On Soundness of Verification for Software with Functional Semantics and Abstract Data Types

A threat to the soundness of modular verification systems arises from the following combination of specification and programming language features: a semantics in which the denotation of every pro- gram operation is a mathematical function, the opportunity to write re- lational specifications for program operations, and support for abstract data types. There is no apparent practical workaround for this problem short of changing one of these features. After accounting for software en- gineering considerations, the recommendation is to relax the first one and to restrict the second, i.e., (1) to partition program operations into "func- tion" operations and "procedure" operations; (2) to define the language semantics so the meaning of each function operation is a mathematical function, and to permit only a functional specification for a function op- eration; and (3) to define the language semantics so the meaning of each procedure operation is a mathematical relation, and to permit either a functional or a relational specification for a procedure operation.

[1]  Cliff B. Jones,et al.  Essays in computing science , 1989 .

[2]  J. Michael Spivey,et al.  The Z notation - a reference manual , 1992, Prentice Hall International Series in Computer Science.

[3]  Wayne D. Heym Computer program verification: improvements for human reasoning , 1996 .

[4]  Gregory Kulczycki,et al.  Reasoning about Software-Component Behavior , 2000, ICSR.

[5]  Donald Sannella,et al.  The Definition of Extended ML: A Gentle Introduction , 1997, Theor. Comput. Sci..

[6]  Murali Sitaraman,et al.  On the Practical Need for Abstraction Relations to Verify Abstract Data Type Representations , 1997, IEEE Trans. Software Eng..

[7]  Jeannette M. Wing A specifier's introduction to formal methods , 1990, Computer.

[8]  F. Warren Burton Nondeterminism with Referential Transparency in Functional Programming Languages , 1988, Comput. J..

[9]  Robert S. Boyer,et al.  Program Verification , 1985, J. Autom. Reason..

[10]  John McCarthy,et al.  LISP 1.5 Programmer's Manual , 1962 .

[11]  Rachel Harrison Abstract data types in standard ML , 1993, Wiley professional computing.

[12]  C. A. R. Hoare,et al.  Proof of correctness of data representations , 1972, Acta Informatica.

[13]  D. L. Parnas,et al.  On the criteria to be used in decomposing systems into modules , 1972, Software Pioneers.

[14]  Robert S. Boyer,et al.  Proving Theorems about LISP Functions , 1973, JACM.

[15]  John McCarthy,et al.  LISP - notes on its past and future , 1980, LISP Conference.

[16]  Stephen H. Edwards,et al.  Part II: specifying components in RESOLVE , 1994, SOEN.

[17]  Stephen J. Garland,et al.  Larch: Languages and Tools for Formal Specification , 1993, Texts and Monographs in Computer Science.

[18]  Ellis Horowitz,et al.  Abstract data types and software validation , 1978, CACM.

[19]  J. V. Tucker,et al.  Toward a General Theory of Computation and Specification over Abstract Data Types , 1990, ICCI.

[20]  Daniel G. Bobrow,et al.  Common lisp object system specification , 1988, SIGP.

[21]  Stephen A. Cook,et al.  Soundness and Completeness of an Axiom System for Program Verification , 1978, SIAM J. Comput..

[22]  Viktor Kuncak,et al.  Full functional verification of linked data structures , 2008, PLDI '08.

[23]  Daniel Schweizer,et al.  Verifying the Specification-to-Code Correspondence for Abstract Data Types , 1997 .

[24]  John McCarthy,et al.  A basis for a mathematical theory of computation, preliminary report , 1899, IRE-AIEE-ACM '61 (Western).

[25]  James H. Fetzer Program verification: the very idea , 1988, CACM.

[26]  Gary T. Leavens,et al.  JML: notations and tools supporting detailed design in Java , 2000 .