A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is `application/pdf`

.

## Filters

##
###
Data groups

1998
*
SIGPLAN notices
*

For example, if a Sprite subclass declares a variable int

doi:10.1145/286942.286953
fatcat:6azju4z6xfhttbuv5rsiqahbde
*k*I* member-of position, drawState *!; then*k*can be modified by any of the methods update, updatePosition, and draw. ... An implementation of*m*in a subclass U of T is allowed to modify those variables listed in the modifies clause of*m*as given in class T, plus any variable declared in any also-modifies clause for*m*as ...##
###
Efficient weakest preconditions

2005
*
Information Processing Letters
*

Desired computer-program properties can be described by logical formulas called verification conditions. Different mathematically-equivalent forms of these verification conditions can have a great impact on the performance of an automatic theorem prover that tries to discharge them. This paper presents a simple weakest-precondition understanding of the ESC/Java technique for generating verification conditions. The new understanding of this technique spotlights the program property that makes

doi:10.1016/j.ipl.2004.10.015
fatcat:tmrdvcj33bb6tkq26xhsxjuqb4
## more »

... perty that makes the technique work.##
###
Program extrapolation with jennisys

2012
*
SIGPLAN notices
*

. , e

doi:10.1145/2398857.2384646
fatcat:3kbn3e6ed5gnfnzp7eyket6yvu
*k*−1 ] + l, i) ≡ if i < k then e i else apply([], l, i − k) Simplifications of the sequence length and sequence select expressions performed by the apply function. ...##
###
Computing Permutation Encodings

1999
*
Formal Aspects of Computing
*

à c b H £ Q S ¥ 6 d ) e f b W g i h § p q £ ¦ s r u t s © © w v x g y T W X d ) U W e f d ) b S d 6 £ ¦ w e f ' g W i d § s x c f e g b e b W V X Y e d X Y T W X d P g w f e 9 d g Y h W b g f g i r j

doi:10.1007/s001650050036
fatcat:eqy2ohl74rgntcsbyrurwcnjje
*k*... d g w 9 X h W d P W g i à c y « e f b u õ f t W § ö ' X h W d G d ª g d q i e f µ d G V ± c b Ù Ø T r u ) Øw £ l c f i g Y e f X h W y · g U g y % W T W X e f b W i Ò g y A è ¥ e f b X Y e f y d â¤ q*m*...##
###
Co-induction Simply
[chapter]

2014
*
Lecture Notes in Computer Science
*

args ) to a co-method by a call

doi:10.1007/978-3-319-06410-9_27
fatcat:knloumszpbc7bb3scqs5acv46i
*M*# [_k − 1 ]( args ) to the corresponding prefix method, and then • making the body's execution conditional on _k = 0 . ... We first show Pos # [*k*](Up( n )), for any*k*and n > 0 , and then use the forall statement to show ∀*k*• Pos # [*k*](Up( n )). ...##
###
Developing Verified Programs with Dafny
[chapter]

2012
*
Lecture Notes in Computer Science
*

b := a;
if

doi:10.1007/978-3-642-27705-4_7
fatcat:fymrexgexvcxzluw536xlwok24
*m*= 0 { b := new Data[2 * a.Length]; } forall (i | 0 ≤ i < n -*m*) { b[i] := a[*m*+ i]; } a,*m*, n := b, 0, n -*m*; } a[n], n, Contents := d, n + 1, Contents + [d]; } } ... = old(Contents)[1..]; { assert a[*m*] = a[*m*..n][0]; d,*m*, Contents := a[*m*],*m*+ 1, Contents[1..]; } } method Main() { var q := new SimpleQueue();q.Enqueue(5); q.Enqueue(12); var x := q.Dequeue(); assert ...##
###
Automating Theorem Proving with SMT
[chapter]

2013
*
Lecture Notes in Computer Science
*

A recursive call to

doi:10.1007/978-3-642-39634-2_2
fatcat:n56eavdz75f6ldiadspg5d36jy
*M*#[*K*] where*K*< _k corresponds to obtaining the co-induction hypothesis (for use after _k -*K*unwindings of the co-predicate in the proof goal), whereas a call to*M*#[_k] is just ...*M*(E); . . . } is turned into: ghost method*M*#[_k : nat](x : T) ensures Q#[_k](x); decreases _k, D(x); { if _k = 0 { . . .*M*#[_k-1](E); . . . ...##
###
Loop Invariants on Demand
[chapter]

2005
*
Lecture Notes in Computer Science
*

fresh variable tr(S0 S1,

doi:10.1007/11575467_9
fatcat:vjwk2f4devasdd55klgcgpkife
*m*) = let (C 0, n0) = tr(S0,*m*) in let (C1, n1) = tr(S1, n0) in (C0 ; C1, n1) tr(if (E) {S0} else {S1},*m*) = let (C0, n0) = tr(S0,*m*) in let (C1, n1) = tr(S1,*m*) in let V = {x ∈ ... Since loop 's pre-state inflections are (x 0 ,*m*0 , b, N ), the abstract element d 0 is computed as x 0 = 0 ∧*m*0 = 0 ∧ 0 < N and d thus becomes x 0 = 0 ∧*m*0 = 0 ∧ 0 < N ∧ x 0 = x ∧*m*0 =*m*∧ b = b ∧ ...##
###
Weakest-precondition of unstructured programs

2006
*
Software engineering notes
*

Program verification systems typically transform a program into a logical expression which is then fed to a theorem prover. The logical expression represents the weakest precondition of the program relative to its specification; when (and if!) the theorem prover is able to prove the expression, then the program is considered correct. Computing such a logical expression for an imperative, structured program is straightforward, although there are issues having to do with loops and the efficiency

doi:10.1145/1108768.1108813
fatcat:44kkykclgfgybhz5fckbi2qxle
## more »

... and the efficiency both of the computation and of the complexity of the formula with respect to the theorem prover. This paper presents a novel approach for computing the weakest precondition of an unstructured program that is sound even in the presence of loops. The computation is efficient and the resulting logical expression provides more leeway for the theorem prover efficiently to attack the proof.##
###
Automating Induction with an SMT Solver
[chapter]

2012
*
Lecture Notes in Computer Science
*

Applying the Induction Translation, Dafny thus produces: ∀x , y, z • (∀

doi:10.1007/978-3-642-27940-9_21
fatcat:jghhbkqa7reknhxopc37vr5a7i
*k*,*m*• (*k*,*m*) ≺ (x , z ) =⇒ Q(*k*, y,*m*)) =⇒ Q(x , y, z ) where the definition of (*k*,*m*) ≺ (x , z ) is the ≺ ordering on lexicographic ... pairs:*k*≺ x ∨ (*k*= x ∧*m*≺ z ) Dafny only applies the Induction Translation to quantifiers that appear as positive top-level conjuncts of proof obligations. ...##
###
Object Invariants in Dynamic Contexts
[chapter]

2004
*
Lecture Notes in Computer Science
*

The fact that the invariant may not hold at the time

doi:10.1007/978-3-540-24851-4_22
fatcat:lycgzv3ka5hmtpk4yvggh4rwde
*m*calls procedure P is a central problem in reasoning: if P calls back into*m*, then*m*may erroneously divide by 0. ... The fact that the invariant may not hold at the time*m*calls procedure P is a central problem in reasoning: if P calls back into*m*, then*m*may erroneously divide by 0. a program's object references. ...##
###
A Logic of Object-Oriented Programs
[chapter]

2003
*
Lecture Notes in Computer Science
*

T ] :: Res(x) E x.m : B[x/y] :: T [x/y] Field update for A syn = [f i : A i i∈1..n ,

doi:10.1007/978-3-540-39910-0_2
fatcat:gdbzi24b7fdflb72ofjys5wbjq
*m*j : ς(z j )B j :: T j j∈1..*m*] E x : A :: Res(x)*k*∈ 1..n E y : A*k*:: Res(y) E x.f*k*:= y : A :: r = x ∧σ(x, f*k*... update for A syn = [f i : A i i∈1..n ,*m*j : B j j∈1..*m*] E x : A*k*∈ 1..n E y : A*k*E x.f*k*:= y : A This type system is much like those of common programming languages in that it is independent of verification ...##
###
Dafny Meets the Verification Benchmarks Challenge
[chapter]

2010
*
Lecture Notes in Computer Science
*

A suite of verification benchmarks for software verification tools and techniques, presented at VSTTE 2008 [11], provides an initial catalogue of benchmark challenges for the Verified Software Initiative. This paper presents solutions to these eight benchmarks using the language and verifier Dafny. A Dafny program includes specifications, code, inductive invariants, and termination metrics. Each of the eight programs is fed to the Dafny verifier, which without further user interaction

doi:10.1007/978-3-642-15057-9_8
fatcat:bbnuys42ava4jmmt5ru565zhua
## more »

... teraction automatically performs the verification in a few seconds.##
###
A logic of object-oriented programs
[chapter]

1997
*
Lecture Notes in Computer Science
*

T ] :: Res(x) E x.m : B[x/y] :: T [x/y] Field update for A syn = [f i : A i i∈1..n ,

doi:10.1007/bfb0030634
fatcat:wuhcs5cdi5bqxn2ssutwlzt3vm
*m*j : ς(z j )B j :: T j j∈1..*m*] E x : A :: Res(x)*k*∈ 1..n E y : A*k*:: Res(y) E x.f*k*:= y : A :: r = x ∧σ(x, f*k*... update for A syn = [f i : A i i∈1..n ,*m*j : B j j∈1..*m*] E x : A*k*∈ 1..n E y : A*k*E x.f*k*:= y : A This type system is much like those of common programming languages in that it is independent of verification ...##
###
Fine-Grained Caching of Verification Results
[chapter]

2015
*
Lecture Notes in Computer Science
*

and

doi:10.1007/978-3-319-21690-4_22
fatcat:kppunm4xdbf3bmhpx2gdnbrye4
*M*contains a conjunct ov == v for each global variable v in the set V . ... Note that*M*does not depend on global variables that were removed from the callee's modifies clause since the cached snapshot; the statements after the call have already been verified for all possible ...
« Previous

*Showing results 1 — 15 out of 202 results*