Boogie: A modular reusable verifier for object-oriented programs

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 4111 LNCS, Issue , 2006, Pages 364-387

  Barnett, Mike ^a   Chang, Bor Yuh Evan ^b   DeLine, Robert ^a   Jacobs, Bart ^c   Leino, K Rustan M ^a  

^a MICROSOFT RESEARCH   (United States)

^b UNIVERSITY OF CALIFORNIA   (United States)

^c UNIVERSITY OF LEUVEN   (Belgium)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER ARCHITECTURE; LARGE SCALE SYSTEMS; OBJECT ORIENTED PROGRAMMING; PROGRAM COMPILERS; PROGRAM INTERPRETERS; SEMANTICS; USER INTERFACES;

AUTOMATIC DECISION PROCEDURES; PROGRAM SEMANTICS; PROGRAM VERIFIERS; VERIFICATION CONDITION GENERATION;

OBJECT RECOGNITION;

EID: 33749664425     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/11804192_17     Document Type: Conference Paper

References (65)

1. [ABB + 05] Wolfgang Ahrendt, Thomas Baar, Bernhard Beckert, Richard Bubel, Martin Giese, Reiner Hähnle, Wolfram Menzel, Wojciech Mostowski, Andreas Roth, Steffen Schlager, and Peter H. Schmitt. The KeY tool. Software and System Modeling, 4(1):32-54, February 2005.
2. [Abr96] Jean-Raymond Abrial. The B-Book: Assigning Programs to Meanings. Cambridge University Press, August 1996.
3. +77] Allen L. Ambler, Donald I. Good, James C. Browne, Wilhelm F. Burger, Richard M. Cohen, Charles G. Hoch, and Robert E. Wells. GYPSY: A language for specification and implementation of verifiable programs. SIGPLAN Notices, 12(3):1-10, March 1977.
4. [Bar03] John Barnes. High Integrity Software: The SPARK Approach to Safety and Security. Addison Wesley, 2003.
5. [BDF + 04] Michael Barnett, Robert DeLine, Manuel Fähndrich, K. Rustan M. Leino, and Wolfram Schulte. Verification of object-oriented programs with invariants. Journal of Object Technology, 3(6):27-56, 2004.
6. [BJ01] Joachim van den Berg and Bart Jacobs. The LOOP compiler for Java and JML. In Tiziana Margaria and Wang Yi, editors, Tools and Algorithms for the Construction and Analysis of Systems (TACAS), volume 2031 of Lecture Notes in Computer Science, pages 299-312. Springer, 2001.
7. [BL05] Mike Barnett and K. Rustan M. Leino. Weakest-precondition of unstructured programs. In Workshop on Program Analysis for Software Tools and Engineering (PASTE), pages 82-87, 2005.
8. [BLM05] Thomas Ball, Shuvendu Lahiri, and Madanlal Musuvathi. Zap: Automated theorem proving for software analysis. Technical Report MSR-TR-2005-137, Microsoft Research, October 2005.
9. [BLS04] Mike Barnett, K. Rustan M. Leino, and Wolfram Schulte. The Spec# programming system: An overview. In Construction and Analysis of Safe, Secure, and Interoperable Smart devices (CASSIS), volume 3362 of Lecture Notes in Computer Science, pages 49-60. Springer, 2004.
10. [BN04] Mike Barnett and David A. Naumann. Friends need a bit more: Maintaining invariants over shared state. In Dexter Kozen and Carron Shankland, editors, Mathematics of Program Construction (MPC), volume 3125 of Lecture Notes in Computer Science, pages 54-84. Springer, 2004.
11. [BRL03] L. Burdy, A. Requet, and J.-L. Lanet. Java applet correctness: a developer-oriented approach. In Keijiro Araki, Stefania Gnesi, and Dino Mandrioli, editors, FME 2003: Formal Methods, International Symposium of Formal Methods Europe, volume 2805 of Lecture Notes in Computer Science, pages 422-439. Springer, September 2003.
12. [Bur72] Rod M. Burstall. Some techniques for proving correctness of programs which alter data structures. Machine Intelligence, 7:23-50, 1972.
13. [BvW98] Ralph-Johan Back and Joakim von Wright. Refinement Calculus: A Systematic Introduction. Graduate Texts in Computer Science. Springer-Verlag, 1998.
14. [CC77] Patrick Cousot and Radhia Cousot. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In Fourth ACM Symposium on Principles of Programming Languages (POPL), pages 238-252, January 1977.
15. [CC79] Patrick Cousot and Radhia Cousot. Systematic design of program analysis frameworks. In Sixth ACM Symposium on Principles of Programming Languages (POPL), pages 269-282, January 1979.
16. +91] Ron Cytron, Jeanne Ferrante, Barry K. Rosen, Mark N. Wegman, and F. Kenneth Zadeck. Efficiently computing static single assignment form and the control dependence graph. ACM Transactions on Programming Languages and Systems, 13(4):451-490, October 1991.
17. [CH78] Patrick Cousot and Nicolas Halbwachs. Automatic discovery of linear restraints among variables of a program. In Fifth ACM Symposium on Principles of Programming Languages (POPL), pages 84-96, January 1978.
18. [CL05] Bor-Yuh Evan Chang and K. Rustan M. Leino. Abstract interpretation with alien expressions and heap structures. In Radhia Cousot, editor, Verification, Model Checking, and Abstract Interpretation (VMCAI), volume 3385 of Lecture Notes in Computer Science, pages 147-163. Springer, 2005.
19. [Dij76] Edsger W. Dijkstra. A Discipline of Programming. Prentice Hall, Englewood Cliffs, NJ, 1976.
20. [DL05] Robert DeLine and K. Rustan M. Leino. BoogiePL: A typed procedural language for checking object-oriented programs. Technical Report MSR-TR-2005-70, Microsoft Research, March 2005.
21. [DLNS98] David L. Detlefs, K. Rustan M. Leino, Greg Nelson, and James B. Saxe. Extended static checking. Research Report 159, Compaq Systems Research Center, December 1998.
22. [DNS05] David Detlefs, Greg Nelson, and James B. Saxe. Simplify: a theorem prover for program checking. Journal of the ACM, 52(3):365-473, May 2005.
23. [Esc06] Escher Technologies. Perfect Developer, http://eschertech.com/, 2006.
24. [F1103] Jean-Christophe Filliâtre. Verification of non-functional programs using interpretations in type theory. The Journal of Functional Programming, 13(4):709-745, July 2003.
25. +00] Robert Fitzgerald, Todd B. Knoblock, Erik Ruf, Bjarne Steensgaard, and David Tarditi. Marmot: An Optimizing Compiler For Java. Software-Practice and Experience, 30(3):199-232, 2000.
26. [FL03] Manuel Fähndrich and K. Rustan M. Leino. Declaring and checking non-null types in an object-oriented language. In Ron Crocker and Guy L. Steele Jr., editors, Object-Oriented Programming Systems, Languages and Applications (OOPSLA), pages 302-312. ACM, 2003.
27. +02] Cormac Flanagan, K. Rustan M. Leino, Mark Lillibridge, Greg Nelson, James B. Saxe, and Raymie Stata. Extended static checking for Java. In Programming Language Design and Implementation (PLDI), pages 234245, 2002.
28. [FM04] Jean-Christophe Filliâtre and Claude Marchê. Multi-prover verification of C programs. In Jim Davies, Wolfram Schulte, and Michael Barnett, editors, Formal Engineering Methods (ICFEM), volume 3308 of Lecture Notes in Computer Science, pages 15-29. Springer, 2004.
29. [FS01] Cormac Flanagan and James B. Saxe. Avoiding exponential explosion: Generating compact verification conditions. In POPL 2001: The 28th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 193-205. ACM, January 2001.
30. [Hoa69] C. A. R. Hoare. An axiomatic basis for computer programming. Communications of the ACM, 12(10):576-580,583, October 1969.
31. [HW73] C. A. R. Hoare and N. Wirth. An axiomatic definition of the programming language PASCAL. Acta Informatica, 2(4):335-355, 1973.
32. [Jac04] Bart Jacobs. Weakest pre-condition reasoning for Java programs with JML annotations. Journal of Logic and Algebraic Programming, 58(1-2):61-88, January-March 2004.
33. [JP01] Bart Jacobs and Erik Poll. A logic for the Java Modeling Language JML. In H. Hussmann, editor, Fundamental Approaches to Software Engineering (FASE), volume 2029 of Lecture Notes in Computer Science, pages 284-299. Springer, 2001.
34. [JP03] Bart Jacobs and Erik Poll. Java program verification at Nijmegen: Developments and perspective. In Software Security-Theories and Systems, Second Mext-NSF-JSPS International Symposium, ISSS 2003, pages 134-153, November 2003.
35. [KC04] Joseph R. Kiniry and David R. Cok. ESC/Java2: Uniting ESC/Java and JML: Progress and issues in building and using ESC/Java2, including a case study involving the use of the tool to verify portions of an Internet voting tally system. In Construction and Analysis of Safe, Secure, and Interoperable Smart devices (CASSIS), volume 3362 of Lecture Notes in Computer Science, pages 108-128. Springer, 2004.
36. [KMM00] Matt Kaufmann, Panagiotis Manolios, and J Strother Moore. Computer-Aided Reasoning: An Approach. Kluwer Academic Publishers, June 2000.
37. [LBR99] Gary T. Leavens, Albert L. Baker, and Clyde Ruby. JML: A notation for detailed design. In Haim Kilov, Bernhard Rumpe, and Ian Simmonds, editors, Behavioral Specifications of Businesses and Systems, pages 175-188. Kluwer Academic Publishers, Boston, 1999.
38. [LBR03] Gary T. Leavens, Albert L. Baker, and Clyde Ruby. Preliminary design of JML: A behavioral interface specification language for Java. Technical Report 98-06u, Iowa State University, Department of Computer Science, April 2003.
39. [Lei95] K. Rustan M. Leino. Toward Reliable Modular Programs. PhD thesis, CalTech, 1995.
40. Available as Technical Report Caltech-CS-TR-95-03.
41. [Lei00] K. Rustan M. Leino. Extended static checking: A ten-year perspective. In Reinhard Wilhelm, editor, Informatics - 10 Years Back, 10 Years Ahead, volume 2000 of Lecture Notes in Computer Science. Springer, 2000.
42. [Lei05] K. Rustan M. Leino. Efficient weakest preconditions. Information Processing Letters, 93(6):281-288, March 2005.
43. +81] Butler W. Lampson, James J. Horning, Ralph L. London, James G. Mitchell, and Gerald J. Popek. Report on the programming language Euclid. Technical Report CSL-81-12, Xerox PARC, October 1981.
44. An earlier version of this report appeared as volume 12, number 2 in SIGPLAN Notices. ACM, February 1977.
45. [LL05] K. Rustan M. Leino and Francesco Logozzo. Loop invariants on demand. In Kwangkeun Yi, editor, Asian Symposium on Programming Languages and Systems (APLAS), volume 3780 of Lecture Notes in Computer Science, pages 119-134. Springer, 2005.
46. [LM04] K. Rustan M. Leino and Peter Müller. Object invariants in dynamic contexts. In Martin Odersky, editor, European Conference on Object-Oriented Programming (ECOOP), volume 3086 of Lecture Notes in Computer Science, pages 491-516. Springer-Verlag, 2004.
47. [LM05] K. Rustan M. Leino and Peter Müller. Modular verification of static class invariants. In John Fitzgerald, Ian J. Hayes, and Andrzej Tarlecki, editors, Symposium on Formal Methods Europe (FM), volume 3582 of Lecture Notes in Computer Science, pages 26-42. Springer, 2005.
48. [LM06] K. Rustan M. Leino and Peter Müller. A verification methodology for model fields. In Peter Sestoft, editor, European Symposium on Programming (ESOP), volume 3924 of Lecture Notes in Computer Science, pages 115-130. Springer, 2006.
49. [LMS05] K. Rustan M. Leino, Todd Millstein, and James B. Saxe. Generating error traces from verification-condition counterexamples. Science of Computer Programming, 55(1-3):209-226, March 2005.
50. [LN02] K. Rustan M. Leino and Greg Nelson. Data abstraction and information hiding. ACM Transactions on Programming Languages and Systems, 24(5):491-553, September 2002.
51. [LPP05] Dirk Leinenbach, Wolfgang Paul, and Elena Petrova. Towards the formal verification of a C0 compiler: Code generation and implementation correctness. In Bernhard K. Aichernig and Bernhard Beckert, editors, Third IEEE International Conference on Software Engineering and Formal Methods (SEFM 2005), pages 2-12. IEEE Computer Society, September 2005.
52. [LSS99] K. Rustan M. Leino, James B. Saxe, and Raymie Stata. Checking Java programs via guarded commands. In Formal Techniques for Java Programs, Technical Report 251. Fernuniversität Hagen, May 1999.
53. Also available as Technical Note 1999-002, Compaq Systems Research Center.
54. [Mey92] Bertrand Meyer. Eiffel: The Language. Object-Oriented Series. Prentice Hall, 1992.
55. [Min01] Antoine Miné. The octagon abstract domain. In Working Conference on Reverse Engineering (WCRE), pages 310-319, 2001.
56. [MMPH97] Peter Müller, Jörg Meyer, and Arnd Poetzsch-Heffter. Programming and interface specification language of JIVE - specification and design rationale. Technical Report 223, Fernuniversität Hagen, 1997.
57. [MPMU04] Claude Marché, Christine Paulin-Mohring, and Xavier Urbain. The KRAKATOA tool for certification of JAVA/JAVACARD programs annotated in JML. Journal of Logic and Algebraic Programming, 58(1-2):89-106, January-March 2004.
58. [Nel89] Greg Nelson. A generalization of Dijkstra's calculus. ACM Transactions on Programming Languages and Systems, 11(4):517-561, October 1989.
59. + 96] Sam Owre, S. Rajan, John M. Rushby, Natarajan Shankar, and Mandayam K. Srivas. PVS: Combining specification, proof checking, and model checking. In Rajeev Alur and Thomas A. Henzinger, editors, Computer-Aided Verification (CAV), volume 1102 of Lecture Notes in Computer Science, pages 411-414. Springer, 1996.
60. [PH97] Arnd Poetzsch-Heffter. Specification and verification of object-oriented programs. Habilitationsschrift, Technische Universität München, 1997.
61. [Rey78] John C. Reynolds. Syntactic control of interference. In Fifth ACM Symposium on Principles of Programming Languages (POPL), pages 39-46, January 1978.
62. [Ros95] David S. Rosenblum. A practical approach to programming with assertions. IEEE Transactions on Software Engineering, 21(1):19-31, January 1995.
63. [Spe06] Spec# homepage. http://research.microsoft.com/specsharp, 2006.
64. [Van94] Mark T. Vandevoorde. Exploiting Specifications to Improve Program Performance. PhD thesis, Massachusetts Institute of Technology, February 1994.
65. Available as Technical Report MIT/LCS/TR-598.