Checking Well-Formedness of Pure-Method Specifications
نویسندگان
چکیده
Contract languages such as JML and Spec# specify invariants and preand postconditions using side-effect free expressions of the programming language, in particular, pure methods. For such contracts to be meaningful, they must be well-formed: First, they must respect the partiality of operations, for instance, the preconditions of pure methods used in the contract. Second, they must enable a consistent encoding of pure methods in a program logic, which requires that their specifications are satisfiable and that recursive specifications are well-founded. This paper presents a technique to check well-formedness of contracts. We give proof obligations that are sufficient to guarantee the existence of a model for the specification of pure methods. We improve over earlier work by providing a systematic solution including a soundness result and by supporting more forms of recursive specifications. Our technique has been implemented in the Spec# programming system.
منابع مشابه
Analyzing Tabular and State-Transition Requirements Specifications in PVS
\_' (lescribe PVS's capabilities for representing tabular specifications of the kind advocated t)y Parnas and others, and show how PVS's Type Correctness Conditions (TCCs) are used to ensure certain well-formedness properties. We then show how these and other capabilities of PVS can be used to represent the AND/OR tables of Leveson and the Decision Tables of Sherry, and we demonstrate how PVS_s...
متن کاملProving well-formedness of interface specifications
Automated software verification systems, that try to prove the correctness of a program, use specifications in the code as a base to verify said program. When this specification includes calls to sideeffect free methods, the verification system might want to use the specification of these side-effect free methods to have more information available for its correctness proofs. Unfortunately, the ...
متن کاملRealizing the Dependently Typed Λ-calculus
Dependently typed λ-calculi such as the Edinburgh Logical Framework (LF) can encode relationships between terms in types and can naturally capture correspondences between formulas and their proofs. Such calculi can also be given a logic programming interpretation: the system is based on such an interpretation of LF. We have considered whether a conventional logic programming language can also p...
متن کاملObservational Purity and Encapsulation
Practical specification languages for imperative and object-oriented programs, such as JML, Eiffel, and Spec#, allow the use of program expressions including method calls in specification formulas. For coherent semantics of specifications, and to avoid anomalies with runtime assertion checking, expressions in specifications and assertions are typically required to be weakly pure in the sense th...
متن کاملExtensions of the theory of observational purity and a practical design for JML
To prevent erratic behavior during runtime checking, JML only allows assertions to call pure, i.e., side-effect free, methods. However, JML’s notion of purity checking is too conservative. For example, Object’s equals method needs to be used in assertions, but some classes use side effects in their equals method to maintain hidden caches or to trigger lazy evaluation, and so these methods canno...
متن کامل