Precondition Generation for a Java Subset

In order to achieve a better software quality, it is an interesting aspect to verify the correctness of a program at the source code level with respect to a given specification. We are currently developing an interactive verification system called Jive [7] which operates on a Java subset using a Hoare-style programming logic. It is very tedious to verify each and every line of the code to be examined in a separate step, even for those code parts that are straightforward to handle. Thus it is desirable that larger pieces of code can be verified automatically. This can be achieved by using a predicate transformer. It can handle a code sequence by generating a precondition for each element of the sequence, starting with a given postcondition. If it can be shown that a given precondition implies the one generated for the whole sequence, the code indeed satisfies its specification. This paper presents a predicate transformer called “practical weak precondition transformation” (pwp) which operates on the statements of a sequential Java subset called Java-KE. This subset covers object-oriented features like dynamic method binding and exceptions. References, recursion and iteration are supported as well. Details of the embedding of the pwp predicate transformer into our verification tool Jive are given in [12]. Predicate transformers have been examined in detail in the literature. Many other papers deal with aspects like modelling the object store or handling exceptions. This paper puts these pieces together and presents a predicate transformer that adapts parts of these different approaches to our Java subset and integrates them into the formal setting used in Jive.