Forcing behavioral subtyping through specification inheritance
Proceedings of the 18th international conference on Software engineering
Using data groups to specify and check side effects
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Transition predicate abstraction and fair termination
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Specification and verification challenges for sequential object-oriented programs
Formal Aspects of Computing
A theory of object oriented refinement
A theory of object oriented refinement
Practical reasoning about invocations and implementations of pure methods
FASE'07 Proceedings of the 10th international conference on Fundamental approaches to software engineering
The spec# programming system: an overview
CASSIS'04 Proceedings of the 2004 international conference on Construction and Analysis of Safe, Secure, and Interoperable Smart Devices
Dynamic frames: support for framing, dependencies and sharing without restrictions
FM'06 Proceedings of the 14th international conference on Formal Methods
A verification methodology for model fields
ESOP'06 Proceedings of the 15th European conference on Programming Languages and Systems
Regional Logic for Local Reasoning about Global Invariants
ECOOP '08 Proceedings of the 22nd European conference on Object-Oriented Programming
Boogie Meets Regions: A Verification Experience Report
VSTTE '08 Proceedings of the 2nd international conference on Verified Software: Theories, Tools, Experiments
jStar: towards practical verification for java
Proceedings of the 23rd ACM SIGPLAN conference on Object-oriented programming systems languages and applications
Implicit Dynamic Frames: Combining Dynamic Frames and Separation Logic
Genoa Proceedings of the 23rd European Conference on ECOOP 2009 --- Object-Oriented Programming
Fuzzing and delta-debugging SMT solvers
Proceedings of the 7th International Workshop on Satisfiability Modulo Theories
Reasoning about Memory Layouts
FM '09 Proceedings of the 2nd World Congress on Formal Methods
Local reasoning and dynamic framing for the composite pattern and its clients
VSTTE'10 Proceedings of the Third international conference on Verified software: theories, tools, experiments
Reasoning about memory layouts
Formal Methods in System Design
Dafny: an automatic program verifier for functional correctness
LPAR'10 Proceedings of the 16th international conference on Logic for programming, artificial intelligence, and reasoning
Dynamic frames in java dynamic logic
FoVeOOS'10 Proceedings of the 2010 international conference on Formal verification of object-oriented software
ACM Transactions on Programming Languages and Systems (TOPLAS)
Heap-Dependent expressions in separation logic
FMOODS'10/FORTE'10 Proceedings of the 12th IFIP WG 6.1 international conference and 30th IFIP WG 6.1 international conference on Formal Techniques for Distributed Systems
ESOP'10 Proceedings of the 19th European conference on Programming Languages and Systems
Behavioral interface specification languages
ACM Computing Surveys (CSUR)
Verified resource guarantees for heap manipulating programs
FASE'12 Proceedings of the 15th international conference on Fundamental Approaches to Software Engineering
Local Reasoning for Global Invariants, Part II: Dynamic Boundaries
Journal of the ACM (JACM)
Local Reasoning for Global Invariants, Part I: Region Logic
Journal of the ACM (JACM)
Aliasing in Object-Oriented Programming
| Hi-index | 0.00 |
Data abstraction is crucial in the construction of modular programs, since it ensures that internal changes in one module do not propagate to other modules. In object-oriented programs, classes typically enforce data abstraction by providing access to their internal state only through methods. By using method calls in method contracts, data abstraction can be extended to specifications. In this paper, methods used for this purpose must be side-effect free, and are called pure methods. We present an approach to the automatic verification of object-oriented programs that use pure methods for data abstraction. The cornerstone of our approach is the solution to the framing problem, i.e. client code must be able to determine whether state changes affect the return values of pure methods. More specifically, we extend each method contract with a method footprint, an upper bound on the memory locations read or written by the corresponding method. Footprints are specified using dynamic frames, special pure methods that return sets of memory locations. Thanks to this abstraction, implementations can evolve independently from specifications, loosely coupled only by pure functions. We implemented this approach in a custom build of the Spec# program verifier, and used it to automatically verify several challenging programs, including the iterator and observer patterns. The verifier itself and the examples shown in this paper can be downloaded from the authors' homepage [1].