Modular Verification with Shared Abstractions
Size: px
Start display at page:

Download "Modular Verification with Shared Abstractions"

Transcription

1 Modular Verification with Shared Abstractions Uri Juhasz Noam Rinetzky Arnd Poetzsch-Heffter Mooly Sagiv Eran Yahav Tel Aviv University Tel Aviv University Universität Kaiserlautern Tel Aviv University IBM Research

2 goal verify imperative heap-manipulating programs cleanness (no memory errors) invariants partial correctness... modularly

3 a non-modular verification Client DS x, z; Data Struct. DS{... b()...}

4 a non-modular verification x z Client DS x, z; Data Struct. DS{... b()...}

5 a non-modular verification x z Client z.b() DS x, z; Data Struct. DS{... b()...}

6 a non-modular verification x z z Client z.b() DS x, z; Data Struct. DS{... b()...}

7 a non-modular verification x z x z Client z.b() DS x, z; Data Struct. DS{... b()...}

8 modular verification Client DS x, z; Data Struct. DS{... b()...}

9 modular verification x z Client DS x, z; Data Struct. DS{... b()...}

10 modular verification x z Client z.b() DS x, z; Data Struct. DS{... b()...}

11 modular verification x z z Client z.b() DS x, z; Data Struct. DS{... b()...}

12 modular verification x z x z Client z.b() DS x, z; Data Struct. DS{... b()...}

13 the plot thicken... modular verification sharing Client DS x, z; Data Struct. DS{... b()...}

14 the plot thicken... modular verification sharing x z Client DS x, z; Data Struct. DS{... b()...}

15 the plot thicken... modular verification sharing x z Client DS x, z; Data Struct. DS{... b()...}

16 the plot thicken... modular verification sharing x z Client DS x, z; Data Struct. DS{... b()...}

17 the plot thicken... modular verification sharing x z Client DS x, z; Data Struct. DS{... b()...}

18 the plot thicken... modular verification sharing x z Client z.b() DS x, z; Data Struct. DS{... b()...}

19 the plot thicken... modular verification sharing x z z Client z.b() DS x, z; Data Struct. DS{... b()...}

20 the plot thicken... modular verification sharing x z z Client z.b() DS x, z; Data Struct. DS{... b()...}

21 the plot thicken... modular verification sharing x z x z Client z.b() DS x, z; Data Struct.? DS{... b()...}

22 the plot thicken... modular verification sharing x z x z Client z.b() DS x, z; Data Struct. DS{... b()...}?

23 the plot thicken... modular verification sharing x z x z Client z.b() DS x, z; Data Struct. DS{... b()...}?

24 the plot thicken... modular verification sharing x z x z Client z.b() DS x, z; Data Struct. DS{... b()...}?

25 main contributions approach for modular verification allows sharing spec + proof obligation control inter-module sharing modular static analysis

26 S(y) sep. logic for oo [Bierman+ 05] disjoint abstractions x z x y P(x,y) S(y) Q(z,y) P(x,y) y

27 y S( Boogie [Barnett+ 04] packed abstractions x z x y y P(x,y) S(y) Q(z,y) P(x,y)

28 x our approach z x z P(x,y) y S(y) Q(z,y) & P(x,y) y y S(y) Q(z,y)

29 our approach shared abstractions z x z y y y S(y) Q(z,y) P(x,y) Q(z,y) y S(y)

30 our approach controlled exposure of aliasing Client DS x, z; Data Struct. DS{... b()...}

31 our approach controlled exposure of aliasing x z Client DS x, z; Data Struct. DS{... b()...}

32 our approach controlled exposure of aliasing x z Client DS x, z; Data Struct. DS{... b()...}

33 our approach controlled exposure of aliasing x z Client DS x, z; Data Struct. DS{... b()...}

34 our approach controlled exposure of aliasing x z Client DS x, z; Data Struct. DS{... b()...}

35 our approach controlled exposure of aliasing x z Client z.b() DS x, z; Data Struct. DS{... b()...}

36 our approach controlled exposure of aliasing x z z Client z.b() DS x, z; Data Struct. DS{... b()...}

37 our approach controlled exposure of aliasing x z z Client z.b() DS x, z; Data Struct. DS{... b()...}

38 our approach controlled exposure of aliasing x z x z Client z.b() DS x, z; Data Struct. DS{... b()...}?

39 our approach controlled exposure of aliasing x z x z Client z.b() DS x, z; Data Struct. DS{... b()...}?

40 our approach controlled exposure of aliasing aggregate model function x z x z Client z.b() DS x, z; Data Struct. DS{... b()...}?

41 our approach controlled exposure of aliasing aggregate model function x z x z Client z.b() DS x, z; Data Struct. DS{... b()...}?

42 our approach controlled exposure of aliasing aggregate model function x z x z Client z.b() DS x, z; Data Struct. DS{... b()...}

43 our approach controlled exposure of aliasing module: declare possible exposed references client: track actual sharing

44 our approach controlled exposure of aliasing module: declare possible exposed references client: track actual sharing aggregate model function module: declare how to update abstract state due to change in sub-structures client: update possibly effected structures

45 some details

46 programming model program = collections of modules module = types + procedures module-private fields

47 verification of ADT [Hoare 72] modular verification hides module implementation from clients - client manipulate abstract values - representation function connects implementation & abstract value unknown to the client

48 example: Map code ( Java.util ) Hoare-style spec. class Map { model map: N N }

49 example: KeySet code ( Java.util ) Hoare-style spec. } class KeySet{ private Map m; KeySet(Map _m){ m = _m; } bool contains(int k){ return map.haskey(k); } model set: P(N) // MF set(this) = dom(this.m) {this.set = S} bool contains(int k) {this.set = S, ret = k in S}...

50 modular verification: take 1 client Map m = new Map(); m.put(1,1); m.put(2,4); KeySet s = new KeySet(m); m.put(3,9); assert(s.contains(3));

51 modular verification: take 1 client Map m = new Map(); m m.put(1,1); m.put(2,4); KeySet s = new KeySet(m); m.put(3,9); assert(s.contains(3));

52 modular verification: take 1 client Map m = new Map(); m m.put(1,1); m.put(2,4); m 1 1,2 4 KeySet s = new KeySet(m); m.put(3,9); assert(s.contains(3));

53 modular verification: take 1 client Map m = new Map(); m m.put(1,1); m.put(2,4); KeySet s = new KeySet(m); m 1 1,2 4 m 1 1,2 4 s {1,2} m.put(3,9); assert(s.contains(3));

54 modular verification: take 1 client Map m = new Map(); m m.put(1,1); m.put(2,4); KeySet s = new KeySet(m); m 1 1,2 4 m 1 1,2 4 {1,2} s m.put(3,9); m 1 1,2 4,3 9 assert(s.contains(3));

55 modular verification: take 1 client Map m = new Map(); m m.put(1,1); m.put(2,4); KeySet s = new KeySet(m); m 1 1,2 4 m 1 1,2 4 {1,2} s m.put(3,9); m 1 1,2 4,3 9 assert(s.contains(3));

56 modular verification: take 1 client Map m = new Map(); m m.put(1,1); m.put(2,4); KeySet s = new KeySet(m); m 1 1,2 4 m 1 1,2 4 {1,2} s m.put(3,9); assert(s.contains(3)); m 1 1,2 4,3 9 {1,2} s

57 our approach code spec } class KeySet{ private Map m; KeySet(Map _m){ m = _m; } bool contains(int k){ return haskey(k); } model set: P(N); // MF set (this) = dom(this.m) {this.set = S} bool contains(int k) {this.set = S, ret = k in S}...

58 our approach code spec } class KeySet{ private Map m; KeySet(Map _m){ m = _m; } bool contains(int k){ return haskey(k); } model set: P(N); // MF set (this) = dom(this.m) model pivot amap: Map; model function AMF set(this)=dom(amap.map) {_m.map = M} KeySet(Map _m) {this.amap = _m,... }...

59 example: KeySet client Map m = new Map(); m.put(1,1); m.put(2,4); KeySet s = new KeySet(m); m. put(3,9); assert(s.ismember(3));

60 example: KeySet client Map m = new Map(); m m.put(1,1); m.put(2,4); KeySet s = new KeySet(m); m. put(3,9); assert(s.ismember(3));

61 example: KeySet client Map m = new Map(); m m.put(1,1); m.put(2,4); m 1 1,2 4 KeySet s = new KeySet(m); m. put(3,9); assert(s.ismember(3));

62 example: KeySet client Map m = new Map(); m m.put(1,1); m.put(2,4); KeySet s = new KeySet(m); m 1 1,2 4 m 1 1,2 4 s {1,2} m. put(3,9); assert(s.ismember(3));

63 example: KeySet client Map m = new Map(); m m.put(1,1); m.put(2,4); m 1 1,2 4 amap KeySet s = new KeySet(m); m 1 1,2 4 s {1,2} m. put(3,9); assert(s.ismember(3));

64 example: KeySet client Map m = new Map(); m m.put(1,1); m.put(2,4); m 1 1,2 4 amap KeySet s = new KeySet(m); m 1 1,2 4 {1,2} s m. put(3,9); assert(s.ismember(3)); m 1 1,2 4,3 9

65 example: KeySet client Map m = new Map(); m m.put(1,1); m.put(2,4); m 1 1,2 4 amap KeySet s = new KeySet(m); m 1 1,2 4 {1,2} s m. put(3,9); assert(s.ismember(3)); m 1 1,2 4,3 9

66 example: KeySet client Map m = new Map(); m m.put(1,1); m.put(2,4); m 1 1,2 4 amap KeySet s = new KeySet(m); m 1 1,2 4 {1,2} s m. put(3,9); assert(s.ismember(3)); m 1 1,2 4,3 9 {1,2} s

67 example: KeySet client Map m = new Map(); m m.put(1,1); m.put(2,4); m 1 1,2 4 amap KeySet s = new KeySet(m); m. put(3,9); m 1 1,2 4 {1,2} s amap assert(s.ismember(3)); m 1 1,2 4,3 9 {1,2} s

68 example: KeySet client Map m = new Map(); m m.put(1,1); m.put(2,4); m 1 1,2 4 amap KeySet s = new KeySet(m); m. put(3,9); m 1 1,2 4 {1,2} s amap assert(s.ismember(3)); m 1 1,2 4,3 9 {1,2,3} {1,2} s

69 restrictions acyclic module import relation one entry point per data structure no subtyping

70 our approach: recap controlled exposure of aliasing module: declare possible exposed references client: track actual sharing aggregate model function module: declare how to update abstract state due to change in sub-structure client: update possibly effected structures

71 proof obligations [Hoare 72]-like proof obligations

72 proof obligations [Hoare 72]-like proof obligations aggregate model function consistency AFM (this) ==FM (this) model pivot consistency rep amap = map

73 proof obligations [Hoare 72]-like proof obligations aggregate model function consistency AFM (this) ==FM (this) set set model pivot consistency rep amap = map

74 proof obligations [Hoare 72]-like proof obligations aggregate model function consistency AFM (this) ==FM (this) model pivot consistency rep amap = map single header model function dependency is locally acyclic

75 proof obligations [Hoare 72]-like proof obligations aggregate model function consistency AFM (this) ==FM (this) set set model pivot consistency rep amap = map single header model function dependency is locally acyclic

76 success stories (manual verification) data structure abstraction sequences: list, sorted-list, tree maps: list, tree intentionally exposed (shared) imp. sum, coordinate KeySet Model-View-Controller (passive)

77 modular static analysis abstract interpretation hybrid modular semantics shape abstraction most general intrusive client (MGIC)

78 modular static analysis abstract interpretation hybrid modular semantics shape abstraction most general intrusive client (MGIC)

79 standard local-heap semantics client Map m = new Map; m.put(1,1); m.put(2,4); KeySet s = new KeySet(m); m.put(3,9); assert(s.ismember(3));

80 standard local-heap semantics client Map m = new Map; m m.put(1,1); m.put(2,4); KeySet s = new KeySet(m); m.put(3,9); assert(s.ismember(3));

81 standard local-heap semantics client Map m = new Map; m.put(1,1); m.put(2,4); m m k:1, v:1 k:2, v:4 KeySet s = new KeySet(m); m.put(3,9); assert(s.ismember(3));

82 standard local-heap semantics client Map m = new Map; m.put(1,1); m.put(2,4); KeySet s = new KeySet(m); m m k:1, v:1 k:2, v:4 this k:1, v:1 k:2, v:4 m.put(3,9); assert(s.ismember(3));

83 hybrid modular semantics client Map m = new Map; m.put(1,1); m.put(2,4); KeySet s = new KeySet(m); m.put(3,9); assert(s.contains(3));

84 hybrid modular semantics client Map m = new Map; m m.put(1,1); m.put(2,4); KeySet s = new KeySet(m); m.put(3,9); assert(s.contains(3));

85 hybrid modular semantics client Map m = new Map; m m.put(1,1); m.put(2,4); m 1 1,2 4 KeySet s = new KeySet(m); m.put(3,9); assert(s.contains(3));

86 hybrid modular semantics client Map m = new Map; m m.put(1,1); m.put(2,4); m 1 1,2 4 amap KeySet s = new KeySet(m); m 1 1,2 4 s {1,2} m.put(3,9); assert(s.contains(3));

87 hybrid modular semantics client Map m = new Map; m m.put(1,1); m.put(2,4); m 1 1,2 4 amap KeySet s = new KeySet(m); m 1 1,2 4 s {1,2} m.put(3,9); assert(s.contains(3));

88 hybrid modular semantics code ( Java.util ) class Map { put(int k, int v) {... this k:1, v:1 k:2, v:4 } }

89 hybrid modular semantics code ( Java.util ) class Map { put(int k, int v) {... this k:1, v:1 k:2, v:4 } } this k:1, v:1 k:2, v:4 k:3, v:9

90 hybrid modular semantics client Map m = new Map; m m.put(1,1); m.put(2,4); m 1 1,2 4 amap KeySet s = new KeySet(m); m 1 1,2 4 {1,2} s m.put(3,9); assert(s.contains(3)); m 1 1,2 4,3 9

91 hybrid modular semantics client Map m = new Map; m m.put(1,1); m.put(2,4); m 1 1,2 4 amap KeySet s = new KeySet(m); m 1 1,2 4 {1,2} s m.put(3,9); assert(s.contains(3)); m 1 1,2 4,3 9

92 hybrid modular semantics client Map m = new Map; m m.put(1,1); m.put(2,4); m 1 1,2 4 amap KeySet s = new KeySet(m); m.put(3,9); m 1 1,2 4 {1,2} s amap assert(s.contains(3)); m 1 1,2 4,3 9 {1,2} s

93 hybrid modular semantics client Map m = new Map; m m.put(1,1); m.put(2,4); m 1 1,2 4 amap KeySet s = new KeySet(m); m.put(3,9); m 1 1,2 4 {1,2} s amap assert(s.contains(3)); m 1 1,2 4,3 9 {1,2,3} {1,2} s

94 modular static analysis most general intrusive client (MGIC)

95 modular static analysis most general intrusive client (MGIC) Map m = new Mapspec; while (?){ switch (?){ 0: m.putspec(?,?); 1: m.removespec(?); } }

96 modular static analysis most general intrusive client (MGIC) Map m = new Mapspec; while (?){ switch (?){ 0: m.putspec(?,?); 1: m.removespec(?); } } KeySet s = new KeySetbody(m); while(?){ switch (?){ 0: int k=?; {let s = s.set;} bool b=s.containsbody(k); {assert(b==k in s & s ==s.set); } } 1: m.putspec(?,?); 2: m.removespec(?); assert(afm (s) ==FM (s)); set set

97 modular static analysis most general intrusive client (MGIC) Map m = new Mapspec; while (?){ switch (?){ 0: m.putspec(?,?); 1: m.removespec(?); } } KeySet s = new KeySetbody(m); while(?){ switch (?){ 0: int k=?; {let s = s.set;} bool b=s.containsbody(k); {assert(b==k in s & s ==s.set); } } 1: m.putspec(?,?); 2: m.removespec(?); assert(afm (s) ==FM (s)); set set

98 success stories (automatic verification) wrappers sequence: list, sorted-list, tree map: list KeySet Model-View-Controller (passive)

99 closely related work separation logic [O Hearn+, POPL 04], [Bierman&Parkinson, POPL 05] ownership-based [Muller, PhD 01], [Barnett+,JOOT 04], [Muller&Leino, ESOP 07],... static analysis [Logozzo, VMCAI 04], [Rinetzky+, ESOP 07], [Distefano&Parkinson, OOPSLA 08], [Wies+, VMCAI 06]...

100 summary novel approach for modular verification controlled exposure of aliasing aggregate model function additional proof burden ~ sharing allowed sharing + permitted sharing hybrid modular semantics modular static analysis using MGIC

101 modify clauses dynamic encapsulation (ownership transfer) acyclic module aggregate model function dependencies composite pattern (acyclic heaps) active MVC (cyclic heaps) callbacks iterators inheritance unbounded sharing future work

102 thank you!

103

104 what s the lesson? (a joke)

105 possibly not funny! what s the lesson? (a joke)

106 possibly not funny! what s the lesson? (a joke)

107 possibly not funny! what s the lesson? (a joke)

108 possibly not funny! what s the lesson? (a joke)

109 possibly not funny! what s the lesson? (a joke)

110 possibly not funny! what s the lesson? (a joke)

111 moral

112 moral

113

Similar documents

Modular Verification with Shared Abstractions

Modular Verification with Shared Abstractions Modular Verification with Shared Abstractions Uri Juhasz Tel Aviv University urijuhasz@tau.ac.il Noam Rinetzky Queen Mary University of London maon@dcs.qmul.ac.uk Arnd Poetzsch-Heffter Kaiserslautern University

More information

Towards imperative modules: reasoning about invariants and sharing of mutable state

Towards imperative modules: reasoning about invariants and sharing of mutable state Towards imperative modules: reasoning about invariants and sharing of mutable state David A. Naumann Joint work with Mike Barnett and Anindya Banerjee Stevens Institute of Technology Supported by NSF CCR-0208984,

More information

Reasoning about Object Structures Using Ownership

Reasoning about Object Structures Using Ownership Reasoning about Object Structures Using Ownership Peter Müller ETH Zurich, Switzerland Peter.Mueller@inf.ethz.ch Abstract. Many well-established concepts of object-oriented programming work for individual

More information

Object Ownership in Program Verification

Object Ownership in Program Verification Object Ownership in Program Verification Werner Dietl 1 and Peter Müller 2 1 University of Washington wmdietl@cs.washington.edu 2 ETH Zurich peter.mueller@inf.ethz.ch Abstract. Dealing with aliasing is

More information

Program Analysis and Verification

Program Analysis and Verification Program Analysis and Verification 0368-4479 Noam Rinetzky Lecture 12: Interprocedural Analysis + Numerical Analysis Slides credit: Roman Manevich, Mooly Sagiv, Eran Yahav 1 Procedural program void main()

More information

Lecture 4. Towards a Verifying Compiler: Data Abstraction

Lecture 4. Towards a Verifying Compiler: Data Abstraction Lecture 4 Towards a Verifying Compiler: Data Abstraction W olfram Schulte Microsoft Research Formal Methods 2006 Purity, Model fields, Inconsistency Joint work with Rustan Leino, Mike Barnett, Manuel Fähndrich,

More information

Representation Independence, Confinement and Access Control

Representation Independence, Confinement and Access Control Representation Independence, Confinement and Access Control Anindya Banerjee and David Naumann ab@cis.ksu.edu and naumann@cs.stevens-tech.edu Kansas State University and Stevens Institute of Technology

More information

Automatic Assume/Guarantee Reasoning for Heap-Manipulating Programs (Ongoing Work)

Automatic Assume/Guarantee Reasoning for Heap-Manipulating Programs (Ongoing Work) Automatic Assume/Guarantee Reasoning for Heap-Manipulating Programs (Ongoing Work) Greta Yorsh a Alexey Skidanov a Thomas Reps b Mooly Sagiv a a School of Comp. Sci., Tel-Aviv Univ., {gretay,skidanov,msagiv}@post.tau.ac.il

More information

Separation Logic Tutorial

Separation Logic Tutorial Separation Logic Tutorial (To appear in Proceedings of ICLP 08) Peter O Hearn Queen Mary, University of London Separation logic is an extension of Hoare s logic for reasoning about programs that manipulate

More information

Modular Shape Analysis for Dynamically Encapsulated Programs

Modular Shape Analysis for Dynamically Encapsulated Programs Modular Shape Analysis for Dynamically Encapsulated Programs TAU-CS-107/06 N. Rinetzky 1 A. Poetzsch-Heffter 2 G. Ramalingam 3 M. Sagiv 1 E. Yahav 4 1 School of Computer Science; Tel Aviv University; Tel

More information

An Automatic Verifier for Java-Like Programs Based on Dynamic Frames

An Automatic Verifier for Java-Like Programs Based on Dynamic Frames An Automatic Verifier for Java-Like Programs Based on Dynamic Frames Jan Smans 1, Bart Jacobs 1, Frank Piessens 1, and Wolfram Schulte 2 1 Katholieke Universiteit Leuven, Belgium {jans,bartj,frank}@cs.kuleuven.be

More information

A verification methodology for model fields

A verification methodology for model fields A verification methodology for model fields K. Rustan M. Leino 1 and Peter Müller 2 1 Microsoft Research, leino@microsoft.com 2 ETH Zürich, peter.mueller@inf.ethz.ch Abstract. Model fields are specification-only

More information

Modular verification of static class invariants

Modular verification of static class invariants Modular verification of static class invariants K. Rustan M. Leino 1 and Peter Müller 2 1 Microsoft Research, Redmond, WA, USA, leino@microsoft.com 2 ETH Zürich, Switzerland, peter.mueller@inf.ethz.ch

More information

Verifying JML specifications with model fields

Verifying JML specifications with model fields Verifying JML specifications with model fields Cees-Bart Breunesse and Erik Poll Department of Computer Science, University of Nijmegen Abstract. The specification language JML (Java Modeling Language)

More information

Representation Independence, Confinement and Access Control

Representation Independence, Confinement and Access Control Representation Independence, Confinement and Access Control Anindya Banerjee and David Naumann ab@cis.ksu.edu and naumann@cs.stevens-tech.edu Kansas State University and Stevens Institute of Technology,

More information

Modular specification of frame properties in JML

Modular specification of frame properties in JML CONCURRENCY PRACTICE AND EXPERIENCE Concurrency: Pract. Exper. 2002; 1:1 [Version: 2001/03/05 v2.01] Modular specification of frame properties in JML Peter Müller 1, Arnd Poetzsch-Heffter 2, and Gary T.

More information

Verifying Backwards Compatibility of Object-Oriented Libraries Using Boogie

Verifying Backwards Compatibility of Object-Oriented Libraries Using Boogie Verifying Backwards Compatibility of Object-Oriented Libraries Using Boogie [Extended Abstract] ABSTRACT Yannick Welsch University of Kaiserslautern, Germany welsch@cs.uni-kl.de Proving that a library

More information

Chapter 13 Object Oriented Programming. Copyright 2006 The McGraw-Hill Companies, Inc.

Chapter 13 Object Oriented Programming. Copyright 2006 The McGraw-Hill Companies, Inc. Chapter 13 Object Oriented Programming Contents 13.1 Prelude: Abstract Data Types 13.2 The Object Model 13.4 Java 13.1 Prelude: Abstract Data Types Imperative programming paradigm Algorithms + Data Structures

More information

TVLA: A SYSTEM FOR GENERATING ABSTRACT INTERPRETERS*

TVLA: A SYSTEM FOR GENERATING ABSTRACT INTERPRETERS* TVLA: A SYSTEM FOR GENERATING ABSTRACT INTERPRETERS* Tal Lev-Ami, Roman Manevich, and Mooly Sagiv Tel Aviv University {tla@trivnet.com, {rumster,msagiv}@post.tau.ac.il} Abstract TVLA (Three-Valued-Logic

More information

Inductive Proof Outlines for Multithreaded Java with Exceptions

Inductive Proof Outlines for Multithreaded Java with Exceptions Inductive Proof Outlines for Multithreaded Java with Exceptions Extended Abstract 30. April, 2004 Erika Ábrahám1, Frank S. de Boer 2, Willem-Paul de Roever 1, and Martin Steffen 1 1 Christian-Albrechts-University

More information

Scalable Specification and Reasoning: Technical Challenges for Program Logic

Scalable Specification and Reasoning: Technical Challenges for Program Logic Scalable Specification and Reasoning: Technical Challenges for Program Logic Peter W. O Hearn Queen Mary, University of London Abstract. If program verification tools are ever to be used widely, it is

More information

CoBoxes: Distributed Heaps with Cooperative Tasks

CoBoxes: Distributed Heaps with Cooperative Tasks CoBoxes: Distributed Heaps with Cooperative Tasks Jan Schäfer Arnd Poetzsch-Heffter University of Kaiserslautern HATS WP1 Task 1.1 Meeting June 29th, 2009 http://www.hats-project.eu Jan Schäfer CoBoxes

More information

Weiss Chapter 1 terminology (parenthesized numbers are page numbers)

Weiss Chapter 1 terminology (parenthesized numbers are page numbers) Weiss Chapter 1 terminology (parenthesized numbers are page numbers) assignment operators In Java, used to alter the value of a variable. These operators include =, +=, -=, *=, and /=. (9) autoincrement

More information

A Type System for Checking Applet Isolation in Java Card

A Type System for Checking Applet Isolation in Java Card A Type System for Checking Applet Isolation in Java Card Peter Müller ETH Zürich Joint work with Werner Dietl and Arnd Poetzsch-Heffter Applet Isolation 2 Applet Context 1 Firewall Applet Context 2 SIO

More information

Software Architecture

Software Architecture Software Architecture Lecture 5 Call-Return Systems Rob Pettit George Mason University last class data flow data flow styles batch sequential pipe & filter process control! process control! looping structure

More information

Runtime Checking for Program Verification Systems

Runtime Checking for Program Verification Systems Runtime Checking for Program Verification Systems Karen Zee, Viktor Kuncak, and Martin Rinard MIT CSAIL Tuesday, March 13, 2007 Workshop on Runtime Verification 1 Background Jahob program verification

More information

Practical Reasoning About Invocations and Implementations of Pure Methods

Practical Reasoning About Invocations and Implementations of Pure Methods Practical Reasoning About Invocations and Implementations of Pure Methods Ádám Darvas 1 and K. Rustan M. Leino 2 1 ETH Zurich, Switzerland adam.darvas@inf.ethz.ch 2 Microsoft Research, Redmond, WA, USA

More information

Viper A Verification Infrastructure for Permission-Based Reasoning

Viper A Verification Infrastructure for Permission-Based Reasoning Viper A Verification Infrastructure for Permission-Based Reasoning Alex Summers, ETH Zurich Joint work with Uri Juhasz, Ioannis Kassios, Peter Müller, Milos Novacek, Malte Schwerhoff (and many students)

More information

Verification of Object-Oriented Programs with Invariants

Verification of Object-Oriented Programs with Invariants Verification of Object-Oriented Programs with Invariants Mike Barnett, Robert DeLine, Manuel Fähndrich, K. Rustan M. Leino, and Wolfram Schulte Microsoft Research, Redmond, WA, USA {mbarnett,rdeline,maf,leino,schulte@microsoft.com

More information

Lecture 13: Object orientation. Object oriented programming. Introduction. Object oriented programming. OO and ADT:s. Introduction

Lecture 13: Object orientation. Object oriented programming. Introduction. Object oriented programming. OO and ADT:s. Introduction Lecture 13: Object orientation Object oriented programming Introduction, types of OO languages Key concepts: Encapsulation, Inheritance, Dynamic binding & polymorphism Other design issues Smalltalk OO

More information

4. Object Structures, Aliasing, and Encapsulation

4. Object Structures, Aliasing, and Encapsulation 4. Object Structures, Aliasing, and Encapsulation Collaboration remark: The following slides are partly taken from the lecture Konzepte objektorientierter Programmierung by Prof. Peter Müller (ETH Zürich).

More information

Department of Computer Science 226 Atanasoff Hall Iowa State University Ames, Iowa , USA

Department of Computer Science 226 Atanasoff Hall Iowa State University Ames, Iowa , USA Modular Specification of Frame Properties in JML Peter Müller, Arnd Poetzsch-Heffter, and Gary T. Leavens TR #02-02a February 2002, Revised October 2002 Keywords: frame property, frame axiom, modifies

More information

Part II. Hoare Logic and Program Verification. Why specify programs? Specification and Verification. Code Verification. Why verify programs?

Part II. Hoare Logic and Program Verification. Why specify programs? Specification and Verification. Code Verification. Why verify programs? Part II. Hoare Logic and Program Verification Part II. Hoare Logic and Program Verification Dilian Gurov Props: Models: Specs: Method: Tool: safety of data manipulation source code logic assertions Hoare

More information

Checking Program Properties with ESC/Java

Checking Program Properties with ESC/Java Checking Program Properties with ESC/Java 17-654/17-765 Analysis of Software Artifacts Jonathan Aldrich 1 ESC/Java A checker for Java programs Finds null pointers, array dereferences Checks Hoare logic

More information

Chapter 1. Introduction

Chapter 1. Introduction 1 Chapter 1 Introduction An exciting development of the 21st century is that the 20th-century vision of mechanized program verification is finally becoming practical, thanks to 30 years of advances in

More information

Effectively-Propositional Modular Reasoning about Reachability in Linked Data Structures CAV 13, POPL 14 Shachar Itzhaky

Effectively-Propositional Modular Reasoning about Reachability in Linked Data Structures CAV 13, POPL 14 Shachar Itzhaky Effectively-Propositional Modular Reasoning about Reachability in Linked Data Structures CAV 13, POPL 14 Shachar Itzhaky Anindya Banerjee Neil Immerman Ori Lahav Aleks Nanevski Mooly Sagiv http://www.cs.tau.ac.il/~shachar/afwp.html

More information

A Combination Framework for Tracking Partition Sizes (Full Version)

A Combination Framework for Tracking Partition Sizes (Full Version) A Combination Framework for Tracking Partition Sizes (Full Version) Sumit Gulwani Microsoft Research sumitg@microsoft.com Tal Lev-Ami Tel-Aviv University tla@post.tau.ac.il Mooly Sagiv Tel-Aviv University

More information

Analysis of Software Artifacts

Analysis of Software Artifacts Analysis of Software Artifacts Properties with ESC/Java Jonathan Aldrich 1 ESC/Java A checker for Java programs Finds null pointers, array dereferences Checks Hoare logic specifications Expressed in Java

More information

Chapter 1: Programming Principles

Chapter 1: Programming Principles Chapter 1: Programming Principles Object Oriented Analysis and Design Abstraction and information hiding Object oriented programming principles Unified Modeling Language Software life-cycle models Key

More information

Dafny: An Automatic Program Verifier for Functional Correctness Paper by K. Rustan M. Leino (Microsoft Research)

Dafny: An Automatic Program Verifier for Functional Correctness Paper by K. Rustan M. Leino (Microsoft Research) Dafny: An Automatic Program Verifier for Functional Correctness Paper by K. Rustan M. Leino (Microsoft Research) Presentation by Patrick Spettel Seminar: Research Topics in Software Engineering, Spring

More information

Object-oriented programming. and data-structures CS/ENGRD 2110 SUMMER 2018

Object-oriented programming. and data-structures CS/ENGRD 2110 SUMMER 2018 Object-oriented programming 1 and data-structures CS/ENGRD 2110 SUMMER 2018 Lecture 4: OO Principles - Polymorphism http://courses.cs.cornell.edu/cs2110/2018su Lecture 3 Recap 2 Good design principles.

More information

Verification of Object-Oriented Programs with Invariants

Verification of Object-Oriented Programs with Invariants Verification of Object-Oriented Programs with Invariants Dewan Ibtesham 05-03-2012 1 1 Introduction Reliability of computer programs is one of the most important tasks a programmer faces when he writes

More information

10. Abstract Data Types

10. Abstract Data Types 10. Abstract Data Types 11.1 The Concept of Abstraction The concept of abstraction is fundamental in programming Nearly all programming languages support process abstraction with subprograms Nearly all

More information

Information Hiding and Visibility in Interface Specifications

Information Hiding and Visibility in Interface Specifications Information Hiding and Visibility in Interface Specifications Gary T. Leavens and Peter Müller TR #06-28 September 2006 Keywords: Information hiding, visibility, behavioral interface specification language,

More information

Objects as Session-Typed Processes

Objects as Session-Typed Processes Objects as Session-Typed Processes Stephanie Balzer and Frank Pfenning Computer Science Department, Carnegie Mellon University AGERE! 2015 The essence of object-orientation 2 The essence of object-orientation

More information

Hiding local state in direct style: a higher-order anti-frame rule

Hiding local state in direct style: a higher-order anti-frame rule 1 / 65 Hiding local state in direct style: a higher-order anti-frame rule François Pottier January 28th, 2008 2 / 65 Contents Introduction Basics of the type system A higher-order anti-frame rule Applications

More information

Overview. Verification with Functions and Pointers. IMP with assertions and assumptions. Proof rules for Assert and Assume. IMP+: IMP with functions

Overview. Verification with Functions and Pointers. IMP with assertions and assumptions. Proof rules for Assert and Assume. IMP+: IMP with functions Overview Verification with Functions and Pointers Işıl Dillig The IMP language considered so far does not have many features of realistics PLs Our goal today: Enrich IMP with two features, namely functions

More information

CPSC 427a: Object-Oriented Programming

CPSC 427a: Object-Oriented Programming CPSC 427a: Object-Oriented Programming Michael J. Fischer Lecture 2 September 6, 2011 CPSC 427a 1/14 C++ Overview C++ Goals Comparison of C and C++ Tools Example Insertion sort C version C++ version CPSC

More information

Advanced JML. and more tips and pitfalls. David Cok, Joe Kiniry, and Erik Poll

Advanced JML. and more tips and pitfalls. David Cok, Joe Kiniry, and Erik Poll Advanced JML and more tips and pitfalls David Cok, Joe Kiniry, and Erik Poll Eastman Kodak Company, University College Dublin, and Radboud University Nijmegen David Cok, Joe Kiniry & Erik Poll - ESC/Java2

More information

Verification of Equivalent-Results Methods

Verification of Equivalent-Results Methods Verification of Equivalent-Results Methods K. Rustan M. Leino and Peter Müller Microsoft Research, Redmond, WA, USA {leino,mueller@microsoft.com Abstract. Methods that query the state of a data structure

More information

Concurrent Libraries with Foresight

Concurrent Libraries with Foresight Concurrent Libraries with Foresight Guy Golan-Gueta Tel Aviv University ggolan@tau.ac.il G. Ramalingam Microsoft Research grama@microsoft.com Mooly Sagiv Tel Aviv University msagiv@tau.ac.il Eran Yahav

More information

Fortgeschrittene Aspekte objektorientierter Programmierung. Advanced Aspects of Object-oriented Programming

Fortgeschrittene Aspekte objektorientierter Programmierung. Advanced Aspects of Object-oriented Programming Fortgeschrittene Aspekte objektorientierter Programmierung Advanced Aspects of Object-oriented Programming Arnd Poetzsch-Heffter AG Softwaretechnik TU Kaiserslautern Sommersemester 2014 11.03.14 A. Poetzsch-Heffter,

More information

Concepts of Object-Oriented Programming Peter Müller

Concepts of Object-Oriented Programming Peter Müller Concepts of Object-Oriented Programming Peter Müller Chair of Programming Methodology Autumn Semester 2017 1.2 Introduction Core Concepts 2 Meeting the Requirements Cooperating Program Parts with Well-Defined

More information

Winter Compiler Construction Who. Mailing list and forum

Winter Compiler Construction Who. Mailing list and forum Winter 2006-2007 Compiler Construction 0368-3133 Mooly Sagiv and Roman Manevich School of Computer Science Tel-Aviv University Who Roman Manevich Schreiber Open-space (basement) Tel: 640-5358 rumster@post.tau.ac.il

More information

Concepts of Object-Oriented Programming Peter Müller

Concepts of Object-Oriented Programming Peter Müller Concepts of Object-Oriented Programming Peter Müller Chair of Programming Methodology Autumn Semester 2017 1.2 Introduction Core Concepts 2 Meeting the Requirements Cooperating Program Parts with Well-Defined

More information

Hoare logic. A proof system for separation logic. Introduction. Separation logic

Hoare logic. A proof system for separation logic. Introduction. Separation logic Introduction Hoare logic Lecture 6: Examples in separation logic In the previous lecture, we saw how reasoning about pointers in Hoare logic was problematic, which motivated introducing separation logic.

More information

Verifying the State Design Pattern using Object Propositions

Verifying the State Design Pattern using Object Propositions Verifying the State Design Pattern using Object Propositions Ligia Nistor Computer Science Department Carnegie Mellon University Why verify programs? Verification vs. debugging Verification at compile

More information

Index. Index. More information. block statements 66 y 107 Boolean 107 break 55, 68 built-in types 107

Index. Index. More information. block statements 66 y 107 Boolean 107 break 55, 68 built-in types 107 A abbreviations 17 abstract class 105 abstract data types 105 abstract method 105 abstract types 105 abstraction 92, 105 access level 37 package 114 private 115 protected 115 public 115 accessors 24, 105

More information

Today s lecture. CS 314 fall 01 C++ 1, page 1

Today s lecture. CS 314 fall 01 C++ 1, page 1 Today s lecture Midterm Thursday, October 25, 6:10-7:30pm general information, conflicts Object oriented programming Abstract data types (ADT) Object oriented design C++ classes CS 314 fall 01 C++ 1, page

More information

Reasoning about modules: data refinement and simulation

Reasoning about modules: data refinement and simulation Reasoning about modules: data refinement and simulation David Naumann naumann@cs.stevens-tech.edu Stevens Institute of Technology Naumann - POPL 02 Java Verification Workshop p.1/17 Objectives of talk

More information

Modular Specification of Frame Properties in JML

Modular Specification of Frame Properties in JML Computer Science Technical Reports Computer Science 4-2001 Modular Specification of Frame Properties in JML Peter Müller Fernuniversitat Gesamthochschule Hagen Arnd Poetzsch-Heffter Fernuniversitat Gesamthochschule

More information

A Combination Framework for Tracking Partition Sizes

A Combination Framework for Tracking Partition Sizes A Combination Framework for Tracking Partition Sizes Sumit Gulwani Microsoft Research sumitg@microsoft.com Tal Lev-Ami Tel-Aviv University tla@post.tau.ac.il Mooly Sagiv Tel-Aviv University msagiv@post.tau.ac.il

More information

Chapter 11. Categories of languages that support OOP: 1. OOP support is added to an existing language

Chapter 11. Categories of languages that support OOP: 1. OOP support is added to an existing language Categories of languages that support OOP: 1. OOP support is added to an existing language - C++ (also supports procedural and dataoriented programming) - Ada 95 (also supports procedural and dataoriented

More information

Short Notes of CS201

Short Notes of CS201 #includes: Short Notes of CS201 The #include directive instructs the preprocessor to read and include a file into a source code file. The file name is typically enclosed with < and > if the file is a system

More information

Programming Languages and Techniques (CIS120)

Programming Languages and Techniques (CIS120) Programming Languages and Techniques () Lecture 20 February 28, 2018 Transition to Java Announcements HW05: GUI programming Due: THURSDAY!! at 11:59:59pm Lots of TA office hours today Thursday See Piazza

More information

Call invariants. Shuvendu K. Lahiri and Shaz Qadeer. Microsoft Research

Call invariants. Shuvendu K. Lahiri and Shaz Qadeer. Microsoft Research Call invariants Shuvendu K. Lahiri and Shaz Qadeer Microsoft Research Abstract. Program verifiers based on first-order theorem provers model the program heap as a collection of mutable maps. In such verifiers,

More information

Modular Verification of Preemptive OS Kernels

Modular Verification of Preemptive OS Kernels Under consideration for publication in J. Functional Programming 1 Modular Verification of Preemptive OS Kernels ALEXEY GOTSMAN IMDEA Software Institute HONGSEOK YANG University of Oxford Abstract Most

More information

CS201 - Introduction to Programming Glossary By

CS201 - Introduction to Programming Glossary By CS201 - Introduction to Programming Glossary By #include : The #include directive instructs the preprocessor to read and include a file into a source code file. The file name is typically enclosed with

More information

1 Background Based on a general background in programming language semantics (cf. [PH97a]) and its relation to programming logics, we investigated the

1 Background Based on a general background in programming language semantics (cf. [PH97a]) and its relation to programming logics, we investigated the Developing Provably Correct Programs From Object-Oriented Components Peter Muller Fachbereich Informatik, Fernuniversitat Feithstr. 140, 58084 Hagen, Germany Tel: (++49 2331) 987-4870 Email: Peter.Mueller@fernuni-hagen.de

More information

Sound reasoning about unchecked exceptions

Sound reasoning about unchecked exceptions Sound reasoning about unchecked exceptions Bart Jacobs 1 Peter Müller 2 Frank Piessens 1 1 Katholieke Universiteit Leuven Belgium {bartj,frank@cs.kuleuven.be 2 Microsoft Research, Redmond USA mueller@microsoft.com

More information

Towards imperative modules: Reasoning about invariants and sharing of mutable state (extended abstract)

Towards imperative modules: Reasoning about invariants and sharing of mutable state (extended abstract) Towards imperative modules: Reasoning about invariants and sharing of mutable state (extended abstract) David A. Naumann Stevens Institute of Technology naumann@cs.stevens-tech.edu Mike Barnett Microsoft

More information

Modular reasoning in object-oriented programming

Modular reasoning in object-oriented programming Modular reasoning in object-oriented programming David A. Naumann Department of Computer Science, Stevens Institute of Technology naumann@cs.stevens.edu Abstract. Difficulties in reasoning about functional

More information

Chapter 1: Principles of Programming and Software Engineering

Chapter 1: Principles of Programming and Software Engineering Chapter 1: Principles of Programming and Software Engineering Data Abstraction & Problem Solving with C++ Fifth Edition by Frank M. Carrano Software Engineering and Object-Oriented Design Coding without

More information

Fortgeschrittene Aspekte objektorientierter Programmierung. Advanced Aspects of Object-oriented Programmierung

Fortgeschrittene Aspekte objektorientierter Programmierung. Advanced Aspects of Object-oriented Programmierung Fortgeschrittene Aspekte objektorientierter Programmierung Advanced Aspects of Object-oriented Programmierung Arnd Poetzsch-Heffter AG Softwaretechnik TU Kaiserslautern Sommersemester 2010 1 0. Preliminaries

More information

Top Down Design vs. Modularization

Top Down Design vs. Modularization 6.170 Quiz Review Topics: 1. Decoupling 2. 3. AF & RI 4. Iteration Abstraction & Iterators 5. OMs and Invariants 6. Equality, Copying, Views 7. 8. Design Patterns 9. Subtyping 10. Case Studies Decomposition

More information

The Pointer Assertion Logic Engine

The Pointer Assertion Logic Engine The Pointer Assertion Logic Engine [PLDI 01] Anders Mφller Michael I. Schwartzbach Presented by K. Vikram Cornell University Introduction Pointer manipulation is hard Find bugs, optimize code General Approach

More information

Proof Carrying Code(PCC)

Proof Carrying Code(PCC) Discussion p./6 Proof Carrying Code(PCC Languaged based security policy instead of OS-based A mechanism to determine with certainity that it is safe execute a program or not Generic architecture for providing

More information

Data Structures and Algorithms. Chapter 1

Data Structures and Algorithms. Chapter 1 Data Structures Dr Ahmed Rafat Abas Computer Science Dept, Faculty of Computer and Information, Zagazig University arabas@zu.edu.eg http://www.arsaliem.faculty.zu.edu.eg/ Data Structures and Algorithms

More information

Inspector Methods for State Abstraction

Inspector Methods for State Abstraction Vol. 6, No. 5, Special Issue: Workshop on FTfJP, ECOOP 2006, Juni 2007 Inspector Methods for State Abstraction Bart Jacobs, Frank Piessens, Katholieke Universiteit Leuven, Belgium Most classes in an object-oriented

More information

G Programming Languages - Fall 2012

G Programming Languages - Fall 2012 G22.2110-003 Programming Languages - Fall 2012 Lecture 10 Thomas Wies New York University Review Last class ML Outline Modules Sources: PLP, 3.3.4, 3.3.5, 3.8 McConnell, Steve. Code Complete, Second Edition,

More information

CSolve: Verifying C With Liquid Types

CSolve: Verifying C With Liquid Types CSolve: Verifying C With Liquid Types Patrick Rondon, Alexander Bakst, Ming Kawaguchi, and Ranjit Jhala University of California, San Diego {prondon, abakst, mwookawa, jhala@cs.ucsd.edu Abstract. We present

More information

A Michael Jackson presentation. CSE503: Software Engineering. The following slides are from his keynote at ICSE 1995

A Michael Jackson presentation. CSE503: Software Engineering. The following slides are from his keynote at ICSE 1995 A Michael Jackson presentation CSE503: Software Engineering The following slides are from his keynote at ICSE 1995 David Notkin University of Washington Computer Science & Engineering Spring 2006 1 2 3

More information

Hoare Logic and Model Checking

Hoare Logic and Model Checking Hoare Logic and Model Checking Kasper Svendsen University of Cambridge CST Part II 2016/17 Acknowledgement: slides heavily based on previous versions by Mike Gordon and Alan Mycroft Introduction In the

More information

Lecture 7: Data Abstractions

Lecture 7: Data Abstractions Lecture 7: Data Abstractions Abstract Data Types Data Abstractions How to define them Implementation issues Abstraction functions and invariants Adequacy (and some requirements analysis) Towards Object

More information

Building Java Programs

Building Java Programs Building Java Programs A Back to Basics Approach Stuart Reges I Marty Stepp University ofwashington Preface 3 Chapter 1 Introduction to Java Programming 25 1.1 Basic Computing Concepts 26 Why Programming?

More information

Scalable Specification and Reasoning: Challenges for Program Logic

Scalable Specification and Reasoning: Challenges for Program Logic Scalable Specification and Reasoning: Challenges for Program Logic Peter W. O Hearn Queen Mary, University of London Abstract. If program verification tools are ever to be used widely, it is essential

More information

BOOGIE. Presentation by Itsik Hefez A MODULAR REUSABLE VERIFIER FOR OBJECT-ORIENTED PROGRAMS MICROSOFT RESEARCH

BOOGIE. Presentation by Itsik Hefez A MODULAR REUSABLE VERIFIER FOR OBJECT-ORIENTED PROGRAMS MICROSOFT RESEARCH BOOGIE A MODULAR REUSABLE VERIFIER FOR OBJECT-ORIENTED PROGRAMS MICROSOFT RESEARCH Presentation by Itsik Hefez Introduction Boogie is an intermediate verification language, intended as a layer on which

More information

Static program checking and verification

Static program checking and verification Chair of Software Engineering Software Engineering Prof. Dr. Bertrand Meyer March 2007 June 2007 Slides: Based on KSE06 With kind permission of Peter Müller Static program checking and verification Correctness

More information

The Power of Abstraction. Barbara Liskov November 2009

The Power of Abstraction. Barbara Liskov November 2009 The Power of Abstraction Barbara Liskov November 2009 Outline Inventing abstract data types CLU Type hierarchy What next Data Abstraction Prehistory The Venus machine The Interdata 3 Data Abstraction Prehistory

More information

Hoare Logic and Model Checking. A proof system for Separation logic. Introduction. Separation Logic

Hoare Logic and Model Checking. A proof system for Separation logic. Introduction. Separation Logic Introduction Hoare Logic and Model Checking In the previous lecture we saw the informal concepts that Separation Logic is based on. Kasper Svendsen University of Cambridge CST Part II 2016/17 This lecture

More information

Softwaretechnik. Program verification. Albert-Ludwigs-Universität Freiburg. June 28, Softwaretechnik June 28, / 24

Softwaretechnik. Program verification. Albert-Ludwigs-Universität Freiburg. June 28, Softwaretechnik June 28, / 24 Softwaretechnik Program verification Albert-Ludwigs-Universität Freiburg June 28, 2012 Softwaretechnik June 28, 2012 1 / 24 Road Map Program verification Automatic program verification Programs with loops

More information

CPS 506 Comparative Programming Languages. Programming Language

CPS 506 Comparative Programming Languages. Programming Language CPS 506 Comparative Programming Languages Object-Oriented Oriented Programming Language Paradigm Introduction Topics Object-Oriented Programming Design Issues for Object-Oriented Oriented Languages Support

More information

Specification and verification challenges for sequential object-oriented programs

Specification and verification challenges for sequential object-oriented programs Computer Science Technical Reports Computer Science 8-2006 Specification and verification challenges for sequential object-oriented programs Gary T. Leavens Iowa State University Rustan M. Leino Microsoft

More information

So far. Specifications, conclusion. Abstract Data Types (ADTs) Comparison by Logical Formulas. Outline

So far. Specifications, conclusion. Abstract Data Types (ADTs) Comparison by Logical Formulas. Outline So far Specifications, conclusion. Abstract Data Types (ADTs) Based on notes by Michael Ernst, University of Washington Specifications Benefits of specifications Specification conventions Javadoc JML/Dafny

More information

Concepts of Object-Oriented Programming Peter Müller

Concepts of Object-Oriented Programming Peter Müller Concepts of Object-Oriented Programming Peter Müller Chair of Programming Methodology Autumn Semester 2018 5. Information Hiding and Encapsulation 2 5. Information Hiding and Encapsulation 5.1 Information

More information

More on Operational Semantics

More on Operational Semantics More on Operational Semantics (Slides modified from those created by Xinyu Feng) 1 / 23 Outline Various formulations Extensions Going wrong Local variable declaration Heap Big-step operational semantics

More information

Interprocedural Shape Analysis with Separated Heap Abstractions

Interprocedural Shape Analysis with Separated Heap Abstractions Interprocedural Shape Analysis with Separated Heap Abstractions Alexey Gotsman 1, Josh Berdine 2, and Byron Cook 2 1 University of Cambridge Alexey.Gotsman@cl.cam.ac.uk 2 Microsoft Research Cambridge {jjb,bycook}@microsoft.com

More information

point1 - point2 point3 - point4 point5 - point6 ident1 ident2 ident3 decl1 figure 1

point1 - point2 point3 - point4 point5 - point6 ident1 ident2 ident3 decl1 figure 1 Implementing High-Level Identification Specifications Arnd Poetzsch Heffter Institut für Informatik der TU München Arcisstrasse 21, D 8000 München 2 poetzsch@informatik.tu-muenchen.de fax: 49 89 2105 8180

More information

Application: Programming Language Semantics

Application: Programming Language Semantics Chapter 8 Application: Programming Language Semantics Prof. Dr. K. Madlener: Specification and Verification in Higher Order Logic 527 Introduction to Programming Language Semantics Programming Language

More information

Reasoning About Frame Properties in Object-Oriented Programs

Reasoning About Frame Properties in Object-Oriented Programs Reasoning About Frame Properties in Object-Oriented Programs Yuyan Bao CS-TR-17-05 Revised April 14, 2018 Keywords: Frame axiom, modifies clause, separation logic, dynamic frames, region logic, finegrained

More information
2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback