1. Weak Arithmetic Completeness of Object-Oriented First-Order Assertion Networks 1 28-01-2013 Stijn de Gouw, Frank S. de Boer, Richard Bubel, Wolfgang Ahrendt

2. Completeness: Hoare Logic Example Hoare triple: {x=0} x := x+3 {x>0} Completeness if S |= {p} Stmt {q} then {p} Stmt {q} is provable 1.Proof system (rules + axioms) for statements 2.Proof system (rules + axioms) for assertions 3.Expressiveness : strongest postcondition (in the example: x=3) 2

3. Existing Res u l t s Harel: completeness for arithmetical structures (incl. finite ADTs) Assertion language: first-order, addition and multiplication Tucker & Zucker: completeness for arbitrary structures Assertion language: (weak) second-order Apt: decidable assertions suffice, but only with auxiliary variables 2

4. Our result 3 z.val := 2

5. Arrays as Objects 4 Semantics: many-sorted structure S = (N, D 1, …, D n, I) where I(op) is a function/relation and op is a function/relation symbol

6. Proof sketch of our result Uniform instrumentation with auxiliary variables For each computation step, record if and how the state changes Example: field assignment e.x := e’. Add array variables pc[i] = j if line j was executed in i-th computation step x’’[i]=true if in the i-th step, the field x of some object was changed x’[i]= if in the i-th step, the value v was assigned to field x of object o j: pc[|pc|] := j; x’[|pc] := ; e.x := e’; x’’[|pc|] := true; |pc| := |pc| + 1 Instrumentation allows ‘recovering’ computation in an assertion, and consequently can define ‘reachable states’ 5

7. Conclusion Express heap properties with auxiliary variables, only Presburger needed (decidable) Uniform instrumentation, but ‘heavy’: can do better in special cases (example) KeY Java theorem prover available, reasoning of object creation at abstraction level of prog language: http://keyaoc.hats-project.eu 6