R0426, University of Nijmegen, 11–18 (2004)Google Scholar
  22. 22.
    Leino, K.R.M., Müller, P.: Verification of equivalent-results methods. In: Drossopoulou, S. (ed.) ESOP 2008. LNCS, vol. 4960, pp. 307–321. Springer, Heidelberg (2008)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • K. Rustan M. Leino
    • 1
  • Ronald Middelkoop
    • 2
  1. 1.Microsoft ResearchRedmondUSA
  2. 2.Technische UniversiteitEindhovenHolland

Personalised recommendations