Zongyan Qiu,Hong Ali,Liu Yijing

DOI: https://doi.org/10.1007/978-3-642-34281-3_13

2012-01-01

Abstract:Interface types in OO languages support polymorphism, abstraction and information hiding by separating interfaces from their implementations. The separation enhances modularity of programs, however, it causes also challenges to the formal verification. Here we present a study on interface types, and develop a specification and verification theory based on our former veriJ framework. We support multi-specifications for classes inherited from interfaces and the superclass, and keep the verification modularly without re-touching the verified code. The concepts developed in veriJ, namely the abstract specification and specification predicate, play important roles in this extension, and thus are proved widely useful and very natural in the formal proofs of OO programs.

Ke Zhang,Zongyan Qiu

DOI: https://doi.org/10.1007/978-3-319-41591-8_18

2016-01-01

Abstract:We implement an OO specification and verification framework VeriJ in the proof assistant Coq. This framework covers the main OO features like encapsulation, inheritance and polymorphism. It can modularly specify and verify programs, while only one specification per method is necessary. In this paper, we introduce the framework VeriJ, our tool in Coq, and an example to illustrate how to specify/verify the program in a modular and abstract way.

Jia Lv,Jing Ying,Minghui Wu,Tao Jiang,Fanwei Zhu

DOI: https://doi.org/10.1109/ssiri.2009.20

2009-01-01

Abstract:The behavior model of traditional temporal logic is closed and symmetrical, while the behavior model of aspect-oriented programs is open and asymmetrical. When the programmer designs the base-code, he is not sure what aspects will be woven to it. It is indirect and difficult to specify and verify the behavior of aspect-oriented programs by using traditional temporal logic. In this paper, we propose a new temporal logic named open temporal logic, which introduced some new path operators and one new temporal operator. Since paths are divided into two kinds: internal parts and external parts, the behavioral model of open temporal logic is open and asymmetrical. Base on open temporal logic and the proof system of traditional rely-guarantee method, a new proof system is given to verify the behavior of aspect-oriented programs.

Ali Hong,Yijing Liu,Zongyan Qiu

DOI: https://doi.org/10.1007/978-3-319-07602-7_12

2014-01-01

Abstract:A Abstraction is essential in component-based design and implementation of systems, however, it brings also challenges to the formal specification and verification. In this paper we develop a framework to support the abstract specification for the interfaces of components and their interactions, and the related verification. We show also that the abstract specification on the interface-level can be used to enforce correct implementations of the components. We take one practical application of the well-known MVC architecture as a case study. Although our work focuses on the OO based programs, some concepts and techniques developed in the work might be useful more broadly.

Jianhua Zhao,Xuandong LI

DOI: https://doi.org/10.48550/arXiv.1311.7181

2013-11-28

Abstract:This paper presents a formal approach to specify and verify object-oriented programs written in the `programming to interfaces' paradigm. Besides the methods to be invoked by its clients, an interface also declares a set of abstract function/predicate symbols, together with a set of constraints on these symbols. For each method declared in this interface, a specification template is given using these abstract symbols. A class implementing this interface can give its own definitions to the abstract symbols, as long as all the constraints are satisfied. This class implements all the methods declared in the interface such that the method specification templates declared in the interface are satisfied w.r.t. the definitions of the abstract function symbols in this class. Based on the constraints on the abstract symbols, the client code using interfaces can be specified and verified precisely without knowing what classes implement these interfaces. Given more information about the implementing classes, the specifications of the client code can be specialized into more precise ones without re-verifying the client code. Several commonly used interfaces and their implementations (including Iterator, Observer, Comparable, and Comparator) are used to demonstrate that the approach in this paper is both precise and flexible.

Logic in Computer Science

Liu Yijing,Qiu Zongyan

DOI: https://doi.org/10.1007/978-3-642-27269-1_6

2012-01-01

Abstract:We present a general storage model that reflects features of object oriented (OO) languages with pure reference semantics. Based on this model, we develop an OO Separation Logic (OOSL) to specify and verify OO programs. Many inference rules in the Separation Logic still hold in OOSL. Additionally, OOSL has certain properties important to OO reasoning. We introduce HoareTriple for a small OO language, and use the Schorr-Waite Marking Algorithm as a verification example.

Yijing Liu,Quan Long,Qiu Zongyan

2009-01-01

Abstract:For the object oriented paradigm, providing a relatively rich model language equipped with formal semantics for practical reasoning is an important and long-standing open problem. In this work, μJava, a sufficient large subset of sequential Java is defined. An OO Separation Logic with pure reference semantic model is developed. Facilitated by this logic, the Weakest Precondition (WP) semantics for μJavais defined, and its soundness and completeness are proved. As far as we know, this is the first work on the completeness of such a semantics. Some key properties are shown still hold, especially the frame rule that is important for local reasoning. Additionally, we find some properties absent in the original Separation Logic, but important for OO reasoning. We introduce Hoare Triple based on the WP semantics. As the application and illustration of how the WP semantics serve the verification of OO programs, some examples are given, with the class invariant proof in a case study. We anticipate that this work would be helpful for the disciplines of OO software verification and refinement.

Tingting Hu,Shuling Wang,Zongyan Qiu

DOI: https://doi.org/10.1109/tase.2015.24

2015-01-01

Abstract:Algebraic specification is well-known in specifying abstract data types. It could also play an important role in verifying the interrelation between methods in classes. In this paper we develop a framework for verifying the conformance of method implementations against an algebraic specification. Different from most existing work that perform testing at the code level for the conformance, our approach verifies the conformance without touching the implementation details. As another contribution, we show that if all the inherited methods of a subclass satisfy behavioral subtyping, then the subclass conforms to the algebraic specification of its superclass, i.e., there is no need to re-verify.

YZ Qu,ZJ Wang,JF Xu

1996-01-01

Abstract:> Inheritance is regarded as the hallmark of object-oriented programming languages.A mathematical model of inheritance is presented.In this model,the graph-sorted signature is introduced to represent the algebraic structure of the program,and an extension function on the graph-sorted signatures is used to formally describe the semantics of inheritance.The program’s algebraic structure reflects the syntactic constraints of the language and the corresponding extension function exposes the character of the language’s inheritance.

T Li,HJ Yang,BW Xu,L Shi

2005-01-01

Abstract:In this paper, we design an object-oriented requirement specification language OORSL and propose an approach that transforms a formal function specification defined by OORSL into a Java program framework. In our approach, users can define parallel Units in OORSL specification and the parallel units can be transformed into concurrent threads in Java. Therefore, the formal design problem of parallel systems is changed into the problem of serial system design. Thus, the complexity of formal design of parallel systems is reduced. A Java program framework includes assertions that originate from OORSL junction specification. The assertions can be further transformed into Java codes by means of function decomposition.

Yuanfang Cai,Sunny Huynh,Tao Xie

DOI: https://doi.org/10.1145/1321631.1321704

2007-01-01

Abstract:Modularity is one of the most important properties of a software design, with significant impact on changeability and evolvability. However, a formalized and automated approach is lacking to test and verify software design models against their modularity properties, in particular, their ability to accommodate potential changes. In this paper, we propose a novel framework for testing design modularity. The software artifact under test is a software design. A test input is a potential change to the design. The test output is a modularity vector, which precisely captures quantitative capability extents of the design for accommodating the test input (the potential change). Both the design and the test input are represented as formal computable models to enable automatic testing. The modularity vector integrates the net option value analysis with well-known design principles. We have implemented the framework with tool supports and tested aspect-oriented and object-oriented design patterns in terms of their ability to accommodate sequences of possible changes. The results showed that previous informal, implementation-based analysis can be conducted by our framework automatically and quantitatively at the design level. This framework also opens the opportunities of applying testing techniques, such as coverage criteria, on software designs

Niels Mommen,Bart Jacobs

2023-07-14

Abstract:We propose an approach for modular verification of programs written in an object-oriented language where, like in C++, the same virtual method call is bound to different methods at different points during the construction or destruction of an object. Our separation logic combines Parkinson and Bierman's abstract predicate families with essentially explicitly tracking each subobject's vtable pointer. Our logic supports polymorphic destruction. Virtual inheritance is not yet supported. We formalised our approach and implemented it in our VeriFast tool for semi-automated modular formal verification of C++ programs.

Programming Languages

Hong Mei,Yongqiang Sun

1995-01-01

Ruan Jian Xue Bao/Journal of Software

Abstract:In object-oriented programming, the inheritance is one of the factors which induce semantic complexity. In this paper, the coexistence and relationship of inheritance, as a mechanism for sharing codes, and subtyping, which expresses specialization in functionality, are discussed. The concept of type, which states that types are behavioral specifications of objects, that is, the sets of named operations, is presented. Based on this concept, types, classes and subtyping relationship are described formally.

Qi Zhou,David Heath,William Harris

DOI: https://doi.org/10.4204/EPTCS.296.6

2019-07-09

Abstract:Relational properties describe relationships that hold over multiple executions of one or more programs, such as functional equivalence. Conventional approaches for automatically verifying such properties typically rely on syntax-based, heuristic strategies for finding synchronization points among the input programs. These synchronization points are then annotated with appropriate relational invariants to complete the proof. However, when suboptimal synchronization points are chosen the required invariants can be complicated or even inexpressible in the target theory. In this work, we propose a novel approach to verifying relational properties. This approach searches for synchronization points and synthesizes relational invariants simultaneously. Specifically, the approach uses synthesized invariants as a guide for finding proper synchronization points that lead to a complete proof. We implemented our approach as a tool named PEQUOD, which targets Java Virtual Machine (JVM) bytecode. We evaluated PEQUOD by using it to solve verification challenges drawn from the from the research literature and by verifying properties of student-submitted solutions to online challenge problems. The results show that PEQUOD solve verification problems that cannot be addressed by current techniques.

Programming Languages,Logic in Computer Science

Yijing Liu,Zongyan Qiu,Quan Long

2011-01-01

Abstract:For the object oriented (OO) world, developing formal semantics for theoretical study and practical use is still an important topic despite of a decade’s efforts. In this paper, for a sufficiently large subset of sequential Java with a pure reference semantics model, we define a Weakest Precondition (WP) semantics, and prove its soundness and completeness. Based on this WP semantics, we study specifications of methods and the refinement relationship between specifications, and we propose new definitions for object invariants and behavioral subtyping notation for general OO programs.

Ke Zhang,Zongyan Qiu

DOI: https://doi.org/10.1007/978-3-319-45279-1_12

2016-01-01

Abstract:To modularly specify and verify object oriented programs on some abstract level, we need abstraction techniques to hide the implementation details of the classes. Model fields and abstract predicates are two most important approaches to address the requirements. In this paper, we mainly compare their expressiveness. We develop two translation algorithms, which can translate a program with model fields based specification to one with abstract predicates based specification. We prove that the translation algorithms are correct, and the resulting specifications are well-encapsulated and well-formed. This shows that the abstract predicates technique is more expressive. On the other hand, the model fields based specifications are more user friendly and useful in automatic verification. In addition, we discuss the different characteristics of the two approaches in framing, inheritance, and recursion.

Zhanqi Cui,Linzhang Wang,Xi Liu,Lei Bu,Jianhua Zhao,Xuandong Li

DOI: https://doi.org/10.1142/S0218194013400123

IF: 1.007

2013-01-01

International Journal of Software Engineering and Knowledge Engineering

Abstract:Dealing with crosscutting concerns has been a critical problem in software development processes. To facilitate handling crosscutting concerns at design phases, we proposed an aspect-oriented modeling and integration approach with UML activity diagrams. The primary concerns are depicted with UML activity diagrams as primary models, whereas crosscutting concerns are described with aspectual extended activity diagrams as aspect models. Aspect models can be integrated into primary models automatically. The AOM approach can reduce the complexity of design models. However, potential faults that violate desired properties of the software system might still be introduced during the modeling or integration processes. The verification technique is well-known for its ability to assure the correctness of models and uncover design problems before implementation. We propose a framework to verify aspect-oriented UML activity diagrams based on Petri net verification techniques. For verification purpose, we transform the integrated activity diagrams into Petri nets and prove the consistency of the transformation. Then, crosscutting concerns in system requirements are refined to properties in the form of CTL formulas. Finally, the Petri nets are verified against the formalized properties to report whether the aspect-oriented design models satisfies the requirements. Furthermore, we implement a tool named Jasmine-AOV to support the verification process. Case studies are conducted to evaluate the effectiveness of the proposed approach.

Jesper Amilon,Zafer Esen,Dilian Gurov,Christian Lidström,Philipp Rümmer,Marten Voorberg

2024-12-09

Abstract:In deductive verification and software model checking, dealing with certain specification language constructs can be problematic when the back-end solver is not sufficiently powerful or lacks the required theories. One way to deal with this is to transform, for verification purposes, the program to an equivalent one not using the problematic constructs, and to reason about this equivalent program instead. In this article, we propose program instrumentation as a unifying verification paradigm that subsumes various existing ad-hoc approaches, has a clear formal correctness criterion, can be applied automatically, and can transfer back witnesses and counterexamples. We illustrate our approach on the automated verification of programs that involve quantification and aggregation operations over arrays, such as the maximum value or sum of the elements in a given segment of the array, which are known to be difficult to reason about automatically. We implement our approach in the MonoCera tool, which is tailored to the verification of programs with aggregation, and evaluate it on example programs, including SV-COMP programs.

Logic in Computer Science

Quan Long,Qiu Zongyan,Wang Shuling

2006-01-01

Abstract:In recent years, many researchers in the programming language and formal methods communities have been investigating weakest precondition (WP) semantics for object-oriented (OO) programs. Based on a modified version of Separation Logic, OO Separation Logic, we develop in this article a WP semantics for an OO language with most important object-oriented features including subtypes, visibility, inheritance, dynamic binding and reference types. Giving a clear comparison to existing work, we conclude that the WP semantics defined here captures the essentials of object-orientation. Further, in the WP semantic model, we define program transformation in terms of refinement. With some case studies, we show that, supported by the semantics defined, it is easier to model many practical program transformations in a reasonable way. keywords: Object Orientation, Weakest Precondition, Separation Logic, Semantics, Refinement

Cheng Wen,Jialun Cao,Jie Su,Zhiwu Xu,Shengchao Qin,Mengda He,Haokun Li,Shing-Chi Cheung,Cong Tian

2024-04-02

Abstract:Formal verification provides a rigorous and systematic approach to ensure the correctness and reliability of software systems. Yet, constructing specifications for the full proof relies on domain expertise and non-trivial manpower. In view of such needs, an automated approach for specification synthesis is desired. While existing automated approaches are limited in their versatility, i.e., they either focus only on synthesizing loop invariants for numerical programs, or are tailored for specific types of programs or invariants. Programs involving multiple complicated data types (e.g., arrays, pointers) and code structures (e.g., nested loops, function calls) are often beyond their capabilities. To help bridge this gap, we present AutoSpec, an automated approach to synthesize specifications for automated program verification. It overcomes the shortcomings of existing work in specification versatility, synthesizing satisfiable and adequate specifications for full proof. It is driven by static analysis and program verification, and is empowered by large language models (LLMs). AutoSpec addresses the practical challenges in three ways: (1) driving \name by static analysis and program verification, LLMs serve as generators to generate candidate specifications, (2) programs are decomposed to direct the attention of LLMs, and (3) candidate specifications are validated in each round to avoid error accumulation during the interaction with LLMs. In this way, AutoSpec can incrementally and iteratively generate satisfiable and adequate specifications. The evaluation shows its effectiveness and usefulness, as it outperforms existing works by successfully verifying 79% of programs through automatic specification synthesis, a significant improvement of 1.592x. It can also be successfully applied to verify the programs in a real-world X509-parser project.

Software Engineering