Capturing and exploiting abstract views of states in OO verification

In this thesis, we study several implementation, specification and verification techniques for Object-Oriented (OO) programs. Our focus is on capturing conceptual structures in OO states in abstractions, and then exploiting such an abstract view of the state in specification and implementation approaches in a way that allows for formal verification. Generally, an OO state consists of many objects that reference each other in possibly complicated ways. At the same time, at any one point in the execution of the program, we can often reason about what is happening using an abstract view of the state that is much less complicated. To further improve the quality of implementations, better techniques must be developed for 1) specification of the abstract views that are used by the client and the programmer, and 2) the verification that an implementation satisfies its specification. This thesis contributes to that effort. We distinguish between client-level and programmer-level specification. A client-level specification acts as a contract between the client and the implementer. A programmer-level specification allows to reason formally about the implementation. We consider two specification formalisms that differ in the basic abstract view that is used: Algebraic Specification and OO Specification. We consider both client-level and programmer-level specifications based on algebraic specification. We contribute a novel syntax and semantics for the former, and we contribute an implementation approach for OO implementations based on the latter. We show that the implementation approach is suitable for problem-independent verification. We propose the programmer-level OO specification constructs inc and coop. The inc construct allows method specification to make explicit that a certain enumeration of invariants does not have to hold when that method is executed. The coop construct allows a field specification to make explicit that a certain enumeration of invariants might be invalidated when the field is updated. This allows for the specification and verification of OO designs in which in the process of updating one object, other objects with which it together implements a common purpose must be updated as well. We then generalize the inc and coop constructs by removing a restriction to enumerations of invariants. For instance, this is needed in the well-known Observer Pattern, where a Subject can have an arbitrary and dynamically changing number of Observers. A more general interpretation of invariants and accompanying proof system are provided as well. We contribute a programmer-level OO specification technique to capture layers in OO architectures, and we exploit these layers by providing a more liberal semantics of class invariants. We also provide a verification technique for the semantics. Layers are an abstraction at the architectural level in OO implementations that designate certain object structures in the design as sub-structures that are shared by other structures. An object in a higher layer is not relevant to the purpose of an object in the sub-structure. Given this intuition, an object in a higher layer is not part of the abstract view from an object in a lower layer. Therefore, the invariant of a higher layer object does not have to hold when a method of a lower-layer object is executing. Finally, we contribute a verification technique for pure methods and model fields, which are existing specification techniques for capturing an abstract view of the state in OO specifications. A method that is pure can be used as a function in predicates in class specifications. The function is axiomatized using the pre- and postcondition that are specified for the method. A model field abstracts part of the concrete state of an object into an abstract value. This too introduces an additional axiom in the underlying reasoning. The technique contributed establishes that such additional axioms do no introduce inconsistencies into the formal reasoning. It comes with heuristics that that make it amenable to automatic verification.

[1]  Arnd Poetzsch-Heffter,et al.  A Programming Logic for Sequential Java , 1999, ESOP.

[2]  Aad Mathssen,et al.  Logical Calculi for Reasoning with Binding , 2008 .

[3]  Bor-Yuh Evan Chang,et al.  Boogie: A Modular Reusable Verifier for Object-Oriented Programs , 2005, FMCO.

[4]  Patrice Chalin,et al.  Are the Logical Foundations of Verifying Compiler Prototypes Matching user Expectations? , 2007, Formal Aspects of Computing.

[5]  de A. Bruin,et al.  Service-oriented discovery of knowledge : foundations, implementations and applications , 2010 .

[6]  William E. Lorensen,et al.  Object-Oriented Modeling and Design , 1991, TOOLS.

[7]  R.S.S. O'Connor,et al.  Incompleteness & completeness : formalizing logic and analysis in type theory , 2005 .

[8]  Peter Müller,et al.  Modular Specification and Verification of Object-Oriented Programs , 2002, Lecture Notes in Computer Science.

[9]  Gerald W. Both,et al.  Object-oriented analysis and design with applications , 1994 .

[10]  R Ronald Ruimerman,et al.  Modeling and remodeling in bone tissue , 2005 .

[11]  Pascal Durr,et al.  Resource-based Verification for Robust Composition of Aspects , 2008 .

[12]  Martijn Warnier,et al.  Language based security for Java and JML , 2006 .

[13]  Goran Frehse,et al.  Compositional verification of hybrid systems using simulation relations , 2005 .

[14]  Iris Loeb Natural Deduction, Sharing By Presentation , 2007 .

[15]  Frank S. de Boer,et al.  Creational Invariants , 2004 .

[16]  K. Rustan M. Leino,et al.  Object Invariants in Dynamic Contexts , 2004, ECOOP.

[17]  A. L. de Groot,et al.  Practical Automaton proofs in PVS , 2000 .

[18]  Cjf Cas Cremers Scyther : semantics and verification of security protocols , 2006 .

[19]  K. Rustan M. Leino,et al.  Practical Reasoning About Invocations and Implementations of Pure Methods , 2007, FASE.

[20]  Ncwm Niels Braspenning Model-based integration and testing of high-tech multi-disciplinary systems , 2008 .

[21]  R. Bakhshi Gossiping Models : Formal Analysis of Epidemic Protocols , 2011 .

[22]  T LeavensGary Modular Specification and Verification of Object-Oriented Programs , 1991 .

[23]  Thomas Bäck,et al.  Mixed-integer evolution strategies for parameter optimization and their applications to medical image analysis , 2005 .

[24]  David A. Naumann,et al.  Observational purity and encapsulation , 2005, Theor. Comput. Sci..

[25]  D. Costa Formal models for component connectors , 2010 .

[26]  Karina R. Olmos Joffré Strategies for Context Sensitive Program Transformation , 2009 .

[27]  Marcel Kyas,et al.  Verifying OCL specifications of UML models: tool support and compositionakity , 2006 .

[28]  Julio Cesar Sampaio do Prado Leite,et al.  On Non-Functional Requirements in Software Engineering , 2009, Conceptual Modeling: Foundations and Applications.

[29]  Stephen H. Edwards,et al.  Model variables: cleanly supporting abstraction in design by contract , 2005, Softw. Pract. Exp..

[30]  Peter Verbaan,et al.  The Computational Complexity of Evolving Systems , 2006 .

[31]  Sophia Drossopoulou,et al.  Considerate Reasoning and the Composite Design Pattern , 2010, VMCAI.

[32]  Anton Wijs,et al.  Silent steps in transition systems and Markov chains , 2007 .

[33]  H. Hansen Coalgebraic Modelling : Applications in Automata theory and Modal logic , 2009 .

[34]  Nicu G. Fruja The Correctness of the Definite Assignment Analysis in C# , 2004, J. Object Technol..

[35]  Ruurd Kuiper,et al.  Specification and Verification of Invariants by Exploiting Layers in OO Designs , 2008, Fundam. Informaticae.

[36]  Eu-Jin Goh,et al.  Searching on Encrypted Data , 2003 .

[37]  Erik Poll,et al.  Verifying JML specifications with model fields , 2003 .

[38]  Henny B. Sipma,et al.  Practical Methods for Proving Program Termination , 2002, CAV.

[39]  Till Mossakowski,et al.  From Total Equational to Partial First-Order Logic , 1999, Algebraic Foundations of Systems Specification.

[40]  Ali Mesbah,et al.  Analysis and Testing of Ajax-based Single-page Web Applications , 2009 .

[41]  Marcel Verhoef,et al.  Modeling and validating distributed embedded real-time control systems , 2009 .

[42]  Cfj Christian Lange,et al.  Assessing and improving the quality of modeling : a series of empirical studies about the UML , 2007 .

[43]  Marius Adrian Marin,et al.  An Integrated System to Manage Crosscutting Concerns in Source Code , 2008 .

[44]  B. Gebremichael-Tesfagiorgis,et al.  Expressivity of Timed Automata Models , 2006 .

[45]  Scw Bas Ploeger,et al.  Improved verification methods for concurrent systems , 2009 .

[46]  Fred B. Schneider,et al.  Avoiding the Undefined by Underspecification , 1995, Computer Science Today.

[47]  Hasan Sözer,et al.  Architecting Fault-Tolerant Software Systems , 2009 .

[48]  James Noble,et al.  Featherweight Generic Ownership , 2004 .

[49]  EM Elena Bortnik,et al.  Formal methods in support of SMC design , 2008 .

[50]  Tim K. Cocx,et al.  Algorithmic tools for data-oriented law enforcement , 2009 .

[51]  Ruurd Kuiper,et al.  A new interpretation of invariants exploiting layers in OO designs , 2007 .

[52]  de Ism Ivo Jong Integration and test strategies for complex manufacturing machines , 2008 .

[53]  A Adam Koprowski,et al.  Termination of rewriting and its certification , 2004 .

[54]  Christian Krause,et al.  Reconfigurable Component Connectors , 2011 .

[55]  Bahareh Badban,et al.  Verification Techniques for Extensions of Equality Logic , 2006 .

[56]  A. Morali,et al.  IT architecture-based confidentiality risk assessment in networks of organizations , 2011 .

[57]  Mohammed G. Khatib MEMS-Based Storage Devices : Integration in Energy-Constrained Mobile Systems , 2009 .

[58]  V. Laz Faculty of Mathematics and Computer Science , 2011 .

[59]  D. L. Parnas,et al.  On the criteria to be used in decomposing systems into modules , 1972, Software Pioneers.

[60]  Tom Staijen,et al.  Graph-based Specification and Verification for Aspect-Oriented Languages , 2010 .

[61]  Jasen Markovski,et al.  Real and stochastic time in process algebras for performance evaluation , 2008 .

[62]  Somayeh Malakuti Khah Olun Abadi Event composition model: achieving naturalness in runtime enforcement , 2011 .

[63]  Martin Gogolla Unified Modeling Language , 2009, Encyclopedia of Database Systems.

[64]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[65]  M. J. de Mol,et al.  Reasoning about functional programs : Sparkle, a proof assistant for Clean , 2009 .

[66]  K. Rustan M. Leino,et al.  A Verification Methodology for Model Fields , 2006, ESOP.

[67]  Michael Barnett,et al.  Friends Need a Bit More: Maintaining Invariants Over Shared State , 2004, MPC.

[68]  Hendrik Michaël van der Bijl,et al.  On changing models in model-based testing , 2011 .

[69]  Mike Barnett,et al.  99 . 44 % pure : Useful Abstractions in Specifications , 2004 .

[70]  Gavin M. Bierman,et al.  Separation logic and abstraction , 2005, POPL '05.

[71]  Amir Pnueli,et al.  Reduced Functional Consistency of Uninterpreted Functions , 2006, Electron. Notes Theor. Comput. Sci..

[72]  RH Rudolf Mak,et al.  Design and performance analysis of data-independent stream processing systems , 2008 .

[73]  Narciso Martí-Oliet,et al.  Maude: specification and programming in rewriting logic , 2002, Theor. Comput. Sci..

[74]  Mari Antonius Cornelis Dekker,et al.  Flexible Access Control for Dynamic Collaborative Environments , 2009 .

[75]  Ricardo Corin,et al.  Analysis Models for Security Protocols , 2006 .

[76]  Ivan S. Zapreev Model checking Markov chains : techniques and tools , 2008 .

[77]  K. Rustan M. Leino,et al.  Modular Verification of Static Class Invariants , 2005, FM.

[78]  Egon Börger,et al.  Java and the Java Virtual Machine: Definition, Verification, Validation , 2001 .

[79]  Stephen H. Edwards,et al.  Model variables: cleanly supporting abstraction in design by contract: Research Articles , 2005 .

[80]  Sebastiaan Gijsbert Marinus Cornelissen,et al.  Evaluating Dynamic Analysis Techniques for Program Comprehension , 2009 .

[81]  Laura Brandán Briones,et al.  Theories for Model-based Testing: Real-time and Coverage , 2007 .

[82]  Jeannette M. Wing,et al.  A behavioral notion of subtyping , 1994, TOPL.

[83]  C. J. Boogerd,et al.  Focusing Automatic Code Inspections , 2010 .

[84]  R. Hennicker,et al.  OCL Component Invariants ? , 2001 .

[85]  J. Kwisthout,et al.  The Computational Complexity of Probabilistic Networks , 2009 .

[86]  Robert Brijder,et al.  Models of natural computation : gene assembly and membrane systems , 2008 .

[87]  Mitchell Wand,et al.  Specifications, Models, and Implementations of Data Abstractions , 1982, Theor. Comput. Sci..

[88]  M Muhammad Atif,et al.  Formal modeling and verification of distributed failure detectors , 2011 .

[89]  Sophia Drossopoulou,et al.  A Unified Framework for Verification Techniques for Object Invariants , 2008, ECOOP.

[90]  H. Ehrig,et al.  Algebraic implementation of abstract data types: an announcement , 1979, SIGA.

[91]  Martin R. Neuhäußer,et al.  Model checking nondeterministic and randomly timed systems , 2010 .

[92]  Martin Bravenboer,et al.  Exercises in Free Syntax. Syntax Definition, Parsing, and Assimilation of Language Conglomerates , 2003 .

[93]  van Pja Paul Tilburg From computability to executability : a process-theoretic view on automata theory , 2011 .

[94]  T. D. Vu,et al.  Semantics and applications of process and program algebra , 2007 .

[95]  Frank Piessens,et al.  A Simple Sequential Reasoning Approach for Sound Modular Verification of Mainstream Multithreaded Programs , 2007, TV@FLoC.

[96]  Ruurd Kuiper,et al.  Dynamic contracts for adaptive specification , 2003 .

[97]  K. Rustan M. Leino,et al.  Declaring and checking non-null types in an object-oriented language , 2003, OOPSLA.

[98]  B J Linney,et al.  What to do next? , 2001, BMJ : British Medical Journal.

[99]  E Elena Mumford,et al.  Drawing graphs for cartographic applications , 2008 .

[100]  C. A. R. Hoare,et al.  Proof of correctness of data representations , 1972, Acta Informatica.

[101]  Mohammad Ali Abam New data structures and algorithms for mobile data , 2007 .

[102]  U Uzma Khadim,et al.  Process algebras for hybrid systems : comparison and development , 2008 .

[103]  Bastiaan Stephan Graaf,et al.  Model-Driven Evolution of Software Architectures , 2007, 11th European Conference on Software Maintenance and Reengineering (CSMR'07).

[104]  Harmen Kastenberg Graph-based software specification and verification , 2008 .

[105]  M. T. de Berg,et al.  Multi-functional geometric data structures , 2003 .

[106]  Dmitri Jarnikov,et al.  QoS framework for video streaming in home networks , 2007 .

[107]  Anneke Kleppe,et al.  The object constraint language: precise modeling with UML , 1998 .

[108]  M. Torabi Dashti,et al.  Keeping Fairness Alive : Design and formal verification of optimistic fair exchange protocols , 2008 .

[109]  Albert L. Baker,et al.  Preliminary design of JML: a behavioral interface specification language for java , 2006, SOEN.

[110]  Wilhelm Ackermann,et al.  Solvable Cases Of The Decision Problem , 1954 .

[111]  Ruurd Kuiper,et al.  A proof system for invariants in layered OO designs , 2008 .

[112]  Stephen J. Garland,et al.  Larch: Languages and Tools for Formal Specification , 1993, Texts and Monographs in Computer Science.

[113]  K. Rustan M. Leino,et al.  Verification of Object-Oriented Programs with Invariants , 2003, J. Object Technol..

[114]  David Gerard Clarke,et al.  Object ownership and containment , 2003 .

[115]  Frank S. de Boer,et al.  Controlling Object Allocation Using Creation Guards , 2005, FM.

[116]  Lacramioara Astefanoaei,et al.  An executable theory of multi-agent systems refinement , 2011 .

[117]  van Mpwj Michiel Osch Automated model-based testing of hybrid systems , 2009 .

[118]  Huimin Lin Procedural implementation of algebraic specification , 1993, TOPL.

[119]  Arjen van Weelden,et al.  Putting Types To Good Use , 2007 .

[120]  Sonja Georgievska,et al.  Probability and hiding in concurrent processes , 2011 .

[121]  Ruurd Kuiper,et al.  Cooperation-based Invariants for OO Languages , 2006, FACS.

[122]  José Proença,et al.  Synchronous Coordination of Distributed Components , 2011 .

[123]  J. K. Berendsen,et al.  Abstraction, prices and probability in model checking timed automata , 2010 .

[124]  José Meseguer,et al.  Specification and proof in membership equational logic , 2000, Theor. Comput. Sci..

[125]  Ileana Buhan,et al.  Cryptographic keys from noisy data, theory and applications , 2008 .

[126]  David R. Cok,et al.  Reasoning with specifications containing method calls and model fields , 2005, J. Object Technol..

[127]  Tingting Han,et al.  Diagnosis, Synthesis and Analysis of Probabilistic Models , 2009, Ausgezeichnete Informatikdissertationen.

[128]  Juan Visente Guillen Scholten,et al.  Mobile Channels for Exogenous Coordination of Distributed Systems: Semantics, Implementation and Composition , 2007 .

[129]  Jens R. Calamé,et al.  Testing reactive systems with data: enumerative methods and constraint solving , 2008 .

[130]  K. R Leino,et al.  Towards Reliable Modular Programs , 1995 .

[131]  Gary T. Leavens,et al.  Modular invariants for layered object structures , 2006, Sci. Comput. Program..

[132]  Ioannis T. Kassios Dynamic Frames: Support for Framing, Dependencies and Sharing Without Restrictions , 2006, FM.

[133]  Donald Sannella,et al.  Algebraic Preliminaries , 1999, Algebraic Foundations of Systems Specification.

[134]  David Detlefs,et al.  Simplify: a theorem prover for program checking , 2005, JACM.

[135]  Ruurd Kuiper,et al.  Invariants for Non-Hierarchical Object Structures , 2006, SBMF.

[136]  B. J. Arnoldus,et al.  An illumination of the template enigma : software code generation with templates , 2011 .

[137]  Thomas Wolle,et al.  Computational aspects of treewidth : Lower bounds and network reliability , 2005 .

[138]  K. Rustan M. Leino,et al.  Proving Consistency of Pure Methods and Model Fields , 2009, FASE.

[139]  Peter Müller,et al.  Reasoning About Method Calls in Interface Specifications , 2006, J. Object Technol..

[140]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[141]  Abha Moitra Direct Implementation of Algebraic Specification of Abstract Data Types , 1982, IEEE Transactions on Software Engineering.

[142]  Young-Joo Moon,et al.  Stochastic models for quality of service of component connectors , 2011 .

[143]  Yee Wei Law,et al.  Key management and link-layer security of wireless sensor networks : Energy-efficient attack and defense , 2005 .

[144]  Ruurd Kuiper,et al.  Verification of Object Oriented Programs Using Class Invariants , 2000, FASE.

[145]  K. Rustan M. Leino,et al.  The Spec# Programming System: An Overview , 2004, CASSIS.

[146]  A. Rodriguez Yakushev,et al.  Towards Getting Generic Programming Ready for Prime Time , 2009 .

[147]  Hugo Jonker,et al.  Security matters : privacy in voting and fairness in digital exchange , 2009 .

[148]  Nikolay Kavaldjiev,et al.  A run-time reconfigurable Network-on-Chip for streaming DSP applications , 2006 .

[149]  Yanjing Wang,et al.  Epistemic Modelling and Protocol Dynamics , 2010 .

[150]  Z Zvezdan Protic,et al.  Configuration management for models : generic methods for model comparison and model co-evolution , 2011 .

[151]  Cheun Ngen Chong Experiments in rights control : expression and enforcement , 2005 .

[152]  Erika Ábrahám,et al.  An Assertional Proof System for Multithreaded Java - Theory and Tool Support , 2005 .

[153]  A. J. Markvoort Towards hybrid molecular simulations , 2006 .

[154]  Gürcan Gülesir,et al.  Evolvable Behavior Specifications Using Context-Sensitive Wildcards , 2008 .

[155]  J. van den Berg,et al.  Reasoning about Java programs in PVS using JML , 2009 .

[156]  Tomas Krilavicius,et al.  Hybrid Techniques for Hybrid Systems , 2006 .

[157]  C. Pierik,et al.  Validation techniques for object-oriented proof outlines , 2006 .

[158]  Miguel E. Andrés,et al.  Quantitative Analysis of Information Leakage in Probabilistic and Nondeterministic Systems , 2011, ArXiv.

[159]  Magiel Bruntink,et al.  Renovation of idiomatic crosscutting concerns in embedded systems , 2005 .

[160]  Peter Müller,et al.  Universes: Lightweight Ownership for JML , 2005, J. Object Technol..

[161]  James Noble,et al.  Ownership types for flexible alias protection , 1998, OOPSLA '98.

[162]  Matthew J. Parkinson,et al.  Local reasoning for Java , 2005 .

[163]  Zohar Manna,et al.  Axiomatic approach to total correctness of programs , 1973, Acta Informatica.

[164]  Martijn Hendriks,et al.  Model checking timed automata : techniques and applications , 2006 .

[165]  Ralph Johnson,et al.  design patterns elements of reusable object oriented software , 2019 .

[166]  Ivar Jacobson,et al.  The unified modeling language reference manual , 2010 .

[167]  Peter Müller,et al.  Checking Well-Formedness of Pure-Method Specifications , 2008, FM.

[168]  R. Boumen,et al.  Integration and test plans for complex manufacturing systems , 2007 .

[169]  Martijn van Veelen,et al.  Considerations on modeling for early detection of abnormalities in locally autonomous distributed systems , 2007 .