Skip to main content
SpringerLink
Log in

Integrating deductive verification and symbolic execution for abstract object creation in dynamic logic

  • Theme Section Paper
  • Published:
Software & Systems Modeling Aims and scope Submit manuscript

Abstract

We present a fully abstract weakest precondition calculus and its integration with symbolic execution. Our assertion language allows both specifying and verifying properties of objects at the abstraction level of the programming language, abstracting from a specific implementation of object creation. Objects which are not (yet) created never play any role. The corresponding proof theory is discussed and justified formally by soundness theorems. The usage of the assertion language and proof rules is illustrated with an example of a linked list reachability property. All proof rules presented are fully implemented in a version of the KeY verification system for Java programs.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11

Similar content being viewed by others

Notes

  1. The benefit of delaying substitutions in the context of symbolic execution is illustrated in Sect. 6.

  2. To see why the shifting inward of \({\{u\mathrel {:=}\,{\mathsf {new}\,}\}}\) is necessary, consider the case \({\{u\mathrel {:=}\,{\mathsf {new}\,}\}} (u.x=0)\). Neither side of the equality denotes the new object (at the top level), but the new object occurs in a sub-expression (namely \(u.x\)). With shifting, \({\{u\mathrel {:=}\,{\mathsf {new}\,}\}} (u.x=0)\) results in \((0=0)\). Without shifting, the (incorrect) result is \(u.x=0\).

  3. As a counterexample, the term \({\{u\mathrel {:=}\,{\mathsf {new}\,}\}}u\) cannot be simplified further.

References

  1. Abadi, M., Leino, K.R.M.: A logic of object-oriented programs. In: Proceedings of 7th International Conference Theory and Practice of Software, volume 1214 of Lecture Notes in Computer Science, pp. 682–696. Springer, Berlin (1997)

  2. Ábrahám, E., de Boer, F.S., de Roever, W.P., Steffen, M.: A deductive proof system for multithreaded Java with exceptions. Fundam. Inform. 82(4), 391–463 (2008)

    MathSciNet  MATH  Google Scholar 

  3. Ahrendt, W., de Boer, F.S., Grabe, I.: Abstract object creation in dynamic logic. In: FM, pp. 612–627 (2009)

  4. Ahrendt, W., Mostowski, W., Paganelli, G.: Real-time Java API specifications for high coverage test generation. In: Proceedings of the 10th International Workshop on Java Technologies for Real-time and Embedded Systems. JTRES ’12, pp. 145–154. ACM, New York, USA (2012)

  5. America, P.: Designing an object-oriented programming language with behavioural subtyping. In: REX Workshop, pp. 60–90 (1990)

  6. America, P.: Formal techniques for parallel object-oriented languages. In: CONCUR, pp. 1–17 (1991)

  7. Apt, K.R.: Ten years of Hoare’s logic: a survey—part 1. ACM Trans. Program. Lang. Syst. 3(4), 431–483 (1981)

    Article  MATH  Google Scholar 

  8. Apt, K.R., de Boer, F.S., Olderog, E.-R.: Verification of sequential and concurrent programs, 3rd edn. Texts in computer science. Springer, Berlin (2009). ISBN: 978-1-84882-744-8

  9. Apt, K.R., de Boer, F.S., Olderog, E.-R., de Gouw, S.: Verification of object-oriented programs: a transformational approach. J. Comput. Syst. Sci. 78(3), 823–852 (2012)

    Article  MathSciNet  MATH  Google Scholar 

  10. Barnett, M., DeLine, R., Fähndrich, M., Leino, K.R.M., Schulte, W.: Verification of object-oriented programs with invariants. J. Object Technol. 3(6), 27–56 (2004)

    Article  Google Scholar 

  11. Beckert, B., Hähnle, R., Schmitt, P.H. (eds.): Verification of Object-Oriented Software: The KeY Approach, volume 4334 of Lecture Notes in Computer Science. Springer, Berlin (2007)

  12. Beckert, B., Klebanov, V., Schlager, S.: Dynamic logic. In: Beckert et al. [11], pp. 69–177

  13. Beckert, B., Platzer, A.: Dynamic logic with non-rigid functions. In: Furbach, U., Shankar, N. (eds.) IJCAR, volume 4130 of Lecture Notes in Computer Science, pp. 266–280. Springer, Berlin (2006)

  14. Berdine, J., Calcagno, C., O’Hearn, P.W.: Smallfoot: modular automatic assertion checking with separation logic. In: FMCO, pp. 115–137 (2005)

  15. Berdine, J., Cook, B., Ishtiaq, S.: SLAyer: Memory safety for systems-level code. In: CAV, pp. 178–183 (2011)

  16. Bormer, T., Brockschmidt, M., Distefano, D., Ernst, G., Filliâtre, J.-C., Grigore, R., Huisman, M., Klebanov, V., Marché, C., Monahan, R., Mostowski, W., Polikarpova, N., Scheben, C., Schellhorn, G., Tofan, B., Tschannen, J., Ulbrich, M.: The COST IC0701 verification competition 2011. In: Beckert, B., Damiani, F., Gurov, D. (eds.) FoVeOOS, volume 7421 of Lecture Notes in Computer Science, pp. 3–21. Springer, Berlin (2011)

  17. Burdy, L., Cheon, Y., Cok, D.R., Ernst, M.D., Kiniry, J.R., Leavens, G.T., Leino, K.R.M., Poll, E.: An overview of JML tools and applications. STTT 7(3), 212–232 (2005)

    Article  Google Scholar 

  18. Burstall, R.M.: Program proving as hand simulation with a little induction. In: Information Processing ’74, pp. 308–312. Elsevier/North-Holland, Amsterdam (1974)

  19. Cadar, C., Dunbar, D., Engler, D.R.: KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs. In: Draves, R., van Renesse, R. (eds.) 8th USENIX Symposium on Operating Systems Design and Implementation, OSDI, San Diego, USA. USENIX Association (2008)

  20. Calcagno, C., Yang, H., O’Hearn, P.W.: Computability and complexity results for a spatial assertion language for data structures. In: Hariharan, R., Vinay, V., Mukund, M. (eds.) FST TCS 2001: Foundations of Software Technology and Theoretical Computer Science. vol. 2245, pp. 108–119, Springer, Berlin, Heidelberg (2001)

  21. Darvas, Á., Mehta, F., Rudich, A.: Efficient well-definedness checking. In: IJCAR, pp. 100–115 (2008)

  22. de Boer, F.S.: A WP-Calculus for OO. In: Thomas, W. (eds.) FoSSaCS, volume 1578 of Lecture Notes in Computer Science, pp. 135–149. Springer, Berlin (1999)

  23. de Gouw, S., de Boer, F.S., Ahrendt, W., Bubel, R.: Weak arithmetic completeness of object-oriented first-order assertion networks. In: SOFSEM, pp. 207–219 (2013)

  24. De Halleux, J., Tillmann, N.: Parameterized unit testing with Pex. In: Proceedings of 2nd International Conference on Tests and Proofs, LNCS, pp. 171–181. Springer, Berlin (2008)

  25. Dijkstra, E.W.: A Discipline of Programming. Prentice-Hall, Englewood Cliffs (1976)

    MATH  Google Scholar 

  26. Distefano, D., Parkinson, M.J.: jStar: Towards practical verification for Java. In: OOPSLA, pp. 213–226 (2008)

  27. Engel, C., Hähnle, R.: Generating unit tests from formal proofs. In: Gurevich, Y., Meyer, B. (eds.) TAP, volume 4454 of Lecture Notes in Computer Science, pp. 169–188. Springer, Berlin (2007)

  28. Filliâtre, J.-C., Marché, C.: The Why/Krakatoa/Caduceus platform for deductive program verification. In: CAV, pp. 173–177 (2007)

  29. Galeotti, J., Rosner, N., Lopez Pombo, C., Frias, M.: TACO: efficient SAT-based bounded verification using symmetry breaking and tight bounds. IEEE Trans. Softw. Eng. 39(9), 1283–1307 (2013)

    Article  Google Scholar 

  30. Giese, M.: First-order logic. In: Beckert et al. [11], pp. 21–68

  31. Harel, D.: Arithmetical completeness in logics of programs. In: ICALP, pp. 268–288 (1978)

  32. Hoare, C.A.R.: An axiomatic basis for computer programming. Commun. ACM 12(10), 576–580 (1969). 583

    Article  MATH  Google Scholar 

  33. Huizing, K., Kuiper, R.: Verification of object-oriented programs using class invariants. Fundam. Approach. Softw. Eng. 1783, 208–221 (2000)

    Article  Google Scholar 

  34. Jacobs, B., Smans, J., Philippaerts, P., Vogels, F., Penninckx, W., Piessens, F.: VeriFast: a powerful, sound, predictable, fast verifier for C and Java. In: Proceedings of the Third international conference on NASA Formal Methods, NFM’11, pp. 41–55, Springer, Berlin, Heidelberg (2011)

  35. Kassios, I.T., Müller, P., Schwerhoff, M.: Comparing verification condition generation with symbolic execution: an experience report. In: Proceedings of the 4th International Conference on Verified Software: Theories, Tools, Experiments, VSTTE’12, pp. 196–208, Springer, Berlin, Heidelberg (2012)

  36. King, J.C.: Symbolic execution and program testing. Commun. ACM 19(7), 385–394 (1976)

    Article  MathSciNet  MATH  Google Scholar 

  37. Klebanov, V., Müller, P., Shankar, N., Leavens, G.T., Wüstholz, V., Alkassar, E., Arthan, R., Bronish, D., Chapman, R., Cohen, E., Hillebrand, M., Jacobs, B., Leino, K.R.M., Monahan, R., Piessens, F., Polikarpova, N., Ridge, T., Smans, J., Tobies, S., Tuerk, T., Ulbrich, M., Weiß, B.: The 1st verified software competition: experience report. In: Proceedings of the 17th International Conference on Formal Methods. FM’11, pp. 154–168. Springer, Berlin, Heidelberg (2011)

  38. Klein, G., Nipkow, T.: A machine-checked model for a Java-like language, virtual machine, and compiler. Trans. Program. Lang. Syst. 28(4), 619–695 (2006)

    Article  Google Scholar 

  39. Leavens, G.T., Kiniry, J.R., Poll, E.: A JML tutorial: Modular specification and verification of functional behavior for Java. In: CAV, p. 37 (2007)

  40. Leavens, G.T., Leino, K.R.M., Poll, E., Ruby, C., Jacobs, B., Leavens, G.T., Ruby, C.: JML: Notations and tools supporting detailed design in Java. In: In OOPSLA 2000 Companion, pp. 105–106. ACM (2000)

  41. Leino, K.R.M.: Dafny: an automatic program verifier for functional correctness. In: Clarke, E.M., Voronkov, A. (eds.) LPAR (Dakar), volume 6355 of Lecture Notes in Computer Science, pp. 348–370. Springer, Berlin (2010)

  42. Leino, K.R.M., Müller, P., Smans, J.: Foundations of security analysis and design V. In: Chapter Verification of Concurrent Programs with Chalice, pp. 195–222. Springer, Berlin, Heidelberg (2009)

  43. Leino, K.R.M., Müller, P., Smans, J.: Deadlock-free channels and locks. In: Proceedings of the 19th European Conference on Programming Languages and Systems. ESOP’10, pp. 407–426. Springer, Berlin, Heidelberg (2010)

  44. Liskov, B., Wing, J.M.: A behavioral notion of subtyping. ACM Trans. Program. Lang. Syst. 16(6), 1811–1841 (1994)

    Article  Google Scholar 

  45. Mostowski, W.: Formalisation and verification of Java card security properties in dynamic logic. In: Cerioli, M. (ed.) Proceedings of Fundamental Approaches to Software Engineering (FASE), Edinburgh, volume 3442 of Lecture Notes in Computer Science, pp. 357–371. Springer, Berlin (2005)

  46. Mostowski, W.: Fully verified Java Card API reference implementation. In: Beckert, B. (ed), VERIFY (2007)

  47. Object Modeling Group: Object Constraint Language Specification, Version 2.0, June (2005)

  48. Owicki, S.S., Gries, D.: An axiomatic proof technique for parallel programs I. Acta Inf. 6, 319–340 (1976)

    Article  MathSciNet  MATH  Google Scholar 

  49. Rümmer, P.: Sequential, parallel, and quantified updates of first-order structures. In: Hermann, M., Voronkov, A, (eds.) LPAR, volume 4246 of Lecture Notes in Computer Science, pp. 422–436. Springer, Berlin (2006)

  50. Smans, J., Jacobs, B., Piessens, F.: Implicit dynamic frames. ACM Trans. Program. Lang. Syst. 34(1), 2:1–2:58 (2012). doi:10.1145/2160910.2160911

  51. Tucker, J., Zucker, J.: Program Correctness over Abstract Data Types, With Error-State Semantics. Elsevier Science, Amsterdam (1988)

    MATH  Google Scholar 

  52. van den Berg, J., Jacobs, B.: The LOOP compiler for Java and JML. In: Margaria, T., Yi, W. (eds.) TACAS, volume 2031 of Lecture Notes in Computer Science, pp. 299–312. Springer, Berlin (2001)

  53. Wittgenstein, L.: Tractatus logico-Philosophicus. London: Routledge, 1981 (1922)

Download references

Author information

Authors and Affiliations

  1. CWI, Amsterdam, The Netherlands

    Stijn de Gouw & Frank de Boer

  2. SDL Fredhopper, Amsterdam, The Netherlands

    Stijn de Gouw

  3. Leiden University, Amsterdam, The Netherlands

    Frank de Boer

  4. Chalmers University of Technology, Göteborg, Sweden

    Wolfgang Ahrendt

  5. Technische Universität Darmstadt, Darmstadt, Germany

    Richard Bubel

Authors
  1. Stijn de Gouw
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Frank de Boer
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Wolfgang Ahrendt
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Richard Bubel
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Richard Bubel.

Additional information

Communicated by Prof. Einar Broch Johnsen and Luigia Petre.

This research is partly funded by the EU project FP7-231620 HATS: Highly Adaptable and Trustworthy Software using Formal Models and the EU project FP7-610582 Envisage.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

de Gouw, S., de Boer, F., Ahrendt, W. et al. Integrating deductive verification and symbolic execution for abstract object creation in dynamic logic. Softw Syst Model 15, 1117–1140 (2016). https://doi.org/10.1007/s10270-014-0446-9

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10270-014-0446-9

Keywords

Search

Navigation