Results 1  10
of
107
Verification of ObjectOriented Programs with Invariants
 JOURNAL OF OBJECT TECHNOLOGY
, 2004
"... ... This paper defines a programming methodology for using object invariants. The methodology, which enriches a program's state space to express when each object invariant holds, deals with owned object components, ownership transfer, and subclassing, and is expressive enough to allow many interesti ..."
Abstract

Cited by 186 (36 self)
 Add to MetaCart
... This paper defines a programming methodology for using object invariants. The methodology, which enriches a program's state space to express when each object invariant holds, deals with owned object components, ownership transfer, and subclassing, and is expressive enough to allow many interesting objectoriented programs to be specified and verified. Lending itself to sound modular verification, the methodology also provides a solution to the problem of determining what state a method is allowed to modify.
PROBABILISTIC PREDICATE TRANSFORMERS
, 1995
"... Predicate transformers facilitate reasoning about imperative programs, including those exhibiting demonic nondeterministic choice. Probabilistic predicate transformers extend that facility to programs containing probabilistic choice, so that one can in principle determine not only whether a program ..."
Abstract

Cited by 108 (32 self)
 Add to MetaCart
Predicate transformers facilitate reasoning about imperative programs, including those exhibiting demonic nondeterministic choice. Probabilistic predicate transformers extend that facility to programs containing probabilistic choice, so that one can in principle determine not only whether a program is guaranteed to establish a certain result, but also its probability of doing so. We bring together independent work of Claire Jones and Jifeng He, showing how their constructions can be made to correspond � from that link between a predicatebased and a relationbased view of probabilistic execution we are able to propose `probabilistic healthiness conditions', generalising those of Dijkstra for ordinary predicate transformers. The associated calculus seems suitable for exploring further the rigorous derivation of imperative probabilistic programs.
Avoiding Exponential Explosion: Generating Compact Verification Conditions
 SYMPOSIUM ON PRINCIPLES OF PROGRAMMING LANGUAGES
, 2001
"... Current verification condition (VC) generation algorithms, such as weakest preconditions, yield a VC whose size may be exponential in the size of the code fragment being checked. This paper describes a twostage VC generation algorithm that generates compact VCs whose size is worstcase quadratic in ..."
Abstract

Cited by 99 (7 self)
 Add to MetaCart
Current verification condition (VC) generation algorithms, such as weakest preconditions, yield a VC whose size may be exponential in the size of the code fragment being checked. This paper describes a twostage VC generation algorithm that generates compact VCs whose size is worstcase quadratic in the size of the source fragment, and is close to linear in practice.This twostage VC generation algorithm has been implemented as part of the Extended Static Checker for Java. It has allowed us to check large and complex methods that would otherwise be impossible to check due to time and space constraints.
Constructive Design of a Hierarchy of Semantics of a Transition System by Abstract Interpretation
, 2002
"... We construct a hierarchy of semantics by successive abstract interpretations. Starting from the maximal trace semantics of a transition system, we derive the bigstep semantics, termination and nontermination semantics, Plotkin’s natural, Smyth’s demoniac and Hoare’s angelic relational semantics and ..."
Abstract

Cited by 99 (18 self)
 Add to MetaCart
We construct a hierarchy of semantics by successive abstract interpretations. Starting from the maximal trace semantics of a transition system, we derive the bigstep semantics, termination and nontermination semantics, Plotkin’s natural, Smyth’s demoniac and Hoare’s angelic relational semantics and equivalent nondeterministic denotational semantics (with alternative powerdomains to the EgliMilner and Smyth constructions), D. Scott’s deterministic denotational semantics, the generalized and Dijkstra’s conservative/liberal predicate transformer semantics, the generalized/total and Hoare’s partial correctness axiomatic semantics and the corresponding proof methods. All the semantics are presented in a uniform fixpoint form and the correspondences between these semantics are established through composable Galois connections, each semantics being formally calculated by abstract interpretation of a more concrete one using Kleene and/or Tarski
BoogiePL: A typed procedural language for checking objectoriented programs
, 2005
"... and program verification. The language is a simple coarsely typed imperative language with procedures and arrays, plus support for introducing mathematical functions and declaring properties of these functions. BoogiePL can be used to represent programs written in an imperative source language (like ..."
Abstract

Cited by 82 (8 self)
 Add to MetaCart
and program verification. The language is a simple coarsely typed imperative language with procedures and arrays, plus support for introducing mathematical functions and declaring properties of these functions. BoogiePL can be used to represent programs written in an imperative source language (like an objectoriented.NET language), along with a logical encoding of the semantics of such a source language. From the resulting BoogiePL program, one can then generate verification conditions or perform other program analyses such as the inference of program invariants. In this way, BoogiePL also serves as a programmingnotation front end to theorem provers. BoogiePL is accepted as input to Boogie, the Spec# static program verifier.
Refinement Calculus, Part I: Sequential Nondeterministic Programs
 STEPWISE REFINEMENT OF DISTRIBUTED SYSTEMS: MODELS, FORMALISMS, CORRECTNESS. PROCEEDINGS. 1989, VOLUME 430 OF LECTURE NOTES IN COMPUTER SCIENCE
, 1989
"... A lattice theoretic framework for the calculus of program refinement is presented. Specifications and program statements are combined into a single (infinitary) language of commands which permits miraculous, angelic and demonic statements to be used in the description of program behavior. The weakes ..."
Abstract

Cited by 55 (3 self)
 Add to MetaCart
A lattice theoretic framework for the calculus of program refinement is presented. Specifications and program statements are combined into a single (infinitary) language of commands which permits miraculous, angelic and demonic statements to be used in the description of program behavior. The weakest precondition calculus is extended to cover this larger class of statements and a gametheoretic interpretation is given for these constructs. The language is complete, in the sense that every monotonic predicate transformer can be expressed in it. The usual program constructs can be defined as derived notions in this language. The notion of inverse statements is defined and its use in formalizing the notion of data refinement is shown.
Efficient weakest preconditions
, 2004
"... Desired computerprogram properties can be described by logical formulas called verification conditions. Different mathematicallyequivalent forms of these verification conditions can have a great impact on the performance of an automatic theorem prover that tries to discharge them. This paper prese ..."
Abstract

Cited by 42 (1 self)
 Add to MetaCart
Desired computerprogram properties can be described by logical formulas called verification conditions. Different mathematicallyequivalent forms of these verification conditions can have a great impact on the performance of an automatic theorem prover that tries to discharge them. This paper presents a simple weakestprecondition understanding of the ESC/Java technique for generating verification conditions. The new understanding of this technique spotlights the program property that makes the technique work.
Checking Java programs via guarded commands
 WORKSHOP ON OBJECTORIENTED TECHNOLOGY
, 1999
"... This paper deﬁnes a simple guardedcommand–like language and its semantics. The language is used as an intermediate language in generating veriﬁcation conditions for Java. The paper discusses why it is a good idea to generate veriﬁcation
conditions via an intermediate language, rather than directly. ..."
Abstract

Cited by 38 (6 self)
 Add to MetaCart
This paper deﬁnes a simple guardedcommand–like language and its semantics. The language is used as an intermediate language in generating veriﬁcation conditions for Java. The paper discusses why it is a good idea to generate veriﬁcation
conditions via an intermediate language, rather than directly.