VeriCool: An Automatic Verifier for a Concurrent Object-Oriented Language

Abstract: Abstract. Reasoning about object-oriented programs is hard, due to aliasing, dynamic binding and the need for data abstraction and framing. Reasoning about concurrent object-oriented programs is even harder, since in general interference by other threads has to be taken into account at each program point.In this paper, we propose an approach to the automatic verification of concurrent Java-like programs. The cornerstone of the approach is a programming model, a set of rules, which limits thread inference to sy… Show more

“…Many verifiers [15,21,26] work around this problem by distinguishing between a predicate and its body. Instead of letting the SMT solver expand predicate definitions automatically, the verifier expands only specific predicate definitions at specific points in the program execution.…”

“…Similarly to existing tools such as Spec# [4] and VeriCool [26], we handle this problem by abstracting over the locations folded inside a predicate instance, via versioning. The idea is as follows: if we can be sure that a predicate instance has been neither unfolded nor exhaled since an earlier program point, we know that all locations nested inside the predicate are unmodified.…”

“…Symbolic execution is an alternative technique to VCG and is used in tools such as [5,11,15,16,26]. Typically, symbolic execution engines use partial heaps and other more elaborate data structures for the representation of the program state.…”

“…Program logics based on access permissions, such as separation logic [24] and implicit dynamic frames [27] are the foundation of many program verifiers for heap-manipulating programs [5,11,15,21,26]. They associate an access permission with each heap location, and enforce that a method accesses a location only if it has the permission to do so.…”

Verification Condition Generation for Permission Logics with Abstract Predicates and Abstraction Functions

“…Many verifiers [15,21,26] work around this problem by distinguishing between a predicate and its body. Instead of letting the SMT solver expand predicate definitions automatically, the verifier expands only specific predicate definitions at specific points in the program execution.…”

“…Similarly to existing tools such as Spec# [4] and VeriCool [26], we handle this problem by abstracting over the locations folded inside a predicate instance, via versioning. The idea is as follows: if we can be sure that a predicate instance has been neither unfolded nor exhaled since an earlier program point, we know that all locations nested inside the predicate are unmodified.…”

“…Symbolic execution is an alternative technique to VCG and is used in tools such as [5,11,15,16,26]. Typically, symbolic execution engines use partial heaps and other more elaborate data structures for the representation of the program state.…”

“…Program logics based on access permissions, such as separation logic [24] and implicit dynamic frames [27] are the foundation of many program verifiers for heap-manipulating programs [5,11,15,21,26]. They associate an access permission with each heap location, and enforce that a method accesses a location only if it has the permission to do so.…”

Verification Condition Generation for Permission Logics with Abstract Predicates and Abstraction Functions

“…Other techniques exist for dealing with the heap in modular verification, including ownership [11], which is used by Spec# and Java/JML; dynamic frames [21,29], which is used by VeriCool 1 and Dafny; and implicit dynamic frames [30], which are used in VeriCool 3 and Chalice.…”

Shape Analysis of Low-Level C with Overlapping Structures

LEAP: A Tool for the Parametrized Verification of Concurrent Datatypes