Automated Model−based Verification of Object−Oriented Code

ESpec is a suite of tools that facilitates the testing and verification of object-oriented Eiffel programs in an integrated environment. The suite includes unit testing tools (ES-Test) and Fit tables (ES-Fit for customer requirements) that report contract failures. This paper describes ES-Verify (part of ESpec) for automatically verifying a significant subset of Eiffel constructs written with a value semantics. The tool includes a mathematical model library (sequences, sets, bags and maps) for writing high-level specifications, and a translator that converts the Eiffel code into the language used by the Perfect Developer (PD) theorem prover. Preliminary experience indicates that the vast majority of verification conditions are quickly and automatically discharged, including loop variants and invariants. ES-Verify is the first automated Eiffel verification tool and allows the developer to use the clean syntax and object-oriented structures of Eiffel, together with its mature industrial-strength design by contract (DbC) mechanism.

[1]  K. Rustan M. Leino,et al.  The Spec# Programming System: Challenges and Directions , 2005, VSTTE.

[2]  Gary T. Leavens,et al.  Specification and verification challenges for sequential object-oriented programs , 2007, Formal Aspects of Computing.

[3]  David Crocker,et al.  Safe Object-Oriented Software: The Verified Design-By-Contract Paradigm , 2004 .

[4]  K. Rustan M. Leino,et al.  The Spec# Programming System: An Overview , 2004, CASSIS.

[5]  David R. Cok,et al.  ESC/Java2: Uniting ESC/Java and JML Progress and Issues in Building and Using ESC/Java2, Including a Case Study Involving the Use of the Tool to Verify Portions of an Internet Voting Tally System , 2005 .

[6]  Jean-Raymond Abrial,et al.  The B-book - assigning programs to meanings , 1996 .

[7]  Gary T. Leavens,et al.  Beyond Assertions: Advanced Specification and Verification with JML and ESC/Java2 , 2005, FMCO.

[8]  C. A. R. Hoare,et al.  Proof of correctness of data representations , 1972, Acta Informatica.

[9]  Brian Stevens Implementing Object-Z with Perfect Developer , 2006, J. Object Technol..

[10]  簡聰富,et al.  物件導向軟體之架構(Object-Oriented Software Construction)探討 , 1989 .

[11]  David Detlefs,et al.  Simplify: a theorem prover for program checking , 2005, JACM.

[12]  J. Michael Spivey,et al.  The Z notation - a reference manual , 1992, Prentice Hall International Series in Computer Science.

[13]  Michael D. Ernst,et al.  An overview of JML tools and applications , 2003, Electron. Notes Theor. Comput. Sci..

[14]  John G. P. Barnes,et al.  High Integrity Software - The SPARK Approach to Safety and Security , 2003 .

[15]  Stephen H. Edwards,et al.  Model variables: cleanly supporting abstraction in design by contract , 2005, Softw. Pract. Exp..

[16]  Kim Walden,et al.  Seamless object-oriented software architecture , 1995 .

[17]  Yoonsik Cheon,et al.  A Runtime Assertion Checker for the Java Modeling Language (JML) , 2003, ICSE 2003.

[18]  Ingo Feinerer,et al.  Formal Program Verification : a Comparison of Selected Tools and Their Theoretical Foundations , 2005 .

[19]  David Crocker Perfect Developer: A tool for Object-Oriented Formal Specification and Refinement , 2003 .

[20]  Achim D. Brucker,et al.  A Proposal for a Formal OCL Semantics in Isabelle/HOL , 2002, TPHOLs.

[21]  K. Rustan M. Leino,et al.  A Verification Methodology for Model Fields , 2006, ESOP.