TY - GEN
T1 - Modular verification of higher-order methods with mandatory calls specified by model programs
AU - Shaner, Steve M.
AU - Leavens, Gary T.
AU - Naumann, David A.
PY - 2007
Y1 - 2007
N2 - What we call a "higher-order method" (HOM) is a method that makes mandatory calls to other dynamically-dispatched methods. Examples include template methods as in the Template method design pattern and notify methods in the Observer pattern. HOMs are particularly difficult to reason about, because standard pre- and postcondition specifications cannot describe the mandatory calls. For reasoning about such methods, existing approaches use either higherorder logic or traces, but both are complex and verbose. We describe a simple, concise, and modular approach to specifying HOMs We show how to verify calls to HOMs and their code using first-order verification conditions, in a sound and modular way. Verification of client code that calls HOMs can take advantage of the client's knowledge about the mandatory calls to make strong conclusions. Our verification technique validates and explains traditional documentation practice for HOMs, which typically shows their code. However, specifications do not have to expose all of the code to clients, but only enough to determine how the HOM makes its mandatory calls.
AB - What we call a "higher-order method" (HOM) is a method that makes mandatory calls to other dynamically-dispatched methods. Examples include template methods as in the Template method design pattern and notify methods in the Observer pattern. HOMs are particularly difficult to reason about, because standard pre- and postcondition specifications cannot describe the mandatory calls. For reasoning about such methods, existing approaches use either higherorder logic or traces, but both are complex and verbose. We describe a simple, concise, and modular approach to specifying HOMs We show how to verify calls to HOMs and their code using first-order verification conditions, in a sound and modular way. Verification of client code that calls HOMs can take advantage of the client's knowledge about the mandatory calls to make strong conclusions. Our verification technique validates and explains traditional documentation practice for HOMs, which typically shows their code. However, specifications do not have to expose all of the code to clients, but only enough to determine how the HOM makes its mandatory calls.
KW - Grey-box approach
KW - Higher order method
KW - Hoare logic
KW - Mandatory call
KW - Model program
KW - Refinement calculus
KW - Specification languages
KW - Verification
UR - http://www.scopus.com/inward/record.url?scp=42149195986&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=42149195986&partnerID=8YFLogxK
U2 - 10.1145/1297027.1297053
DO - 10.1145/1297027.1297053
M3 - Conference contribution
AN - SCOPUS:42149195986
SN - 9781595937865
T3 - Proceedings of the Conference on Object-Oriented Programming Systems, Languages, and Applications, OOPSLA
SP - 351
EP - 367
BT - OOPSLA
T2 - OOPSLA 2007: 22nd International Conference on Object-Oriented Programming, Systems, Languages, and Applications
Y2 - 21 October 2007 through 25 October 2007
ER -