Results 1  10
of
44
Modular Pluggable Analyses for Data Structure Consistency
 IEEE Transactions on Software Engineering
, 2006
"... We describe a technique that enables the focused application of multiple analyses to different modules in the same program. In our approach, each module encapsulates one or more data structures and uses membership in abstract sets to characterize how objects participate in data structures. Each a ..."
Abstract

Cited by 27 (9 self)
 Add to MetaCart
We describe a technique that enables the focused application of multiple analyses to different modules in the same program. In our approach, each module encapsulates one or more data structures and uses membership in abstract sets to characterize how objects participate in data structures. Each analysis verifies that the implementation of the module 1) preserves important internal data structure consistency properties and 2) correctly implements an interface that uses formulas in a set algebra to characterize the effects of operations on the encapsulated data structures. Collectively, the analyses use the set algebra to 1) characterize how objects participate in multiple data structures and to 2) enable the interanalysis communication required to verify properties that depend on multiple modules analyzed by different analyses.
A CSP Approach To Action Systems
, 1992
"... The communicating sequential processes (CSP) formalism, introduced by Hoare [Hoa85], is an eventbased approach to distributed computing. The actionsystem formalism, introduced by Back & KurkiSuonio [BKS83], is a statebased approach to distributed computing. Using weakestprecondition formulae, M ..."
Abstract

Cited by 23 (6 self)
 Add to MetaCart
The communicating sequential processes (CSP) formalism, introduced by Hoare [Hoa85], is an eventbased approach to distributed computing. The actionsystem formalism, introduced by Back & KurkiSuonio [BKS83], is a statebased approach to distributed computing. Using weakestprecondition formulae, Morgan [Mor90a] has defined a correspondence between action systems and the failuresdivergences model for CSP. Simulation is a proof technique for showing refinement of action systems. Using the correspondence of [Mor90a], Woodcock & Morgan [WM90] have shown that simulation is sound and complete in the CSP failuresdivergences model. In this thesis, Morgan's correspondence is extended to the CSP infinitetraces model [Ros88] in order to deal more properly with unbounded nondeterminism. It is shown that simulation is sound in the infinitetraces model, though completeness is lost in certain cases. The new correspondence is then extended to include a notion of internal action. This allows the ...
Objects and classes in Algollike languages
 Information and Computation
, 2002
"... Many objectoriented languages used in practice descend from Algol. With this motivation, we study the theoretical issues underlying such languages via the theory of Algollike languages. It is shown that the basic framework of this theory extends cleanly and elegantly to the concepts of objects and ..."
Abstract

Cited by 22 (5 self)
 Add to MetaCart
Many objectoriented languages used in practice descend from Algol. With this motivation, we study the theoretical issues underlying such languages via the theory of Algollike languages. It is shown that the basic framework of this theory extends cleanly and elegantly to the concepts of objects and classes. An important idea that comes to light is that classes are abstract data types, whose theory corresponds to that of existential types. Equational and Hoarelike reasoning methods, and relational parametricity provide powerful formal tools for reasoning about Algollike objectoriented programs. 1
Combining theorem proving with static analysis for data structure consistency
 In International Workshop on Software Verification and Validation (SVV 2004
, 2004
"... Abstract We describe an approach for combining theorem proving techniques with static analysis to analyze data structure consistency for programs that manipulate heterogeneous data structures. Our system uses interactive theorem proving and shape analysis to verify that data structure implementation ..."
Abstract

Cited by 22 (16 self)
 Add to MetaCart
Abstract We describe an approach for combining theorem proving techniques with static analysis to analyze data structure consistency for programs that manipulate heterogeneous data structures. Our system uses interactive theorem proving and shape analysis to verify that data structure implementations conform to set interfaces. A simpler static analysis then uses the verified set interfaces to verify properties that characterize how shared objects participate in multiple data structures. We have successfully applied this technique to several programs and found that theorem proving within circumscribed regions of the program combined with static analysis enables the verification of largescale program properties.
The Mondex Challenge: Machine Checked Proofs for an Electronic Purse
, 2006
"... The Mondex case study about the specification and refinement of an electronic purse as defined in [SCJ00] has recently been proposed as a challenge for formal systemsupported verification. This paper reports on the successful verification of the major part of the case study using the KIV specificat ..."
Abstract

Cited by 20 (8 self)
 Add to MetaCart
The Mondex case study about the specification and refinement of an electronic purse as defined in [SCJ00] has recently been proposed as a challenge for formal systemsupported verification. This paper reports on the successful verification of the major part of the case study using the KIV specification and verification system. We demonstrate that even though the handmade proofs were elaborated to an enormous level of detail we still could find small errors in the underlying data refinement theory as well as the formal proofs of the case study. We also provide an alternative formalisation of the communication protocol using abstract state machines. Finally the Mondex case study verifies functional correctness assuming a suitable security protocol. Therefore we propose to extend the case study to include the verification of a suitable security protocol.
Exploring Summation and Product Operators in the Refinement Calculus
 Mathematics of Program Construction
, 1994
"... Product and summation operators for predicate transformers were introduced by Naumann [21] and by Martin [15] using category theoretic considerations. In this paper, we formalise these operators in the higher order logic approach to the refinement calculus of [4], and examine various algebraic prope ..."
Abstract

Cited by 19 (10 self)
 Add to MetaCart
Product and summation operators for predicate transformers were introduced by Naumann [21] and by Martin [15] using category theoretic considerations. In this paper, we formalise these operators in the higher order logic approach to the refinement calculus of [4], and examine various algebraic properties of these operators. There are several motivating factors for this analysis. The product operator provides a model of simultaneous execution of statements, while the summation operator provides a simple model of late binding. We also generalise the product operator slightly to form an operator that corresponds to conjunction of specifications. We examine several applications of the these operators showing, for example, how a combination of the product and summation operators could be used to model inheritance in an objectoriented programming language. 1 Introduction Dijkstra introduced weakestprecondition predicate transformers as a means of verifying total correctness properties of ...
Stepwise Refinement of Communicating Systems
, 1994
"... The action system formalism [4] is a statebased approach to distributed computing. In this paper, it is shown how the action system formalism may be used to describe systems that communicate with their environment through synchronised valuepassing. Definitions and rules are presented for refining ..."
Abstract

Cited by 18 (7 self)
 Add to MetaCart
The action system formalism [4] is a statebased approach to distributed computing. In this paper, it is shown how the action system formalism may be used to describe systems that communicate with their environment through synchronised valuepassing. Definitions and rules are presented for refining and decomposing such action systems into distributed implementations in which internal communication is also based on synchronised valuepassing. An important feature of the composition rule is that parallel components of a distributed system may be refined independently of the rest of the system. Specification and refinement is similar to the refinement calculus approach [2, 22, 24]. The theoretical basis for communication and distribution is Hoare's CSP [11]. Use of the refinement and decomposition rules is illustrated by the design of an unordered buffer, and then of a distributed messagepassing system. 1 Introduction The action system formalism, introduced by Back & KurkiSuonio [4], i...
Foundations of the Trace Assertion Method of Module Interface Specification
, 2000
"... The trace assertion method is a formal state machine based method for specifying module interfaces. A module interface specification treats the module as a blackbox, identifying all module's ..."
Abstract

Cited by 17 (1 self)
 Add to MetaCart
The trace assertion method is a formal state machine based method for specifying module interfaces. A module interface specification treats the module as a blackbox, identifying all module's
Abstraction for Concurrent Objects ⋆
"... Abstract. Concurrent data structures are usually designed to satisfy correctness conditions such as sequential consistency and linearizability. In this paper, we consider the following fundamental question: what guarantees are provided by these conditions for client programs? We formally show that t ..."
Abstract

Cited by 17 (3 self)
 Add to MetaCart
Abstract. Concurrent data structures are usually designed to satisfy correctness conditions such as sequential consistency and linearizability. In this paper, we consider the following fundamental question: what guarantees are provided by these conditions for client programs? We formally show that these conditions can be characterized in terms of observational refinement. Our study also provides a new understanding of sequential consistency and linearizability in terms of abstraction of dependency between computation steps of client programs. 1
Software Verification with Integrated Data Type Refinement for Integer Arithmetic
, 2004
"... We present an approach to integrating the refinement relation between infinite integer types (used in specification languages) and finite integer types (used in programming languages) into software verification calculi. Since integer types in programming languages have finite ranges, in general they ..."
Abstract

Cited by 16 (3 self)
 Add to MetaCart
We present an approach to integrating the refinement relation between infinite integer types (used in specification languages) and finite integer types (used in programming languages) into software verification calculi. Since integer types in programming languages have finite ranges, in general they are not a correct data refinement of the mathematical integers usually used in specification languages. Ensuring the correctness of such a refinement requires generating and verifying additional proof obligations. We tackle this problem considering Java and UML/OCL as example. We present a sequent calculus for Java integer arithmetic with integrated generation of refinement proof obligations. Thus, there is no explicit...