Certificates and Separation Logic [chapter]

Martin Nordio, Cristiano Calcagno, Bertrand Meyer
2014 Lecture Notes in Computer Science  
Modular and local reasoning about object-oriented programs has been widely studied for programing languages such as C# and Java. Once source programs have been proven, the next verification challenge is to ensure that the code produced by the compiler is correct. Since verifying a compiler can be extremely complex, this paper uses proof-transforming compilation, an alternative approach which automatically generates certificates, a bytecode proof, from proofs in the source language. The paper
more » ... elops a bytecode logic using separation logic, and proof translation from proofs of object-oriented programs to bytecode. The translation also handles proofs for concurrent programs. The bytecode logic and the proof transformation are proven sound. keywords: software verification, program proofs, separation logic, proof-carrying code L ::= class C [extends C1] { public D f ; A M } Class Definition A ::= define αC(x) as P Abstract Predicate Family M ::= public virtual C m(D p) DSspec D x; s; Method Definition | public override C m(D p) DSspec D x; s; DSspec ::= dynamic Spec; static Spec Dynamic and Static Spec. Spec ::= {P}_{Q} | Spec also {P}_{Q} Specification Combination s ::= x = e | s; s | x = y.f | x.f = e Statements | x = y.m(e) | x = y.C :: m(e) | x = new C() Programs are defined as a set of classes, where each class consists of a collection of methods and field definitions; a class can specify at most one superclass. The class definition also contains abstract predicates families (APF). A method declaration includes the method name, parameters with type and name, method specifications, as well as a method body. Method specifications include a static specification and a dynamic specification. Static specifications are used to verify the implementation of a method and direct method calls (in Java this would be with a super call); dynamic specifications are used for calls that are dynamically dispatched. The specifications consist of a sequence
doi:10.1007/978-3-319-14128-2_16 fatcat:nhnl4e6cnjdpveg4snitsptcie