论文信息 - Modular Verification of Ada Generics

Modular Verification of Ada Generics

Abstract This paper develops modular verification rules for Ada generics which are proven to be sound and complete. The generic mechanism in Ada allows modules to be parameterized by types, procedures and functions. The modularity property allows a generic to be verified once, and then exported to other modules which assume that it is correct. This requires the generic to have a specification which is used in verifying other modules, but its implementation cannot be used for this purpose. Thus, modular verification cannot be based on removing generics by macro expansion which requires the use of the generic's implementation. The main difficulty with specifying and verifying a generic is that the specification language may need to be extended with a new theory for specifying and reasoning about properties of objects whose type is a parameter to the generic. Such theories must be part of the specification of the generic, and this raises the possibility that the extended specification language may not be expressive, even if it was before the extension. The use of strings in our specification language prevents this from happening, which is proven in the paper; this is a major step toward establishing the completeness of our rules. Modularity also had a large impact on our semantics for programming constructs which is quite different from the usual semantics in the literature, even though it is still based the denotational semantics of Scott and Strachey. The main reason for this is that we had to modify the standard definition of validity. Modularity requires that validity depend on certain internal assertions in a program, such as the precondition of a procedure invoked in the program.

William F. Ogden | George W. Ernst | Raymond J. Hookway | James A. Menegay

[1] Olaf Owe,et al. ANNA A Language for Annotating Ada Programs , 1987, Lecture Notes in Computer Science.

[2] Dana S. Scott. Some Definitional Suggestions for Automata Theory , 1967, J. Comput. Syst. Sci..

[3] H. Jerome Keisler,et al. Continuous Model Theory , 1966 .

[4] Alfred V. Aho,et al. Data Structures and Algorithms , 1983 .

[5] Joseph Y. Halpern,et al. Reasoning About Procedures as Parameters , 1983, Logic of Programs.

[6] Edmund M. Clarke,et al. Programming Language Constructs for Which It Is Impossible To Obtain Good Hoare Axiom Systems , 1979, JACM.

[7] C. A. R. Hoare,et al. An axiomatic basis for computer programming , 1969, CACM.

[8] Stephen A. Cook,et al. Soundness and Completeness of an Axiom System for Program Verification , 1978, SIAM J. Comput..

[9] William F. Ogden,et al. Specification of Abstract Data Types in Modula , 1980, TOPL.

[10] S. C. Kleene,et al. Introduction to Metamathematics , 1952 .

[11] Stephen D. Brookes,et al. Behavioural Equivalence Relations Induced by Programming Logics , 1983, ICALP.

[12] James E. Donahue,et al. Complementary Definitions of Programming Language Semantics , 1976, Lecture Notes in Computer Science.

[13] Donald I. Good,et al. Generics and verification in Ada , 1980, SIGPLAN '80.

[14] Susan S. Owicki,et al. Modular verification of concurrent programs , 1982, POPL '82.

[15] Joseph Y. Halpern. A good Hoare axiom system for an ALGOL-like language , 1984, POPL '84.