Dino Distefano, Matthew J. Parkinson J
2008 Proceedings of the 23rd ACM SIGPLAN conference on Object oriented programming systems languages and applications - OOPSLA '08  
In this paper we introduce a novel methodology for verifying a large set of Java programs which builds on recent theoretical developments in program verification: it combines the idea of abstract predicate families [24] [25] [26] and the idea of symbolic execution and abstraction using separation logic [9] . The proposed technology has been implemented in a new automatic verification system, called jStar, which combines theorem proving and abstract interpretation techniques. We demonstrate the
more » ... ffectiveness of our methodology by using jStar to verify example programs implementing four popular design patterns (subject/observer, visitor, factory, and pooling). Although these patterns are extensively used by object-oriented developers in real-world applications, so far they have been highly challenging for existing object-oriented verification techniques. • A (general) theorem prover for separation logic tailored to object-oriented verification. • A (general) symbolic execution and abstraction technique for separation logic tailored to object-oriented verification. With the help of our theorem prover, the abstract interpretation is able to perform fixed-point computation on strong properties resulting by the combination of heap information as well as data contents. The loop invariant is guessed automatically, minimizing the burden of verification. 2. We bring succinct separation logic specification to the world of automatic object-oriented verification. Pre/post specs in our specification language are simple. Even for intricate examples, such us the observer and visitor patterns, which involves properties of complex heap-allocated objects, the pre/post are straightforward. 3. We provide experimental evidence of the effectiveness of our approach by the automatic verification of four popular design patterns (visitor, subject/observer, factory and pooling). These patterns together are a serious challenge for any other state of the art object-oriented verification technique because of their intense use of aliased global state. int get() static: { | Val$Cell(this, {content=X}) } {X = return | Val$Cell(this, {content=X}) }; This describes for all subclasses precisely what this method body does, but it does not reveal the fields that are actually modified. As this pattern of specification is common, we provide a shorthand, which defines the dynamic specification given above, and the second static specification, with the single specification. int get(): { | Val$(this, {content=X}) } {X = return | Val$(this, {content=X}) };
doi:10.1145/1449764.1449782 dblp:conf/oopsla/DistefanoP08 fatcat:iaw6bguk5vg77ndq2madjl275m