Reasoning About Frame Properties in Object-oriented Programs

References (92)

1. supertype abstraction, it would be ideal if the following were valid: for all o : T :: to ‰ null && P T && Ru o.mpGq tQ T && Rurε T s. (8.
2. Eq. (8.1) means that the method m's implementations in T 's subtypes have to comply with T.m's specification. Let S be a subtype of T and tP S umpx : T 1 qtQ S urε S s be m's specification in S. To make Eq. (8.1) valid, a behavioral subtyping constraint is enforced on the specification of S.m [47], i.e., tP S umpx : T 1 qtQ S urε S s refines tP T u T.mpx : T 1 q tQ T urε T s. According to result in the work of Leavens and Naumann [47], such constrains are P T ñ P S and oldpP T q ^QS ñ Q T . Because their work ignores frame conditions with the assumption that they could be encoded to postconditions, the relation between ε T and ε S is not clear. Therefore, this dissertation focus on the effects of overridden methods and formalizes this framing problem in the FRL proof system. Let δ be the read effect of R in a state where P T holds, i.e., such that P T $ Γ δ frm R. As R is preserved during the execution of the method T.m, then it must be true that P T && R ñ δ ¨{¨ε T .
3. As P T ñ P S , using the rule FrmProjCtx in Fig. 3.6, it must be that P S $ Γ δ frm R. Write effects only make sense when the precondition is true. Furthermore, for supertype abstrac- tion, one can assume that the supertype's precondition is true; so suppose that P T is true, in which case P T && R && δ ¨{¨ε S is true. Consider different cases of the relation between ε S and ε T . 1. Suppose ε S " ε T . This is the case where P T && R && δ ¨{¨ε S . As P T ñ P S , for validity it must be that P S && R && δ ¨{¨ε S . Thus, S.m automatically preserves R.
4. Suppose ε S ă ε T . As P T && R && δ ¨{¨ε T , it must be that P T && R && δ ¨{¨ε S . And because P T ñ P S , validity requires that P S && R && δ ¨{¨ε S , which also preserves R.
5. " [50, 64]. A solution to the extended state problem is to divide the effect ε S into two parts: ε S 1 and ε S 2 , where ε S 1 ď ε T and ε S 2 X ε T " H. Following the previous two cases, validity requires that P S && R && δ ¨{¨ε S 1 . LIST OF REFERENCES
6. P. America. A behavioural approach to subtyping in object-oriented programming languages. Technical Report 443, Philips Research Laboratories, Nederlandse Philips Bedrijven B. V., Apr. 1989. Revised from the January 1989 version.
7. A. Banerjee and D. A. Naumann. Local Reasoning for Global Invariants, Part II: Dynamic Boundaries. Journal of the ACM, 60(3):19:1-19:73, June 2013.
8. A. Banerjee, D. A. Naumann, and M. Nikouei. A logical analysis of framing for specifications with pure method calls. ACM Trans. Prog. Lang. Syst., under review. https://www.cs. stevens.edu/ ˜naumann/publications/lafsp2.pdf.
9. A. Banerjee, D. A. Naumann, and S. Rosenberg. Local Reasoning for Global Invariants, Part I: Region Logic. Journal of the ACM, 60(3):18:1-18:56, June 2013.
10. Y. Bao and G. Ernst. A KIV project for defining semantics for intuitionistic separation logic. http://www.eecs.ucf.edu/ ˜ybao/project/sl-semantics/index. xml, 2016.
11. Y. Bao and G. Ernst. A KIV project for proving encoding supported separation logic into unified fine-grained region logic. http://www.eecs.ucf.edu/ ˜ybao/project/ frl-sep-expr/index.xml, 2016.
12. Y. Bao, G. T. Leavens, and G. Ernst. Conditional effects in fine-grained region logic. In Proceedings of the 17th Workshop on Formal Techniques for Java-like Programs, FTfJP '15, pages 5:1-5:6, New York, NY, USA, 2015. ACM.
13. M. Barnett, B.-Y. E. Chang, R. DeLine, B. Jacobs, and K. R. M. Leino. Boogie: A modular reusable verifier for object-oriented programs. In Formal Methods for Components and Ob- jects (FMCO) 2005, Revised Lectures, volume 4111 of Lecture Notes in Computer Science, pages 364-387, New York, NY, 2006. Springer-Verlag.
14. M. Barnett, R. DeLine, M. Fähndrich, K. R. M. Leino, and W. Schulte. Verification of object- oriented programs with invariants. Journal of Object Technology, 3(6):27-56, 2004.
15. M. Barnett, K. R. M. Leino, and W. Schulte. The Spec# programming system: An overview. In G. Barthe, L. Burdy, M. Huisman, J.-L. Lanet, and T. Muntean, editors, Construction and Analysis of Safe, Secure, and Interoperable Smart devices (CASSIS 2004), volume 3362 of Lecture Notes in Computer Science, pages 49-69, New York, NY, 2005. Springer-Verlag.
16. M. Barnett and D. Naumann. Friends need a bit more: Maintaining invariants over shared state. In D. Kozen, editor, Mathematics of Program Construction (MPC), volume 3125 of Lecture Notes in Computer Science, pages 54-84. Springer-Verlag, July 2004.
17. C. Barrett, C. L. Conway, M. Deters, L. Hadarean, D. Jovanović, T. King, A. Reynolds, and C. Tinelli. Cvc4. In Proceedings of the 23rd International Conference on Computer Aided Verification, CAV'11, pages 171-177, Berlin, Heidelberg, 2011. Springer-Verlag.
18. B. Beckert, R. Hähnle, and P. H. Schmitt. Verification of Object-Oriented Software: The KeY Approach, volume 4334 of Lecture Notes in Computer Science. Springer-Verlag, Berlin, 2007.
19. J. Berdine, C. Calcagno, and P. OHearn. A decidable fragment of separation logic. In K. Lo- daya and M. Mahajan, editors, FSTTCS 2004: Foundations of Software Technology and Theo- retical Computer Science, volume 3328 of Lecture Notes in Computer Science, pages 97-109.
20. J. Berdine, C. Calcagno, and P. W. O'Hearn. Smallfoot: Modular automatic assertion check- ing with separation logic. In F. S. de Boer, M. M. Bonsangue, S. Graf, and W. P. de Roever, 213 editors, Formal Methods for Components and Objects (FMCO), volume 4111 of Lecture Notes in Computer Science, pages 115-137, Berlin, 2005. Springer-Verlag.
21. J. Berdine, C. Calcagno, P. W. Ohearn, and Q. Mary. Symbolic execution with separation logic. In In APLAS, pages 52-68. Springer, 2005.
22. K. Bierhoff and J. Aldrich. Lightweight object specification with typestates. SIGSOFT Softw. Eng. Notes, 30(5):217-226, Sept. 2005.
23. K. Bierhoff and J. Aldrich. Modular typestate checking of aliased objects. In Proceedings of the 22Nd Annual ACM SIGPLAN Conference on Object-oriented Programming Systems and Applications, OOPSLA '07, pages 301-320, New York, NY, USA, 2007. ACM.
24. F. Bobot and J.-C. Filliâtre. Formal Methods and Software Engineering: 14th International Conference on Formal Engineering Methods, ICFEM 2012, Kyoto, Japan, November 12-16, 2012. Proceedings, chapter Separation Predicates: A Taste of Separation Logic in First-Order Logic, pages 167-181. Springer Berlin Heidelberg, Berlin, Heidelberg, 2012.
25. A. Borgida, J. Mylopoulos, and R. Reiter. On the frame problem in procedure specifications. IEEE Transactions on Software Engineering, 21(10):785-798, Oct. 1995.
26. J. Brotherston. Formalised inductive reasoning in the logic of bunched implications. In Proceedings of the 14th International Conference on Static Analysis, SAS'07, pages 87-103, Berlin, Heidelberg, 2007. Springer-Verlag.
27. P. Chalin, J. R. Kiniry, G. T. Leavens, and E. Poll. Beyond assertions: Advanced specification and verification with JML and ESC/Java2. In Formal Methods for Components and Objects (FMCO) 2005, Revised Lectures, volume 4111 of Lecture Notes in Computer Science, pages 342-363, Berlin, 2006. Springer-Verlag.
28. Y. Cheon, G. T. Leavens, M. Sitaraman, and S. Edwards. Model variables: Cleanly supporting abstraction in design by contract. Software-Practice & Experience, 35(6):583-599, May 2005.
29. B. Cook, C. Haase, J. Ouaknine, M. Parkinson, and J. Worrell. CONCUR 2011 -Concurrency Theory: 22nd International Conference, CONCUR 2011, Aachen, Germany, September 6-9, 2011. Proceedings, chapter Tractable Reasoning in a Fragment of Separation Logic, pages 235-249. Springer Berlin Heidelberg, Berlin, Heidelberg, 2011.
30. B. J. Cox. Object Oriented Programming: an Evolutionary Approach. Addison-Wesley Publishing Co., Reading, Mass., 1986.
31. L. de Moura and N. Bjørner. Z3: An efficient SMT solver. In Tools and Algorithms for the Construction and Analysis (TACAS), volume 4963 of Lecture Notes in Computer Science, pages 337-340, Berlin, 2008. Springer-Verlag.
32. R. DeLine and M. Fähndrich. Typestates for objects. In ECOOP 2004 -Object-Oriented Programming, 18th European Conference, volume 3086 of Lecture Notes in Computer Sci- ence, pages 465-490. Springer Verlag, June 2004.
33. K. K. Dhara and G. T. Leavens. Forcing behavioral subtyping through specification inher- itance. Technical Report 95-20c, Department of Computer Science, Iowa State University, Ames, Iowa, 50011, Dec. 1997. Also in Proceedings of the 18th International Conference on Software Engineering, Berlin, Germany, 1996, pp. 258-267. Available by anonymous ftp from ftp.cs.iastate.edu, and by e-mail from almanac@cs.iastate.edu.
34. D. Distefano, P. W. O'Hearn, and H. Yang. A local shape analysis based on separation logic. In Proceedings of the 12th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS'06, pages 287-302, Berlin, Heidelberg, 2006. Springer-Verlag.
35. G. Ernst, J. Pfhler, G. Schellhorn, D. Haneberg, and W. Reif. KIV: overview and verifythis competition. International Journal on Software Tools for Technology Transfer, pages 1-18, 2014.
36. M. Fahndrich and R. DeLine. Adoption and focus: Practical linear types for imperative programming. In Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation, PLDI '02, pages 13-24, New York, NY, USA, 2002. ACM.
37. R. L. Ford and K. R. M. Leino. Dafny reference manual (draft). https://github.com/Microsoft/dafny/blob/master/Docs/DafnyRef/out/DafnyRef.pdf.
38. J.-Y. Girard. Linear logic: A survey. In F. L. Bauer, W. Brauer, and H. Schwichtenberg, edi- tors, Logic and Algebra of Specification, volume 94 of NATO ASI Series. Series F : Computer and System Sciences, pages 63-112. Springer-Verlag, New York, NY, 1993.
39. J. V. Guttag, J. J. Horning, and J. M. Wing. The Larch family of specification languages. IEEE Software, 2(5):24-36, Sept. 1985.
40. S. Heule, I. T. Kassios, P. Müller, and A. J. Summers. Verification condition generation for permission logics with abstract predicates and abstraction functions. In European Conference on Object-Oriented Programming, pages 451-476. Springer, 2013.
41. C. A. R. Hoare. An axiomatic basis for computer programming. Commun. ACM, 12(10):576- 580, Oct. 1969.
42. C. A. R. Hoare. Proof of correctness of data representations. Acta Informatica, 1(4):271-281, 1972.
43. C. A. R. Hoare and N. Wirth. An axiomatic definition of the programming language Pascal. Acta Informatica, 2(4):335-355, 1973.
44. A. Hobor and J. Villard. The ramifications of sharing in data structures. In Proceedings of the 40th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages, POPL '13, pages 523-536, New York, NY, USA, 2013. ACM.
45. S. S. Ishtiaq and P. W. O'Hearn. BI as an assertion language for mutable data structures. In Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, POPL '01, pages 14-26, New York, NY, USA, 2001. ACM.
46. B. Jacobs, J. Smans, and F. Piessens. A Quick Tour of the VeriFast Program Verifier, pages 304-311. Springer Berlin Heidelberg, Berlin, Heidelberg, 2010.
47. C. B. Jones. Systematic software development using VDM. International Series in Computer Science. Prentice-Hall, Inc., Englewood Cliffs, N.J., 1986.
48. I. T. Kassios. Dynamic frames: Support for framing, dependencies and sharing without restrictions. In E. S. J. Misra, T. Nipkow, editor, Formal Methods (FM), volume 4085 of Lecture Notes in Computer Science, pages 268-283, Berlin, 2006. Springer-Verlag.
49. I. T. Kassios. The dynamic frames theory. Formal Aspects of Computing, 23(3):267-288, May 2011.
50. G. T. Leavens, A. L. Baker, and C. Ruby. Preliminary design of JML: A behavioral interface specification language for Java. Technical Report 98-06q, Iowa State University, Department of Computer Science, Dec. 2001. This is an obsolete version.
51. G. T. Leavens and D. A. Naumann. Behavioral subtyping, specification inheritance, and modular reasoning. ACM Trans. Program. Lang. Syst., 37(4):13:1-13:88, Aug. 2015.
52. G. T. Leavens and D. A. Naumann. Behavioral subtyping, specification inheritance, and modular reasoning. TOPLAS, 37(4):13:1-13:88, Aug. 2015.
53. G. T. Leavens and W. E. Weihl. Specification and verification of object-oriented programs using supertype abstraction. Acta Informatica, 32(8):705-778, Nov. 1995.
54. K. R. M. Leino. Toward Reliable Modular Programs. PhD thesis, California Institute of Technology, 1995. Available as Technical Report Caltech-CS-TR-95-03.
55. K. R. M. Leino. Data groups: Specifying the modification of extended state. In OOPSLA '98 Conference Proceedings, volume 33(10) of ACM SIGPLAN Notices, pages 144-153, New York, NY, Oct. 1998. ACM.
56. K. R. M. Leino. Specification and verification of object-oriented software. Lecture notes from Marktoberdorf Internation Summer School, available at http://research. microsoft.com/en-us/um/people/leino/papers/krml190.pdf, 2008.
57. K. R. M. Leino. This is Boogie 2. Manuscript KRML 178, 2008. Available at http: //research.microsoft.com/ ˜leino/papers.html.
58. K. R. M. Leino. Dafny: An automatic program verifier for functional correctness. In Logic for Programming, Artificial Intelligence, and Reasoning, 16th International Conference, LPAR- 16, volume 6355 of Lecture Notes in Computer Science, pages 348-370. Springer-Verlag, 2010.
59. K. R. M. Leino. Logic for Programming, Artificial Intelligence, and Reasoning: 16th In- ternational Conference, LPAR-16, Dakar, Senegal, April 25-May 1, 2010, Revised Selected Papers, chapter Dafny: An Automatic Program Verifier for Functional Correctness, pages 348-370. Springer Berlin Heidelberg, Berlin, Heidelberg, 2010.
60. K. R. M. Leino and R. Monahan. Dafny meets the verification benchmarks challenge. In Proceedings of the Third international conference on Verified software: theories, tools, ex- periments, volume 6217 of Lecture Notes in Computer Science, pages 112-126, Berlin, 2010. Springer-Verlag.
61. K. R. M. Leino and P. Müller. Object invariants in dynamic contexts. In M. Odersky, editor, European Conference on Object-Oriented Programming (ECOOP), volume 3086 of Lecture Notes in Computer Science, pages 491-516, Berlin, June 2004. Springer-Verlag.
62. K. R. M. Leino and P. Müller. A basis for verifying multi-threaded programs. In G. Castagna, editor, Programming Languages and Systems, 18th European Symposium on Programming, ESOP 2009, volume 5502 of Lecture Notes in Computer Science, pages 378-393, Berlin, Mar. 2009. Springer-Verlag.
63. K. R. M. Leino and G. Nelson. Data abstraction and information hiding. ACM Trans. Prog. Lang. Syst., 24(5):491-553, Sept. 2002.
64. K. R. M. Leino, A. Poetzsch-Heffter, and Y. Zhou. Using data groups to specify and check side effects. In Proceedings of the ACM SIGPLAN 2002 Conference on Programming Lan- guage Design and Implementation (PLDI'02), volume 37(5) of ACM SIGPLAN Notices, pages 246-257, New York, NY, June 2002. ACM.
65. B. H. Liskov and J. M. Wing. A behavioral notion of subtyping. ACM Trans. Prog. Lang. Syst., 16(6):1811-1841, Nov. 1994.
66. B. Meyer. Object-oriented Software Construction. Prentice Hall, New York, NY, second edition, 1997.
67. W. Mostowski and M. Ulbrich. Dynamic dispatch for method contracts through abstract pred- icates. In Proceedings of the 14th International Conference on Modularity, MODULARITY 2015, pages 109-116, New York, NY, USA, 2015. ACM.
68. P. Müller. Modular Specification and Verification of Object-Oriented Programs, volume 2262 of Lecture Notes in Computer Science. Springer-Verlag, Berlin, 2002.
69. P. Müller and A. Poetzsch-Heffter. Modular specification and verification techniques for object-oriented software components. In G. T. Leavens and M. Sitaraman, editors, Founda- tions of Component-Based Systems, chapter 7, pages 137-159. Cambridge University Press, 2000.
70. P. Müller, A. Poetzsch-Heffter, and G. T. Leavens. Modular specification of frame properties in JML. Concurrency and Computation: Practice and Experience, 15(2):117-154, Feb. 2003.
71. P. Müller, A. Poetzsch-Heffter, and G. T. Leavens. Modular invariants for layered object structures. Sci. Comput. Programming, 62(3):253-286, Oct. 2006.
72. D. A. Naumann and M. Barnett. Towards imperative modules: Reasoning about invariants and sharing of mutable state (extended abstract). In IEEE Symposium on Logic in Computer Science, pages 313-323, 2004.
73. D. A. Naumann and M. Barnett. Towards imperative modules: Reasoning about invariants and sharing of mutable state. Theoretical Comput. Sci., 365:143-168, 2006. Extended version of [67].
74. L. Nistor, J. Aldrich, S. Balzer, and H. Mehnert. Object propositions. In FM 2014: Formal Methods, pages 497-513. Springer, 2014.
75. J. Noble, J. Vitek, and J. Potter. Flexible alias protection. In E. Jul, editor, ECOOP '98 - Object-Oriented Programming, 12th European Conference, Brussels, Belgium, volume 1445 of Lecture Notes in Computer Science, pages 158-185. Springer-Verlag, July 1998.
76. P. O'Hearn, J. Reynolds, and H. Yang. Local reasoning about programs that alter data struc- tures. In Proceedings of CSL'01, volume 2142 of Lecture Notes in Computer Science, pages 1-19, Berlin, 2001. Springer-Verlag.
77. P. W. O'Hearn, H. Yang, and J. C. Reynolds. Separation and information hiding. In Proceed- ings of the 31st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Lan- guages, POPL '04, pages 268-280, New York, NY, USA, 2004. ACM.
78. P. W. O'Hearn, H. Yang, and J. C. Reynolds. Separation and information hiding. ACM Trans. Program. Lang. Syst., 31(3):11:1-11:50, Apr. 2009.
79. M. Parkinson. Class invariants: The end of the road? Aliasing, Confinement and Ownership in Object-oriented Programming (IWACO), page 9, 2007.
80. M. Parkinson and G. Bierman. Separation logic and abstraction. In J. Palsberg and M. Abadi, editors, ACM Symposium on Principles of Programming Languages, pages 247-258, New York, NY, Jan. 2005. ACM.
81. M. Parkinson and G. Bierman. Separation logic, abstraction and inheritance. In P. Wadler, editor, ACM Symposium on Principles of Programming Languages, pages 75-86, New York, NY, Jan. 2008. ACM.
82. M. J. Parkinson. Local reasoning for Java. Technical Report 654, University of Cambridge Computer Laboratory, Nov. 2005. The author's Ph.D. dissertation.
83. M. J. Parkinson and A. J. Summers. The relationship between separation logic and implicit dynamic frames. Logical Methods in Computer Science, 8(3), 2012.
84. J. C. Reynolds. Separation logic: A logic for shared mutable data structures. In Proceedings of the Seventeenth Annual IEEE Symposium on Logic in Computer Science, pages 55-74, Los Alamitos, California, 2002. IEEE Computer Society Press.
85. S. Rosenberg, A. Banerjee, and D. A. Naumann. Decision procedures for region logic. In Verification, Model Checking, and Abstract Interpretation, pages 379-395. Springer, 2012.
86. D. A. Schmidt. Denotational Semantics: A Methodology for Language Development. Allyn and Bacon, Inc., Boston, Mass., 1986.
87. J. Smans, B. Jacobs, and F. Piessens. Heap-dependent expressions in separation logic. In Pro- ceedings of the 12th IFIP WG 6.1 International Conference and 30th IFIP WG 6.1 Interna- tional Conference on Formal Techniques for Distributed Systems, FMOODS'10/FORTE'10, pages 170-185, Berlin, Heidelberg, 2010. Springer-Verlag.
88. J. Smans, B. Jacobs, and F. Piessens. Implicit dynamic frames. ACM Trans. Program. Lang. Syst., 34(1):2:1-2:58, May 2012.
89. J. Smans, B. Jacobs, F. Piessens, and W. Schulte. Automatic verification of java programs with dynamic frames. Formal Aspects of Computing, 22(3):423-457, 2010.
90. R. Strom and S. Yemini. Typestate: A programming language concept for enhancing software reliabiity. IEEE Transactions on Software Engineering, SE-12(1):157-171, Jan. 1986.
91. B. Weiß. Deductive Verification of Object-Oriented Software: Dynamic Frames, Dynamic Logic and Predicate Abstraction. PhD thesis, Karlsruhe Institute of Technology, 2011.
92. H. Yang and P. W. O'Hearn. A semantic basis for local reasoning. In Proceedings of the 5th International Conference on Foundations of Software Science and Computation Structures, FoSSaCS '02, pages 402-416, London, UK, UK, 2002. Springer-Verlag.