Abstract. The process of verifying that a program conforms to its specification is often hampered by errors in both the program and the specification. A runtime checker that can evaluate formal specifications can be useful for quickly identifying such errors. This paper describes our preliminary experience with incorporating run-time checking into the Jahob verification system and discusses some lessons we learned in this process. One of the challenges in building a runtime checker for a program verification system is that the language of invariants and assertions is designed for simplicity of semantics and tractability of proofs, and not for run-time checking. Some of the more challenging constructs include existential and universal quantification, set comprehension, specification variables, and formulas that refer to past program states. In this paper, we describe how we handle these constructs in our runtime checker, and describe directions for future work. 1

Components that encapsulate maps are among the most fundamental for the development of modern software. The concept of associating keys with values is important for a wide range of applications and it can accommodate a broad variety of implementations with diverse performance profiles. The foundational-yet-sophisticated nature of this concept makes it an ideal benchmark for software verification efforts. A tension between modular reasoning and the usefulness of a map can be observed, in particular, in systems where the keys may be reference types. This paper elaborates on the criteria for modular verification of robust map components and their clients and it presents a survey of existing attempts to verify map components. 1.

Abstract. This paper discusses experiments with a “model-based ” approach for developing verified distributed systems in which program development is carried out by stepwise refinement: we encode, specifications and algorithm archetypes in the PVS theorem prover, carry out stepwise refinement and concomitant proofs, and obtain collections of verified algorithms encoded in PVS. Finally we transform algorithms from PVS to programs in Java. We consider a class of systems in which state spaces may be continuous and state transitions may be continuous or discrete. Coordinated multi-vehicle systems are examples of this class. Temporal properties of this class of problems are specified in terms of convergence: the system state gets arbitrarily close to a limit as time tends to infinity. Our meta-theorems for verifying convergence are extensions from control theory to a temporal logic of continuous time and state spaces. 1

Abstract. We present a loop property generation method for loops iterating over multi-dimensional arrays. When used on matrices, our method is able to infer their shapes (also called types), such as upper-triangular, diagonal, etc. To generate loop properties, we first transform a nested loop iterating over a multidimensional array into an equivalent collection of unnested loops. Then, we infer quantified loop invariants for each unnested loop using a generalization of a recurrence-based invariant generation technique. These loop invariants give us conditions on matrices from which we can derive matrix types automatically using theorem provers. Invariant generation is implemented in the software package Aligator and types are derived by theorem provers and SMT solvers, including Vampire and Z3. When run on the Java matrix package JAMA, our tool was able to infer automatically all matrix types describing the matrix shapes guaranteed by JAMA’s API. 1