ProMoVer: Modular Verification of Temporal Safety Properties
This paper describes ProMoVer, a tool for fully automated procedure–modular verification of Java programs equipped with method–local and global assertions that specify safety properties of sequences of method invocations. Modularity at the procedure–level is a natural instantiation of the modular verification paradigm, where correctness of global properties is relativized on the local properties of the methods rather than on their implementations, and is based here on the construction of maximal models for a program model that abstracts away from program data. This approach allows global properties to be verified in the presence of code evolution, multiple method implementations (as arising from software product lines), or even unknown method implementations (as in mobile code for open platforms). ProMoVer automates a typical verification scenario for a previously developed tool set for compositional verification of control flow safety properties, and provides appropriate pre– and post–processing. Modularity is exploited by a mechanism for proof reuse that detects and minimizes the verification tasks resulting from changes in the code and the specifications. The verification task is relatively light–weight due to support for abstraction from private methods and automatic extraction of candidate specifications from method implementations. We evaluate the tool on a number of applications from the smart card domain.
KeywordsTemporal Logic Smart Card Global Property Linear Temporal Logic Software Product Line
Unable to display preview. Download preview PDF.
- 1.Alur, R., Arenas, M., Barcelo, P., Etessami, K., Immerman, N., Libkin, L.: First-order and temporal logics for nested words. In: Logic in Computer Science (LICS 2007), pp. 151–160. IEEE Computer Society, Washington, DC, USA (2007)Google Scholar
- 4.Cleaveland, R., Parrow, J., Steffen, B.: A semantics based verification tool for finite state systems. In: International Symposium on Protocol Specification, Testing and Verification, pp. 287–302. North-Holland Publishing Co., Amsterdam (1990)Google Scholar
- 5.Das, M., Lerner, S., Seigle, M.: ESP: Path–sensitive program verification in polynomial time. In: Programming Language Design and Implementation (PLDI 2002), pp. 57–68. ACM, New York (2002)Google Scholar
- 6.Doclet overview, http://java.sun.com/j2se/1.3/docs/tooldocs/javadoc/overview.html
- 10.Hubbers, E., Poll, E.: Transactions and non-atomic API methods in Java Card: specification ambiguity and strange implementation behaviours. Technical Report NIII-R0438, Radboud University Nijmegen (2004)Google Scholar
- 14.Kiefer, S., Schwoon, S., Suwimonteerabuth, D.: Moped - a model-checker for pushdown systems, http://www.informatik.uni-stuttgart.de/fmi/szs/tools/moped/
- 17.Leavens, G., Poll, E., Clifton, C., Cheon, Y., Ruby, C., Cok, D., Müller, P., Kiniry, J., Chalin, P.: JML Reference Manual, Department of Computer Science, Iowa State University (February 2007), http://www.jmlspecs.org
- 19.Rot, J., de Boer, F., Bonsangue, M.: A pushdown system representation for unbounded object creation. In: Informal pre-proceedings of Formal Verification of Object–Oriented Software (FoVeOOS 2010) (2010)Google Scholar
- 20.Soleimanifard, S., Gurov, D., Huisman, M.: ProMoVer web interface, http://www.csc.kth.se/~siavashs/ProMoVer
- 21.Soleimanifard, S., Gurov, D., Huisman, M.: Procedure–modular verification of control flow safety properties. In: Workshop on Formal Techniques for Java Programs, FTfJP 2010 (2010)Google Scholar