specification and verification of object oriented software l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Specification and Verification of Object-Oriented Software PowerPoint Presentation
Download Presentation
Specification and Verification of Object-Oriented Software

Loading in 2 Seconds...

play fullscreen
1 / 19

Specification and Verification of Object-Oriented Software - PowerPoint PPT Presentation


  • 102 Views
  • Uploaded on

Specification and Verification of Object-Oriented Software. K. Rustan M. Leino Research in Software Engineering ( RiSE ) Microsoft Research, Redmond, WA. part 4 International Summer School Marktoberdorf Marktoberdorf , Germany 11 August 2008. Example: Queue. Demo: Queue.dfy. :Queue.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Specification and Verification of Object-Oriented Software' - gryta


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
specification and verification of object oriented software

Specification and Verification of Object-Oriented Software

K. Rustan M. Leino

Research in Software Engineering (RiSE)Microsoft Research, Redmond, WA

part 4

International Summer School Marktoberdorf

Marktoberdorf, Germany

11 August 2008

example queue
Example: Queue
  • Demo: Queue.dfy

:Queue

tail

head

:Node

:Node

:Node

:Node

parallel field update
Parallel field update
  • foreach (x in S) { x.f := E; }

Homework

capturing a parameter
Capturing a parameter

method Init() {

this.g := new Guitar;}

methodInitFromGuitar(gt: Guitar) {

this.g := gt;}

capturing a parameter5
Capturing a parameter

methodInitFromGuitar(gt: Guitar)requiresgt ≠ null gt.Valid();requiresthis  gt.footprint;modifies {this};ensures Valid();ensuresfresh(footprint – {this} – gt.footprint);{this.g := gt;

this.footprint := {this} + {g} + g.footprint;

}

Does gt.Valid() holdafter InitFromGuitar?

a caller
A caller

method Client() {varkim := new Guitar; callkim.Init();

var r := newRockBand;

callr.InitFromGuitar(kim);

callkim.Strum();

callr.Play();

}

allowed

error

slide7
Demo
  • RockBand0.dfy
borrowing a parameter
Borrowing a parameter

method Session(org: Organ) {

… callg.Strum(); callorg.Grind(); …

}

borrowing a parameter9
Borrowing a parameter

method Session(org: Organ)

requires Valid()  org ≠ null  org.Valid();

modifies footprint, org.footprint;

ensures Valid  org.Valid();

ensuresfresh(footprint – old(footprint));

ensuresfresh(org.footprint – old(org.footprint));

a client
A client

method Client() {

var r := newRockBand; callr.Init();

var b3 := new Organ; call b3.Init();

callr.Session(b3);

callr.Play();

call b3.Grind();

}

slide11
Demo
  • RockBand1.dfy
borrowing a parameter variation
Borrowing a parameter, variation

method Session(org: Organ) …

ensuresfresh(footprint – old(footprint));

ensuresfresh(org.footprint – old(org.footprint));

ensuresfresh(footprint + org.footprint – old(footprint) – old(org.footprint));

ensures footprint !! org.footprint;

requires footprint !! org.footprint;

slide13
Demo
  • RockBand1.dfy, variation
hiding a definition
Hiding a definition
  • function F(p: T) returns (U) reads R;
  • axiom ( h0: HeapType, h1: HeapType, this: C, p: T IsHeap(h0)  IsHeap(h1) ( o,f  (o,f)  R  h0[o,f] = h1[o,f])  #F(h0,this,p) = #F(h1,this,p));
example list
Example: List
  • List.dfy (see pre-lecture notes for Reverse)
specifications in spec
Specifications in Spec#
  • non-null types
  • Valid() implicit (declared via invariant)
  • [Rep] for components of aggregates
  • [Captured] (“borrowed” is default)
  • modifies this.* implicit
  • modifies p.* implicit for “committed” p
combining access and value
Combining access and value
  • Implicit dynamic frames [Smans et al.]
  • Separation logic[Reynolds, O’Hearn, Parkinson, …]
summary
Summary
  • Design semantics in terms of an intermediate language!
    • can support different logics: first-order, higher-order, separation, etc.
  • Research problem: how to specify programs
  • Trade-offs in specification styles:
    • economic (non-verbose) specifications
    • flexibility, expressibility
    • automation
  • Links:
    • http://research.microsoft.com/~leino
    • http://research.microsoft.com/specsharp