Skip to main content

Traits: Correctness-by-Construction for Free

  • 77 Accesses

Part of the Lecture Notes in Computer Science book series (LNCS,volume 13273)

Abstract

We demonstrate that traits are a natural way to support correctness-by-construction (CbC) in an existing programming language in the presence of traditional post-hoc verification (PhV). With Correctness-by-Construction, programs are constructed incrementally along with a specification that is inherently guaranteed to be satisfied. CbC is complex to use without specialized tool support, since it needs a set of refinement rules of fixed granularity which are additional rules on top of the programming language.

In this work, we propose TraitCbC, an incremental program construction procedure that implements correctness-by-construction on the basis of PhV by using traits. TraitCbC enables program construction by trait composition instead of refinement rules. It provides a programming guideline, which similar to CbC should lead to well-structured programs, and allows flexible reuse of verified program building blocks. We introduce TraitCbC formally and prove the soundness of our verification strategy. Additionally, we implement TraitCbC as a proof of concept.

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-031-08679-3_9
  • Chapter length: 20 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   59.99
Price excludes VAT (USA)
  • ISBN: 978-3-031-08679-3
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   79.99
Price excludes VAT (USA)
Fig. 1.
Fig. 2.
Fig. 3.

Notes

  1. 1.

    The approach should not be confused with other CbC approaches such as CbyC of Hall and Chapman [24]. CbyC is a software development process that uses formal modeling techniques and analysis for various stages of development (architectural design, detailed design, code) to detect and eliminate defects as early as possible [13]. We also exclude data refinement from abstract data types to concrete ones during code generation as for example in Isabelle/HOL [23].

  2. 2.

    The term trait has been used by many programming languages: Java interfaces with default methods are a good approximation for what has been called trait in the literature, while Scala traits are mixins [21], and Rust traits are type classes [46].

  3. 3.

    The methods could also be implemented in one trait.

  4. 4.

    Tool and evaluation at https://github.com/TUBS-ISF/CorC/tree/TraitCbC.

  5. 5.

    For example, Dafny approximately checks that the functions used in a specification form an acyclic graph.

References

  1. Abrial, J.: Modeling in Event-B - System and Software Engineering. Cambridge University Press (2010)

    Google Scholar 

  2. Abrial, J.R., Butler, M., Hallerstede, S., Hoang, T.S., Mehta, F., Voisin, L.: Rodin: an open toolset for modelling and reasoning in event-B. STTT 12(6), 447–466 (2010)

    CrossRef  Google Scholar 

  3. Ahrendt, W., Beckert, B., Bubel, R., Hähnle, R., Schmitt, P.H., Ulbrich, M.: Deductive Software Verification-The KeY Book: From Theory to Practice, vol. 10001. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-49812-6

  4. Back, R.J.: Invariant based programming: basic approach and teaching experiences. FAOC 21(3), 227–244 (2009)

    MATH  Google Scholar 

  5. Back, R.-J., Eriksson, J., Myreen, M.: Testing and verifying invariant based programs in the SOCOS environment. In: Gurevich, Y., Meyer, B. (eds.) TAP 2007. LNCS, vol. 4454, pp. 61–78. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73770-4_4

    CrossRef  Google Scholar 

  6. Back, R.J., Wright, J.: Refinement Calculus: A Systematic Introduction. Springer, New York (2012). https://doi.org/10.1007/978-1-4612-1674-2

  7. Barnett, M., Fähndrich, M., Leino, K.R.M., Müller, P., Schulte, W., Venter, H.: Specification and verification: the spec# experience. Commun. ACM 54(6), 81–91 (2011)

    CrossRef  Google Scholar 

  8. Barnett, M., Leino, K.R.M., Schulte, W.: The Spec# programming system: an overview. In: Barthe, G., Burdy, L., Huisman, M., Lanet, J.-L., Muntean, T. (eds.) CASSIS 2004. LNCS, vol. 3362, pp. 49–69. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-30569-9_3

    CrossRef  Google Scholar 

  9. ter Beek, M.H., Cleophas, L., Schaefer, I., Watson, B.W.: X-by-construction. In: Margaria, T., Steffen, B. (eds.) ISoLA 2018. LNCS, vol. 11244, pp. 359–364. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03418-4_21

    CrossRef  Google Scholar 

  10. Bettini, L., Damiani, F., Schaefer, I.: Implementing software product lines using traits. In: SAC, pp. 2096–2102 (2010)

    Google Scholar 

  11. Bettini, L., Damiani, F., Schaefer, I., Strocco, F.: TRAITRECORDJ: a programming language with traits and records. Sci. Comput. Program. 78(5), 521–541 (2013)

    CrossRef  Google Scholar 

  12. Bono, V., Mensa, E., Naddeo, M.: Trait-oriented programming in Java 8. In: PPPJ, pp. 181–186 (2014)

    Google Scholar 

  13. Chapman, R.: Correctness by construction: a manifesto for high integrity software. In: SCS, pp. 43–46 (2006)

    Google Scholar 

  14. Chen, H.Y., David, C., Kroening, D., Schrammel, P., Wachter, B.: Synthesising interprocedural bit-precise termination proofs (t). In: ASE, pp. 53–64 (2015)

    Google Scholar 

  15. Clements, P., Northrop, L.: Software Product Lines: Practices and Patterns. Addison-Wesley (2002)

    Google Scholar 

  16. Cohen, E., et al.: VCC: a practical system for verifying concurrent C. In: Berghofer, S., Nipkow, T., Urban, C., Wenzel, M. (eds.) TPHOLs 2009. LNCS, vol. 5674, pp. 23–42. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03359-9_2

    CrossRef  Google Scholar 

  17. Cok, D.R.: OpenJML: JML for Java 7 by extending OpenJDK. In: Bobaru, M., Havelund, K., Holzmann, G.J., Joshi, R. (eds.) NFM 2011. LNCS, vol. 6617, pp. 472–479. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20398-5_35

    CrossRef  Google Scholar 

  18. Damiani, F., Dovland, J., Johnsen, E.B., Schaefer, I.: Verifying traits: an incremental proof system for fine-grained reuse. FAOC 26(4), 761–793 (2014)

    MATH  Google Scholar 

  19. Dijkstra, E.W.: A Discipline of Programming. Prentice Hall (1976)

    Google Scholar 

  20. Ducasse, S., Nierstrasz, O., Schärli, N., Wuyts, R., Black, A.P.: Traits: a mechanism for fine-grained reuse. TOPLAS 28(2), 331–388 (2006)

    CrossRef  Google Scholar 

  21. Flatt, M., Krishnamurthi, S., Felleisen, M.: Classes and Mixins. In: POPL, pp. 171–183 (1998)

    Google Scholar 

  22. Gries, D.: The Science of Programming. Springer, New York (1987). https://doi.org/10.1007/978-1-4612-5983-1

  23. Haftmann, F., Krauss, A., Kunčar, O., Nipkow, T.: Data refinement in Isabelle/HOL. In: Blazy, S., Paulin-Mohring, C., Pichardie, D. (eds.) ITP 2013. LNCS, vol. 7998, pp. 100–115. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39634-2_10

    CrossRef  Google Scholar 

  24. Hall, A., Chapman, R.: Correctness by construction: developing a commercial secure system. Softw. IEEE 19(1), 18–25 (2002)

    CrossRef  Google Scholar 

  25. Hall, R.J.: Fundamental nonmodularity in electronic mail. ASE 12(1), 41–79 (2005)

    Google Scholar 

  26. Hoare, C.A.R.: Procedures and parameters: an axiomatic approach. In: Engeler, E. (ed.) Symposium on Semantics of Algorithmic Languages. LNM, vol. 188, pp. 102–116. Springer, Heidelberg (1971). https://doi.org/10.1007/BFb0059696

    CrossRef  Google Scholar 

  27. Igarashi, A., Pierce, B.C., Wadler, P.: Featherweight Java: a minimal core calculus for Java and GJ. TOPLAS 23(3), 396–450 (2001)

    CrossRef  Google Scholar 

  28. Jacobs, B., Smans, J., Piessens, F.: A quick tour of the VeriFast program verifier. In: Ueda, K. (ed.) APLAS 2010. LNCS, vol. 6461, pp. 304–311. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17164-2_21

    CrossRef  Google Scholar 

  29. Khazeev, M., Rivera, V., Mazzara, M., Johard, L.: Initial steps towards assessing the usability of a verification tool. In: Ciancarini, P., Litvinov, S., Messina, A., Sillitti, A., Succi, G. (eds.) SEDA 2016. AISC, vol. 717, pp. 31–40. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-70578-1_4

    CrossRef  Google Scholar 

  30. Kourie, D.G., Watson, B.W.: The Correctness-by-Construction Approach to Programming. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-27919-5

  31. Leavens, G.T., Baker, A.L., Ruby, C.: JML: a Java modeling language. In: Formal Underpinnings of Java Workshop (at OOPSLA 1998), pp. 404–420. Citeseer (1998)

    Google Scholar 

  32. Leino, K.R.M.: Dafny: an automatic program verifier for functional correctness. In: Clarke, E.M., Voronkov, A. (eds.) LPAR 2010. LNCS (LNAI), vol. 6355, pp. 348–370. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17511-4_20

    CrossRef  MATH  Google Scholar 

  33. Liquori, L., Spiwack, A.: FeatherTrait: a modest extension of featherweight Java. TOPLAS 30(2), 1–32 (2008)

    CrossRef  Google Scholar 

  34. Liskov, B.H., Wing, J.M.: A behavioral notion of subtyping. TOPLAS 16(6), 1811–1841 (1994)

    CrossRef  Google Scholar 

  35. Meyer, B.: Eiffel: a language and environment for software engineering. JSS 8(3), 199–246 (1988)

    Google Scholar 

  36. Meyer, B.: Applying “Design by Contract’’. Computer 25(10), 40–51 (1992)

    CrossRef  Google Scholar 

  37. Morgan, C.: Programming from Specifications, 2nd edn. Prentice Hall (1994)

    Google Scholar 

  38. Oliveira, M.V.M., Cavalcanti, A., Woodcock, J.: ArcAngel: a tactic language for refinement. FAOC 15(1), 28–47 (2003)

    MATH  Google Scholar 

  39. Plath, M., Ryan, M.: Feature integration using a feature construct. Sci. Comput. Program. 41(1), 53–84 (2001)

    CrossRef  Google Scholar 

  40. Rebêlo, H., et al.: AspectJML: modular specification and runtime checking for crosscutting contracts. In: MODULARITY, pp. 157–168. ACM, New York (2014)

    Google Scholar 

  41. Runge, T., Potanin, A., Thüm, T., Schaefer, I.: Traits for correct-by-construction programming (2022). https://arxiv.org/abs/2204.05644

  42. Runge, T., Schaefer, I., Cleophas, L., Thüm, T., Kourie, D., Watson, B.W.: Tool support for correctness-by-construction. In: Hähnle, R., van der Aalst, W. (eds.) FASE 2019. LNCS, vol. 11424, pp. 25–42. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-16722-6_2

    CrossRef  Google Scholar 

  43. Scholz, W., Thüm, T., Apel, S., Lengauer, C.: Automatic detection of feature interactions using the Java modeling language: an experience report. In: SPLC. ACM, New York (2011)

    Google Scholar 

  44. Sery, O., Fedyukovich, G., Sharygina, N.: Interpolation-based function summaries in bounded model checking. In: Eder, K., Lourenço, J., Shehory, O. (eds.) HVC 2011. LNCS, vol. 7261, pp. 160–175. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34188-5_15

    CrossRef  Google Scholar 

  45. Smith, C., Drossopoulou, S.: Chai: traits for Java-like languages. In: Black, A.P. (ed.) ECOOP 2005. LNCS, vol. 3586, pp. 453–478. Springer, Heidelberg (2005). https://doi.org/10.1007/11531142_20

    CrossRef  Google Scholar 

  46. Sozeau, M., Oury, N.: First-class type classes. In: Mohamed, O.A., Muñoz, C., Tahar, S. (eds.) TPHOLs 2008. LNCS, vol. 5170, pp. 278–293. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-71067-7_23

    CrossRef  Google Scholar 

  47. Steinhöfel, D., Hähnle, R.: Abstract execution. In: ter Beek, M.H., McIver, A., Oliveira, J.N. (eds.) FM 2019. LNCS, vol. 11800, pp. 319–336. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-30942-8_20

    CrossRef  Google Scholar 

  48. Thüm, T., Schaefer, I., Apel, S., Hentschel, M.: Family-based deductive verification of software product lines. In: GPCE, pp. 11–20. ACM (2012)

    Google Scholar 

  49. Tschannen, J., Furia, C.A., Nordio, M., Polikarpova, N.: AutoProof: auto-active functional verification of object-oriented programs. In: Baier, C., Tinelli, C. (eds.) TACAS 2015. LNCS, vol. 9035, pp. 566–580. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46681-0_53

    CrossRef  Google Scholar 

  50. Watson, B.W., Kourie, D.G., Schaefer, I., Cleophas, L.: Correctness-by-construction and post-hoc verification: a marriage of convenience? In: Margaria, T., Steffen, B. (eds.) ISoLA 2016. LNCS, vol. 9952, pp. 730–748. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-47166-2_52

    CrossRef  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding authors

Correspondence to Tobias Runge , Alex Potanin , Thomas Thüm or Ina Schaefer .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2022 IFIP International Federation for Information Processing

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Runge, T., Potanin, A., Thüm, T., Schaefer, I. (2022). Traits: Correctness-by-Construction for Free. In: Mousavi, M.R., Philippou, A. (eds) Formal Techniques for Distributed Objects, Components, and Systems. FORTE 2022. Lecture Notes in Computer Science, vol 13273. Springer, Cham. https://doi.org/10.1007/978-3-031-08679-3_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-08679-3_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-08678-6

  • Online ISBN: 978-3-031-08679-3

  • eBook Packages: Computer ScienceComputer Science (R0)