Verifying Executable Object-Oriented Specifications with Separation Logic

Specifications of Object-Oriented programs conventionally employ Boolean expressions of the programming language for assertions. Programming errors can be discovered by checking at runtime whether an assertion, such as a precondition or class invariant, holds. In this work, we show how separation logic can be used to verify that these executable specifications will always hold at runtime. Both the program and its executable assertions are verified with respect to separation logic specifications. A novel notion called relative purity embraces historically problematic side-effects in executable specifications, and verification boils down to proving connecting implications. Even model-based specifications can be verified. The framework is also well-suited to separation logic proof tools and now implemented in jStar. Numerous automatically verified examples illustrate the framework's use and utility.

[1]  Brian Campbell,et al.  Amortised Memory Analysis Using the Depth of Data Structures , 2009, ESOP.

[2]  Frank Piessens,et al.  Verifying the Composite pattern using separation logic , 2008 .

[3]  K. Rustan M. Leino,et al.  A Verifying Compiler for a Multi-threaded Object-Oriented Language , 2007 .

[4]  Peter W. O'Hearn,et al.  Compositional Shape Analysis by Means of Bi-Abduction , 2011, JACM.

[5]  James Brotherston,et al.  Cyclic proofs of program termination in separation logic , 2008, POPL '08.

[6]  Martin C. Rinard,et al.  Purity and Side Effect Analysis for Java Programs , 2005, VMCAI.

[7]  Alex K. Simpson,et al.  Computational Adequacy in an Elementary Topos , 1998, CSL.

[8]  Supratik Chakraborty,et al.  Bottom-Up Shape Analysis , 2009, SAS.

[9]  Bertrand Meyer,et al.  Experimental assessment of random testing for object-oriented software , 2007, ISSTA '07.

[10]  Philippa Gardner,et al.  Footprints in Local Reasoning , 2009, Log. Methods Comput. Sci..

[11]  Peter W. O'Hearn,et al.  Local Reasoning about Programs that Alter Data Structures , 2001, CSL.

[12]  Richard T. Dué,et al.  OBJECT-ORIENTED TECHNOLOGY: The Economics of a New Paradigm , 1993 .

[13]  K. Rustan M. Leino,et al.  The Spec# Programming System: An Overview , 2004, CASSIS.

[14]  Stephen Gilmore,et al.  Mobile Resource Guarantees for Smart Devices , 2004, CASSIS.

[15]  Kousha Etessami,et al.  Analysis of Recursive Game Graphs Using Data Flow Equations , 2004, VMCAI.

[16]  Albert L. Baker,et al.  Preliminary design of JML: a behavioral interface specification language for java , 2006, SOEN.

[17]  Peter Müller,et al.  Checking Well-Formedness of Pure-Method Specifications , 2008, FM.

[18]  Gavin M. Bierman,et al.  Separation logic, abstraction and inheritance , 2008, POPL '08.

[19]  Bertrand Meyer,et al.  Automatic Testing of Object-Oriented Software , 2007, SOFSEM.

[20]  F. Petrus Cuperus,et al.  Eiffel Analysis, Design and Programming Language , 2005 .

[21]  Shengchao Qin,et al.  Enhancing modular OO verification with separation logic , 2008, POPL '08.

[22]  Perdita Stevens,et al.  Modelling Recursive Calls with UML State Diagrams , 2003, FASE.

[23]  Bertrand Meyer,et al.  Making Specifications Complete Through Models , 2004, Architecting Systems with Trustworthy Components.

[24]  Stephen H. Edwards,et al.  Model variables: cleanly supporting abstraction in design by contract: Research Articles , 2005 .

[25]  Wiebe van der Hoek,et al.  SOFSEM 2007: Theory and Practice of Computer Science , 2007 .

[26]  Peter Müller,et al.  Faithful mapping of model classes to mathematical structures , 2007, SAVCBS '07.

[27]  David A. Naumann,et al.  Observational purity and encapsulation , 2005, Theor. Comput. Sci..

[28]  Stephen H. Edwards,et al.  Model variables: cleanly supporting abstraction in design by contract , 2005, Softw. Pract. Exp..

[29]  Stephan van Staden,et al.  Reasoning about multiple related abstractions with MultiStar , 2010, OOPSLA.

[30]  Matthew J. Parkinson,et al.  jStar: towards practical verification for java , 2008, OOPSLA.

[31]  Michael D. Ernst,et al.  An overview of JML tools and applications , 2003, International Journal on Software Tools for Technology Transfer.

[32]  Heribert Vollmer,et al.  The Complexity of Generalized Satisfiability for Linear Temporal Logic , 2006, Electron. Colloquium Comput. Complex..

[33]  Gary T. Leavens,et al.  Modular invariants for layered object structures , 2006, Sci. Comput. Program..

[34]  K. Rustan M. Leino,et al.  Practical Reasoning About Invocations and Implementations of Pure Methods , 2007, FASE.

[35]  Sophia Drossopoulou,et al.  The need for flexible object invariants , 2009, ECOOP 2009.

[36]  D. G. Clarke,et al.  Proceedings of the First International Workshop on Aliasing, Confinement and Ownership in Object-oriented Programming (IWACO) , 2003 .

[37]  Steffen Becker,et al.  Performance Prediction of Component-Based Systems A Survey from an Engineering Perspective , 2006 .

[38]  Gary T. Leavens,et al.  Specification and verification challenges for sequential object-oriented programs , 2007, Formal Aspects of Computing.

[39]  Matthew J. Parkinson,et al.  Local reasoning for Java , 2005 .

[40]  Kaisa Sere,et al.  FM 2008: Formal Methods, 15th International Symposium on Formal Methods, Turku, Finland, May 26-30, 2008, Proceedings , 2008, FM.

[41]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[42]  Gavin M. Bierman,et al.  Separation logic and abstraction , 2005, POPL '05.

[43]  Sophia Drossopoulou,et al.  Aliasing, Confinement, and Ownership in Object-Oriented Programming , 2008, ECOOP Workshops.

[44]  Peter Müller,et al.  Reasoning About Method Calls in Interface Specifications , 2006, J. Object Technol..

[45]  K. Rustan M. Leino,et al.  Verification of Equivalent-Results Methods , 2008, ESOP.

[46]  Yoonsik Cheon,et al.  A Runtime Assertion Checker for the Java Modeling Language (JML) , 2003, ICSE 2003.