Procedures, parameters, and abstraction: separate concerns
Science of Computer Programming
Programming from specifications (2nd ed.)
Programming from specifications (2nd ed.)
Design patterns: elements of reusable object-oriented software
Design patterns: elements of reusable object-oriented software
A behavioral notion of subtyping
ACM Transactions on Programming Languages and Systems (TOPLAS)
Forcing behavioral subtyping through specification inheritance
Proceedings of the 18th international conference on Software engineering
Data groups: specifying the modification of extended state
Proceedings of the 13th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Featherweight Java: a minimal core calculus for Java and GJ
Proceedings of the 14th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
An axiomatic basis for computer programming
Communications of the ACM
Extended static checking for Java
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Refinement Calculus: A Systematic Introduction
Refinement Calculus: A Systematic Introduction
Contracts for higher-order functions
Proceedings of the seventh ACM SIGPLAN international conference on Functional programming
A Weakest Precondition Semantics for Refinement of Object-Oriented Programs
IEEE Transactions on Software Engineering
Designing an Object-Oriented Programming Language with Behavioural Subtyping
Proceedings of the REX School/Workshop on Foundations of Object-Oriented Languages
Runtime verification of .NET contracts
Journal of Systems and Software - Special issue on: Component-based software engineering
The Greybox Approach: When Blackbox Specifications Hide Too Much
The Greybox Approach: When Blackbox Specifications Hide Too Much
Concepts, Techniques, and Models of Computer Programming
Concepts, Techniques, and Models of Computer Programming
Ownership confinement ensures representation independence for object-oriented programs
Journal of the ACM (JACM)
Non-null references by default in the Java modeling language
SAVCBS '05 Proceedings of the 2005 conference on Specification and verification of component-based systems
Preliminary design of JML: a behavioral interface specification language for java
ACM SIGSOFT Software Engineering Notes
Information Hiding and Visibility in Interface Specifications
ICSE '07 Proceedings of the 29th international conference on Software Engineering
Specification and verification challenges for sequential object-oriented programs
Formal Aspects of Computing
Verification of object-oriented software: The KeY approach
Verification of object-oriented software: The KeY approach
JML’s rich, inherited specifications for behavioral subtypes
ICFEM'06 Proceedings of the 8th international conference on Formal Methods and Software Engineering
The spec# programming system: an overview
CASSIS'04 Proceedings of the 2004 international conference on Construction and Analysis of Safe, Secure, and Interoperable Smart Devices
Verifying a secure information flow analyzer
TPHOLs'05 Proceedings of the 18th international conference on Theorem Proving in Higher Order Logics
Design patterns in separation logic
Proceedings of the 4th international workshop on Types in language design and implementation
Tisa: A Language Design and Modular Verification Technique for Temporal Policies in Web Services
ESOP '09 Proceedings of the 18th European Symposium on Programming Languages and Systems: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009
Verifying event-driven programs using ramified frame properties
Proceedings of the 5th ACM SIGPLAN workshop on Types in language design and implementation
The design of SafeJML, a specification language for SCJ with support for WCET specification
Proceedings of the 8th International Workshop on Java Technologies for Real-Time and Embedded Systems
Specifying generic Java programs: two case studies
Proceedings of the Tenth Workshop on Language Descriptions, Tools and Applications
Enabling expressive aspect oriented modular reasoning by translucid contracts
Proceedings of the ACM international conference companion on Object oriented programming systems languages and applications companion
The future of library specification
Proceedings of the FSE/SDP workshop on Future of software engineering research
Proceedings of the tenth international conference on Aspect-oriented software development
Applying translucid contracts for modular reasoning about aspect and object oriented events
Proceedings of the 10th international workshop on Foundations of aspect-oriented languages
Towards client-aware interface specifications
Proceedings of the ACM international conference companion on Object oriented programming systems languages and applications companion
Behavioral interface specification languages
ACM Computing Surveys (CSUR)
On exceptions, events and observer chains
Proceedings of the 12th annual international conference on Aspect-oriented software development
Local Reasoning for Global Invariants, Part II: Dynamic Boundaries
Journal of the ACM (JACM)
| Hi-index | 0.00 |
What we call a''higher-order method" (HOM) is a method that makes mandatory calls to other dynamically-dispatched methods. Examples include template methods as in the Template method design pattern and notify methods in the Observer pattern. HOMs are particularly difficult to reason about, because standard pre- and postcondition specifications cannot describe the mandatory calls. For reasoning about such methods, existing approaches use either higher order logic or traces, but both are complex and verbose. We describe a simple, concise, and modular approach to specifying HOMs We show how to verify calls to HOMs and their code using first-order verification conditions, in asound and modular way. Verification of client code that calls HOMs can take advantage of the client's knowledge about the mandatory calls to make strong conclusions. Our verification technique validates and explains traditional documentation practice for HOMs, which typically shows their code. However, specifications do not have to expose all of the code to clients, but only enough to determine how the HOM makes its mandatory calls.