Modular verification of Ada generics

https://doi.org/10.1016/0096-0551(91)90010-7Get rights and content

Abstract

This paper develops modular verification rules for Ada generics which are proven to be sound and complete. The generic mechanism in Ada allows modules to be parameterized by types, procedures and functions. The modularity property allows a generic to be verified once, and then exported to other modules which assume that it is correct. This requires the generic to have a specification which is used in verifying other modules, but its implementation cannot be used for this purpose. Thus, modular verification cannot be based on removing generics by macro expansion which requires the use of the generic's implementation. The main difficulty with specifying and verifying a generic is that the specification language may need to be extended with a new theory for specifying and reasoning about properties of objects whose type is a parameter to the generic. Such theories must be part of the specification of the generic, and this raises the possibility that the extended specification language may not be expressive, even if it was before the extension. The use of strings in our specification language prevents this from happening, which is proven in the paper; this is a major step toward establishing the completeness of our rules. Modularity also had a large impact on our semantics for programming constructs which is quite different from the usual semantics in the literature, even though it is still based the denotational semantics of Scott and Strachey. The main reason for this is that we had to modify the standard definition of validity. Modularity requires that validity depend on certain internal assertions in a program, such as the precondition of a procedure invoked in the program.

References (30)

  • D Scott

    Some definitional suggestions for automata theory

    J. Comput. Syst. Sci.

    (1967)
  • S.A Cook

    Soundness and completeness of an axiom system for program verification

    SIAM J. Comput.

    (1978)
  • E.M Clarke

    Programming language constructs for which it is impossible to obtain good Hoare axiom systems

    J. ACM

    (1979)
  • S.D Brookes et al.

    Behavioral equivalence relations induced by programming logics

    (1983)
  • G.W Ernst et al.

    Verification of procedures with procedure-type parameters

    Acta inform.

    (1982)
  • W.D Young et al.

    Generics and verification in Ada

  • B Hailpern et al.

    Modular verification of concurrent programs

  • E.R Olderog

    Sound and complete Hoare-like calculi based on copy rules

    Acta inform.

    (1981)
  • G.W Ernst et al.

    Semantics of programming languages for modular verification

  • J.E Donahue

    Complementary definitions of programming language semantics

  • G.A Gorelick

    A complete axiomatic system for proving assertions about recursive and non-recursive programs

  • J.Y Halpern

    A good Hoare axiom system for an algol-like language

  • J.Y Halpern et al.

    The semantics of local storage, or what makes the fre-list free?

  • Cited by (0)

    This research was partially supported by the National Science Foundation under grant CCR-8802312.

    View full text