Validation techniques for object-oriented proof outlines

This thesis presents a proof outline logic for a simple object-oriented programming language. The language has all object-oriented features of popular programming languages like Java and C#. In particular, it supports inheritance, field shadowing, aliasing, dynamic object creation, subtype polymorphism, and dynamic binding. The logic consists of techniques that validate proof outlines of programs written in this language. An important part of the logic is a novel adaptation rule for reasoning about method calls. The logic is both sound and (relatively) complete. A separate chapter in this thesis describes how the proof outline logic can be transformed into a modular logic that is suitable for open programs. This modular logic is based on behavioral subtyping. It uses a novel specification match to determine valid behavioral subtypes. Other contributions in this chapter are an object-oriented completeness notion for modular program logics and an analysis of several advanced specification constructs. Another chapter studies a class of invariants that are falsifiable by object creation. It introduces creation guards to obtain a modular methodology that protects these invariants. The last chapter of this thesis describes a tool that implements the proof outline logic. It automatically computes the remaining proof obligations by means of the validation techniques presented in this thesis. Moreover, it uses a theorem prover to check these proof obligations.

[1]  Frank S. de Boer,et al.  Reasoning about dynamically evolving process structures , 1994, Formal Aspects of Computing.

[2]  M. Winands Informed Search in Complex Games , 2000 .

[3]  J. Verbeek Politie en de nieuwe internationale informatiemarkt : grensregionale politiele gegevensuitwisseling en digitale expertise , 2004 .

[4]  C. A. R. Hoare,et al.  Procedures and parameters: An axiomatic approach , 1971, Symposium on Semantics of Algorithmic Languages.

[5]  Bart Jacobs,et al.  Formal Verification of a Commercial Smart Card Applet with Multiple Tools , 2004, AMAST.

[6]  Frank S. de Boer,et al.  A WP-calculus for OO , 1999, FoSSaCS.

[7]  Michael Barnett,et al.  Towards imperative modules: reasoning about invariants and sharing of mutable state , 2004, Proceedings of the 19th Annual IEEE Symposium on Logic in Computer Science, 2004..

[8]  M. V. Dignum,et al.  A Model for Organizational Interaction: based on Agents, founded in Logic , 2000 .

[9]  F. Grootjen,et al.  A pragmatic approach to the conceptualisation of language , 2005 .

[10]  G. de Haan,et al.  ETAG, A Formal Model of Competence Knowledge for User Interface Design , 2000 .

[11]  Bart Jacobs,et al.  Weakest pre-condition reasoning for Java programs with JML annotations , 2004, J. Log. Algebraic Methods Program..

[12]  Sophia Drossopoulou,et al.  Java Type Soundness Revisited , 2000 .

[13]  Thijs Westerveld,et al.  Using generative probabilistic models for multimedia retrieval , 2005, SIGF.

[14]  Frank S. de Boer,et al.  How to Cook a Complete Hoare Logic for Your Pet OO Language , 2003, FMCO.

[15]  Michael Barnett,et al.  Friends Need a Bit More: Maintaining Invariants Over Shared State , 2004, MPC.

[16]  Jacob Lenting Informed gambling : conception and analysis of a multi-agent mechanism for discrete reallocation , 1999 .

[17]  Ernst-Rüdiger Olderog,et al.  On the Notion of Expressiveness and the Rule of Adaption , 1983, Theor. Comput. Sci..

[18]  L. Mommers,et al.  Applied legal epistemology. Building a knowledge-based ontology of the legal domain , 2002 .

[19]  K. Rustan M. Leino,et al.  Using data groups to specify and check side effects , 2002, PLDI '02.

[20]  J. V. Tucker,et al.  Program correctness over abstract data types, with error-state semantics , 1988, CWI monographs.

[21]  David von Oheimb Hoare logic for Java in Isabelle/HOL , 2001, Concurr. Comput. Pract. Exp..

[22]  Stephen A. Cook,et al.  Soundness and Completeness of an Axiom System for Program Verification , 1978, SIAM J. Comput..

[23]  Gordon D. Plotkin,et al.  A structural approach to operational semantics , 2004, J. Log. Algebraic Methods Program..

[24]  Susan Owicki,et al.  An axiomatic proof technique for parallel programs I , 1976, Acta Informatica.

[25]  Bart Jacobs,et al.  The LOOP Compiler for Java and JML , 2001, TACAS.

[26]  K. Rustan M. Leino,et al.  Verification of Object-Oriented Programs with Invariants , 2003, J. Object Technol..

[27]  Neelam Soundarajan,et al.  Enriching Behavioral Subtyping , 1997 .

[28]  Ans A. G. Steuten A contribution to the linguistic analysis of business conversations within the language/action perspective , 1998 .

[29]  E.F.Y.L. Ogston,et al.  Agent Based Matchmaking and Clustering: A Decentralized Approach to Search , 2005 .

[30]  David A. Naumann,et al.  Observational purity and encapsulation , 2005, Theor. Comput. Sci..

[31]  Gary T. Leavens,et al.  Forcing behavioral subtyping through specification inheritance , 1996, Proceedings of IEEE 18th International Conference on Software Engineering.

[32]  Frank van Harmelen,et al.  Ontology-based information sharing , 2005 .

[33]  Frank S. de Boer,et al.  Proving Total Correctness of Recursive Procedures , 1990, Inf. Comput..

[34]  J. Broekstra,et al.  Storage, Querying and Inferencing for Semantic Web Languages , 2005 .

[35]  M. Sloof,et al.  Physiology of Quality Change Modelling. Automated modelling of quality change of agricultural products , 1999 .

[36]  David R. Cok,et al.  Reasoning with specifications containing method calls in JML and first-order provers , 2007 .

[37]  Frank S. de Boer,et al.  On Behavioral Subtyping and Completeness , 2005 .

[38]  Wietske de Vries,et al.  Agent interaction: abstract approaches to modelling, programming and verifying multi-agent systems , 2002 .

[39]  Gary T. Leavens,et al.  Concepts of behavioral subtyping and a sketch of their extension to component-based systems , 2000 .

[40]  Yonghao Chen,et al.  A semantic foundation for specification matching , 2000 .

[41]  Anders Bouwer,et al.  Explaining behaviour: using qualitative simulation in interactive learning environments , 2005 .

[42]  Stefan Manegold,et al.  Understanding, modeling, and improving main-memory database performance , 2002 .

[43]  S. Renooij Qualitative approaches to quantifying probabilistic networks , 2001 .

[44]  Boris Shishkov,et al.  Software Specification Based on Re-usable Business Components , 2005 .

[45]  K. Rustan M. Leino,et al.  Modular Verification of Static Class Invariants , 2005, FM.

[46]  M. A. Windhouwer,et al.  Feature grammar systems. Incremental maintenance of indexes to digital media warehouses , 2003 .

[47]  Neelam Soundarajan,et al.  Incremental Reasoning for Object Oriented Systems , 2004, Essays in Memory of Ole-Johan Dahl.

[48]  M. W. van Someren Learning as problem solving , 2001 .

[49]  Tobias Nipkow,et al.  Javalight is type-safe—definitely , 1998, POPL '98.

[50]  S. C. Kabel,et al.  Knowledge-rich indexing of learning objects , 2004 .

[51]  William G. Griswold,et al.  Dynamically discovering likely program invariants to support program evolution , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[52]  P. A. Matthews,et al.  A sharp proof rule for procedures in wp semantics , 2004, Acta Informatica.

[53]  B. Omelayenko Web Service Configuration on the Semantic Web , 2005 .

[54]  R. V. D. Pol Knowledge-based query formulation in information retrieval , 2000 .

[55]  Andreas Roth Specification and Verification of Encapsulation in Java Programs , 2005, FMOODS.

[56]  簡聰富,et al.  物件導向軟體之架構(Object-Oriented Software Construction)探討 , 1989 .

[57]  James Noble,et al.  Ownership types for flexible alias protection , 1998, OOPSLA '98.

[58]  Philip Wadler,et al.  Featherweight Java: a minimal core calculus for Java and GJ , 2001, TOPL.

[59]  David C. Luckham,et al.  Verification of Array, Record, and Pointer Operations in Pascal , 1979, TOPL.

[60]  Krzysztof R. Apt,et al.  Ten Years of Hoare's Logic: A Survey—Part I , 1981, TOPL.

[61]  P.A.T. van Eck,et al.  A Compositional Semantic Structure for Multi-Agent Systems Dynamics , 2001 .

[62]  Bart Jacobs,et al.  Java Program Verification via a Hoare Logic with Abrupt Termination , 2000, FASE.

[63]  Peter V. Homeier,et al.  Secure mechanical verification of mutually recursive procedures , 2003, Inf. Comput..

[64]  Chris van Aart,et al.  Organizational Principles for Multi-Agent Architectures , 2004 .

[65]  A. de Moor,et al.  Empowering communities: A method for the legitimate user-driven specification of network information systems , 1999 .

[66]  P. Groot,et al.  A Theoretical and Empirical Analysis of Approximation in Symbolic Problem Solving , 2004 .

[67]  K. Rustan M. Leino,et al.  Exception safety for C# , 2004, Proceedings of the Second International Conference on Software Engineering and Formal Methods, 2004. SEFM 2004..

[68]  Job Zwiers,et al.  Compositionality, Concurrency and Partial Correctness , 1989, Lecture Notes in Computer Science.

[69]  Bart Jacobs,et al.  Java Program Verification Challenges , 2002, FMCO.

[70]  Arnd Poetzsch-Heffter,et al.  A Programming Logic for Sequential Java , 1999, ESOP.

[71]  Flavius Frasincar,et al.  Hypermedia presentation generation for semantic web information systems , 2005 .

[72]  Edsger W. Dijkstra,et al.  A Discipline of Programming , 1976 .

[73]  Milan Petkovic,et al.  Content-Based Video Retrieval , 2004, The Springer International Series in Engineering and Computer Science.

[74]  L. J. Kortmann The resolution of visually guided behaviour , 2003 .

[75]  Peter Müller,et al.  Modular Specification and Verification of Object-Oriented Programs , 2002, Lecture Notes in Computer Science.

[76]  Koen V. Hindriks,et al.  Agent programming languages: programming with mental models , 2001 .

[77]  Sarfraz Khurshid,et al.  Is the Java Type System Sound? , 1999, Theory Pract. Object Syst..

[78]  Gary T. Leavens,et al.  Reasoning about object-oriented programs that use subtypes , 1990, OOPSLA/ECOOP '90.

[79]  PerOlof Bengtsson,et al.  Architecture-Level Modifiability Analysis , 2002 .

[80]  D. Sent,et al.  Test-selection Strategies for Probabilistic Networks , 2005 .

[81]  Greg Nelson,et al.  Extended static checking for Java , 2002, PLDI '02.

[82]  Glenn Rowe From Java to C , 2004 .

[83]  C.M.T. Metselaar,et al.  Sociaal-organisatorische gevolgen van kennistechnologie : een procesbenadering en actorperspectief , 2000 .

[84]  L. J. Hommes The evaluation of business process modeling techniques , 2004 .

[85]  Guy L. Steele,et al.  The Java Language Specification , 1996 .

[86]  C. A. R. Hoare,et al.  Proof of correctness of data representations , 1972, Acta Informatica.

[87]  Jaap Gordijn,et al.  Value-based requirements engineering: exploring innovative e-commerce ideas , 2003, Requirements Engineering.

[88]  K. Rustan M. Leino,et al.  Data abstraction and information hiding , 2002, TOPL.

[89]  Graeme Smith,et al.  An object-oriented approach to formal specification , 1992 .

[90]  Frank S. de Boer,et al.  Modularity and the Rule of Adaptation , 2004, AMAST.

[91]  Erik van der Werf,et al.  AI techniques for the game of Go , 2001 .

[92]  Frank S. de Boer,et al.  Verification for Java's Reentrant Multithreading Concept , 2002, FoSSaCS.

[93]  Thomas Kleymann,et al.  Hoare Logic and Auxiliary Variables , 1999, Formal Aspects of Computing.

[94]  Martin Wirsing,et al.  A Hoare Calculus for Verifying Java Realizations of OCL-Constrained Design Models , 2001, FASE.

[95]  Mike Barnett,et al.  99 . 44 % pure : Useful Abstractions in Specifications , 2004 .

[96]  Willem P. de Roever,et al.  Modular Completeness: Integrating the Reuse of Specified Software in Top-down Program Development , 1996, FME.

[97]  Cees Pierik,et al.  A Rule of Adaptation for OO , 2003 .

[98]  Willem-Jan van den Heuvel Integrating modern business applications with objectified legacy systems , 2002 .

[99]  Roeland Ordelman,et al.  Dutch speech recognition in multimedia information retrieval , 2003 .

[100]  Frank S. de Boer,et al.  Controlling Object Allocation Using Creation Guards , 2005, FM.

[101]  Frank S. de Boer,et al.  Inductive Proof Outlines for Monitors in Java , 2003, FMOODS.

[102]  Neerincx,et al.  Human-computer interaction and presence in virtual reality exposure therapy , 2003 .

[103]  Jeannette M. Wing,et al.  A behavioral notion of subtyping , 1994, TOPL.

[104]  Ruurd Kuiper,et al.  Verification of Object Oriented Programs Using Class Invariants , 2000, FASE.

[105]  K. Rustan M. Leino,et al.  The Spec# Programming System: An Overview , 2004, CASSIS.

[106]  David A. Naumann,et al.  Calculating sharp adaptation rules , 2001, Inf. Process. Lett..

[107]  Flemming Nielson,et al.  Semantics with applications - a formal introduction , 1992, Wiley professional computing.

[108]  S. J. Karlsson Scalable distributed data structures for database management , 2000 .

[109]  Yoonsik Cheon,et al.  A Runtime Assertion Checker for the Java Modeling Language (JML) , 2003, ICSE 2003.

[110]  Graeme Smith,et al.  The Object-Z Specification Language , 1999, Advances in Formal Methods.

[111]  Jens Palsberg,et al.  Foundations of object-oriented languages , 1994, SIGP.

[112]  Bart Jacobs Java's Integral Types in PVS , 2003, FMOODS.

[113]  E. G. Boltjes,et al.  Voorbeeldig onderwijs : voorbeeldgestuurd onderwijs, een opstap naar abstract denken, vooral voor meisjes , 2004 .

[114]  N. Peek Decision-theoretic planning of clinical patient management , 2000 .

[115]  Frank S. de Boer,et al.  A Syntax-Directed Hoare Logic for Object-Oriented Programming Concepts , 2003, FMOODS.

[116]  J. W. de Bakker,et al.  Mathematical theory of program correctness , 1980, Prentice-Hall international series in computer science.

[117]  Erik Poll,et al.  Verifying JML specifications with model fields , 2003 .

[118]  Marieke Huisman,et al.  Reasoning about Java programs in higher order logic using PVS and Isabelle , 2001 .

[119]  Simon Keizer,et al.  Reasoning under Uncertainty in Natural Language Dialogue using Bayesian Networks , 2003 .

[120]  Lai Xu Monitoring multi-party contracts for E-business , 2004 .

[121]  Jean-Louis Lanet,et al.  Java Applet Correctness: A Developer-Oriented Approach , 2003, FME.

[122]  Tomasz Kowaltowski Axiomatic approach to side effects and general jumps , 2004, Acta Informatica.

[123]  Kurt Stenzel A Formally Verified Calculus for Full Java Card , 2004, AMAST.

[124]  A. J. Lehmann Causation in artificial intelligence and law : a modelling approach , 2003 .

[125]  M. Sabou,et al.  Building web service ontologies , 2006 .

[126]  H Hongjing Wu,et al.  A reference architecture for adaptive hypermedia applications , 2002 .

[127]  Pierre America,et al.  Designing an Object-Oriented Programming Language with Behavioural Subtyping , 1990, REX Workshop.

[128]  Robert W. Floyd,et al.  Assigning meaning to programs , 1967 .

[129]  Rik Eshuis,et al.  Semantics and Verification of UML Activity Diagrams for Workflow Modelling , 2002 .

[130]  Wm. Freelove,et al.  L. E. L. , 1884 .

[131]  John Mylopoulos,et al.  On the Frame Problem in Procedure Specifications , 1995, IEEE Trans. Software Eng..

[132]  Alan Snyder Encapsulation and inheritance in object-oriented programming languages , 1986, OOPSLA 1986.

[133]  Arnd Poetzsch-Heffter,et al.  An Architecture for Interactive Program Provers , 2000, TACAS.

[134]  Pierre America,et al.  Inheritance and Subtyping in a Parallel Object-Oriented Language , 1987, ECOOP.

[135]  F. S. deBoer,et al.  A Hoare logic for dynamic networks of asychronously communicating deterministic processes , 2002 .

[136]  Ralph Johnson,et al.  design patterns elements of reusable object oriented software , 2019 .

[137]  G. G. Infante Lopez,et al.  Two-level probabilistic grammars for natural language parsing , 2005 .

[138]  Madelon Evers Learning from Design: Facilitating Multidisciplinary Design Teams , 2004 .

[139]  Roelof van Zwol Modelling and searching web-based document collections , 2002 .

[140]  K. Rustan M. Leino,et al.  Data groups: specifying the modification of extended state , 1998, OOPSLA '98.

[141]  Wilhelmus Lambertus Adrianus Derks Improving Concurrency and Recovery in Database Systems by Exploiting Application Semantics , 2005 .

[142]  Peter Müller,et al.  Formal Techniques for Java-Like Programs (FTfJP) , 2004, ECOOP Workshops.

[143]  T. Bosse Analysis of the Dynamics of Cognitive Processes , 2005 .

[144]  J. Michael Spivey,et al.  The Z notation - a reference manual , 1992, Prentice Hall International Series in Computer Science.

[145]  F. J. Wiesman,et al.  Information retrieval by graphically browsing meta-information , 1998 .

[146]  Adele Goldberg,et al.  SmallTalk 80: The Language , 1989 .

[147]  Wojciech Janusz Jamroga,et al.  Using multiple models of reality: on agents who know how to play safer , 2004 .

[148]  Eugueni Smirnov,et al.  Conjunctive and Disjunctive Version Spaces with Instance-based Boundary Sets , 2001 .

[149]  Peter W. O'Hearn,et al.  Program logic and equivalence in the presence of garbage collection , 2003, Theor. Comput. Sci..

[150]  Robert Cartwright,et al.  The logic of aliasing , 1981, Acta Informatica.

[151]  T. D. Bui,et al.  Creating Emotions and Facial Expressions for Embodied Agents , 2004 .

[152]  V. Bessa Machado Supporting the Construction of Qualitative Knowledge models , 2004 .

[153]  Frank S. de Boer,et al.  A proof outline logic for object-oriented programming , 2005, Theor. Comput. Sci..

[154]  Albert L. Baker,et al.  Preliminary design of JML: a behavioral interface specification language for java , 2006, SOEN.

[155]  K. Rustan M. Leino,et al.  Object Invariants in Dynamic Contexts , 2004, ECOOP.

[156]  Stijn Hoppenbrouwers,et al.  Freezing language : conceptualisation processes across ICT-supported organisations , 2003 .

[157]  Claude Marché,et al.  The KRAKATOA tool for certificationof JAVA/JAVACARD programs annotated in JML , 2004, J. Log. Algebraic Methods Program..

[158]  Gary T. Leavens,et al.  Specification and verification of object-oriented programs using supertype abstraction , 1995, Acta Informatica.

[159]  Andreas Martin Thomas Lincke,et al.  Electronic business negotiation: some experimental studies on the interaction between medium, innovation context, and culture , 2003 .

[160]  Anneke Kleppe,et al.  The object constraint language: precise modeling with UML , 1998 .

[161]  F. Divina Hybrid Genetic Relational Search for Inductive Learning , 2004 .

[162]  Gary T. Leavens,et al.  How the design of JML accommodates both runtime assertion checking and formal verification , 2003, Sci. Comput. Program..

[163]  Arnd Poetzsch-Heffter,et al.  Logical foundations for typed object-oriented languages , 1998, PROCOMET.

[164]  Bertrand Meyer,et al.  Eiffel: The Language , 1991 .