Abstract
Deductive verifiers can be used to prove the correctness of programs by specifying the program’s intended behaviour using annotations such as pre- and postconditions. Unfortunately, most verifiers use their own unique specification language for those contract-based annotations. While many of them have similar concepts and syntax, there are numerous semantic differences and subtleties that make it very difficult to reuse specifications between verifiers. But reusing specifications could help overcome one of the bottlenecks of deductive verification, namely writing specifications. Therefore, we present the Specification Translator, a tool to automatically translate annotations for deductive verifiers. It currently supports Java programs annotated for OpenJML, Krakatoa and VerCors. Using the Specification Translator, we show that we can reuse 81% of the annotations, which would otherwise need to be manually translated. Moreover, it allows to reuse tools such as Daikon that generate annotations only in the syntax of one specific tool.
This work was supported by the NWO VICI 639.023.710 Mercedes project.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Due to publisher constraints, the appendix was moved online after peer review, to https://doi.org/10.4121/73361fbb-2633–4011-b615-cce19d8ac196.
- 2.
- 3.
This was done by student Joost Sessink as part of a course.
References
Ahrendt, W., Beckert, B., Bubel, R., Hähnle, R., Schmitt, P.H., Ulbrich, M.: Deductive Software Verification - The KeY Book - From Theory to Practice, Lecture Notes in Computer Science, vol. 10001. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-49812-6, Tool website: https://www.key-project.org/
Armborst, L., Huisman, M.: Permission-based verification of red-black trees and their merging. In: 2021 IEEE/ACM 9th International Conference on Formal Methods in Software Engineering (FormaliSE), pp. 111–123 (2021). https://doi.org/10.1109/FormaliSE52586.2021.00017
Baumann, C., Beckert, B., Blasum, H., Bormer, T.: Lessons learned from microkernel verification—specification is the new bottleneck. Electron. Proc. Theor. Comput. Sci. 102, 18–32 (2012). https://doi.org/10.4204/eptcs.102.4
Beckert, B., Kirsten, M., Klamroth, J., Ulbrich, M.: Modular verification of JML contracts using bounded model checking. In: Margaria, T., Steffen, B. (eds.) ISoLA 2020. LNCS, vol. 12476, pp. 60–80. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-61362-4_4
Beckert, B., Schiffl, J., Schmitt, P.H., Ulbrich, M.: Proving JDK’s dual pivot quicksort correct. In: Paskevich, A., Wies, T. (eds.) VSTTE 2017. LNCS, vol. 10712, pp. 35–48. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-72308-2_3
Blom, S., Darabi, S., Huisman, M., Oortwijn, W.: The VerCors tool set: verification of parallel and concurrent software. In: Polikarpova, N., Schneider, S.A. (eds.) IFM 2017. LNCS, vol. 10510, pp. 102–110. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66845-1_7, Tool website: https://www.utwente.nl/vercors/
Boer, M.d., Gouw, S.d., Klamroth, J., Jung, C., Ulbrich, M., Weigl, A.: Formal specification and verification of JDK’s identity hash map implementation. In: ter Beek, M.H., Monahan, R. (eds.) IFM 2022. LNCS, vol. 13274, pp. 45–62. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-07727-2_4
Boyland, J.: Checking interference with fractional permissions. In: Cousot, R. (ed.) Static Analysis. LNCS, vol. 2694, pp. 55–72. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-44898-5_4
Brizhinev, D., Goré, R.: A case study in formal verification of a Java program. Computing Research Repository abs/1809.03162 (2018). http://arxiv.org/abs/1809.03162
Cataño, N., Wahls, T., Rueda, C., Rivera, V., Yu, D.: Translating B machines to JML specifications. In: Ossowski, S., Lecca, P. (eds.) Proceedings of the ACM Symposium on Applied Computing, SAC 2012, Riva, Trento, Italy, 26–30 March 2012, pp. 1271–1277. ACM (2012). https://doi.org/10.1145/2245276.2231978
Chicote, M., Ciolek, D., Galeotti, J.: Practical JFSL verification using TACO. Softw. Pract. Exp. 44(3), 317–334 (2014). https://doi.org/10.1002/spe.2237, https://onlinelibrary.wiley.com/doi/abs/10.1002/spe.2237
Christakis, M., Müller, P., Wüstholz, V.: Collaborative verification and testing with explicit assumptions. In: Giannakopoulou, D., Méry, D. (eds.) FM 2012. LNCS, vol. 7436, pp. 132–146. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32759-9_13
Cok, D.R.: OpenJML: JML for Java 7 by extending OpenJDK. In: Bobaru, M., Havelund, K., Holzmann, G.J., Joshi, R. (eds.) NFM 2011, vol. 6617, pp. 472–479. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20398-5_35, Tool website: https://www.openjml.org/
Dohrau, J.: Automatic Inference of Permission Specifications. Ph.D. thesis, ETH Zurich (2022)
Efremov, D., Mandrykin, M., Khoroshilov, A.: Deductive verification of unmodified Linux kernel library functions. In: Margaria, T., Steffen, B. (eds.) ISoLA 2018. LNCS, vol. 11245, pp. 216–234. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03421-4_15
Ernst, M.D., et al.: The Daikon system for dynamic detection of likely invariants. Sci. Comput. Program. 69(1–3), 35–45 (2007). https://doi.org/10.1016/j.scico.2007.01.015, Tool website: https://plse.cs.washington.edu/daikon/
Filliâtre, J., Marché, C.: The Why/Krakatoa/Caduceus platform for deductive program verification. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 173–177. Springer, Cham (2007). https://doi.org/10.1007/978-3-540-73368-3_21, Tool website: https://krakatoa.lri.fr/
Filliâtre, J.-C., Paskevich, A.: Why3—where programs meet provers. In: Felleisen, M., Gardner, P. (eds.) ESOP 2013. LNCS, vol. 7792, pp. 125–128. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-37036-6_8
Giorgetti, A., Groslambert, J.: JAG: JML Annotation Generation for verifying temporal properties. In: Baresi, L., Heckel, R. (eds.) FASE 2006. LNCS, vol. 3922, pp. 373–376. Springer, Heidelberg (2006). https://doi.org/10.1007/11693017_27
de Gouw, S., Rot, J., de Boer, F.S., Bubel, R., Hähnle, R.: OpenJDK’s Java.utils.Collection.sort() is broken: the good, the bad and the worst case. In: Kroening, D., Păsăreanu, C.S. (eds.) CAV 2015. LNCS, vol. 9206, pp. 273–289. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-21690-4_16
Grunwald, D., Gladisch, C., Liu, T., Taghdiri, M., Tyszberowicz, S.: Generating JML specifications from alloy expressions. In: Yahav, E. (ed.) HVC 2014. LNCS, vol. 8855, pp. 99–115. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-13338-6_9
Hähnle, R., Huisman, M.: Deductive software verification: from pen-and-paper proofs to industrial tools. In: Steffen, B., Woeginger, G. (eds.) Computing and Software Science. LNCS, vol. 10000, pp. 345–373. Springer, Cham (2019). https://doi.org/10.1007/978-3-319-91908-9_18
Hamie, A.: Translating the object constraint language into the Java modelling language. In: Proceedings of the 2004 ACM Symposium on Applied Computing. SAC ’04, pp. 1531–1535. Association for Computing Machinery, New York, NY, USA (2004). https://doi.org/10.1145/967900.968206
Huisman, M., Tamalet, A.: A formal connection between security automata and JML annotations. In: Chechik, M., Wirsing, M. (eds.) FASE 2009. LNCS, vol. 5503, pp. 340–354. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00593-0_23
Jacobs, B., Smans, J., Philippaerts, P., Vogels, F., Penninckx, W., Piessens, F.: VeriFast: a powerful, sound, predictable, fast verifier for C and Java. In: Bobaru, M., Havelund, K., Holzmann, G.J., Joshi, R. (eds.) NFM 2011. LNCS, vol. 6617, pp. 41–55. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20398-5_4
Knüppel, A., Thüm, T., Pardylla, C., Schaefer, I.: Experience report on formally verifying parts of OpenJDK’s API with KeY. Electron. Proc. Theor. Comput. Sci. 284, 53–70 (2018). https://doi.org/10.4204/eptcs.284.5
Leavens, G.T., Baker, A.L., Ruby, C.: Preliminary design of JML: a behavioral interface specification language for Java. SIGSOFT Softw. Eng. Notes 31(3), 1–38 (2006). https://doi.org/10.1145/1127878.1127884
Leavens, G.T., et al.: JML Reference Manual, Department of Computer Science, Iowa State University, May 2013. http://www.jmlspecs.org
Raghavan, A., Leavens, G.: Desugaring JML method specifications. Comput. Sci. Tech. Rep. 345 (2005). http://lib.dr.iastate.edu/cs_techreports/345
Ringer, T., Yazdani, N., Leo, J., Grossman, D.: Adapting proof automation to adapt proofs. In: Proceedings of the 7th ACM SIGPLAN International Conference on Certified Programs and Proofs. CPP 2018, pp. 115–129. Association for Computing Machinery, New York, NY, USA (2018). https://doi.org/10.1145/3167094
Robby, Chalin, P.: Preliminary design of a unified JML representation and software infrastructure. In: Proceedings of the 11th International Workshop on Formal Techniques for Java-like Programs. FTfJP ’09. Association for Computing Machinery, New York, NY, USA (2009). https://doi.org/10.1145/1557898.1557903
Summers, A.J., Drossopoulou, S.: A formal semantics for isorecursive and equirecursive state abstractions. In: Castagna, G. (ed.) ECOOP 2013. LNCS, vol. 7920, pp. 129–153. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39038-8_6
Tran-Jørgensen, P.W.V., Larsen, P.G., Leavens, G.T.: Automated translation of VDM to JML-annotated Java. Int. J. Softw. Tools Technol. Transf. 20(2), 211–235 (2017). https://doi.org/10.1007/s10009-017-0448-3
Tushkanova, E., Giorgetti, A., Marché, C., Kouchnarenko, O.: Modular Specification of Java Programs. Research Report RR-7097, INRIA (2009). https://hal.inria.fr/inria-00434452
Zaharieva-Stojanovski, M., Huisman, M.: Verifying class invariants in concurrent programs. In: Gnesi, S., Rensink, A. (eds.) FASE 2014. LNCS, vol. 8411, pp. 230–245. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54804-8_16
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Armborst, L., Lathouwers, S., Huisman, M. (2024). Joining Forces! Reusing Contracts for Deductive Verifiers Through Automatic Translation. In: Herber, P., Wijs, A. (eds) Integrated Formal Methods. iFM 2023. Lecture Notes in Computer Science, vol 14300. Springer, Cham. https://doi.org/10.1007/978-3-031-47705-8_9
Download citation
DOI: https://doi.org/10.1007/978-3-031-47705-8_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-47704-1
Online ISBN: 978-3-031-47705-8
eBook Packages: Computer ScienceComputer Science (R0)