Abstract
For specifying and reasoning about object-based programs, it is often attractive for contracts to be expressed using calls to pure methods. It is useful for pure methods to have contracts, including read effects, to support local reasoning based on frame conditions. This leads to puzzles such as the use of a pure method in its own contract. These ideas have been explored in connection with verification tools based on axiomatic semantics, guided by the need to avoid logical inconsistency, and focusing on encodings that cater for first-order automated provers. This article adds pure methods and read effects to region logic, a first-order program logic that features frame-based local reasoning and provides modular reasoning principles for end-to-end correctness. Modular reasoning is embodied in a proof rule for linking a module’s method implementations with a client that relies on the method contracts. Soundness is proved with respect to conventional operational semantics and uses an extensional (i.e, relational) interpretation of read effects. Applicability to tools based on SMT solvers is demonstrated through machine-checked verification of examples. The developments in this article can guide the implementations of linking as used in modular verifiers and serve as a basis for studying observationally pure methods and encapsulation.
Supplemental Material
Available for Download
- Jonathan Aldrich, Mike Barnett, Dimitra Giannakopoulou, Gary T. Leavens, Natasha Sharygina, and Robby. 2008. Seventh International Workshop on Specification and Verification of Component Systems (SAVCBS'08). Technical Report CS-TR-08-07. School of Electrical Engineering and Computer Science, University of Central Florida.Google Scholar
- T. Amtoft, S. Bandhakavi, and A. Banerjee. 2006. A logic for information flow in object-oriented programs. In Proceedings of the ACM Symposium on Principles of Programming Languages. ACM, 91--102. Google Scholar
Digital Library
- Krzysztof R. Apt, Frank S. de Boer, and Ernst-Rüdiger Olderog. 2009. Verification of Sequential and Concurrent Programs (3rd ed.). Springer. Google Scholar
Digital Library
- Anindya Banerjee and David A. Naumann. 2005. Ownership confinement ensures representation independence for object-oriented programs. J. ACM 52, 6 (2005), 894--960. Google Scholar
Digital Library
- Anindya Banerjee and David A. Naumann. 2013. Local reasoning for global invariants, part II: Dynamic boundaries. J. ACM 60, 3 (2013), 19:1--19:73. Google Scholar
Digital Library
- Anindya Banerjee and David A. Naumann. 2014. A logical analysis of framing for specifications with pure method calls. In Verified Software: Theories, Tools, Experiments. Lecture Notes in Computer Science, Vol. 8471. Springer, 3--20.Google Scholar
- Anindya Banerjee, David A. Naumann, and Mohammad Nikouei. 2016. Relational logic with framing and hypotheses. In Proceedings of the 36th IARCS Annual Conference on Foundations of Software Technology and Theoretical Computer Science (LIPIcs'16), Vol. 65. Schloss Dagstuhl -- Leibniz-Zentrum für Informatik, 11:1--11:16.Google Scholar
- Anindya Banerjee, David A. Naumann, and Stan Rosenberg. 2013. Local reasoning for global invariants, part I: Region logic. J. ACM 60, 3 (2013), 18:1--18:56. Google Scholar
Digital Library
- Yuyan Bao. 2017. Reasoning About Frame Properties in Object-Oriented Programs. Technical Report CS-TR-17-05. University of Central Florida. www.cs.ucf.edu/∼leavens/tech-reports/UCF/CS-TR-17-05/TR.pdf.Google Scholar
- Yuyan Bao, Gary T. Leavens, and Gidon Ernst. 2015. Conditional effects in fine-grained region logic. In Proceedings of the 17th Workshop on Formal Techniques for Java-Like Programs (FTfJP'15). 5:1--5:6. Google Scholar
Digital Library
- Mike Barnett, Manuel Fähndrich, K. Rustan M. Leino, Peter Müller, Wolfram Schulte, and Herman Venter. 2011. Specification and verification: The spec# experience. Commun. ACM 54, 6 (2011), 81--91. Google Scholar
Digital Library
- Mike Barnett, David A. Naumann, Wolfram Schulte, and Qi Sun. 2004. 99.44% pure: Useful abstractions in specifications. In ECOOP Workshop on Formal Techniques for Java-like Programs (FTfJP'04). Technical Report NIII-R0426, University of Nijmegen.Google Scholar
- Gilles Barthe, Pedro R. D’Argenio, and Tamara Rezk. 2004. Secure information flow by self-composition. In Proceedings of the 17th IEEE Computer Security Foundations Workshop (CSFW’04). 100--114. Google Scholar
Digital Library
- Bernhard Beckert, Reiner Hähnle, and Peter H. Schmitt (eds.). 2007. Verification of Object-Oriented Software: The KeY Approach. Lecture Notes in Artificial Intelligence, Vol. 4334. Springer. Google Scholar
Digital Library
- N. Benton. 2004. Simple relational correctness proofs for static analyses and program transformations. In Proceedings of the ACM Symposium on Principles of Programming Languages. ACM, 14--25. Google Scholar
Digital Library
- Nick Benton, Martin Hofmann, and Vivek Nigam. 2014. Abstract effects and proof-relevant logical relations. In Proceedings of the ACM Symposium on Principles of Programming Languages. ACM, 619--632. Google Scholar
Digital Library
- Nick Benton, Andrew Kennedy, Lennart Beringer, and Martin Hofmann. 2007. Relational semantics for effect-based program transformations with dynamic allocation. In Proceedings of the International Symposium on Principles and Practice of Declarative Programming. 87--96. Google Scholar
Digital Library
- François Bobot and Jean-Christophe Filliâtre. 2012. Separation predicates: A taste of separation logic in first-order logic. In Proceedings of the International Conference on Formal Engineering Methods. Springer, 167--181. Google Scholar
Digital Library
- Richard Bornat, Cristiano Calcagno, Peter W. O’Hearn, and Matthew J. Parkinson. 2005. Permission accounting in separation logic. In Proceedings of the ACM Symposium on Principles of Programming Languages. ACM, 259--270. Google Scholar
Digital Library
- Aaron R. Bradley and Zohar Manna. 2007. The Calculus of Computation--Decision Procedures with Applications to Verification. Springer. Google Scholar
Digital Library
- David Cok and Gary T. Leavens. 2008. Extensions of the theory of observational purity and a practical design for JML. In Proceedings of the 7th International Workshop on Specification and Verification of Component-Based Systems. 43--50.Google Scholar
- David R. Cok. 2005. Reasoning with specifications containing method calls and model fields. J. Object Tech. 4, 8 (2005), 77--103.Google Scholar
Cross Ref
- Ádám Darvas and K. Rustan M. Leino. 2007. Practical reasoning about invocations and implementations of pure methods. In Fundamental Approaches to Software Engineering. Springer, 336--351. Google Scholar
Digital Library
- Ádám Darvas, Farhad Mehta, and Arsenii Rudich. 2008. Efficient well-definedness checking. In Automated Reasoning, 4th International Joint Conference. Lecture Notes in Computer Science, Vol. 5195. Springer, 100--115. Google Scholar
Digital Library
- Á. Darvas and P. Müller. 2006. Reasoning about method calls in interface specifications. J. Object Tech. 5, 5 (June 2006), 59--85.Google Scholar
- Jean-Christophe Filliâtre, Léon Gondelman, and Andrei Paskevich. 2016. The spirit of ghost code. Formal Meth. Sys. Des. 48, 3 (2016), 152--174.Google Scholar
Digital Library
- Jean-Christophe Filliâtre, Léon Gondelman, and Andrei Paskevich. 2016. A Pragmatic Type System for Deductive Verification. Retrieved from https://hal.inria.fr/hal-01256434.Google Scholar
- Cormac Flanagan, K. Rustan M. Leino, Mark Lillibridge, Greg Nelson, James B. Saxe, and Raymie Stata. 2002. Extended static checking for Java. In Proceedings of the ACM Conference on Programming Language Design and Implementation. ACM, 234--245. Google Scholar
Digital Library
- John Hatcliff, Gary T. Leavens, K. Rustan M. Leino, Peter Müller, and Matthew J. Parkinson. 2012. Behavioral interface specification languages. ACM Comput. Surv. 44, 3 (2012), 16:1--16:58. Google Scholar
Digital Library
- Chris Hawblitzel, Jon Howell, Jacob R. Lorch, Arjun Narayan, Bryan Parno, Danfeng Zhang, and Brian Zill. 2014. Ironclad apps: End-to-end security via automated full-system verification. In Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI'14). USENIX Association, 165--181. Google Scholar
Digital Library
- Stefan Heule, Ioannis T. Kassios, Peter Müller, and Alexander J. Summers. 2013. Verification condition generation for permission logics with abstract predicates and abstraction functions. In Proceedings of the European Conference on Object-Oriented Programming. Springer, 451--476. Google Scholar
Digital Library
- C. A. R. Hoare. 1972. Proofs of correctness of data representations. Acta Inform. 1 (1972), 271--281. Google Scholar
Digital Library
- Ioannis T. Kassios. 2006. Dynamic frames: Support for framing, dependencies and sharing without restrictions. In Formal Methods. Lecture Notes in Computer Science, Vol. 4085. Springer, 268--283. Google Scholar
Digital Library
- Ioannis T. Kassios. 2011. The dynamic frames theory. Form. Asp. Compu. 23, 3 (2011), 267--288. Google Scholar
Digital Library
- Gary T. Leavens, Albert L. Baker, and Clyde Ruby. 2006. Preliminary design of JML: A behavioral interface specification language for Java. ACM SIGSOFT Softw. Eng. Notes 31, 3 (2006), 1--38. Google Scholar
Digital Library
- Gary T. Leavens and David A. Naumann. 2015. Behavioral subtyping, specification inheritance, and modular reasoning. ACM Trans. on Progr. Lang. Systems 37, 4 (2015), 13:1--13:88. Google Scholar
Digital Library
- K. Rustan M. Leino. 2008. Specification and Versification in Object-Oriented Software. Microsoft.Google Scholar
- K. Rustan M. Leino. 2010. Dafny: An automatic program verifier for functional correctness. In Proceedings of the International Conference on Logic for Programming Artificial Intelligence and Reasoning. Springer, 348--370. Google Scholar
Digital Library
- K. Rustan M. Leino and Ronald Middelkoop. 2009. Proving consistency of pure methods and model fields. In Fundamental Aspects to Software Engineering. Lecture Notes in Computer Science, Vol. 5503. Springer, 231--245. Google Scholar
Digital Library
- K. Rustan M. Leino and Peter Müller. 2008. Verification of equivalent-results methods. In Proceedings of the ESOP. Springer, 307--321. Google Scholar
Digital Library
- K. Rustan M. Leino and Peter Müller. 2009. A basis for verifying multi-threaded programs. In Proceedings of the European Symposium on Programming Languages and Systems. Springer, 378--393. Google Scholar
Digital Library
- K. Rustan M. Leino, Arnd Poetzsch-Heffter, and Yunhong Zhou. 2002. Using data groups to specify and check side effects. In Proceedings of the ACM Conference on Programming Langugage Design and Implementation. ACM, 246--257. Google Scholar
Digital Library
- Peter Müller, Malte Schwerhoff, and Alexander J. Summers. 2016. Viper: A verification infrastructure for permission-based reasoning. In Verification, Model Checking, and Abstract Interpretation. Lecture Notes in Computer Science, Vol. 9583. Springer, 41--62. Google Scholar
Digital Library
- Aleksandar Nanevski, Amal Ahmed, Greg Morrisett, and Lars Birkedal. 2007. Abstract predicates and mutable ADTs in Hoare type theory. In Programming Languages and Systems. Lecture Notes in Computer Science, Vol. 4421. Springer, 189--204. Google Scholar
Digital Library
- Aleksandar Nanevski, Anindya Banerjee, and Deepak Garg. 2013. Dependent type theory for verification of information flow and access control policies. ACM Trans. Program. Lang. Syst. 35, 2 (2013), 6. Google Scholar
Digital Library
- David A. Naumann. 2007. Observational purity and encapsulation. Theo. Comput. Sci. 376, 3 (2007), 205--224. Google Scholar
Digital Library
- Peter W. O’Hearn, Hongseok Yang, and John C. Reynolds. 2009. Separation and information hiding. ACM Tran. Progr. Lang. Sys. 31, 3 (2009), 1--50. Google Scholar
Digital Library
- Matthew Parkinson and Gavin Bierman. 2008. Separation logic, abstraction and inheritance. In Proceedings of the ACM Symposium on Principles of Programming Languages. ACM, 75--86. Google Scholar
Digital Library
- Matthew J. Parkinson and Gavin M. Bierman. 2005. Separation logic and abstraction. In Proceedings of the ACM Symposium on Principles of Programming Languages. ACM, 247--258. Google Scholar
Digital Library
- Matthew J. Parkinson and Alexander J. Summers. 2012. The relationship between separation logic and implicit dynamic frames. Log. Methods Comput. Sci. 8, 3 (2012), 802.Google Scholar
Cross Ref
- Ruzica Piskac, Thomas Wies, and Damien Zufferey. 2014. Grasshopper. In Tools and Algorithms for the Construction and Analysis of Systems. Lecture Notes in Computer Science, Vol. 8413. Springer, 124--139.Google Scholar
- John C. Reynolds. 2002. Separation logic: A logic for shared mutable data structures. In Proceedings of the IEEE Symposium on Logic in Computer Science. IEEE Computer Society, 55--74. Google Scholar
Digital Library
- Stan Rosenberg, Anindya Banerjee, and David A. Naumann. 2010. Local reasoning and dynamic framing for the composite pattern and its clients. In Verified Software: Theories, Tools, Experiments. Lecture Notes in Computer Science, Vol. 6217. Springer, 183--198. Google Scholar
Digital Library
- Arsenii Rudich, Ádám Darvas, and Peter Müller. 2008. Checking well-formedness of pure-method specifications. In FM 2008: Formal Methods. Lecture Notes in Computer Science, Vol. 5014. Springer, 68--83. Google Scholar
Digital Library
- Alexandru Salcianu and Martin C. Rinard. 2005. Purity and side effect analysis for Java programs. In Verification, Model Checking, and Abstract Interpretation. Lecture Notes in Computer Science, Vol. 3385. Springer, 199--215. Google Scholar
Digital Library
- Peter H. Schmitt, Mattias Ulbrich, and Benjamin Weiß. 2011. Dynamic frames in Java dynamic logic. In Formal Verification of Object-Oriented Software. Lecture Notes in Computer Science, Vol. 6528. Springer, Vol. 6528. 138--152. Google Scholar
Digital Library
- Jan Smans, Bart Jacobs, and Frank Piessens. 2008. VeriCool: An automatic verifier for a concurrent object-oriented language. In Formal Methods for Open Object-Based Distributed Systems. Lecture Notes in Computer Science, Vol. 5051. Springer, 220--239. Google Scholar
Digital Library
- Jan Smans, Bart Jacobs, and Frank Piessens. 2012. Implicit dynamic frames. ACM Trans. Prog. Lang. Sys. 34, 1 (2012), 2. Google Scholar
Digital Library
- Jan Smans, Bart Jacobs, Frank Piessens, and Wolfram Schulte. 2010. Automatic verification of Java programs with dynamic frames. Form. Asp. Comput. 22, 3--4 (2010), 423--457. Google Scholar
Digital Library
- Alexander J. Summers and Sophia Drossopoulou. 2013. A formal semantics for isorecursive and equirecursive state abstractions. In Proceedings of the European Conference on Object-Oriented Programming. Springer, 129--153. Google Scholar
Digital Library
- Hongseok Yang. 2007. Relational separation logic. Theo. Comput. Sci. 375, 1--3 (2007), 308--334. Google Scholar
Digital Library
Index Terms
A Logical Analysis of Framing for Specifications with Pure Method Calls
Recommendations
Formalizing Operational Semantic Specifications in Logic
We review links between three logic formalisms and three approaches to specifying operational semantics. In particular, we show that specifications written with (small-step and big-step) SOS, abstract machines, and multiset rewriting, are closely ...






Comments