Skip to main content
SpringerLink
Log in

Joining Forces! Reusing Contracts for Deductive Verifiers Through Automatic Translation

  • Conference paper
  • First Online:
Integrated Formal Methods (iFM 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14300))

Included in the following conference series:

  • 173 Accesses

Abstract

Deductive verifiers can be used to prove the correctness of programs by specifying the program’s intended behaviour using annotations such as pre- and postconditions. Unfortunately, most verifiers use their own unique specification language for those contract-based annotations. While many of them have similar concepts and syntax, there are numerous semantic differences and subtleties that make it very difficult to reuse specifications between verifiers. But reusing specifications could help overcome one of the bottlenecks of deductive verification, namely writing specifications. Therefore, we present the Specification Translator, a tool to automatically translate annotations for deductive verifiers. It currently supports Java programs annotated for OpenJML, Krakatoa and VerCors. Using the Specification Translator, we show that we can reuse 81% of the annotations, which would otherwise need to be manually translated. Moreover, it allows to reuse tools such as Daikon that generate annotations only in the syntax of one specific tool.

This work was supported by the NWO VICI 639.023.710 Mercedes project.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Due to publisher constraints, the appendix was moved online after peer review, to https://doi.org/10.4121/73361fbb-2633–4011-b615-cce19d8ac196.

  2. 2.

    https://krakatoa.lri.fr/krakatoa.html.

  3. 3.

    This was done by student Joost Sessink as part of a course.

References

  1. Ahrendt, W., Beckert, B., Bubel, R., Hähnle, R., Schmitt, P.H., Ulbrich, M.: Deductive Software Verification - The KeY Book - From Theory to Practice, Lecture Notes in Computer Science, vol. 10001. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-49812-6, Tool website: https://www.key-project.org/

  2. Armborst, L., Huisman, M.: Permission-based verification of red-black trees and their merging. In: 2021 IEEE/ACM 9th International Conference on Formal Methods in Software Engineering (FormaliSE), pp. 111–123 (2021). https://doi.org/10.1109/FormaliSE52586.2021.00017

  3. Baumann, C., Beckert, B., Blasum, H., Bormer, T.: Lessons learned from microkernel verification—specification is the new bottleneck. Electron. Proc. Theor. Comput. Sci. 102, 18–32 (2012). https://doi.org/10.4204/eptcs.102.4

  4. Beckert, B., Kirsten, M., Klamroth, J., Ulbrich, M.: Modular verification of JML contracts using bounded model checking. In: Margaria, T., Steffen, B. (eds.) ISoLA 2020. LNCS, vol. 12476, pp. 60–80. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-61362-4_4

    Chapter  Google Scholar 

  5. Beckert, B., Schiffl, J., Schmitt, P.H., Ulbrich, M.: Proving JDK’s dual pivot quicksort correct. In: Paskevich, A., Wies, T. (eds.) VSTTE 2017. LNCS, vol. 10712, pp. 35–48. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-72308-2_3

    Chapter  Google Scholar 

  6. Blom, S., Darabi, S., Huisman, M., Oortwijn, W.: The VerCors tool set: verification of parallel and concurrent software. In: Polikarpova, N., Schneider, S.A. (eds.) IFM 2017. LNCS, vol. 10510, pp. 102–110. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66845-1_7, Tool website: https://www.utwente.nl/vercors/

  7. Boer, M.d., Gouw, S.d., Klamroth, J., Jung, C., Ulbrich, M., Weigl, A.: Formal specification and verification of JDK’s identity hash map implementation. In: ter Beek, M.H., Monahan, R. (eds.) IFM 2022. LNCS, vol. 13274, pp. 45–62. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-07727-2_4

  8. Boyland, J.: Checking interference with fractional permissions. In: Cousot, R. (ed.) Static Analysis. LNCS, vol. 2694, pp. 55–72. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-44898-5_4

    Chapter  Google Scholar 

  9. Brizhinev, D., Goré, R.: A case study in formal verification of a Java program. Computing Research Repository abs/1809.03162 (2018). http://arxiv.org/abs/1809.03162

  10. Cataño, N., Wahls, T., Rueda, C., Rivera, V., Yu, D.: Translating B machines to JML specifications. In: Ossowski, S., Lecca, P. (eds.) Proceedings of the ACM Symposium on Applied Computing, SAC 2012, Riva, Trento, Italy, 26–30 March 2012, pp. 1271–1277. ACM (2012). https://doi.org/10.1145/2245276.2231978

  11. Chicote, M., Ciolek, D., Galeotti, J.: Practical JFSL verification using TACO. Softw. Pract. Exp. 44(3), 317–334 (2014). https://doi.org/10.1002/spe.2237, https://onlinelibrary.wiley.com/doi/abs/10.1002/spe.2237

  12. Christakis, M., Müller, P., Wüstholz, V.: Collaborative verification and testing with explicit assumptions. In: Giannakopoulou, D., Méry, D. (eds.) FM 2012. LNCS, vol. 7436, pp. 132–146. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32759-9_13

    Chapter  Google Scholar 

  13. Cok, D.R.: OpenJML: JML for Java 7 by extending OpenJDK. In: Bobaru, M., Havelund, K., Holzmann, G.J., Joshi, R. (eds.) NFM 2011, vol. 6617, pp. 472–479. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20398-5_35, Tool website: https://www.openjml.org/

  14. Dohrau, J.: Automatic Inference of Permission Specifications. Ph.D. thesis, ETH Zurich (2022)

    Google Scholar 

  15. Efremov, D., Mandrykin, M., Khoroshilov, A.: Deductive verification of unmodified Linux kernel library functions. In: Margaria, T., Steffen, B. (eds.) ISoLA 2018. LNCS, vol. 11245, pp. 216–234. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03421-4_15

    Chapter  Google Scholar 

  16. Ernst, M.D., et al.: The Daikon system for dynamic detection of likely invariants. Sci. Comput. Program. 69(1–3), 35–45 (2007). https://doi.org/10.1016/j.scico.2007.01.015, Tool website: https://plse.cs.washington.edu/daikon/

  17. Filliâtre, J., Marché, C.: The Why/Krakatoa/Caduceus platform for deductive program verification. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 173–177. Springer, Cham (2007). https://doi.org/10.1007/978-3-540-73368-3_21, Tool website: https://krakatoa.lri.fr/

  18. Filliâtre, J.-C., Paskevich, A.: Why3—where programs meet provers. In: Felleisen, M., Gardner, P. (eds.) ESOP 2013. LNCS, vol. 7792, pp. 125–128. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-37036-6_8

    Chapter  Google Scholar 

  19. Giorgetti, A., Groslambert, J.: JAG: JML Annotation Generation for verifying temporal properties. In: Baresi, L., Heckel, R. (eds.) FASE 2006. LNCS, vol. 3922, pp. 373–376. Springer, Heidelberg (2006). https://doi.org/10.1007/11693017_27

    Chapter  Google Scholar 

  20. de Gouw, S., Rot, J., de Boer, F.S., Bubel, R., Hähnle, R.: OpenJDK’s Java.utils.Collection.sort() is broken: the good, the bad and the worst case. In: Kroening, D., Păsăreanu, C.S. (eds.) CAV 2015. LNCS, vol. 9206, pp. 273–289. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-21690-4_16

    Chapter  Google Scholar 

  21. Grunwald, D., Gladisch, C., Liu, T., Taghdiri, M., Tyszberowicz, S.: Generating JML specifications from alloy expressions. In: Yahav, E. (ed.) HVC 2014. LNCS, vol. 8855, pp. 99–115. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-13338-6_9

    Chapter  Google Scholar 

  22. Hähnle, R., Huisman, M.: Deductive software verification: from pen-and-paper proofs to industrial tools. In: Steffen, B., Woeginger, G. (eds.) Computing and Software Science. LNCS, vol. 10000, pp. 345–373. Springer, Cham (2019). https://doi.org/10.1007/978-3-319-91908-9_18

    Chapter  Google Scholar 

  23. Hamie, A.: Translating the object constraint language into the Java modelling language. In: Proceedings of the 2004 ACM Symposium on Applied Computing. SAC ’04, pp. 1531–1535. Association for Computing Machinery, New York, NY, USA (2004). https://doi.org/10.1145/967900.968206

  24. Huisman, M., Tamalet, A.: A formal connection between security automata and JML annotations. In: Chechik, M., Wirsing, M. (eds.) FASE 2009. LNCS, vol. 5503, pp. 340–354. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00593-0_23

    Chapter  Google Scholar 

  25. Jacobs, B., Smans, J., Philippaerts, P., Vogels, F., Penninckx, W., Piessens, F.: VeriFast: a powerful, sound, predictable, fast verifier for C and Java. In: Bobaru, M., Havelund, K., Holzmann, G.J., Joshi, R. (eds.) NFM 2011. LNCS, vol. 6617, pp. 41–55. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20398-5_4

    Chapter  Google Scholar 

  26. Knüppel, A., Thüm, T., Pardylla, C., Schaefer, I.: Experience report on formally verifying parts of OpenJDK’s API with KeY. Electron. Proc. Theor. Comput. Sci. 284, 53–70 (2018). https://doi.org/10.4204/eptcs.284.5

  27. Leavens, G.T., Baker, A.L., Ruby, C.: Preliminary design of JML: a behavioral interface specification language for Java. SIGSOFT Softw. Eng. Notes 31(3), 1–38 (2006). https://doi.org/10.1145/1127878.1127884

  28. Leavens, G.T., et al.: JML Reference Manual, Department of Computer Science, Iowa State University, May 2013. http://www.jmlspecs.org

  29. Raghavan, A., Leavens, G.: Desugaring JML method specifications. Comput. Sci. Tech. Rep. 345 (2005). http://lib.dr.iastate.edu/cs_techreports/345

  30. Ringer, T., Yazdani, N., Leo, J., Grossman, D.: Adapting proof automation to adapt proofs. In: Proceedings of the 7th ACM SIGPLAN International Conference on Certified Programs and Proofs. CPP 2018, pp. 115–129. Association for Computing Machinery, New York, NY, USA (2018). https://doi.org/10.1145/3167094

  31. Robby, Chalin, P.: Preliminary design of a unified JML representation and software infrastructure. In: Proceedings of the 11th International Workshop on Formal Techniques for Java-like Programs. FTfJP ’09. Association for Computing Machinery, New York, NY, USA (2009). https://doi.org/10.1145/1557898.1557903

  32. Summers, A.J., Drossopoulou, S.: A formal semantics for isorecursive and equirecursive state abstractions. In: Castagna, G. (ed.) ECOOP 2013. LNCS, vol. 7920, pp. 129–153. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39038-8_6

    Chapter  Google Scholar 

  33. Tran-Jørgensen, P.W.V., Larsen, P.G., Leavens, G.T.: Automated translation of VDM to JML-annotated Java. Int. J. Softw. Tools Technol. Transf. 20(2), 211–235 (2017). https://doi.org/10.1007/s10009-017-0448-3

    Article  Google Scholar 

  34. Tushkanova, E., Giorgetti, A., Marché, C., Kouchnarenko, O.: Modular Specification of Java Programs. Research Report RR-7097, INRIA (2009). https://hal.inria.fr/inria-00434452

  35. Zaharieva-Stojanovski, M., Huisman, M.: Verifying class invariants in concurrent programs. In: Gnesi, S., Rensink, A. (eds.) FASE 2014. LNCS, vol. 8411, pp. 230–245. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54804-8_16

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Twente, Enschede, The Netherlands

    Lukas Armborst, Sophie Lathouwers & Marieke Huisman

Authors
  1. Lukas Armborst
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sophie Lathouwers
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Marieke Huisman
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Lukas Armborst , Sophie Lathouwers or Marieke Huisman .

Editor information

Editors and Affiliations

  1. Embedded Systems Group, University of Münster, Münster, Germany

    Paula Herber

  2. Eindhoven University of Technology, Eindhoven, The Netherlands

    Anton Wijs

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Armborst, L., Lathouwers, S., Huisman, M. (2024). Joining Forces! Reusing Contracts for Deductive Verifiers Through Automatic Translation. In: Herber, P., Wijs, A. (eds) Integrated Formal Methods. iFM 2023. Lecture Notes in Computer Science, vol 14300. Springer, Cham. https://doi.org/10.1007/978-3-031-47705-8_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-47705-8_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-47704-1

  • Online ISBN: 978-3-031-47705-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation