skip to main content
research-article
Public Access

A Logical Analysis of Framing for Specifications with Pure Method Calls

Published:28 May 2018Publication History
Skip Abstract Section

Abstract

For specifying and reasoning about object-based programs, it is often attractive for contracts to be expressed using calls to pure methods. It is useful for pure methods to have contracts, including read effects, to support local reasoning based on frame conditions. This leads to puzzles such as the use of a pure method in its own contract. These ideas have been explored in connection with verification tools based on axiomatic semantics, guided by the need to avoid logical inconsistency, and focusing on encodings that cater for first-order automated provers. This article adds pure methods and read effects to region logic, a first-order program logic that features frame-based local reasoning and provides modular reasoning principles for end-to-end correctness. Modular reasoning is embodied in a proof rule for linking a module’s method implementations with a client that relies on the method contracts. Soundness is proved with respect to conventional operational semantics and uses an extensional (i.e, relational) interpretation of read effects. Applicability to tools based on SMT solvers is demonstrated through machine-checked verification of examples. The developments in this article can guide the implementations of linking as used in modular verifiers and serve as a basis for studying observationally pure methods and encapsulation.

Skip Supplemental Material Section

Supplemental Material

References

  1. Jonathan Aldrich, Mike Barnett, Dimitra Giannakopoulou, Gary T. Leavens, Natasha Sharygina, and Robby. 2008. Seventh International Workshop on Specification and Verification of Component Systems (SAVCBS'08). Technical Report CS-TR-08-07. School of Electrical Engineering and Computer Science, University of Central Florida.Google ScholarGoogle Scholar
  2. T. Amtoft, S. Bandhakavi, and A. Banerjee. 2006. A logic for information flow in object-oriented programs. In Proceedings of the ACM Symposium on Principles of Programming Languages. ACM, 91--102. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Krzysztof R. Apt, Frank S. de Boer, and Ernst-Rüdiger Olderog. 2009. Verification of Sequential and Concurrent Programs (3rd ed.). Springer. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Anindya Banerjee and David A. Naumann. 2005. Ownership confinement ensures representation independence for object-oriented programs. J. ACM 52, 6 (2005), 894--960. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Anindya Banerjee and David A. Naumann. 2013. Local reasoning for global invariants, part II: Dynamic boundaries. J. ACM 60, 3 (2013), 19:1--19:73. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Anindya Banerjee and David A. Naumann. 2014. A logical analysis of framing for specifications with pure method calls. In Verified Software: Theories, Tools, Experiments. Lecture Notes in Computer Science, Vol. 8471. Springer, 3--20.Google ScholarGoogle Scholar
  7. Anindya Banerjee, David A. Naumann, and Mohammad Nikouei. 2016. Relational logic with framing and hypotheses. In Proceedings of the 36th IARCS Annual Conference on Foundations of Software Technology and Theoretical Computer Science (LIPIcs'16), Vol. 65. Schloss Dagstuhl -- Leibniz-Zentrum für Informatik, 11:1--11:16.Google ScholarGoogle Scholar
  8. Anindya Banerjee, David A. Naumann, and Stan Rosenberg. 2013. Local reasoning for global invariants, part I: Region logic. J. ACM 60, 3 (2013), 18:1--18:56. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Yuyan Bao. 2017. Reasoning About Frame Properties in Object-Oriented Programs. Technical Report CS-TR-17-05. University of Central Florida. www.cs.ucf.edu/∼leavens/tech-reports/UCF/CS-TR-17-05/TR.pdf.Google ScholarGoogle Scholar
  10. Yuyan Bao, Gary T. Leavens, and Gidon Ernst. 2015. Conditional effects in fine-grained region logic. In Proceedings of the 17th Workshop on Formal Techniques for Java-Like Programs (FTfJP'15). 5:1--5:6. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Mike Barnett, Manuel Fähndrich, K. Rustan M. Leino, Peter Müller, Wolfram Schulte, and Herman Venter. 2011. Specification and verification: The spec# experience. Commun. ACM 54, 6 (2011), 81--91. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Mike Barnett, David A. Naumann, Wolfram Schulte, and Qi Sun. 2004. 99.44% pure: Useful abstractions in specifications. In ECOOP Workshop on Formal Techniques for Java-like Programs (FTfJP'04). Technical Report NIII-R0426, University of Nijmegen.Google ScholarGoogle Scholar
  13. Gilles Barthe, Pedro R. D’Argenio, and Tamara Rezk. 2004. Secure information flow by self-composition. In Proceedings of the 17th IEEE Computer Security Foundations Workshop (CSFW’04). 100--114. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Bernhard Beckert, Reiner Hähnle, and Peter H. Schmitt (eds.). 2007. Verification of Object-Oriented Software: The KeY Approach. Lecture Notes in Artificial Intelligence, Vol. 4334. Springer. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. N. Benton. 2004. Simple relational correctness proofs for static analyses and program transformations. In Proceedings of the ACM Symposium on Principles of Programming Languages. ACM, 14--25. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Nick Benton, Martin Hofmann, and Vivek Nigam. 2014. Abstract effects and proof-relevant logical relations. In Proceedings of the ACM Symposium on Principles of Programming Languages. ACM, 619--632. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Nick Benton, Andrew Kennedy, Lennart Beringer, and Martin Hofmann. 2007. Relational semantics for effect-based program transformations with dynamic allocation. In Proceedings of the International Symposium on Principles and Practice of Declarative Programming. 87--96. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. François Bobot and Jean-Christophe Filliâtre. 2012. Separation predicates: A taste of separation logic in first-order logic. In Proceedings of the International Conference on Formal Engineering Methods. Springer, 167--181. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Richard Bornat, Cristiano Calcagno, Peter W. O’Hearn, and Matthew J. Parkinson. 2005. Permission accounting in separation logic. In Proceedings of the ACM Symposium on Principles of Programming Languages. ACM, 259--270. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Aaron R. Bradley and Zohar Manna. 2007. The Calculus of Computation--Decision Procedures with Applications to Verification. Springer. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. David Cok and Gary T. Leavens. 2008. Extensions of the theory of observational purity and a practical design for JML. In Proceedings of the 7th International Workshop on Specification and Verification of Component-Based Systems. 43--50.Google ScholarGoogle Scholar
  22. David R. Cok. 2005. Reasoning with specifications containing method calls and model fields. J. Object Tech. 4, 8 (2005), 77--103.Google ScholarGoogle ScholarCross RefCross Ref
  23. Ádám Darvas and K. Rustan M. Leino. 2007. Practical reasoning about invocations and implementations of pure methods. In Fundamental Approaches to Software Engineering. Springer, 336--351. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Ádám Darvas, Farhad Mehta, and Arsenii Rudich. 2008. Efficient well-definedness checking. In Automated Reasoning, 4th International Joint Conference. Lecture Notes in Computer Science, Vol. 5195. Springer, 100--115. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Á. Darvas and P. Müller. 2006. Reasoning about method calls in interface specifications. J. Object Tech. 5, 5 (June 2006), 59--85.Google ScholarGoogle Scholar
  26. Jean-Christophe Filliâtre, Léon Gondelman, and Andrei Paskevich. 2016. The spirit of ghost code. Formal Meth. Sys. Des. 48, 3 (2016), 152--174.Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Jean-Christophe Filliâtre, Léon Gondelman, and Andrei Paskevich. 2016. A Pragmatic Type System for Deductive Verification. Retrieved from https://hal.inria.fr/hal-01256434.Google ScholarGoogle Scholar
  28. Cormac Flanagan, K. Rustan M. Leino, Mark Lillibridge, Greg Nelson, James B. Saxe, and Raymie Stata. 2002. Extended static checking for Java. In Proceedings of the ACM Conference on Programming Language Design and Implementation. ACM, 234--245. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. John Hatcliff, Gary T. Leavens, K. Rustan M. Leino, Peter Müller, and Matthew J. Parkinson. 2012. Behavioral interface specification languages. ACM Comput. Surv. 44, 3 (2012), 16:1--16:58. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Chris Hawblitzel, Jon Howell, Jacob R. Lorch, Arjun Narayan, Bryan Parno, Danfeng Zhang, and Brian Zill. 2014. Ironclad apps: End-to-end security via automated full-system verification. In Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI'14). USENIX Association, 165--181. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Stefan Heule, Ioannis T. Kassios, Peter Müller, and Alexander J. Summers. 2013. Verification condition generation for permission logics with abstract predicates and abstraction functions. In Proceedings of the European Conference on Object-Oriented Programming. Springer, 451--476. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. C. A. R. Hoare. 1972. Proofs of correctness of data representations. Acta Inform. 1 (1972), 271--281. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Ioannis T. Kassios. 2006. Dynamic frames: Support for framing, dependencies and sharing without restrictions. In Formal Methods. Lecture Notes in Computer Science, Vol. 4085. Springer, 268--283. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Ioannis T. Kassios. 2011. The dynamic frames theory. Form. Asp. Compu. 23, 3 (2011), 267--288. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Gary T. Leavens, Albert L. Baker, and Clyde Ruby. 2006. Preliminary design of JML: A behavioral interface specification language for Java. ACM SIGSOFT Softw. Eng. Notes 31, 3 (2006), 1--38. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Gary T. Leavens and David A. Naumann. 2015. Behavioral subtyping, specification inheritance, and modular reasoning. ACM Trans. on Progr. Lang. Systems 37, 4 (2015), 13:1--13:88. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. K. Rustan M. Leino. 2008. Specification and Versification in Object-Oriented Software. Microsoft.Google ScholarGoogle Scholar
  38. K. Rustan M. Leino. 2010. Dafny: An automatic program verifier for functional correctness. In Proceedings of the International Conference on Logic for Programming Artificial Intelligence and Reasoning. Springer, 348--370. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. K. Rustan M. Leino and Ronald Middelkoop. 2009. Proving consistency of pure methods and model fields. In Fundamental Aspects to Software Engineering. Lecture Notes in Computer Science, Vol. 5503. Springer, 231--245. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. K. Rustan M. Leino and Peter Müller. 2008. Verification of equivalent-results methods. In Proceedings of the ESOP. Springer, 307--321. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. K. Rustan M. Leino and Peter Müller. 2009. A basis for verifying multi-threaded programs. In Proceedings of the European Symposium on Programming Languages and Systems. Springer, 378--393. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. K. Rustan M. Leino, Arnd Poetzsch-Heffter, and Yunhong Zhou. 2002. Using data groups to specify and check side effects. In Proceedings of the ACM Conference on Programming Langugage Design and Implementation. ACM, 246--257. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. Peter Müller, Malte Schwerhoff, and Alexander J. Summers. 2016. Viper: A verification infrastructure for permission-based reasoning. In Verification, Model Checking, and Abstract Interpretation. Lecture Notes in Computer Science, Vol. 9583. Springer, 41--62. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. Aleksandar Nanevski, Amal Ahmed, Greg Morrisett, and Lars Birkedal. 2007. Abstract predicates and mutable ADTs in Hoare type theory. In Programming Languages and Systems. Lecture Notes in Computer Science, Vol. 4421. Springer, 189--204. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. Aleksandar Nanevski, Anindya Banerjee, and Deepak Garg. 2013. Dependent type theory for verification of information flow and access control policies. ACM Trans. Program. Lang. Syst. 35, 2 (2013), 6. Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. David A. Naumann. 2007. Observational purity and encapsulation. Theo. Comput. Sci. 376, 3 (2007), 205--224. Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. Peter W. O’Hearn, Hongseok Yang, and John C. Reynolds. 2009. Separation and information hiding. ACM Tran. Progr. Lang. Sys. 31, 3 (2009), 1--50. Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. Matthew Parkinson and Gavin Bierman. 2008. Separation logic, abstraction and inheritance. In Proceedings of the ACM Symposium on Principles of Programming Languages. ACM, 75--86. Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. Matthew J. Parkinson and Gavin M. Bierman. 2005. Separation logic and abstraction. In Proceedings of the ACM Symposium on Principles of Programming Languages. ACM, 247--258. Google ScholarGoogle ScholarDigital LibraryDigital Library
  50. Matthew J. Parkinson and Alexander J. Summers. 2012. The relationship between separation logic and implicit dynamic frames. Log. Methods Comput. Sci. 8, 3 (2012), 802.Google ScholarGoogle ScholarCross RefCross Ref
  51. Ruzica Piskac, Thomas Wies, and Damien Zufferey. 2014. Grasshopper. In Tools and Algorithms for the Construction and Analysis of Systems. Lecture Notes in Computer Science, Vol. 8413. Springer, 124--139.Google ScholarGoogle Scholar
  52. John C. Reynolds. 2002. Separation logic: A logic for shared mutable data structures. In Proceedings of the IEEE Symposium on Logic in Computer Science. IEEE Computer Society, 55--74. Google ScholarGoogle ScholarDigital LibraryDigital Library
  53. Stan Rosenberg, Anindya Banerjee, and David A. Naumann. 2010. Local reasoning and dynamic framing for the composite pattern and its clients. In Verified Software: Theories, Tools, Experiments. Lecture Notes in Computer Science, Vol. 6217. Springer, 183--198. Google ScholarGoogle ScholarDigital LibraryDigital Library
  54. Arsenii Rudich, Ádám Darvas, and Peter Müller. 2008. Checking well-formedness of pure-method specifications. In FM 2008: Formal Methods. Lecture Notes in Computer Science, Vol. 5014. Springer, 68--83. Google ScholarGoogle ScholarDigital LibraryDigital Library
  55. Alexandru Salcianu and Martin C. Rinard. 2005. Purity and side effect analysis for Java programs. In Verification, Model Checking, and Abstract Interpretation. Lecture Notes in Computer Science, Vol. 3385. Springer, 199--215. Google ScholarGoogle ScholarDigital LibraryDigital Library
  56. Peter H. Schmitt, Mattias Ulbrich, and Benjamin Weiß. 2011. Dynamic frames in Java dynamic logic. In Formal Verification of Object-Oriented Software. Lecture Notes in Computer Science, Vol. 6528. Springer, Vol. 6528. 138--152. Google ScholarGoogle ScholarDigital LibraryDigital Library
  57. Jan Smans, Bart Jacobs, and Frank Piessens. 2008. VeriCool: An automatic verifier for a concurrent object-oriented language. In Formal Methods for Open Object-Based Distributed Systems. Lecture Notes in Computer Science, Vol. 5051. Springer, 220--239. Google ScholarGoogle ScholarDigital LibraryDigital Library
  58. Jan Smans, Bart Jacobs, and Frank Piessens. 2012. Implicit dynamic frames. ACM Trans. Prog. Lang. Sys. 34, 1 (2012), 2. Google ScholarGoogle ScholarDigital LibraryDigital Library
  59. Jan Smans, Bart Jacobs, Frank Piessens, and Wolfram Schulte. 2010. Automatic verification of Java programs with dynamic frames. Form. Asp. Comput. 22, 3--4 (2010), 423--457. Google ScholarGoogle ScholarDigital LibraryDigital Library
  60. Alexander J. Summers and Sophia Drossopoulou. 2013. A formal semantics for isorecursive and equirecursive state abstractions. In Proceedings of the European Conference on Object-Oriented Programming. Springer, 129--153. Google ScholarGoogle ScholarDigital LibraryDigital Library
  61. Hongseok Yang. 2007. Relational separation logic. Theo. Comput. Sci. 375, 1--3 (2007), 308--334. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. A Logical Analysis of Framing for Specifications with Pure Method Calls

          Recommendations

          Comments

          Login options

          Check if you have access through your login credentials or your institution to get full access on this article.

          Sign in

          Full Access

          • Published in

            cover image ACM Transactions on Programming Languages and Systems
            ACM Transactions on Programming Languages and Systems  Volume 40, Issue 2
            June 2018
            223 pages
            ISSN:0164-0925
            EISSN:1558-4593
            DOI:10.1145/3229520
            Issue’s Table of Contents

            Copyright © 2018 ACM

            Publisher

            Association for Computing Machinery

            New York, NY, United States

            Publication History

            • Published: 28 May 2018
            • Accepted: 1 December 2017
            • Revised: 1 August 2017
            • Received: 1 December 2015
            Published in toplas Volume 40, Issue 2

            Permissions

            Request permissions about this article.

            Request Permissions

            Check for updates

            Qualifiers

            • research-article
            • Research
            • Refereed

          PDF Format

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader

          HTML Format

          View this article in HTML Format .

          View HTML Format
          About Cookies On This Site

          We use cookies to ensure that we give you the best experience on our website.

          Learn more

          Got it!