Forcing behavioral subtyping through specification inheritance
Proceedings of the 18th international conference on Software engineering
A high-level modular definition of the semantics of C#
Theoretical Computer Science - Abstract state machines and high-level system design and analysis
Modular invariants for layered object structures
Science of Computer Programming - Special issue on source code analysis and manipulation (SCAM 2005)
Specification and verification challenges for sequential object-oriented programs
Formal Aspects of Computing
Using history invariants to verify observers
ESOP'07 Proceedings of the 16th European conference on Programming
The spec# programming system: an overview
CASSIS'04 Proceedings of the 2004 international conference on Construction and Analysis of Safe, Secure, and Interoperable Smart Devices
Reasoning about function objects
TOOLS'10 Proceedings of the 48th international conference on Objects, models, components, patterns
| Hi-index | 0.00 |
Function objects are used to express higher-order features in object-oriented programs. C# provides the delegate construct to simplify the implementation of function objects. A delegate instance represents a method together with a target object. Sound reasoning about delegates requires that the precondition of the underlying method holds whenever a delegate is invoked. This is difficult to achieve if the method precondition depends on the state of the target object. Proving such a precondition when the delegate is invoked is in general not possible because properties of the target object are typically not known at the invocation site. Proving the precondition when the delegate is instantiated is not sufficient either because the state of the target might change before the delegate is invoked. In this paper, we present a verification methodology for C# delegates. Properties of the target object are expressed as invariant of the delegate. Our methodology keeps track when this invariant can be assumed to hold. It enables modular verification of interesting implementations and is proven sound.