research-article

Behavioral interface specification languages

Authors:

Gary T. Leavens,

K. Rustan M. Leino,

Matthew ParkinsonAuthors Info & Claims

ACM Computing Surveys (CSUR), Volume 44, Issue 3

Article No.: 16, Pages 1 - 58

https://doi.org/10.1145/2187671.2187678

Published: 14 June 2012 Publication History

Abstract

Behavioral interface specification languages provide formal code-level annotations, such as preconditions, postconditions, invariants, and assertions that allow programmers to express the intended behavior of program modules. Such specifications are useful for precisely documenting program behavior, for guiding implementation, and for facilitating agreement between teams of programmers in modular development of software. When used in conjunction with automated analysis and program verification tools, such specifications can support detection of common code vulnerabilities, capture of light-weight application-specific semantic properties, generation of test cases and test oracles, and full formal program verification. This article surveys behavioral interface specification languages with a focus toward automatic program verification and with a view towards aiding the Verified Software Initiative—a fifteen-year, cooperative, international project directed at the scientific challenges of large-scale software verification.

References

[1]

Abadi, M. and Lamport, L. 1988. The existence of refinement mappings. Tech. rep. 29, Digital Equipment Corporation, Systems Research Center, Palo Alto, CA.

[2]

Abrial, J.-R. 1996. The B-Book: Assigning Programs to Meanings. Cambridge University Press, Cambridge, U.K.

Digital Library

[3]

Aldrich, J., Chambers, C., and Notkin, D. 2002. Architectural reasoning in ArchJava. In Proceedings of the 16th European Conference, Object-Oriented Programming (ECOOP'02), B. Magnusson, Ed. Lecture Notes in Computer Science, vol. 2374. Springer-Verlag, Berlin, 334--367.

Digital Library

[4]

Alhir, S. S. 1998. UML in a Nutshell. O'Reilly, Sebastapol, CA.

[5]

Alur, R., Courcoubetts, C., and Dill, D. 1990. Model checking for real-time systems. In Proceedings of the 5th Annual Sympostum on Logic in Computer Science. IEEE Computer Society Press, Los Alamitos, CA, 414--425.

[6]

Alur, R. and Henzinger, T. A. 1994. A really temporal logic. J. ACM 41, 1, 181--203.

Digital Library

[7]

Ambler, A. L., Good, D. I., Browne, J. C., Burger, W. F., Choen, R. M., Hoch, C. G., and Wells, R. E. 1977. Gypsy: A language for specification and implementation of verifiable programs. In Proceedings of the ACM Conference on Language Design for Reliable Software, SIGPLAN Not. 12, 3, 1--10.

Digital Library

[8]

America, P. 1987. Inheritance and subtyping in a parallel object-oriented language. In Proceedings of the European Conference on Object-Oriented Programming (ECOOP'87), J. Bezivin et al., Eds. Lecture Notes in Computer Science, volume 276, Springer-Verlag, New York, NY, 234--242.

Digital Library

[9]

Andrews, D. J. 1996. Information technology programming languages, their environments and system software interfaces: Vienna Development Method--specification language -- part 1: Base language. International Standard ISO/IEC 13817-1, International Standards Organization.

[10]

Apt, K. R. 1981. Ten years of Hoare's logic: A survey—part I. ACM Trans. Program. Lang. Syst. 3, 4, 431--483.

Digital Library

[11]

Apt, K. R. and 0lderog, E. 1991. Introduction to program verification. In Formal Description of Programming Concepts, E. J. Neuhold and M. Paul, Eds, IFIP State-of-the-Art Reports. Springer-Verlag, New York, NY, 363--429.

[12]

Apt, K. R. and Olderog, E. 1997. Verification of Sequential and Concurrent Programs, 2nd ed. Graduate Texts in Computer Science Series. Springer-Verlag, New York, NY.

Digital Library

[13]

Arlow, J. and Neustadt, I. 2005. UML 2 and the Unified Process: Practical Object-Oriented Analysis and Design 2nd ed. Addison-Wesley, Indianoplis, IN.

Digital Library

[14]

Back, R.-J., Mikhajlova, A., and von Wright, J. 2000. Class refinement as semantics of correct object substitutability. Formal Aspects Comput. 12, 1, 18--40.

[15]

Back, R. J. R. 1980. Correctness Preserving Program Refinements: Proof Theory and Applications. Mathematical Center Tracts, vol. 131. Mathematical Centre, Amsterdam.

[16]

Backhouse, R., Chisholm, P., Malcolm, G., and Saaman, E. 1989. Do-it-yourself type theory. Formal Aspects Comput. 1, 1, 19--84.

[17]

Ball, T. and Rajamani, S. K. 2001. The SLAM toolkit. In Computer Aided Verification. Lecture Notes in Computer Science, vol. 2102. Springer-Verlag, Berlin, 260--264.

Digital Library

[18]

Banerjee, A., Barnett, M., and Naumann, D. A. 2008. Boogie meets regions: A verification experience report. In Verified Software: Theories, Tools, Experiments (VSTTE), N. Shankar and J. Woodcock, Eds. Lecture Notes in Computer Science, vol. 5295. Springer-Verlag, New York, NY, 177--191.

Digital Library

[19]

Banerjee, A., Naumann, D. A., and Rosenberg, S. 2008. Regional logic for local reasoning about global invariants. In Proceedings of the European Conference on Object-Oriented Programming (ECOOP), J. Vitek, Ed. Lecture Notes in Computer Science, vol. 5142. Springer-Verlag, New York, NY, 387--411.

Digital Library

[20]

Barnes, J. 1997. High Integrity Ada: The SPARK Approach. Addison Wesley Longman, Inc., Reading, MA.

[21]

Barnett, M., Chang, B.-Y. E., DeLine, R., Jacobs, B., and Leino, K. R. M. 2006. Boogie: A modular reusable verifier for object-oriented programs. In Formal Methods for Components and Objects (FMCO) 2005, Revised Lectures. Lecture Notes in Computer Science, vol. 4111. Springer-Verlag, New York, NY, 364--387.

Digital Library

[22]

Barnett, M., DeLine, R., Fähndrich, M., Leino, K. R. M., and Schulte, W. 2004. Verification of object-oriented programs with invariants. J. Object Technol. 3, 6, 27--56.

[23]

Barnett, M., Leino, K. R. M., and Schulte, W. 2005. The Spec&num; programming system: An overview. In Construction and Analysis of Safe, Secure, and Interoperable Smart Devices (CASSIS 2004), G. Barthe, L. Burdy, M. Huisman, J.-L. Lanet, and T. Muntean, Eds. Lecture Notes in Computer Science, vol. 3362. Springer-Verlag, New York, NY, 49--69.

Digital Library

[24]

Barnett, M., Schulte, D. A. N. W., and Sun, Q. 2004. 99.44&percnt; pure: Useful abstractions in specification. In Formal Techniques for Java-like Programs (FTfJP), E. Poll, Ed. Radbod University, Nijmegen, 11--19. http://www.cs.ru.nl/ftfjp/2004/Purity.pdf.

[25]

Barnett, M. and Schulte, W. 2003. Runtime verification of .NET contracts. J. Syst. Softw. 65, 3, 199--208.

Digital Library

[26]

Barrett, C. and Tinelli, C. 2007. CVC3. In Proceedings of the 19th International Conference on Computer Aided Verification (CAV'07), W. Damm and H. Hermanns, Eds. Lecture Notes in Computer Science, vol. 4590. Springer-Verlag, Berlin, 298--302.

Digital Library

[27]

Barringer, H., Cheng, J. H., and Jones, C. B. 1984. A logic covering undefinedness in program proofs. Acta Informatica 21, 3, 251--269.

Digital Library

[28]

Bartetzko, D., Fischer, C., Moller, M., and Wehrheim, H. 2001. Jass - Java with assertions. In Proceedings of the Workshop on Runtime Verification held in conjunction with the 13th Conference on Computer Aided Verification (CAV'01). Published in Electronic Notes in Theoretical Computer Science, K. Havelund and G. Rosu, Eds., 55, 2.

[29]

Baudin, P., Filliâtre, J.-C., Marché, C., Monate, B., Moy, Y., and Prevosto, V. 2009. ACSL: ANSI/ISO C Specification Language, version 1.4. ANSI. http://frama-c.cea.fr/acsl.html.

[30]

Beckert, B., Hähnle, R., and Schmitt, P. H. 2007. Verification of Object-Oriented Software: The KeY Approach. Lecture Notes in Computer Science, vol. 4334. Springer-Verlag, Berlin.

Digital Library

[31]

Berdine, J., Calcagno, C., and O'Hearn, P. W. 2005. Smallfoot: Modular automatic assertion checking with separation logic. In Formal Methods for Components and Objects (FMCO), F. S. de Boer, M. M. Bonsangue, S. Graf, and W. P. de Roever, Eds. Lecture Notes in Computer Science, vol. 4111. Springer-Verlag, Berlin, 115--137.

Digital Library

[32]

Berry, G. 2000. The foundations of Esterel. In Proof, Language and Interaction: Essays in Honour of Robin Milner, G. Plotkin, C. Stirling, and M. Tofte, Eds. The MIT Press, Cambridge, MA.

Digital Library

[33]

Bidoit, M., Kreowski, H.-J., Lescanne, P., Orejas, F., and Sannella, D., Eds. 1991. Algebraic System Specification and Development: A Survey and Annotated Bibliography. Lecture Notes in Computer Science, vol. 501. Springer-Verlag, Berlin.

Digital Library

[34]

Bjørner, D. and Henson, M. C. 2008. Logics of Specification Languages. Springer-Verlag, Berlin.

[35]

Blanchet, B., Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., and Rival, X. 2002. Design and implementation of a special-purpose static program analyzer for safety-critical real-time embedded software. In The Essence of Computation: Complexity, Analysis, Transformation, T. A. Mogensen, D. A. Schmidt, and I. H. Sudborough, Eds. Lecture Notes in Computer Science, vol. 2566. Springer-Verlag, 85--108.

Digital Library

[36]

Börger, E. and Stärk, R. 2003. Abstract State Machines: A Method for High-Level System Design and Analysis. Springer-Verlag, Berlin.

Digital Library

[37]

Borgida, A., Mylopoulos, J., and Reiter, R. 1995. On the frame problem in procedure specifications. IEEE Trans. Softw. Eng. 21, 10, 785--798.

Digital Library

[38]

Boyapati, C., Khurshid, S., and Marinov, D. 2002. Korat: Automated testing based on Java predicates. In Proceedings of the International Symposium on Software Testing and Analysis (ISSTA). 123--133.

Digital Library

[39]

Boyland, J. 2003. Checking interference with fractional permissions. In Static Analysis (SAS), R. Cousot, Ed. Lecture Notes in Computer Science, vol. 2694. Springer-Verlag, Berlin, 55--72.

Digital Library

[40]

Brookes, S. D., Hoare, C. A. R., and Roscoe, A. W. 1984. A theory of communicating sequential processes. J. ACM 31, 3, 560--599.

Digital Library

[41]

Burdy, L., Cheon, Y., Cok, D. R., Ernst, M. D., Kiniry, J. R., Leavens, G. T., Leino, K. R. M., and Poll, E. 2005. An overview of JML tools and applications. Int. J. Softw. Tools Technol. Transfer 7, 3, 212--232.

Digital Library

[42]

Cardelli, L. 1988. A semantics of multiple inheritance. Inform. Comput. 76, 2--3, 138--164.

Digital Library

[43]

Cartwright, R. 1981. Formal program testing. In Proceedings of the Conference Record of the 8th ACM Symposium on Principles of Programming Languages. 125--132.

Digital Library

[44]

Castagna, G. 1995. Covariance and contravariance: Conflict without a cause. ACM Trans. Program. Lang. Syst. 17, 3, 431--447.

Digital Library

[45]

Cataño, N. and Huisman, M. 2002. Formal specification of Gemplus's electronic purse case study. In FME 2002: Formal Methods-Getting IT Right, L. H. Eriksson and P. A. Lindsay, Eds. Lecture Notes in Computer Science vol., 2391. Springer-Verlag, Berlin, 272--289.

[46]

Chalin, P. 2005. Logical foundations of program assertions: What do practitioners want&quest; In Proceedings of the 3rd International Conference on Software Engineering and Formal Method (SEFM). IEEE Computer Society, Los Alamitos, CA.

Digital Library

[47]

Chalin, P. 2007. A sound assertion semantics for the dependable systems evoluation verifying compiler. In Proceedings of the International Conference on Software Engineering (ICSE). IEEE, Los Alamitos, CA, 23--33.

Digital Library

[48]

Chang, J. and Richardson, D. J. 1999. Structural specification-based testing: Automated support and experimental evaluation. In Software Engineering -- ESEC/FSE '99, O. Nierstrasz and M. Lemoine, Eds. Lecture Notes in Computer Science, vol. 1687. Springer-Verlag, 285--302. Also ACM SIGSOFT Softw. Engineer. Notes, 24, 6.

Digital Library

[49]

Chapman, R. 2000. Industrial experience with SPARK. ACM SIGADA Ada Letters 20, 4, 64--68.

Digital Library

[50]

Chen, Y. and Cheng, B. H. C. 2000. A semantic foundation for specification matching. In Foundations of Component-Based Systems, G. T. Leavens and M. Sitaraman, Eds. Cambridge University Press, New York, NY, 91--109.

Digital Library

[51]

Cheon, Y. and Leavens, G. T. 1994. The Larch/Smalltalk interface specification language. ACM Trans. Softw. Eng. Methodol. 3, 3, 221--253.

Digital Library

[52]

Cheon, Y. and Leavens, G. T. 2002. A runtime assertion checker for the Java Modeling Language (JML). In Proceedings of the International Conference on Software Engineering Research and Practice (SERP '02), H. R. Arabnia and Y. Mun, Eds. CSREA Press, 322--328.

[53]

Cheon, Y. and Leavens, G. T. 2005. A contextual interpretation of undefinedness for runtime assertion checking. In Proceedings of the 6th International Symposium on Automated and Analysis-Driven Debugging, (AADEBUG'05). ACM Press, New York, NY, 149--157.

Digital Library

[54]

Cheon, Y., Leavens, G. T., Sitaraman, M., and Edwards, S. 2005. Model variables: Cleanly supporting abstraction in design by contract. Soft. Pract. Exp. 35, 6, 583--599.

Digital Library

[55]

Chin, W.-N., David, C., Nguyen, H. H., and Qin, S. 2008. Enhancing modular OO verification with separation logic. In Proceedings of the ACM Symposium on Principles of Programming Languages, P. Wadler, Ed. ACM, New York, NY, 87--99.

Digital Library

[56]

Clarke, D. G., Potter, J. M., and Noble, J. 1998. Ownership types for flexible alias protection. In Proceedings of the ACM Annual Conference on Object-Oriented Programming, Systems, Languages & Applications (OOPSLA'98), SIGPLAN Not., 33, 10. ACM, New York, NY, 48--64.

Digital Library

[57]

Clarke, E. M., Emerson, E. A., and Sistla, A. P. 1986. Automatic verification of finite state concurrent systems using temporal logic specifications. ACM Trans. Program. Lang. Syst. 8, 2, 244--263.

Digital Library

[58]

Clarke, M. J., Grumberg, O., and Peled, D. A. 1999. Model Checking. The MIT Press, Cambridge, MA.

Digital Library

[59]

Clarke, L. A. and Rosenblum, D. S. 2006. A historical perspective on runtime assertion checking in software development. ACM SIGSOFT Softw. Eng. Notes 31, 3, 25--37. http://doi.acm.org/10.1145/1127878.1127900.

Digital Library

[60]

CoFI (The Common Framework Initiative). 2004. Casl Reference Manual. Lecture Notes in Computer Science, vol. 2960 (IFIP Series). Springer-Verlag, Berlin.

[61]

Cohen, E., Dahlweid, M., Hillebrand, M., Leinenbach, D., Moskal, M., Santen, T., Schulte, W., and Tobies, S. 2009. VCC: A practical system for verifying concurrent C. In Theorem Proving in Higher Order Logics, 22nd International Conference, S. Berghofer, T. Nipkow, C. Urban, and M. Wenzel, Eds. Lecture Notes in Computer Science, vol. 5674. Springer-Verlag, Berlin, 23--42.

Digital Library

[62]

Cohen, E., Moskal, M., Tobies, S., and Schulte, W. 2010. Local verification of global invariants in concurrent programs. In Computer Aided Verification (CAV). Lecture Notes in Computer Science. Springer-Verlag, Berlin. Forthcoming.

Digital Library

[63]

Cok, D. and Leavens, G. T. 2008. Extensions of the theory of observational purity and a practical design for JML. In Proceedings of the 7th International Workshop on Specification and Verification of Component-Based Systems (SAVCBS'08). Tech. Rep. CS-TR-08-07. School of EECS, University of Central Florida, Orlando, FL, 43--50.

[64]

Cok, D. R. 2004. Reasoning with specifications containing method calls in JML and first-order provers. In Proceedings of the ECOOP Workshop FTfJP'2004 Formal Techniques for Java-like Programs, E. Poll, Ed. Rabound University, Nijmegen, 41--48.

[65]

Constable, R. L., Allen, S., h. Bromely, Cleveland, W., et al. 1986. Implementing Mathematics with the Nuprl Development System. Prentice-Hall, Inc., Englewood Cliffs, NJ.

Digital Library

[66]

Corbett, J. C., Dwyer, M. B., Hatcliff, J., Laubach, S., Pasareanu, C. S., Robby, and Zheng, H. 2000. Bandera: Extracting finite-state models from Java source code. In Proceedings of the 22nd International Conference on Software Engineering. ACM Press, New York, NY, 439--448.

Digital Library

[67]

Cousot, P. 1990. Methods and logics for proving programs. In Handbook of Theoretical Computer Science, J. van Leewen, Ed. Vol. B: Formal Models and Semantics. The MIT Press, New York, NY, 841--993.

Digital Library

[68]

Cousot, P. and Cousot, R. 1977. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In Proceedings of the Conference Record of the 4th Annual ACM Symposium on Principles of Programming Languages. ACM, New York, NY, 238--252.

Digital Library

[69]

Cristian, F. 1984. Correct and robust programs. IEEE Trans. Softw. Engi. 10, 163--174.

Digital Library

[70]

Darvas, Á. and Leino, K. R. M. 2007. Practical reasoning about invocations and implementations of pure methods. In Fundamental Approaches to Software Engineering, 10th International Conference, A. L. Matthew B. Dwyer, Ed. Lecture Notes in Computer Science, vol. 4422. Springer-Verlag, Berlin, 336--351.

Digital Library

[71]

Darvas, Á. and Müller, P. 2005. Reasoning about method calls in JML specifications. In Formal Techniques for Java-like Programs. ETH, Zurich, Switzerland.

[72]

Darvas, Á. and Müller, P. 2006. Reasoning about method calls in interface specifications. J. Object Technol. 5, 5, 59--85.

[73]

de Moura, L. and Bjørner, N. 2008. Z3: An efficient SMT solver. In Tools and Algorithms for the Construction and Analysis (TACAS). Lecture Notes in Computer Science, vol. 4963. Springer-Verlag, Berlin, 337--340.

Digital Library

[74]

Deng, X., Lee, J., and Robby. 2006. Bogor/Kiasan: A k-bounded symbolic execution for checking strong heap properties of open systems. In Proceedings of the 21st IEEE Conference on Automated Software Engineering. 157--166.

Digital Library

[75]

Detlefs, D. L., Leino, K. R. M., Nelson, G., and Saxe, J. B. 1998. Extended static checking. SRC Research rep. 159, Compaq Systems Research Center, Palo Alto, CA.

[76]

Dhara, K. K. and Leavens, G. T. 1996. Forcing behavioral subtyping through specification inheritance. In Proceedings of the 18th International Conference on Software Engineering. IEEE Computer Society Press, Los Alamitos, CA, 258--267. A corrected version is ISU CS TR &num;95-20c, http://tinyurl.com/s2krg.

Digital Library

[77]

Dietl, W. and Müller, P. 2005. Universes: Lightweight ownership for JML. J. Object Technol. 4, 8, 5--32.

[78]

Dijkstra, E. W. 1976. A Discipline of Programming. Prentice-Hall, Inc., Englewood Cliffs, NJ.

Digital Library

[79]

Distefano, D., O'Hearn, P. W., and Yang, H. 2006. A local shape analysis based on separation logic. In Tools and Algorithms for the Construction and Analysis of Systems. Lecture Notes in Computer Science, vol. 3920. Springer-Verlag, Berlin, 287--302.

Digital Library

[80]

Distefano, D. and Parkinson, M. J. 2008. jStar: Towards practical verification for Java. In ACM Annual Conference of Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), G. E. Harris, Ed. ACM, New York, NY, 213--226.

Digital Library

[81]

Dong, J. S., Hao, P., Zhang, X., and Qin, S. C. 2006. Highspec: A tool for building and checking OZTA models. In Proceedings of the 28th International Conference on Software Engineering (ICSE'06). ACM, New York, NY, 775--778.

Digital Library

[82]

Drossopoulou, S., Francalanza, A., Müller, P., and Summers, A. J. 2008. A unified framework for verification techniques for object invariants. In Proceedings of the European Conference on Object-Oriented Programming (ECOOP), J. Vitek, Ed. Lecture Notes in Computer Science. Springer-Verlag, Berlin, 412--437.

Digital Library

[83]

Edwards, S. H., Heym, W. D., Long, T. J., Sitaraman, M., and Weide, B. W. 1994. Part II: Specifying components in RESOLVE. ACM SIGSOFT Soft. Engi. Notes 19, 4, 29--39.

Digital Library

[84]

Eiffel. 2005. Eiffel analysis, design and programming language. ECMA Standard 367.

[85]

Emerson, E. A. 1990. Temporal and modal logic. In Handbook of Theoretical Computer Science, J. van Leeuwen, Ed. Vol. B. The MIT Press, Cambridge, MA, 995--1072.

Digital Library

[86]

Ernst, M. D. 2003. Static and dynamic analysis: Synergy and duality. In Proceedings of the ICSE Workshop on Dynamic Analysis, (WODA'03). New Mexico State University, NM, 24--27.

[87]

Fähndrich, M. and Leino, K. R. M. 2003. Heap monotonic typestates. In Proceedings of the ECOOP International Workshop on Aliasing, Confinement and Ownership (IWACO'03). K. U. Leuven, Leuven.

[88]

Fähndrich, M. and Xia, S. 2007. Establishing object invariants with delayed types. In Proceedings of the 22nd Annual ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA'07), R. P. Gabriel, D. F. Bacon, C. V. Lopes, and G. L. Steele Jr., Eds. ACM, New York, NY, 337--350.

Digital Library

[89]

Filliâtre, J.-C. and Marché, C. 2004. Multi-prover verification of C programs. In Proceedings of the 6th International Conference on Formal Engineering Methods (ICFEM'04). Lecture Notes in Computer Science, vol. 3308. Springer-Verlag, Berlin, 15--29.

[90]

Findler, R. B. and Felleisen, M. 2001. Contract soundness for object-oriented languages. In Proceedings of the Annual ACM SIGPLAN Conference of Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA'01). ACM, New York, NY, 1--15.

Digital Library

[91]

Findler, R. B. and Felleisen, M. 2002. Contracts for higher-order functions. In Proceedings of ACM SIGPLAN International Conference on Functional Programming. ACM, New York, NY, 48--59.

Digital Library

[92]

Fitzgerald, J. 2008. The typed logic of partial functions and the Vienna Development Method. In Logics of Specification Languages, Springer-Verlag, Berlin, 453--487.

[93]

Fitzgerald, J. and Larsen, P. G. 1998. Modelling Systems: Practical Tools in Software Development. Cambridge Press, Cambridge, U.K.

Digital Library

[94]

Fitzgerald, J. S., Larsen, P. G., Mukherjee, P., Plat, N., and Verhoef, M. 2005. Validated Designs for Object-Oriented Systems. Springer-Verlag, London.

Digital Library

[95]

Flanagan, C. 2006. Hybrid type checking. In Proceedings of the 33th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL'06). SIGPLAN Not. 41, 1, ACM Press, New York, 245--256.

Digital Library

[96]

Flanagan, C., Leino, K. R. M., Lillibridge, M., Nelson, G., Saxe, J. B., and Stata, R. 2002. Extended static checking for Java. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'02). SIGPLAN Not. 37, 5. ACM, New York, NY, 234--245.

Digital Library

[97]

Floyd, R. W. 1967. Assigning meanings to programs. Proc. Symp. Appl. Math. 19, 19--31.

[98]

Francez, N. 1992. Program Verification. Addison-Wesley Publishing Co., Cambridge, U.K.

Digital Library

[99]

Furia, C. A., Mandrioli, D., Morzenti, A., and Rossi, M. 2010. Modeling time in computing: A taxonomy and a comparative survey. ACM Comput. Surv. 42, 2, 1--59.

Digital Library

[100]

Gamma, E., Helm, R., Johnson, R., and Vlissides, J. 1995. Design Patterns: Elements of Reusable Object-Oriented Software. Addison-Wesley, Reading, MA.

Digital Library

[101]

Garlan, D., Monroe, R. T., and Wile, D. 2000. Acme: Architectural description of component-based systems. In Foundations of Component-Based Systems, G. T. Leavens and M. Sitaraman, Eds. Cambridge University Press, New York, NY, 47--67.

Digital Library

[102]

Goguen, J. A., Thatcher, J. W., and Wagner, E. G. 1978. An initial algebra approach to the specification, correctness and implementation of abstract data types. In Current Trends in Programming Methodology, vol. 4, R. T. Yeh, Ed. V Prentice-Hall, Inc., Englewood Cliffs, NJ., 80--149.

[103]

Goodenough, J. B. 1975. Exception handling: Issues and a proposed notation. Commun. ACM 18, 12, 683--696.

Digital Library

[104]

Gorelick, G. A. 1975. A complete axiomatic system for proving assertions about recursive and non-recursive programs. Tech. rep. 75, University of Toronto, Toronto, Canada.

[105]

Gries, D. and Schneider, F. B. 1995. Avoiding the undefined by underspecification. In Computer Science Today: Recent Trends and Developments, J. van Leeuwen, Ed. Lecture Notes in Computer Science, no. 1000. Springer-Verlag, New York, NY, 366--373.

[106]

Grieskamp, W., Tillmann, N., and Schulte, W. 2005. XRT - exploring runtime for .NET - architecture and applications. In Proceedings of the Workshop on Software Model Checking.

[107]

Guaspari, D., Marceau, C., and Polak, W. 1992. Formal verification of Ada programs. In Proceedings of the 1st International Workshop on Larch, U. Martin and J. M. Wing, Eds. Springer-Verlag, New York, NY, 104--141.

Digital Library

[108]

Gurevich, Y. 1991. Evolving algebras: A tutorial introduction. Bullet. EATCS 43, 264--284.

[109]

Guttag, J. V. and Horning, J. J. 1986. Report on the Larch Shared Language. Sci. Comput. Program. 6, 2, 103--134.

Digital Library

[110]

Guttag, J. V., Horning, J. J., Garland, S. J., Jones, K. D., Modet, A., and Wing, J. M. 1993. Larch: Languages and Tools for Formal Specification. Springer-Verlag, New York, NY.

Digital Library

[111]

Guttag, J. V., Horning, J. J., and Wing, J. M. 1985. The Larch family of specification languages. IEEE Software 2, 5, 24--36.

Digital Library

[112]

Halbwachs, N., Lagnier, F., and Ratel, C. 1992. Programming and verifying real-time systems by means of the synchronous data-flow language LUSTRE. IEEE Trans. Softw. Eng. 18, 9, 785--793.

Digital Library

[113]

Hansen, M. R. 2008. Duration calculus. In Logics of Specification Languages, Springer-Verlag, Berlin, 299--347.

[114]

Harel, D. 1987. Statecharts: A visual formalism for complex systems. Sci. Comput. Program. 8, 3, 231--274.

Digital Library

[115]

Harel, D., Lachover, H., Naamad, A., Pnueli, A., Politi, M., Sherman, R., Shtull-trauring, A., and Trakhtenbrot, M. 1990. Statemate: A working environment for the development of complex reactive systems. IEEE Trans. Softw. Eng. 16, 4, 403--413.

Digital Library

[116]

Hayes, I., Ed. 1993. Specification Case Studies, 2nd ed. International Series in Computer Science. Prentice-Hall, Inc., London, U.K.

[117]

Hehner, E. C. R. 1989. Termination is timing. In Mathematics of Program Construction, J. L. A. van de Snepscheut, Ed. Lecture Notes in Computer Science, vol. 375. Springer-Verlag, Berlin, 36--47.

Digital Library

[118]

Hehner, E. C. R. 1993. A Practical Theory of Programming. Texts and Monographs in Computer Science. Springer-Verlag, New York, NY. http://www.cs.utoronto.ca/~hehner/aPToP.

Digital Library

[119]

Hehner, E. C. R. 1998. Formalization of time and space. Formal Aspects Comput. 10, 290--306.

[120]

Hehner, E. C. R. 2005. Specified blocks. Verified Software: Theories, Tools, Experiments (VSTTE). http://tinyurl.com/2a7kf2.

[121]

Heimdahl, M. P. E., Whalen, M. W., and Thompson, J. M. 2003. NIMBUS: A tool for specification centered development. In Proceedings of the 11th IEEE International Conference on Requirements Engineering (RE'03). IEEE Computer Society, Los Alamitos, CA, 349.

Digital Library

[122]

Heitmeyer, C., Jeffords, R., Bharadwaj, R., and Archer, M. 2007. Re theory meets software practice: Lessons from the software development trenches. In Proceedings of the 15th IEEE International Requirements Engineering Conference (RE'07). IEEE, Los Alamitos, California, 265--268.

[123]

Heitmeyer, C., Kirby, Jr., J., Labaw, B., Archer, M., and Bharadwaj, R. 1998. Using abstraction and model checking to detect safety violations in requirements specifications. IEEE Trans. Softw. Eng. 24, 11, 927--948.

Digital Library

[124]

Hennessy, M. and Milner, R. 1985. Algebraic laws for nondeterminism and concurrency. J. ACM 32, 1, 137--161.

Digital Library

[125]

Heym, W. D. 1995. Computer program verification: Improvements for human reasoning. Ph.D. dissertation, Ohio State University, Columbus, OH.

Digital Library

[126]

Hierons, R. M., Bogdanov, K., Bowen, J. P., Claveland, R., Derrick, J., Dick, J., Gherorghe, M., Harman, M., Kapoor, K., Krause, P., Lüttgen, G., Simmons, A. J. H., Vilkomir, S., Woodward, M. R., and Zedan, H. 2009. Using formal specifications to support testing. ACM Comput. Surv. 41, 2, 9:1--9:76.

Digital Library

[127]

Hoare, C. A. R. 1969. An axiomatic basis for computer programming. Commun. ACM 12, 10, 576--580, 583.

Digital Library

[128]

Hoare, C. A. R. 1971. Procedures and parameters: An axiomatic approach. In Symposium on Semantics of Algorithmic Languages, E. Engeler, Ed. Lecture Notes in Mathematics, vol, 18, Springer-Verlag, Berlin.

[129]

Hoare, C. A. R. 1972. Proof of correctness of data representations. Acta Informatica 1, 4, 271--281.

Digital Library

[130]

Hoare, C. A. R. 1985. Communicating Sequential Processes. Prentice-Hall, Inc., Englewood Cliffs, NJ.

Digital Library

[131]

Hoare, C. A. R. 2005. The verifying compiler, a grand challenge for computing research. In Verification, Model Checking, and Abstract Interpretation, 6th International Conference. Lecture Notes in Computer Science, vol. 3385. Springer-Verlag, Berlin, 78.

Digital Library

[132]

Hoare, C. A. R. and He, J. 1998. Unifying Theories of Programming. Prentice-Hall International, Englewood Cliffs, NJ.

[133]

Hoare, T. 2003. The verifying compiler: A grand challenge for computing research. J. ACM 50, 1, 63--69.

Digital Library

[134]

Hoare, T., Leavens, G. T., Misra, J., and Shankar, N. 2007. The verified software initiative: A manifesto. http://qpq.csl.sri.com/vsr/manifesto.pdf.

[135]

Holzmann, G. J. 1991. Design and validation of computer protocols. Prentice-Hall, Englewood Cliffs, NJ.

Digital Library

[136]

Holzmann, G. J. 1997. The model checker SPIN. IEEE Trans. Softw. Eng. 23, 5, 279--295.

Digital Library

[137]

Huisman, M. and Jacobs, B. 2000. Java program verification via a Hoare logic with abrupt termination. In Fundamental Approaches to Software Engineering (FASE 2000), T. Maibaum, Ed. Lecture Notes in Computer Science, vol. 1783. Springer-Verlag, Berlin, 284--303.

Digital Library

[138]

Jackson, D. 1995. Structuring Z specifications with views. ACM Trans. Softw. Eng. Methodol. 4, 4, 365--389.

Digital Library

[139]

Jackson, D. 2006. Software Abstractions: Logic, Language, and Analysis. MIT Press, Cambridge, MA.

Digital Library

[140]

Jacky, J., Veanes, M., Campbell, C., and Schulte, W. 2008. Model-Based Software Testing and Analysis with C&num;. Cambridge University Press, Cambridge, U.K.

Digital Library

[141]

Jacobs, B., Müller, P., and Piessens, F. 2007. Sound reasoning about unchecked exceptions. In Proceedings of the International Conference Software Engineering and Formal Methods (SEFM), M. Hinchey and T. Margaria, Eds. IEEE, Los Alamitos, CA, 113--122.

Digital Library

[142]

Jacobs, B. and Piessens, F. 2008. The VeriFast program verifier. Tech. rep. CW-520, Department of Computer Science, Katholieke Universiteit Leuven.

[143]

Jacobs, B., Piessens, F., Smans, J., Leino, K. R. M., and Schulte, W. 2008. A programming model for concurrent object-oriented programs. ACM Trans. Program. Lang. Syst. 31, 1, 1--48.

Digital Library

[144]

Jones, C. B. 1983. Tentative steps toward a development method for interfering programs. ACM Trans. Program. Lang. Syst. 5, 4, 596--619.

Digital Library

[145]

Jones, C. B. 1990. Systematic Software Development Using VDM, 2nd ed. International Series in Computer Science. Prentice Hall, Englewood Cliffs, NJ.

Digital Library

[146]

Jones, C. B. 1995. Partial functions and logics: A warning. Inf. Process. Lett. 54, 2, 65--67.

Digital Library

[147]

Jones, C. B. 2003. The early search for tractable ways of reasoning about programs. IEEE Ann. History Comput. 25, 2, 26--49.

Digital Library

[148]

Jones, C. B. 2006. Reasoning about partial functions in the formal development of programs. Electron. Notes Theoret. Comput. Sci. 145, 3--25.

Digital Library

[149]

Kassios, I. T. 2006. Dynamic frames: Support for framing, dependencies and sharing without restrictions. In Formal Methods (FM), E. S. J. Misra, T. Nipkow, Ed. Lecture Notes in Computer Science, vol. 4085. Springer-Verlag, Berlin, 268--283.

Digital Library

[150]

Khurshid, S., Păsăreanu, C. S., and Visser, W. 2003. Generalized symbolic execution for model checking and testing. In Proceedings of the 9th International Conference on Tools and Algorithms for Construction and Analysis of Systems (TACAS'03), H. Garavel and J. Hatcliff, Eds. Lecture Notes in Computer Science, vol. 2619. 553--568.

Digital Library

[151]

Kligerman, E. and Stoyenko, A. 1992. Real-time Euclid: A language for reliable real-time systems. In Real-Time Systems: Abstractions, Languages, and Design Methodologies, K. M. Kavi, Ed. IEEE Computer Society Press, Los Alamitos, California, 455--463.

[152]

Kozen, D. and Tiuryn, J. 1990. Logics of programs. In Handbook of Theoretical Computer Science, vol. B: Formal Models and Semantics. J. van Leewen, Ed. The MIT Press, New York, NY, 789--840.

Digital Library

[153]

Kramer, J. and Magee, J. 2006. Concurrency: State Models & Java Programs, 2nd Edition. Worldwide Series in Computer Science. John Wiley and Sons, Hoboken, NJ.

Digital Library

[154]

Lamport, L. 1989. A simple approach to specifying concurrent systems. Commun. ACM 32, 1, 32--45.

Digital Library

[155]

Lamport, L. 1994. The temporal logic of actions. ACM Trans. Program. Lang. Syst. 16, 3, 872--923.

Digital Library

[156]

Lampson, B. W., Horning, J. L., London, R. L., Mitchell, J. G., and Popek, G. J. 1981. Report on the programming language Euclid. Tech. rep. CSL-81-12, Xerox Palo Alto Research Centers. Also SIGPLAN Not., 12, 2.

Digital Library

[157]

Larsen, K. G., Pettersson, P., and Yi, W. 1997. Uppaal in a Nutshell. Int. J. Softw. Tools Technol. Transfer 1, 1-2, 134--152.

Digital Library

[158]

Leavens, G. T. 2006. JML's rich, inherited specifications for behavioral subtypes. In Proceedings of the 8th International Conference on Formal Engineering Methods (ICFEM), Z. Liu and H. Jifeng, Eds. Lecture Notes in Computer Science, vol. 4260. Springer-Verlag, New York, NY, 2--34.

Digital Library

[159]

Leavens, G. T., Baker, A. L., and Ruby, C. 2006. Preliminary design of JML: A behavioral interface specification language for Java. ACM SIGSOFT Softw. Eng. Notes 31, 3, 1--38.

Digital Library

[160]

Leavens, G. T., Cheon, Y., Clifton, C., Ruby, C., and Cok, D. R. 2005. How the design of JML accommodates both runtime assertion checking and formal verification. Sci. Comput. Program. 55, 1-3, 185--208.

Digital Library

[161]

Leavens, G. T. and Müller, P. 2007. Information hiding and visibility in interface specifications. In Proceedings of the International Conference on Software Engineering (ICSE). IEEE, Los Alamitos, CA, 385--395.

Digital Library

[162]

Leavens, G. T. and Naumann, D. A. 2006. Behavioral subtyping, specification inheritance, and modular reasoning. Tech. rep. 06-20b, Department of Computer Science, Iowa State University, Ames, IA.

[163]

Leavens, G. T., Poll, E., Clifton, C., Cheon, Y., Ruby, C., Cok, D. R., Müller, P., Kiniry, J., Chalin, P., and Zimmerman, D. M. 2009. JML Reference Manual. http://www.jmlspecs.org.

[164]

Leavens, G. T. and Weihl, W. E. 1995. Specification and verification of object-oriented programs using supertype abstraction. Acta Informatica 32, 8, 705--778.

Digital Library

[165]

Leavens, G. T. and Wing, J. M. 1997. Protective interface specifications. In Proceedings of the 7th International Joint Conference on Theory and Practice of Software Development (TAPSOFT'97), M. Bidoit and M. Dauchet, Eds. Lecture Notes in Computer Science, vol. 1214. Springer-Verlag, New York, NY, 520--534.

Digital Library

[166]

Leino, K. R. M. 1995. Toward reliable modular programs. Ph.D., dissertation California Institute of Technology. Tech. rep. Caltech-CS-TR-95-03.

Digital Library

[167]

Leino, K. R. M. 1998. Data groups: Specifying the modification of extended state. In Proceedings of the Annual ACM SIGPLAN conference on Object-Oriented Programming, Systems, Languages and Applications (OOPSLA). SIGPLAN Not., 33, 10. ACM, New York, NY, 144--153.

Digital Library

[168]

Leino, K. R. M. 2010. Dafny: An automatic program verifier for functional correctness. In Logic for Programming, Artificial Intelligence, and Reasoning, 16th International Conference. Lecture Notes in Computer Science. Springer-Verlag. Forthcoming.

Digital Library

[169]

Leino, K. R. M. and Müller, P. 2004. Object invariants in dynamic contexts. In Proceedings of the European Conference on Object-Oriented Programming (ECOOP), M. Odersky, Ed. Lecture Notes in Computer Science, vol. 3086. Springer-Verlag, Berlin, 491--516.

[170]

Leino, K. R. M. and Müller, P. 2006. A verification methodology for model fields. In Proceedings of the European Symposium on Programming (ESOP), P. Sestoft, Ed. Lecture Notes in Computer Science, vol. 3924. Springer-Verlag, New York, NY, 115--130.

Digital Library

[171]

Leino, K. R. M. and Müller, P. 2008. Verification of equivalent-results methods. In Proceedings of the 17th European Symposium on Programming, Languages and Systems (ESOP), S. Drossopoulou, Ed. Lecture Notes in Computer Science, vol. 4960. Springer-Verlag, Berlin, 307--321.

Digital Library

[172]

Leino, K. R. M. and Müller, P. 2009. A basis for verifying multi-threaded programs. In Proceedings of the 18th European Symposium on Programming, Languages and Systems (ESOP), G. Castagna, Ed. Lecture Notes in Computer Science, vol. 5502. Springer-Verlag, Berlin, 378--393.

Digital Library

[173]

Leino, K. R. M., Müller, P., and Smans, J. 2009. Verification of concurrent programs with Chalice. In Foundations of Security Analysis and Design V, A. Aldini, G. Barthe, and R. Gorrieri, Eds. Lecture Notes in Computer Science, vol. 5705. Springer-Verlag, Berlin, 195--222.

Digital Library

[174]

Leino, K. R. M., Müller, P., and Wallenburg, A. 2008. Flexible immutability with frozen objects. In Verified Software: Theories, Tools, and Experiments (VSTTE), N. Shankar and J. Woodcock, Eds. Lecture Notes in Computer Science, vol. 5295. Springer-Verlag, Berlin, 192--208.

Digital Library

[175]

Leino, K. R. M. and Nelson, G. 2002. Data abstraction and information hiding. ACM Trans. Program. Lang. Syst. 24, 5, 491--553.

Digital Library

[176]

Leino, K. R. M., Poetzsch-Heffter, A., and Zhou, Y. 2002. Using data groups to specify and check side effects. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'02). SIGPLAN Not. 37, 5. ACM, New York, NY, 246--257.

Digital Library

[177]

Leino, K. R. M. and Rümmer, P. 2010. A polymorphic intermediate verification language: Design and logical encoding. In Tools and Algorithms for the Construction and Analysis of Systems, 16th International Conference, J. Esparza and R. Majumdar, Eds. Lecture Notes in Computer Science, vol. 6015. Springer-Verlag, 312--327.

Digital Library

[178]

Leino, K. R. M., Saxe, J. B., and Stata, R. 1999. Checking Java programs via guarded commands. In Formal Techniques for Java Programs (FTfJP), B. Jacobs, G. T. Leavens, P. Müller, and A. Poetzsch-Heffter, Eds. Tech. rep. 251. FernUniversität Hagen, Hagen, Germany. Also available as Tech. note 1999-002, Compaq Systems Research Center.

[179]

Leino, K. R. M. and Schulte, W. 2004. Exception safety for C&num;. In Proceedings of the 2nd International Conference on Software Engineering and Formal Methods, J. R. Cuellar and Z. Liu, Eds. IEEE, Los Alamitos, CA, 218--227.

Digital Library

[180]

Leino, K. R. M. and Schulte, W. 2007. Using history invariants to verify observers. In Programming Languages and Systems (ESOP), R. D. Nicola, Ed. Lecture Notes in Computer Science, vol. 4421. Springer-Verlag, Berlin, 80--94.

Digital Library

[181]

Leino, K. R. M. and Wallenburg, A. 2008. Class-local object invariants. In Proceedings of the 1st India Software Engineering Conference (ISEC'08). ACM, New York, NY.

Digital Library

[182]

Leroy, X. 2006. Formal certification of a compiler back-end or: Programming a compiler with a proof assistant. In Proceedings of the ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), J. G. Morrisett and S. L. P. Jones, Eds. ACM, New York, NY, 42--54.

Digital Library

[183]

Leveson, N. G., Heimdahl, M. P. E., and Reese, J. D. 1999. Designing specification languages for process control systems: Lessons learned and steps to the future. In Proceedings of the European Software Engineering Conference held jointly with the ACM SIGSOFT International Imposium on Foundations of Software Engineering, O. Nierstrasz and M. Lemoine, Eds. Lecture Notes in Computer Science, vol. 1687. Springer-Verlag, Berlin, 127--145. Also ACM SIGSOFT Softw. Eng. Notes 24, 6.

Digital Library

[184]

Lhotka, R. 2008. Expert C&num; 2008 Business Objects. Apress, New York, NY.

Digital Library

[185]

Liskov, B. 1988. Data abstraction and hierarchy. SIGPLAN Not. 23, 5. 17--34. Revised version of the keynote address given at the 2nd Annual ACM Conference on Object-Oriented Programming Systems, Languages, and Applications.

Digital Library

[186]

Liskov, B. and Guttag, J. 1986. Abstraction and Specification in Program Development. The MIT Press, Cambridge, MA.

Digital Library

[187]

Liskov, B. H. and Wing, J. M. 1994. A behavioral notion of subtyping. ACM Trans. Program. Lang. Syst. 16, 6, 1811--1841.

Digital Library

[188]

Loeckx, J. and Sieber, K. 1987. The Foundations of Program Verification, 2nd Edition. John Wiley and Sons, New York, NY.

Digital Library

[189]

Lu, Y., Potter, J., and Xue, J. 2007. Validity invariants and effects. In Proceedings of the European Conference on Object-Oriented Programming (ECOOP), E. Ernst, Ed. Lecture Notes in Computer Science, vol. 4609. Springer-Verlag, Berlin, 202--226.

Digital Library

[190]

Luckham, D. 1990. Programming with Specifications: An Introduction to Anna, A Language for Specifying Ada Programs. Texts and Monographs in Computer Science. Springer-Verlag, New York, NY.

Digital Library

[191]

Luckham, D. and von Henke, F. W. 1985. An overview of Anna—A specification language for Ada. IEEE Softw. 2, 2, 9--23.

Digital Library

[192]

Magee, J. and Kramer, J. 2005. Model-based design of concurrent programs. In Communicating Sequential Processes: The First 25 Years. Lecture Notes in Computer Science, vol. 3525. Springer-Verlag, Berlin, 211--219.

Digital Library

[193]

Manasse, M. S. and Nelson, C. G. 1984. Correct compilation of control structures. Tech. rep., AT&T Bell Laboratories.

[194]

Manna, Z. and Pnueli, A. 1992. The Temporal Logic of Reactive and Concurrent Systems. Springer-Verlag, New York, NY.

Digital Library

[195]

Marceau, C. 1994. Penelope reference manual, version 3-3. Tech. rep. TM-94-0040, Odyssey Research Associates, Inc., Ithaca, NY.

[196]

Marché, C. 2009. The Krakatoa tool for deductive verification of Java programs. Winter School on Object-Oriented Verification, Viinistu, Estonia. http://krakatoa.lri.fr/ws/.

[197]

Marché, C. and Paulin-Mohring, C. 2005. Reasoning about Java programs with aliasing and frame conditions. In Proceedings of the 18th International Conference on Theorem Proving in Higher-Order Logics (TPHOLs'05), J. Hurd and T. F. Melham, Eds. Lecture Notes in Computer Science, vol. 3603. Springer-Verlag, Berlin, 179--194.

Digital Library

[198]

Marché, C., Paulin-Mohring, C., and Urbain, X. 2004. The Krakatoa tool for certification of Java/JavaCard programs annotated in JML. J. Logic Algebraic Program. 58, 1-2, 89--106.

[199]

Martin-Löf, P. 1985. Constructive mathematics and computer programming. In Mathematical Logic and Programming Languages. Prentice-Hall, Inc., Englewood Cliffs, NJ., 167--184.

Digital Library

[200]

McConnell, S. 1993. Code Complete: A Practical Handbook of Software Construction. Microsoft Press, Buffalo, NY.

Digital Library

[201]

Meyer, A. R. and Sieber, K. 1988. Towards fully abstract semantics for local variables: Preliminary report. In Proceedings of the 15^th Annual ACM Symposium on Principles of Programming Languages. ACM, New York, NY, 191--203.

Digital Library

[202]

Meyer, B. 1992. Applying “design by contract”. Comput. 25, 10, 40--51.

Digital Library

[203]

Meyer, B. 1997. Object-Oriented Software Construction, 2nd ed. Prentice Hall, New York, NY.

Digital Library

[204]

Milne, G. and Milner, R. 1979. Concurrent processes and their syntax. J. ACM 26, 2, 302--321.

Digital Library

[205]

Milner, R. 1990. Operational and algebraic semantics of concurrent processes. In Handbook of Theoretical Computer Science, vol. B: Formal Models and Semantics. J. van Leewen, Ed. The MIT Press, New York, NY, 1201--1242.

Digital Library

[206]

Milner, R., Parrow, J., and Walker, D. 1992. A calculus of mobile processes, parts I and II. Inform. Comput. 100, 1--77.

Digital Library

[207]

Mitra, S. 1994. Object-oriented specification in VDM++. In Object-Oriented Specification Case Studies, K. Lano and H. Haughton, Eds. The Object-Oriented Series. Prentice-Hall, New York, NY, 130--136.

Digital Library

[208]

Morgan, C. 1990. Programming from Specifications. Prentice Hall International, Hempstead, U.K.

Digital Library

[209]

Morgan, C. 1994. Programming from Specifications, 2nd Edition. Prentice Hall International, Hempstead, U.K.

Digital Library

[210]

Morgan, C. and Vickers, T., Eds. 1994. On the Refinement Calculus. Formal Approaches of Computing and Information Technology Series. Springer-Verlag, New York, NY.

Digital Library

[211]

Morris, J. B. 1980. Programming by successive refinement of data abstractions. Softw. Pract. Exp. 10, 4, 249--263.

[212]

Mossakowski, T., Haxthausen, A. E., Sanella, D., and Tarlecki, A. 2008. Casl—The Common Algebraic Specification Language. In Logics of Specification Languages, Springer-Verlag, Berlin, 241--298.

[213]

Müller, P. 2002. Modular Specification and Verification of Object-Oriented Programs. Lecture Notes in Computer Science, vol. 2262. Springer-Verlag, Berlin.

[214]

Müller, P., Poetzsch-Heffter, A., and Leavens, G. T. 2003. Modular specification of frame properties in JML. Concurrency Comput. Pract. Exp. 15, 2, 117--154.

[215]

Müller, P., Poetzsch-Heffter, A., and Leavens, G. T. 2006. Modular invariants for layered object structures. Sci. Comput. Program. 62, 3, 253--286.

Digital Library

[216]

Naumann, D. A. 2001. Calculating sharp adaptation rules. Inf. Process. Lett. 77, 201--208.

Digital Library

[217]

Naumann, D. A. 2007. Observational purity and encapsulation. Theor. Comput. Sci. 376, 3, 205--224.

Digital Library

[218]

Nielson. 1996. Annotated type and effect systems. ACM Comput. Surv. 28, 2, 344--345.

Digital Library

[219]

Object Management Group. 1992. The Common Object Request Broker: Architecture and Specification, 1.1 ed. Object Management Group, Inc., Framingham, MA.

[220]

Ogden, W. F., Sitaraman, M., Weide, B. W., and Zweben, S. H. 1994. Part I: The RESOLVE framework and discipline—A research synopsis. ACM SIGSOFT Softw. Eng. Notes 19, 4, 23--28.

Digital Library

[221]

O'Hearn, P., Reynolds, J., and Yang, H. 2001. Local reasoning about programs that alter data structures. In Proceedings of the Workshop on Computer Science Logic. Lecture Notes in Computer Science, vol. 2142. Springer-Verlag, Berlin, 1--19.

Digital Library

[222]

O'Hearn, P. W. 2007. Resources, concurrency, and local reasoning. Theor. Comput. Sci. 375, 1-3, 271--307.

Digital Library

[223]

O'Hearn, P. W., Yang, H., and Reynolds, J. C. 2004. Separation and information hiding. In Proceedings of the ACM Symposium on Principles of Programming Languages, N. D. Jones and X. Leroy, Eds. ACM, New York, NY, 268--280.

Digital Library

[224]

Olderog, E. 1983. On the notion of expressiveness and the rule of adaptation. Theor. Comput. Sci. 24, 337--347.

[225]

Olderog, E.-R. 2008. Automatic verification of combined specifications: An overview. Electron. Notes Theor. Comput. Sci. 207, 3--16.

Digital Library

[226]

OMG. 2006. Object constraint language specification, version 2.0. http://tinyurl.com/k7rfm.

[227]

Ouaknine, J. and Worrell, J. 2005. On the decidability of metric temporal logic. In Proceedings of the 20th Annual IEEE Symposium on Logic in Computer Science (LICS'05). IEEE Computer Society, Los Alamitos, CA, 188--197.

Digital Library

[228]

Owicki, S. S. 1975. Axiomatic Proof Techniques for Parallel Programs. Outstanding Dissertations in the Computer Sciences. Garland Publishing, New York, NY.

[229]

Parkinson, M. and Bierman, G. 2005. Separation logic and abstraction. In Proceedings of the ACM Symposium on Principles of Programming Languages, J. Palsberg and M. Abadi, Eds. ACM, New York, NY, 247--258.

Digital Library

[230]

Parkinson, M. and Bierman, G. 2008. Separation logic, abstraction and inheritance. In Proceedings of the ACM Symposium on Principles of Programming Languages, P. Wadler, Ed. ACM, New York, NY, 75--86.

Digital Library

[231]

Parkinson, M., Bornat, R., and Calcagno, C. 2006. Variables as resource in Hoare logics. In Proceedings of the 21th IEEE Symposium on Logic in Computer Science (LICS). IEEE, Los Alamitos, CA, 137--146.

Digital Library

[232]

Parkinson, M. J. 2005. Local reasoning for Java. Ph.D. dissertation. Tech. rep. 654, University of Cambridge Computer Laboratory. Cambridge, U.K.

[233]

Parnas, D. L. 1972. On the criteria to be used in decomposing systems into modules. Commun. ACM 15, 12, 1053--1058.

Digital Library

[234]

Parnas, D. L. 1993. Predicate logic for software engineering. IEEE Trans. Softw. Eng. 19, 9, 856--862.

Digital Library

[235]

Partsch, H. and Steinbrüggen, R. 1983. Program transformation systems. Comput. Sur. 15, 3, 199--236.

Digital Library

[236]

Perl, S. E. and Weihl, W. E. 1993. Performance assertion checking. In Proceedings of the 14th ACM Symposium on Operating Systems Principles. ACM, New York, NY, 134--145.

Digital Library

[237]

Peterson, J. L. 1977. Petri nets. ACM Comput. Surv. 9, 3, 221--252.

Digital Library

[238]

Peterson, J. L. 1981. Petri Net Theory and the Modeling of Systems. Prentice Hall, Englewood Cliffs, NJ.

Digital Library

[239]

Pilaud, D., Halbwachs, N., and Plaice, J. A. 1987. LUSTRE: A declarative language for programming synchronous systems. In Proceedings of the 14th Annual ACM Symposium on Principles of Programming Languages (POPL'87). ACM, New York, NY, 178--188.

Digital Library

[240]

Pilkiewicz, A. and Pottier, F. 2009. The essence of monotonic state. http://gallium.inria.fr/~fpottier/publis/pilkiewicz-pottier-monotonicity-2009.pdf.

[241]

Poetzsch-Heffter, A. 1997. Specification and verification of object-oriented programs. Habilitation thesis, Technical University of Munich, Munich, Germany.

[242]

Poetzsch-Heffter, A. and Müller, P. 1999. A programming logic for sequential Java. In Proceedings of the European Symposium on Programming (ESOP'99), S. D. Swierstra, Ed. Lecture Notes in Computer Science, vol. 1576. Springer-Verlag, Berlin, 162--176.

Digital Library

[243]

Reynolds, J. 2000. Intuitionistic reasoning about shared mutable data structure. In Millennial Perspectives in Computer Science, Proceedings of the Oxford-Microsoft Symposium in Honor of Sir Tony Hoare.

[244]

Reynolds, J. C. 1981. The Craft of Programming. Prentice-Hall International, Englewood Cliffs, NJ.

Digital Library

[245]

Reynolds, J. C. 2002. Separation logic: A logic for shared mutable data structures. In Proceedings of the 17th Annual IEEE Symposium on Logic in Computer Science. IEEE Computer Society Press, Los Alamitos, CA.

Digital Library

[246]

Rodríguez, E., Dwyer, M. B., Flanagan, C., Hatcliff, J., Leavens, G. T., and Robby. 2005. Extending JML for modular specification and verification of multi-threaded programs. In Proceedings of the 19th European Conference on Object-Oriented Programming, A. P. Black, Ed. Lecture Notes in Computer Science, vol. 3586. Springer-Verlag, Berlin, 551--576.

Digital Library

[247]

Roscoe, A. W. 1994. Model-checking CSP. In A Classical Mind: Essays in Honour of C. A. R. Hoare. Prentice Hall International Ltd., Hertfordshire, U.K., 353--378.

Digital Library

[248]

Ruby, C. and Leavens, G. T. 2000. Safely creating correct subclasses without seeing superclass code. In ACM Annual Conference on Object-Oriented Programming, Systems, Languages, and Applications. SIGPLAN Not. 35, 10. ACM, New York, NY, 208--228.

Digital Library

[249]

Rudich, A., Darvas, Á., and Müller, P. 2008. Checking well-formedness of pure-method specifications. In Formal Methods, J. Cuéllar, T. S. E. Maibaum, and K. Sere, Eds. Lecture Notes in Computer Science, vol. 5014. Springer-Verlag, Berlin, 68--83.

Digital Library

[250]

Rumbaugh, J., Jacobson, I., and Booch, G. 1999. The Unified Modeling Language Refrence Manual. Object Technology Series. Addison Wesley Longman, Reading, MA.

Digital Library

[251]

Salcianu, A. and Rinard, M. 2005. Purity and side effect analysis for Java programs. In Proceedings of the 6th International Conference on Verification, Model Checking and Abstract Interpretation, R. Cousot, Ed. Lecture Notes in Computer Science, vol. 3385. Springer-Verlag, Berlin, 199--215.

Digital Library

[252]

Schmidt, D. A. 1994. The Structure of Typed Programming Languages. Foundations of Computing Series. The MIT Press, Cambridge, MA.

Digital Library

[253]

Sen, K., Marinov, D., and Agha, G. 2005. CUTE: A concolic unit testing engine for C. In Proceedings of the European Software Engineering Conference/Foundations of Software Engineering, 263--272.

Digital Library

[254]

Shaner, S. M., Leavens, G. T., and Naumann, D. A. 2007. Modular verification of higher-order methods with mandatory calls specified by model programs. In Proceedings of the International Conference on Object-Oriented Programming, Systems, Languages and Applications (OOPSLA). ACM, New York, NY, 351--367.

Digital Library

[255]

Smans, J., Jacobs, B., and Piessens, F. 2008a. Implicit dynamic frames. In Formal Techniques for Java-like Programs, M. Huisman, Ed. Radboud University, Nijmegen, 1--12. Tech. rep. ICIS-R08013, Radboud University, Nijmegen.

[256]

Smans, J., Jacobs, B., and Piessens, F. 2008b. VeriCool: An automatic verifier for a concurrent object-oriented language. In Formal Methods for Open Object-Based Distributed Systems (FMOODS), G. Barthe and F. S. de Boer, Eds. Lecture Notes in Computer Science, vol. 5051. Springer-Verlag, Berlin, 220--239.

Digital Library

[257]

Smans, J., Jacobs, B., and Piessens, F. 2009. Implicit dynamic frames: Combining dynamic frames and separation logic. In Object-Oriented Programming (ECOOP), S. Drossopoulou, Ed. Lecture Notes in Computer Science, vol. 5653. Springer-Verlag, Berlin, 148--172.

Digital Library

[258]

Smans, J., Jacobs, B., Piessens, F., and Schulte, W. 2008. An automatic verifier for Java-like programs based on dynamic frames. In Fundamental Approaches to Software Engineering. Lecture Notes in Computer Science, vol. 4961. Springer-Verlag, Berlin, 261--275.

Digital Library

[259]

Spivey, J. 1989. An introduction to Z and formal specifications. Softw. Eng. J. 4, 1, 40--50.

Digital Library

[260]

Stoyenko, A. 1992. The evolution and state-of-the-art of real-time languages. In Real-Time Systems: Abstractions, Languages, and Design Methodologies, K. M. Kavi, Ed. IEEE Computer Society Press, Los Alamitos, California, 394--416.

[261]

van Lamsweerde, A. 2000. Requirements engineering in the year 00: A research perspective. In Proceedings of the 22nd International Conference on Software Engineering. ACM Press, New York, NY, 5--19.

Digital Library

[262]

von Oheimb, D. 2001. Analyzing Java in Isabelle/HOL: Formalization, type safety and Hoare logic. Ph.D. disssetation, Technische Universität München.

[263]

Walrath, K., Campione, M., Huml, A., and Zakhour, S. 2004. The JFC Swing Tutorial: A Guide to Constructing GUIs. Prentice Hall, Upper Saddle River, NJ.

Digital Library

[264]

Warmer, J. and Kleppe, A. 1999. The Object Constraint Language: Precise Modeling with UML. Addison Wesley Longman, Reading, MA.

Digital Library

[265]

Wing, J. M. 1987. Writing Larch interface language specifications. ACM Trans. Program. Lang. Syst. 9, 1, 1--24.

Digital Library

[266]

Wing, J. M. 1990. A specifier's introduction to formal methods. Comput. 23, 9, 8--24.

Digital Library

[267]

Winskel, G. 1993. The Formal Semantics of Programming Languages. Foundations of Computer Science Series. The MIT Press, Cambridge, MA.

Digital Library

[268]

Wirsing, M. 1990. Algebraic specification. In Handbook of Theoretical Computer Science, vol. B: Formal Models and Semantics, J. van Leewen, Ed. The MIT Press, New York, NY, 675--788.

Digital Library

[269]

Woodcock, J., Saaltink, M., and Freitas, L. 2009. Unifying theories of undefinedness. In Summer School Marktoberdorf 2008: Engineering Methods and Tools for Software Safety and Security. NATO ASI Series F. IOS Press, Amsterdam. Forthcoming.

[270]

Xu, Q., de Roever, W. P., and He, J. 1997. The rely-guarantee method for verifying shared variable concurrent programs. Formal Aspects Comput. 9, 2, 149--174.

Digital Library

[271]

Zee, K., Kuncak, V., and Rinard, M. C. 2008. Full functional verification of linked data structures. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), R. Gupta and S. P. Amarasinghe, Eds. ACM, New York, NY, 349--361.

Digital Library

Cited By

Banerjee RMemarian KMakwana DPulte CKrishnaswami NSewell P(2025)Fulminate: Testing CN Separation-Logic Specifications in CProceedings of the ACM on Programming Languages10.1145/37048799:POPL(1260-1292)Online publication date: 9-Jan-2025
https://dl.acm.org/doi/10.1145/3704879
Dross CHuguet JKanig J(2025)Two-Way Collaboration Between Flow and Proof in SPARKVerification, Model Checking, and Abstract Interpretation10.1007/978-3-031-82700-6_8(163-183)Online publication date: 24-Jan-2025
https://doi.org/10.1007/978-3-031-82700-6_8
Gauthier LPrevosto VSignoles JFuria CLopes APlat NGnesi S(2024)A Semantics of Structures, Unions, and Underspecified Terms for Formal SpecificationProceedings of the 2024 IEEE/ACM 12th International Conference on Formal Methods in Software Engineering (FormaliSE)10.1145/3644033.3644380(100-110)Online publication date: 14-Apr-2024
https://dl.acm.org/doi/10.1145/3644033.3644380
Show More Cited By

Index Terms

Recommendations

Executing Formal Specifications with Concurrent Constraint Programming

We have implemented a technique for execution of formal, model-based specifications. The specifications we can execute are written at a level of abstraction that is close to that used in nonexecutable specifications. The specification abstractions ...
WP semantics and behavioral subtyping
ICTAC'11: Proceedings of the 8th international conference on Theoretical aspects of computing

For the object oriented (OO) world, developing formal semantics for theoretical study and practical use is still an important topic despite of a decade's efforts. In this paper, for a sufficiently large subset of sequential Java with a pure reference ...
Improved usability and performance of SMT solvers for debugging specifications

It is now common to construct an extended static checker or software verification system using an SMT theorem prover as the underlying logical verifier. SMT provers have improved significantly in performance over the last several years. However, their ...

Comments

Information & Contributors

Information

Published In

cover image ACM Computing Surveys

ACM Computing Surveys Volume 44, Issue 3

June 2012

344 pages

ISSN:0360-0300

EISSN:1557-7341

DOI:10.1145/2187671

Issue’s Table of Contents

Copyright © 2012 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 June 2012

Accepted: 01 January 2011

Received: 01 October 2010

Published in CSUR Volume 44, Issue 3

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

114
Total Citations
View Citations
1,785
Total Downloads

Downloads (Last 12 months)72
Downloads (Last 6 weeks)17

Reflects downloads up to 25 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Banerjee RMemarian KMakwana DPulte CKrishnaswami NSewell P(2025)Fulminate: Testing CN Separation-Logic Specifications in CProceedings of the ACM on Programming Languages10.1145/37048799:POPL(1260-1292)Online publication date: 9-Jan-2025
https://dl.acm.org/doi/10.1145/3704879
Dross CHuguet JKanig J(2025)Two-Way Collaboration Between Flow and Proof in SPARKVerification, Model Checking, and Abstract Interpretation10.1007/978-3-031-82700-6_8(163-183)Online publication date: 24-Jan-2025
https://doi.org/10.1007/978-3-031-82700-6_8
Gauthier LPrevosto VSignoles JFuria CLopes APlat NGnesi S(2024)A Semantics of Structures, Unions, and Underspecified Terms for Formal SpecificationProceedings of the 2024 IEEE/ACM 12th International Conference on Formal Methods in Software Engineering (FormaliSE)10.1145/3644033.3644380(100-110)Online publication date: 14-Apr-2024
https://dl.acm.org/doi/10.1145/3644033.3644380
Chapman RDross CMatthews SMoy Y(2024)Co-Developing Programs and Their Proof of CorrectnessCommunications of the ACM10.1145/362472867:3(84-94)Online publication date: 22-Feb-2024
https://dl.acm.org/doi/10.1145/3624728
Kurtev IHooman JSchuts Mvan der Munnik D(2024)Model based component development and analysis with ComMAScience of Computer Programming10.1016/j.scico.2023.103067233:COnline publication date: 1-Mar-2024
https://dl.acm.org/doi/10.1016/j.scico.2023.103067
Soares TChirica IPereira M(2024)Static and Dynamic Verification of OCaml Programs: The Gospel EcosystemLeveraging Applications of Formal Methods, Verification and Validation. Specification and Verification10.1007/978-3-031-75380-0_14(247-265)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1007/978-3-031-75380-0_14
Scaletta MHähnle R(2024)Context-Aware Contracts as a Lingua Franca for Behavioral SpecificationLeveraging Applications of Formal Methods, Verification and Validation. Specification and Verification10.1007/978-3-031-75380-0_12(201-219)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1007/978-3-031-75380-0_12
Pereira M(2024)Practical Deductive Verification of OCaml ProgramsFormal Methods10.1007/978-3-031-71177-0_29(518-542)Online publication date: 9-Sep-2024
https://dl.acm.org/doi/10.1007/978-3-031-71177-0_29
Beckert BSanders PUlbrich MWiesler JWitt S(2024)Formally Verifying an Efficient SorterTools and Algorithms for the Construction and Analysis of Systems10.1007/978-3-031-57246-3_15(268-287)Online publication date: 6-Apr-2024
https://dl.acm.org/doi/10.1007/978-3-031-57246-3_15
Kosmatov NPlaunov AShankar SSignoles J(2024)Combining Analyses Within Frama-CGuide to Software Verification with Frama-C10.1007/978-3-031-55608-1_9(423-455)Online publication date: 10-Jul-2024
https://doi.org/10.1007/978-3-031-55608-1_9
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Issue’s Table of Contents