1 Total Correctness of Recursive Functions Using JML4 FSPV George Karabotsos, Patrice Chalin, Perry R. James, Leveda Giannas Dependable Software Research.

Slides:



Advertisements
Similar presentations
Chapter 22 Implementing lists: linked implementations.
Advertisements

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
Writing specifications for object-oriented programs K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 21 Jan 2005 Invited talk, AIOOL 2005 Paris,
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Chapter 1: INTRODUCTION TO DATA STRUCTURE
Copyright W. Howden1 Programming by Contract CSE 111 6/4/2014.
Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 10.
Synthesis, Analysis, and Verification Lecture 04c Lectures: Viktor Kuncak VC Generation for Programs with Data Structures “Beyond Integers”
Automated Verification with HIP and SLEEK Asankhaya Sharma.
Programming Languages and Paradigms
Automated Software Verification with a Permission-Based Logic 20 th June 2014, Zürich Malte Schwerhoff, ETH Zürich.
Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt.
George Blank University Lecturer. CS 602 Java and the Web Object Oriented Software Development Using Java Chapter 4.
Lecture 2 Towards a Verifying Compiler: Logic of Object oriented Programs Wolfram Schulte Microsoft Research Formal Methods 2006 Objects, references, heaps,
Recursion. Binary search example postponed to end of lecture.
ESC Java. Static Analysis Spectrum Power Cost Type checking Data-flow analysis Model checking Program verification AutomatedManual ESC.
Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
Katz Formal Specifications Larch 1 Algebraic Specification and Larch Formal Specifications of Complex Systems Shmuel Katz The Technion.
JML and Class Specifications Class invariant JML definitions Queue example Running JML in Eclipse.
1 Control Flow Analysis Mooly Sagiv Tel Aviv University Textbook Chapter 3
Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
ESC Java. Static Analysis Spectrum Power Cost Type checking Data-flow analysis Model checking Program verification AutomatedManual ESC.
Software Quality: Testing and Verification II. 2 1.A failure is an unacceptable behaviour exhibited by a system — The frequency of failures measures software.
Review: forward E { P } { P && E } TF { P && ! E } { P 1 } { P 2 } { P 1 || P 2 } x = E { P } { \exists … }
JML TOOLS REVIEW & EVALUATION Chris Grosshans Mark Lewis-Prazen.
Describing Syntax and Semantics
1 ES 314 Advanced Programming Lec 2 Sept 3 Goals: Complete the discussion of problem Review of C++ Object-oriented design Arrays and pointers.
Mathematics throughout the CS Curriculum Support by NSF #
CSC 8310 Programming Languages Meeting 2 September 2/3, 2014.
Computer Science School of Computing Clemson University Discrete Math and Reasoning about Software Correctness Murali Sitaraman
Chapter 1 Algorithm Analysis
Comp 245 Data Structures Software Engineering. What is Software Engineering? Most students obtain the problem and immediately start coding the solution.
Software Engineering Prof. Dr. Bertrand Meyer March 2007 – June 2007 Chair of Software Engineering Static program checking and verification Slides: Based.
A Computer Science Tapestry 1 Recursion (Tapestry 10.1, 10.3) l Recursion is an indispensable technique in a programming language ä Allows many complex.
Data Structures and Abstract Data Types "Get your data structures correct first, and the rest of the program will write itself." - David Jones.
EE4E. C++ Programming Lecture 1 From C to C++. Contents Introduction Introduction Variables Variables Pointers and references Pointers and references.
Chapter 1 Introduction Dr. Frank Lee. 1.1 Why Study Compiler? To write more efficient code in a high-level language To provide solid foundation in parsing.
1 Inference Rules and Proofs (Z); Program Specification and Verification Inference Rules and Proofs (Z); Program Specification and Verification.
Chapter 12 Recursion, Complexity, and Searching and Sorting
Model Programs for Preserving Composite Invariants SAVCBS 2008 Challenge Problem Solution by Steve Shaner, Hridesh Rajan, Gary T. Leavens Iowa State and.
Computer Science Department Data Structure & Algorithms Lecture 8 Recursion.
Axiomatic Methods for Software Verification Hongseok Yang.
Extended Static Checking for Java  ESC/Java finds common errors in Java programs: null dereferences, array index bounds errors, type cast errors, race.
Computer Science School of Computing Clemson University Discrete Math and Reasoning about Software Correctness Joseph E. Hollingsworth
P.R. James © P.Chalin et al.1 An Integrated Verification Environment for JML: Architecture and Early Results Patrice Chalin, Perry R. James, and George.
CS Data Structures I Chapter 2 Principles of Programming & Software Engineering.
Reading and Writing Mathematical Proofs Spring 2015 Lecture 4: Beyond Basic Induction.
Run-Time Storage Organization Compiler Design Lecture (03/23/98) Computer Science Rensselaer Polytechnic.
1 CSCD 326 Data Structures I Software Design. 2 The Software Life Cycle 1. Specification 2. Design 3. Risk Analysis 4. Verification 5. Coding 6. Testing.
1 Lecture 3 Part 2 Storage Classes, Scope, and Recursion.
Principle of Programming Lanugages 3: Compilation of statements Statements in C Assertion Hoare logic Department of Information Science and Engineering.
STL CSSE 250 Susan Reeder. What is the STL? Standard Template Library Standard C++ Library is an extensible framework which contains components for Language.
PROGRAMMING PRE- AND POSTCONDITIONS, INVARIANTS AND METHOD CONTRACTS B MODULE 2: SOFTWARE SYSTEMS 13 NOVEMBER 2013.
Institute for Applied Information Processing and Communications (IAIK) – Secure & Correct Systems 1 Static Checking  note for.
Static Techniques for V&V. Hierarchy of V&V techniques Static Analysis V&V Dynamic Techniques Model Checking Simulation Symbolic Execution Testing Informal.
Java & C++ Comparisons How important are classes and objects?? What mechanisms exist for input and output?? Are references and pointers the same thing??
Chapter 8: Recursion Data Structures in Java: From Abstract Data Types to the Java Collections Framework by Simon Gray.
Definition of the Programming Language CPRL
Further with Hoare Logic Sections 6.12, 6.10, 6.13
Computer Science 4 Mr. Gerb
Graph-Based Operational Semantics
Accessible Formal Methods A Study of the Java Modeling Language
structures and their relationships." - Linus Torvalds
Recursion "To understand recursion, one must first understand recursion." -Stephen Hawking.
Programming Languages 2nd edition Tucker and Noonan
Hoare-style program verification
The Zoo of Software Security Techniques
Programming Languages 2nd edition Tucker and Noonan
Programming Languages 2nd edition Tucker and Noonan
structures and their relationships." - Linus Torvalds
Presentation transcript:

1 Total Correctness of Recursive Functions Using JML4 FSPV George Karabotsos, Patrice Chalin, Perry R. James, Leveda Giannas Dependable Software Research Group Dept. of Computer Science and Software Engineering Concordia University, Montréal, Canada {g_karab, chalin, perry,

2 Research Context Java Modeling Language (JML) Program Verification –Aging 1st generation tools Integrated Verification Environment –JML4 …

3 Put screen shot here

4 Eclipse-based IVE Next-Generation Research Platform Integrates existing tools –RAC (jml & jmlc) –ESC (ESC/Java2) ESC4 & FSPV-TG

5 JML4 Extends Eclipse JDT Java Development Tooling (JDT) JDT/JML4 Core Phases

6 Isabelle Theorem prover framework –Isabelle/Pure (meta-logic) –classical reasoner –simplifier Provides machinery for defining new logics –existing logics can be extended –syntax can be added as sugar

7 Isabelle/Simpl Extends Isabelle/HOL Hoare Rules for –Partial & Total Correctness VCs generated within Simpl –through vcg and vcg_step tactics Proven Sound and Complete Expressive –Global and local variables, exceptions, abrupt termination, procedures, breaks out of loops, procedures, references and heap

8 JML4 Static-Verification Dataflow Dataflow in FSPV-TG Translate JML to Hoare triples Store info for \old Remove side effects from expressions Generate Simpl

9 McCarthy’s 91 Function public class McCarthy { requires n >= 0; ensures \result == (100 < n ? n-10 : 91); measured_by n; public static int f91(int n) { if(100 < n) return n - 10; else return f91(f91(n + 11)); }

10 McCarthy’s 91 Simpl Theory

11 McCarthy’s 91 Simpl Theory Method Translation Total Correctness Proof

12 Components of an Isabelle/Simpl Theory States hoarestate vars = x::τ1 … Procedures procedures N (x::τ1, y::τ2, …| z::τ3) where v::τ4 … in B Hoare Tuples Γ, Θ ├ {|P|} B {|Q|}, {|R|} Γ, Θ ├ t {|P|} B {|Q|}, {|R|}

13 Hoarestate Define global and local variables Statespaces –Modeled as a function from abstract names to abstract values –Organizes distinctness of names and projection/injection of concrete values into the abstract one. Locales –Support modular reasoning –Allows multiple inheritance of other locales –Allows for renaming components

14 McCarthy 91 Function public static int f91(int n) { if(100 < n) return n - 10; else return f91(f91(n + 11)); }

15 McCarthy 91 Function public static int f91(int n) { if(100 < n) return n - 10; else return f91(f91(n + 11)); } Name Input Output

16 McCarthy 91 Function public static int f91(int n) { if(100 < n) return n - 10; else return f91(f91(n + 11)); } Name Input Output Simpl Variable Inner Rec. Binder Variable Outer Rec.

17 Generate for Simpl a hoarestate( McCarthy_f91_int_impl ) –statespace, locale Functions –Copying the actual to formal parameters –Updating global variables –Copying the formal result parameter

18 McCarthy 91- Proving Correctness requires n >= 0; ensures \result == (100<n ? n-10 : 91); measured_by n; public static int f91(int n)

19 McCarthy 91- Proving Correctness requires n >= 0; ensures \result == (100<n ? n-10 : 91); measured_by n; public static int f91(int n) localeName

20 McCarthy 91- Proving Correctness requires n >= 0; ensures \result == (100<n ? n-10 : 91); measured_by n; public static int f91(int n) localeName Pre Statement Post

21 McCarthy 91- Proving Correctness requires n >= 0; ensures \result == (100<n ? n-10 : 91); measured_by n; public static int f91(int n) localeName prestate Pre Statement Post

22 McCarthy 91- Proving Correctness requires n >= 0; ensures \result == (100<n ? n-10 : 91); measured_by n; public static int f91(int n) localeName prestate Pre Statement Post measure VC generator auto

23 Fibonacci public static native int fib_spec(int n); requires n>=0; ensures \result == fib_spec(n); measured_by n; public static pure */ int fib(int n) { if(n == 0) return 0; else if (n == 1) return 1; else return fib(n-1) + fib(n-2); }

24 Fibonacci

25 Fibonacci class Fibonacci { requires n>=0; ensures \result == (n==0)? 0 : (n==1) ? 1 : fib_spec(n-1)+fib_spec(n-2); measured_by n; public static pure model int fib_spec(int n); requires n>=0; ensures \result == fib_spec(n); measured_by n; public static pure */ int fib(int n) {...

26 Ackermann public static native int ack_spec(int n); requires n >= 0 && m >= 0 ; ensures \result == ack_spec(n,m); public static int ack(int n, int m) { if(n == 0) return m + 1; else if(m == 0) return ack(n-1, m); else return ack(n-1, ack(n, m-1)); }

27 Ackermann

28 Milestones FSPV TG –Supporting functional subset of JML+Java Study the adequacy of Isabelle/Simpl –Non-recursive Programs Cube, Factorial, Summation –Total Correctness of Recursive Programs Factorial, Fibonacci, McCarthy’s 91, Ackermann –Classes Point

29 Related Work LOOP –VerifiCard project (Industry) JACK –Banking Application (Academia) Krakatoa/Why

30 Comparison Table LOOPJACKKrakatoa/Why FSPV-TG Simpl Maintained  Open Source  Proven Sound  Proven Complete  Above two proofs done in PVSN/Aby handin Isabelle VC generation done in prover  Termination of Recursive Functions 

31 Future Work Update the translator to reflect current state. Case Study Object Oriented Support –Inheritance –Behavioral Subtyping Additional Language Elements –Exceptions –Loops with break and continue statements JML –Revise measured_by clause (see Ackermann)

32 Thank you! George Karabotsos, Patrice Chalin, Perry R. James, Leveda Giannas Dependable Software Research Group Dept. of Computer Science and Software Engineering Concordia University, Montréal, Canada {g_karab, chalin, perry,

33 Fields + Memory

34 Total Correctness Proof for the f91 Function requires n >= 0; ensures \result == (100<n ? n-10 : 91); measured_by n; public static int f91(int n)

35 Constructor Constructors defined as a regular procedure Allocate memory using the NEW operator Providing a size (sz) and A list of with the fields and their initialization Assignments of input values to fields

36 Method Calls

37 Point Class Public class Point public int XCoord; public int YCoord; public Point(int x, int y) { XCoord = x; YCoord = y; } XCoord==\old(XCoord)+dx; YCoord==\old(YCoord)+dy; public void move(int dx, int dy) { XCoord += dx; YCoord += dy; } requires P == null; ensures \result != null; ensures \result.XCoord == 11; ensures \result.YCoord == 11; public static Point tester(Point P){ P = new Point(10,11); P.move(1,0); return P; }

38 Point Class Simpl Theory

39 Point Class Simpl Theory fields Constructor move tester

40 Memory in Simpl References and Heap Two components: –A list of allocated references –A natural number indicating the amount of available memory Expressed as a hoarestate hoarestate globals_memory = alloc = “ref list” free = nat

41 Fields Defined as maps from ref => τ hoarestate globals_Point=globals_memory + XCoord :: “ref => int” YCoord :: “ref => int” Accessing a field: `P->`XCoord

42 Case Study—Benchmarks 1 Adding and Multiplying numbers Binary Search in an Array Sorting a Queue Layered Implementation of a Map ADT Linked-List Implementation of a Queue ADT Iterators Input/Output Streams An Integrated Application [1] B. Weide et al., “Incremental Benchmarks for Software Verification Tools and Techniques,” Verified Software: Theories, Tools, Experiments, 2008, pp

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.