Yijing Liu,Ali Hong,Zongyan Qiu

DOI: https://doi.org/10.1109/tase.2011.28

2011-01-01

Abstract:Specification and verification for object oriented (OO) programs remains a great challenge despite of decades' efforts. To address the problem, we propose a novel specification and verification framework, which supports abstraction and offers modularity via a set of scope and inheritance rules, and a concept called\emph{specification predicate}. The framework covers the most important OO features like encapsulation, inheritance and polymorphism, while only one specification per method is necessary. It can successfully deal with inheritance, keep still modularity in verification, and avoid re-verification of the implementation. We show how the framework can be integrated into an OO language, and use examples to illustrate how the specification and verification can be carried out in our framework following the structures of OO programs in an abstract and modular way.

Jianhua Zhao,Xuandong LI

DOI: https://doi.org/10.48550/arXiv.1311.7181

2013-11-28

Abstract:This paper presents a formal approach to specify and verify object-oriented programs written in the `programming to interfaces' paradigm. Besides the methods to be invoked by its clients, an interface also declares a set of abstract function/predicate symbols, together with a set of constraints on these symbols. For each method declared in this interface, a specification template is given using these abstract symbols. A class implementing this interface can give its own definitions to the abstract symbols, as long as all the constraints are satisfied. This class implements all the methods declared in the interface such that the method specification templates declared in the interface are satisfied w.r.t. the definitions of the abstract function symbols in this class. Based on the constraints on the abstract symbols, the client code using interfaces can be specified and verified precisely without knowing what classes implement these interfaces. Given more information about the implementing classes, the specifications of the client code can be specialized into more precise ones without re-verifying the client code. Several commonly used interfaces and their implementations (including Iterator, Observer, Comparable, and Comparator) are used to demonstrate that the approach in this paper is both precise and flexible.

Logic in Computer Science

Ke Zhang,Zongyan Qiu

DOI: https://doi.org/10.1007/978-3-319-41591-8_18

2016-01-01

Abstract:We implement an OO specification and verification framework VeriJ in the proof assistant Coq. This framework covers the main OO features like encapsulation, inheritance and polymorphism. It can modularly specify and verify programs, while only one specification per method is necessary. In this paper, we introduce the framework VeriJ, our tool in Coq, and an example to illustrate how to specify/verify the program in a modular and abstract way.

Ali Hong,Yijing Liu,Zongyan Qiu

DOI: https://doi.org/10.1007/978-3-319-07602-7_12

2014-01-01

Abstract:A Abstraction is essential in component-based design and implementation of systems, however, it brings also challenges to the formal specification and verification. In this paper we develop a framework to support the abstract specification for the interfaces of components and their interactions, and the related verification. We show also that the abstract specification on the interface-level can be used to enforce correct implementations of the components. We take one practical application of the well-known MVC architecture as a case study. Although our work focuses on the OO based programs, some concepts and techniques developed in the work might be useful more broadly.

Jia Lv,Jing Ying,Minghui Wu,Tao Jiang,Fanwei Zhu

DOI: https://doi.org/10.1109/ssiri.2009.20

2009-01-01

Abstract:The behavior model of traditional temporal logic is closed and symmetrical, while the behavior model of aspect-oriented programs is open and asymmetrical. When the programmer designs the base-code, he is not sure what aspects will be woven to it. It is indirect and difficult to specify and verify the behavior of aspect-oriented programs by using traditional temporal logic. In this paper, we propose a new temporal logic named open temporal logic, which introduced some new path operators and one new temporal operator. Since paths are divided into two kinds: internal parts and external parts, the behavioral model of open temporal logic is open and asymmetrical. Base on open temporal logic and the proof system of traditional rely-guarantee method, a new proof system is given to verify the behavior of aspect-oriented programs.

Tingting Hu,Shuling Wang,Zongyan Qiu

DOI: https://doi.org/10.1109/tase.2015.24

2015-01-01

Abstract:Algebraic specification is well-known in specifying abstract data types. It could also play an important role in verifying the interrelation between methods in classes. In this paper we develop a framework for verifying the conformance of method implementations against an algebraic specification. Different from most existing work that perform testing at the code level for the conformance, our approach verifies the conformance without touching the implementation details. As another contribution, we show that if all the inherited methods of a subclass satisfy behavioral subtyping, then the subclass conforms to the algebraic specification of its superclass, i.e., there is no need to re-verify.

Liu Yijing,Qiu Zongyan

DOI: https://doi.org/10.1007/978-3-642-27269-1_6

2012-01-01

Abstract:We present a general storage model that reflects features of object oriented (OO) languages with pure reference semantics. Based on this model, we develop an OO Separation Logic (OOSL) to specify and verify OO programs. Many inference rules in the Separation Logic still hold in OOSL. Additionally, OOSL has certain properties important to OO reasoning. We introduce HoareTriple for a small OO language, and use the Schorr-Waite Marking Algorithm as a verification example.

Hongjin Liang,Xinyu Feng

DOI: https://doi.org/10.1145/2499370.2462189

2013-01-01

ACM SIGPLAN Notices

Abstract:Locating linearization points (LPs) is an intuitive approach for proving linearizability, but it is difficult to apply the idea in Hoare-style logic for formal program verification, especially for verifying algorithms whose LPs cannot be statically located in the code. In this paper, we propose a program logic with a lightweight instrumentation mechanism which can verify algorithms with non-fixed LPs, including the most challenging ones that use the helping mechanism to achieve lock-freedom (as in HSY elimination-based stack), or have LPs depending on unpredictable future executions (as in the lazy set algorithm), or involve both features. We also develop a thread-local simulation as the meta-theory of our logic, and show it implies contextual refinement, which is equivalent to linearizability. Using our logic we have successfully verified various classic algorithms, some of which are used in the java.util.concurrent package.

Niels Mommen,Bart Jacobs

2023-07-14

Abstract:We propose an approach for modular verification of programs written in an object-oriented language where, like in C++, the same virtual method call is bound to different methods at different points during the construction or destruction of an object. Our separation logic combines Parkinson and Bierman's abstract predicate families with essentially explicitly tracking each subobject's vtable pointer. Our logic supports polymorphic destruction. Virtual inheritance is not yet supported. We formalised our approach and implemented it in our VeriFast tool for semi-automated modular formal verification of C++ programs.

Programming Languages

Yuan Dong,Shengyuan Wang,Liwei Zhang,Ping Yang

DOI: https://doi.org/10.1109/compsac.2009.81

2009-01-01

Abstract:Modular certification of low-level intermediate representation (IR) programs is one of the key steps of proof-transforming compilation. The major challenges are the complexity of abstract control stacks and the lack of control flow information due to their flat nature.To tackle these challenges, we present in this paper a novel Hoare-style logic framework for modular certification of p-machine style bytecode as IR programs. This logic can fully support abstract control stacks and unstructured control flows for modular certification of IR programs involving while loops, procedure call/return, recursive procedures, and even nested procedures. It applies foundational proof-carrying code (FPCC) concepts to IR level. This system is expressive and fully mechanized. We prove its soundness and demonstrate its power by certifying the implementation of some IR programs in the Coq proof assistant. This work not only provides a solid theoretical foundation for reasoning about IR programs, but also makes an important advance toward building proof-transforming compilation environment in which certified IR code with proofs can be compiled to machine checkable proof-carrying low-level assembly code.

Jianjun Zhao,Cheng Zhang,Sibo Zhang,Jiaming Zhang

2006-01-01

Abstract:VeriJava is a novel programming system, which extends Java lan- guage, with just a few new language constructs, to support adding contracts to Java. VeriJava consists of an object-oriented programming language called Veri- Java, a compiler for compiling VeriJava programs to Java bytecode, and a static verifier for assuring that the VeriJava code is consistent with its specifications. This paper discusses the goal and the overall programming approach of VeriJava. The paper also gives examples of VeriJava programs. On one hand, VeriJava pro- vides a way with assertions (pre- and postconditions, and class invariants), to support runtime checking such as debugging and testing. On the other hand, Ver- iJava also offers the possibility of automatic compile-time verifications such as checking the code of a method against its specification, checking that the specifi- cation of a subclass is compatible with the specification of its superclass.

Jinjiang Lei,Zongyan Qiu

DOI: https://doi.org/10.1007/978-3-319-10882-7_17

2014-01-01

Abstract:Verification of concurrent systems is difficult because of the inherent nondeterminism. Modern verification requires better locality and modularity. Reasoning of shared memory systems has gained much progress in these aspects. However, modular verification of distributed systems is still in demand. In this paper, we propose a new reasoning system for message-passing programs. It is a novel logic that supports Hoare style triples to specify and verify distributed programs modularly. We concretize the concept of event traces to represent interactions among distributed agents, and specify behaviors of agents by their local traces with regard to environmental assumptions. Based on trace semantics, the verification is compositional in both temporal and spatial dimensions. As an example, we show how to modularly verify an implementation of merging network.

Junyan Qian,Baowen Xu

2007-01-01

Abstract:we present a methodology for automatically verifying programs against safety specifications based on finite state machine. Firstly, computing the abstract transition between abstract states is done by calling a theorem prover, and then an initial abstract model automatically is extracted from concrete program using predicate abstraction. However, the process of abstraction can be exponential in the number of predicates used. Program slicing, predicate inference and partitioning the set of candidate predicates into subsets make abstract model construction effective. By counterexample-guided abstraction refinement scheme, the abstraction refines incrementally until the specification is either satisfied or refuted. Finally, our methods can be extended to verifying concurrency programs by parallel composition.

Yijing Liu,Quan Long,Qiu Zongyan

2009-01-01

Abstract:For the object oriented paradigm, providing a relatively rich model language equipped with formal semantics for practical reasoning is an important and long-standing open problem. In this work, μJava, a sufficient large subset of sequential Java is defined. An OO Separation Logic with pure reference semantic model is developed. Facilitated by this logic, the Weakest Precondition (WP) semantics for μJavais defined, and its soundness and completeness are proved. As far as we know, this is the first work on the completeness of such a semantics. Some key properties are shown still hold, especially the frame rule that is important for local reasoning. Additionally, we find some properties absent in the original Separation Logic, but important for OO reasoning. We introduce Hoare Triple based on the WP semantics. As the application and illustration of how the WP semantics serve the verification of OO programs, some examples are given, with the class invariant proof in a case study. We anticipate that this work would be helpful for the disciplines of OO software verification and refinement.

Yuanfang Cai,Sunny Huynh,Tao Xie

DOI: https://doi.org/10.1145/1321631.1321704

2007-01-01

Abstract:Modularity is one of the most important properties of a software design, with significant impact on changeability and evolvability. However, a formalized and automated approach is lacking to test and verify software design models against their modularity properties, in particular, their ability to accommodate potential changes. In this paper, we propose a novel framework for testing design modularity. The software artifact under test is a software design. A test input is a potential change to the design. The test output is a modularity vector, which precisely captures quantitative capability extents of the design for accommodating the test input (the potential change). Both the design and the test input are represented as formal computable models to enable automatic testing. The modularity vector integrates the net option value analysis with well-known design principles. We have implemented the framework with tool supports and tested aspect-oriented and object-oriented design patterns in terms of their ability to accommodate sequences of possible changes. The results showed that previous informal, implementation-based analysis can be conducted by our framework automatically and quantitatively at the design level. This framework also opens the opportunities of applying testing techniques, such as coverage criteria, on software designs

Xuandong Li,Xiaokang Qiu,Linzhang Wang,Xin Chen,Zhou Zhou,Liqian Yu,Jinhua Zhao

DOI: https://doi.org/10.1049/iet-sen.2009.0009

2011-01-01

IET Software

Abstract:The authors use unified modelling language (UML) 2.0 interaction overview diagrams (IODs) and sequence diagrams to construct simple and expressive scenario-based specifications, and present an approach to runtime verification of Java programs for exceptional consistency and mandatory consistency. The exceptional consistency requires that any forbidden scenario described by a given IOD never happen...

Krzysztof R. Apt,Frank S. de Boer,Ernst-Rüdiger Olderog

DOI: https://doi.org/10.48550/arXiv.0907.4316

2009-07-24

Logic in Computer Science

Abstract:We argue that verification of recursive programs by means of the assertional method of C.A.R. Hoare can be conceptually simplified using a modular reasoning. In this approach some properties of the program are established first and subsequently used to establish other program properties. We illustrate this approach by providing a modular correctness proof of the Quicksort program.

Hongjiang Gao,Yongsheng Zhao,Jun Liu,Zheng Qin

2007-01-01

Abstract:With increasingly complexity in intellectualized information management systems (IIMS), the problem of their verification and validation is acquiring increasing importance, and rigorous design practices are needed in case of critical applications. In this paper, a practical approach for increasingly developing flexible and reliable formal specifications of IIMS using Event-B is described, with a roles-based collaboration model, exemplified on iterated contract net interaction protocol in the interaction of IIMS, and then B models generated with evt2b supported by Atelier B are then proven in consistency and correctness.

Ming Zhu,Jinian Bian,Weimin Wu

DOI: https://doi.org/10.1109/CACWD.2004.1349159

2004-01-01

Abstract:A collaborative scheme for verifying classified properties of a design is proposed. These properties are classified for three verification techniques, i.e. module logic simulation, BDD (binary decision diagram) based model checking and CDFG (control data flow graph) matching. The cooperative process is performed on a refined model from CDFG structure and three interactive methods are employed to complete the verification. The optimization techniques, BDD variables reordering and property grouping are discussed and examined. This collaborative scheme is implemented on the benchmarks ITC99, which demonstrates its validity and practicality.

Youngju Song,Minki Cho,Dongjae Lee,Chung-Kil Hur

DOI: https://doi.org/10.48550/arXiv.2109.02991

2021-09-07

Abstract:Contextual refinement and separation logics are successful verification techniques that are very different in nature. First, the former guarantees behavioral refinement between a concrete program and an abstract program while the latter guarantees safety of a concrete program under certain conditions (expressed in terms of pre and post conditions). Second, the former does not allow any assumption about the context when locally reasoning about a module while the latter allows rich assumptions. In this paper, we present a new verification technique, called abstraction logic (AL), that inherently combines contextual refinement and separation logics such as Iris and VST, thereby taking the advantages of both. Specifically, AL allows us to locally verify a concrete module against an abstract module under separation-logic-style pre and post conditions about external modules. AL are fully formalized in Coq and provides a proof mode that supports a combination of simulation-style reasoning using our own tactics and SL-style reasoning using IPM (Iris Proof Mode). Using the proof mode, we verified various examples to demonstrate reasoning about ownership (based on partial commutative monoids) and purity ($i.e.$, termination with no system call), cyclic and higher-order reasoning about mutual recursion and function pointers, and reusable and gradual verification via intermediate abstractions. Also, the verification results are combined with CompCert, so that we formally establish behavioral refinement from top-level abstract programs, all the way down to their assembly code.

Programming Languages