Download presentation
Presentation is loading. Please wait.
Published byHayden Faulkner Modified over 11 years ago
1
Bor-Yuh Evan Chang Daan Leijen Peter Müller David A. Naumann The Spec# programming system Mike Barnett Rob DeLine Manuel Fähndrich Bart Jacobs K. Rustan M. Leino Wolfram Schulte Herman Venter 11 Oct 2005 VSTTE Zurich, Switzerland
2
Spec# Spec# = C# + contracts 3 levels of checking –static type checking –runtime checking –program verification
3
Outline 0.Spec# demo, writing a small program 1.A call for programming methodology 2.BoogiePL, a shared intermediate language
4
0. Spec# demo a programming tool to be used routinely
5
public class Chunker { string! src; public readonly int ChunkSize; invariant 0 < ChunkSize; int n; // # characters returned so far invariant 0 <= n && n <= src.Length; public virtual string! NextChunk() ensures result.Length <= ChunkSize; { expose (this) { string s; if (n + ChunkSize <= src.Length) { s = src.Substring(n, ChunkSize); } else { s = src.Substring(n); } n += s.Length; return s; } public Chunker(string! source, int chunkSize) requires 0 < chunkSize; { src = source; ChunkSize = chunkSize; n = 0; base(); }
6
1. Programming methodology identify structures that make programs verifiable (cf. Bernhard Steffens and Greg Nelsons comments yesterday, and Peter Müllers and Dave Naumanns talks today)
7
2. Spec# static verifier architecture V.C. generator automatic theorem prover verification condition Spec# program correct or list of errors Spec# compiler MSIL translator Boogie PL abstract interpreter Spec# static program verifier (aka Boogie)
8
class C inherit ANY feature -- access d: DATE y: INTEGER feature -- setters my_method is do create d.make_today y := 15 end Eiffel
9
BoogiePL 0 const ANY: name; // class const DATE: name; // class const C: name; // class axiom DATE <: ANY; axiom C <: ANY; function AllocatedType(obj: ref) returns (typ: name); const allocated: name; // ghost attribute const C.d: name; // attribute const C.y: name; // attribute function IsHeap(heap: [ref,name]any) returns (bool); axiom (forall h: [ref,name]any, o: ref :: IsHeap(h) && o != null && AllocatedType(o) <: C ==> h[o, C.d] != null || AllocatedType(cast(h[o, C.d], ref)) <: DATE);
10
BoogiePL 1 var Heap: [ref,name]any; procedure C.my_method(current: ref); requires current != null; modifies Heap; procedure DATE.make_today(current: ref); requires current != null; modifies Heap;
11
BoogiePL 2 implementation C.my_method(current: ref) { var tmp: ref; entry: assume AllocatedType(current) <: C; assume IsHeap(Heap); havoc tmp; assume ! cast(Heap[tmp, allocated], bool); assume tmp != null && AllocatedType(tmp) <: DATE; Heap[tmp, allocated] := true; call DATE.make_today(tmp); Heap[current, C.d] := tmp; assert current != null; Heap[current, C.y] := 15; return; }
12
Conclusion Spec# –download: research.microsoft.com/specsharp –program! –teach! We need more programming methodology Try BoogiePL as your intermediate verification language
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.