Proving Consistency of Pure Methods and Model Fields

Leino, K. Rustan M.; Middelkoop, Ronald

doi:10.1007/978-3-642-00593-0_16

Cited by 11 publications

(4 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The composite design pattern (part 1). Middelkoop 2009;Rudich et al 2008]. We specifically chose very simple rules in our formalization to be able to focus on proving soundness of the permission system and to avoid unnecessary clutter in the proof.…”

Section: Specification Via Recursive Predicates and Methodsmentioning

confidence: 99%

“…Reasoning about method calls in specifications-and in particular, framing their return values-was posed as a challenge for verification by Leavens et al [2007]. Various researchers have attacked well-formedness of pure method specifications [Leino and Middelkoop 2009;Rudich et al 2008], framing of return values [Darvas and Leino 2007;Jacobs and Piessens 2007;Smans et al 2008], and allowing certain side effects in pure methods [Darvas and Leino 2007]. Just like most of these researchers, we encode pure methods as functions in the verification logic.…”

Section: Related Workmentioning

confidence: 98%

See 1 more Smart Citation

Implicit dynamic frames

Smans

Jacobs

Piessens

2012

ACM Trans. Program. Lang. Syst.

View full text Add to dashboard Cite

An important, challenging problem in the verification of imperative programs with shared, mutable state is the frame problem in the presence of data abstraction. That is, one must be able to specify and verify upper bounds on the set of memory locations a method can read and write without exposing that method's implementation.Separation logic is now widely considered the most promising solution to this problem. However, unlike conventional verification approaches, separation logic assertions cannot mention heap-dependent expressions from the host programming language, such as method calls familiar to many developers. Moreover, separation logic-based verifiers are often based on symbolic execution. These symbolic execution-based verifiers typically do not support non-separating conjunction, and some of them rely on the developer to explicitly fold and unfold predicate definitions. Furthermore, several researchers have wondered whether it is possible to use verification condition generation and standard first-order provers instead of symbolic execution to automatically verify conformance with a separation logic specification.In this article, we propose a variant of separation logic called implicit dynamic frames that supports heap-dependent expressions inside assertions. Conformance with an implicit dynamic frames specification can be checked by proving the validity of a number of first-order verification conditions. To show that these verification conditions can be discharged automatically by standard first-order provers, we have implemented our approach in a verifier prototype and have used this prototype to verify several challenging examples from related work. Our prototype automatically folds and unfolds predicate definitions, as required, during the proof and can reason about non-separating conjunction which is used in the specifications of some of these examples. Finally, we prove the soundness of the approach.

show abstract

Section: Specification Via Recursive Predicates and Methodsmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 98%

Implicit dynamic frames

Smans

Jacobs

Piessens

2012

ACM Trans. Program. Lang. Syst.

View full text Add to dashboard Cite

show abstract

“…Using the execution semantics of the OP operator in the verification would trivially render any MT that is written in L as verified [26,27,44]. -An execution semantics of a MT language that is incorrect with respect to the runtime behaviour of the underlying implementation could lead to erroneous conclusions about the correctness of the MT (see Sect.…”

Section: Introductionmentioning

confidence: 99%

Formalised EMFTVM bytecode language for sound verification of model transformations

2016

View full text Add to dashboard Cite

Model-driven engineering is an effective approach for addressing the full life cycle of software development. Model transformation is widely acknowledged as one of its central ingredients. With the increasing complexity of model transformations, it is urgent to develop verification tools that prevent incorrect transformations from generating faulty models. However, the development of sound verification tools is a non-trivial task, due to unimplementable or erroneous execution semantics encoded for the target model transformation language. In this work, we develop a formalisation for the EMFTVM bytecode language by using the Boogie intermediate verification language. It ensures the model transformation language has an implementable execution semantics by reliably prototyping the implementation of the model transformation language. It also ensures the absence of erroneous execution semantics encoded for the target model transformation language by using a translation validation approach.

show abstract

“…Technically, with this restriction, the compiled let-such-that statement is no longer Hilbert's ε operator, but instead Russel's definite description operator [15], commonly denoted as the binder ι.…”

Section: Russell's ι Operatormentioning

confidence: 99%

Compiling Hilbert's epsilon operator

Leino¹

EPiC Series in Computing

View full text Add to dashboard Cite

show abstract

Proving Consistency of Pure Methods and Model Fields

Cited by 11 publications

References 19 publications

Implicit dynamic frames

Implicit dynamic frames

Formalised EMFTVM bytecode language for sound verification of model transformations

Compiling Hilbert's epsilon operator

Contact Info

Product

Resources

About