Reasoning with specifications containing method calls and model fields

Allowing abstraction in program specifications increases modularity and comprehen- sibility and is as important in specifications as it is in the program itself; two such abstraction mechanisms are method invocations and model fields. However, method invocations do not map neatly into the first-order logics that are often used for assuring the correctness of specifications. One problem is translating specifications in a way that acknowledges the potential for exceptional behavior. Furthermore, translating model fields into verification conditions exposes the non-trivial interactions between frame conditions and the model representations. The ESC/Java2 tool has been able to achieve a practical translation of method invocations and model fields within the design constraints of its parent tool, ESC/Java. Furthermore, the techniques used are applicable to other specification constructs such as generalized quantifiers.

[1]  Natarajan Shankar,et al.  PVS: Combining Specification, Proof Checking, and Model Checking , 1996, FMCAD.

[2]  Engelbert Hubbers Integrating Tools for Automatic Program Verification , 2003, Ershov Memorial Conference.

[3]  Bart Jacobs,et al.  Java Program Verification Challenges , 2002, FMCO.

[4]  Greg Nelson,et al.  Extended static checking for Java , 2002, PLDI '02.

[5]  Gary T. Leavens,et al.  How the design of JML accommodates both runtime assertion checking and formal verification , 2003, Sci. Comput. Program..

[6]  Gary T. Leavens Modular specification and verification of object-oriented programs , 1991, IEEE Software.

[7]  Erik Poll,et al.  Implementing a Formally Verifiable Security Protocol in Java Card , 2003, SPC.

[8]  Gary T. Leavens,et al.  Modular invariants for layered object structures , 2006, Sci. Comput. Program..

[9]  Gary T. Leavens,et al.  How the Design of JML Accomodates Both Runtime Assertion Checking and Formal Verification , 2002, FMCO.

[10]  Charles Gregory Nelson,et al.  Techniques for program verification , 1979 .

[11]  Reiner Hähnle,et al.  Regular Paper The KeY Tool ? Integrating Object Oriented Design and Formal Verification , 2022 .

[12]  Albert L. Baker,et al.  JML: A Notation for Detailed Design , 1999, Behavioral Specifications of Businesses and Systems.

[13]  John Tang Boyland,et al.  Formal Techniques for Java-Like Programs , 2007, ECOOP Workshops.

[14]  K. Rustan M. Leino,et al.  The Spec# Programming System: An Overview , 2004, CASSIS.

[15]  Albert L. Baker,et al.  Preliminary design of JML: a behavioral interface specification language for java , 2006, SOEN.

[16]  Lilian Burdy,et al.  Jack: Java applet correctness kit , 2002 .

[17]  David R. Cok,et al.  ESC/Java2: Uniting ESC/Java and JML Progress and Issues in Building and Using ESC/Java2, Including a Case Study Involving the Use of the Tool to Verify Portions of an Internet Voting Tally System , 2005 .

[18]  Gary T. Leavens,et al.  JML: notations and tools supporting detailed design in Java , 2000 .

[19]  Gary T. Leavens,et al.  Desugaring JML Method Specifications , 2005 .

[20]  Bernhard Beckert,et al.  The KeY tool , 2005, Software & Systems Modeling.

[21]  Stephen H. Edwards,et al.  Model variables: cleanly supporting abstraction in design by contract , 2005, Softw. Pract. Exp..

[22]  Bart Jacobs,et al.  A Logic for the Java Modeling Language JML , 2001, FASE.

[23]  Bart Jacobs,et al.  Weakest pre-condition reasoning for Java programs with JML annotations , 2004, J. Log. Algebraic Methods Program..

[24]  David R. Cok,et al.  ESC/Java2: Uniting ESC/Java and JML , 2004, CASSIS.

[25]  Gary T. Leavens,et al.  Modular Specification of Frame Properties , 2001 .

[26]  Peter Müller,et al.  Modular Specification and Verification of Object-Oriented Programs , 2002, Lecture Notes in Computer Science.

[27]  Gary T. Leavens,et al.  Modular specification of frame properties in JML , 2003, Concurr. Comput. Pract. Exp..

[28]  Erik Poll,et al.  Verifying JML specifications with model fields , 2003 .