Contract-based slicing

In the last years, the concern with the correctness of programs has been leading programmers to enrich their programs with annotations following the principles of design-by-contract, in order to be able to guarantee their correct behaviour and to facilitate reuse of verified components without having to reconstruct proofs of correctness. In this paper we adapt the idea of specification-based slicing to the scope of (contract-based) program verification systems and behaviour specification languages. In this direction, we introduce the notion of contract-based slice of a program and show how any specification-based slicing algorithm can be used as the basis for a contract-based slicing algorithm.Fundação para a Ciência e a Tecnologia (FCT) - RESCUE (PTDC / EIA / 65862 / 2006), CROSS (PTDC / EIACCO/ 108995 / 2008)

Contract-based slicing helps on safety reuse

In this poster we describe a work in progress aimed at using a variant of specification-based slicing to improve the reuse of annotated software components, developed under the so called design-by-contract approach. We have named this variant as contract-based because we use the annotations, more precisely the pre and post-conditions, to slice programs intra and inter-procedures. The idea, expressed in the poster, is to take the pre-condition of the reused annotated component as slicing criterion, and slice backward the program where the component is called. In that way, we can isolate the statements that have influence on the variables involved on the pre-condition and check if it is preserved by that invocation, or not.Fundação para a Ciência e a Tecnologia (FCT

Verification, slicing, and visualization of programs with contracts

Tese de doutoramento em Informática (área de especialização em Ciências da Computação)As a specification carries out relevant information concerning the behaviour of a program, why not explore this fact to slice a program in a semantic sense aiming at optimizing it or easing its verification? It was this idea that Comuzzi, in 1996, introduced with the notion of postcondition-based slicing | slice a program using the information contained in the postcondition (the condition Q that is guaranteed to hold at the exit of a program). After him, several advances were made and different extensions were proposed, bridging the two areas of Program Verification and Program Slicing: specifically precondition-based slicing and specification-based slicing. The work reported in this Ph.D. dissertation explores further relations between these two areas aiming at discovering mutual benefits. A deep study of specification-based slicing has shown that the original algorithm is not efficient and does not produce minimal slices. In this dissertation, traditional specification-based slicing algorithms are revisited and improved (their formalization is proposed under the name of assertion-based slicing), in a new framework that is appropriate for reasoning about imperative programs annotated with contracts and loop invariants. In the same theoretical framework, the semantic slicing algorithms are extended to work at the program level through a new concept called contract based slicing. Contract-based slicing, constituting another contribution of this work, allows for the study of a program at an interprocedural level, enabling optimizations in the context of code reuse. Motivated by the lack of tools to prove that the proposed algorithms work in practice, a tool (GamaSlicer) was also developed. It implements all the existing semantic slicing algorithms, in addition to the ones introduced in this dissertation. This third contribution is based on generic graph visualization and animation algorithms that were adapted to work with verification and slice graphs, two specific cases of labelled control low graphs.Tendo em conta que uma especificação contém informação relevante no que diz respeito ao comportamento de um programa, faz sentido explorar este facto para o cortar em fatias (slice) com o objectivo de o optimizar ou de facilitar a sua verificação. Foi precisamente esta ideia que Comuzzi introduziu, em 1996, apresentando o conceito de postcondition-based slicing que consiste em cortar um programa usando a informação contida na pos-condicão (a condição Q que se assegura ser verdadeira no final da execução do programa). Depois da introdução deste conceito, vários avanços foram feitos e diferentes extensões foram propostas, aproximando desta forma duas áreas que até então pareciam desligadas: Program Verification e Program Slicing. Entre estes conceitos interessa-nos destacar as noções de precondition-based slicing e specification-based slicing, que serão revisitadas neste trabalho. Um estudo aprofundado do conceito de specification-based slicing relevou que o algoritmo original não é eficiente e não produz slices mínimos. O trabalho reportado nesta dissertação de doutoramento explora a ideia de tornar mais próximas essas duas áreas visando obter benefícios mútuos. Assim, estabelecendo uma nova base teórica matemática, os algoritmos originais de specification-based slicing são revistos e aperfeiçoados | a sua formalizacão é proposta com o nome de assertion-based slicing. Ainda sobre a mesma base teórica, os algoritmos de slicing são extendidos, de forma a funcionarem ao nível do programa; alem disso introduz-se um novo conceito: contract-based slicing. Este conceito, contract-based slicing, sendo mais um dos contributos do trabalho aqui descrito, possibilita o estudo de um programa ao nível externo de um procedimento, permitindo, por um lado, otimizações no contexto do seu uso, e por outro, a sua reutilização segura. Devido à falta de ferramentas que provem que os algoritmos propostos de facto funcionam na prática, foi desenvolvida uma, com o nome GamaSlicer, que implementa todos os algoritmos existentes de slicing semântico e os novos propostos. Uma terceira contribuição é baseada nos algoritmos genéricos de visualização e animação de grafos que foram adaptados para funcionar com os grafos de controlo de fluxo etiquetados e os grafos de verificação e slicing.Fundação para a Ciência e a Tecnologia (FCT) através da Bolsa de Doutoramento SFRH/BD/33231/2007Projecto RESCUE (contrato FCT sob a referência PTDC / EIA / 65862 /2006)Projecto CROSS (contrato FCT sob a referência PTDC / EIACCO / 108995 / 2008

Safe integration of annotated components in open source projects

The decision of using existing software components versus building from scratch custom software is one of the most complex and important choices of the entire development/integration process. However, the reuse of software components raises a spectrum of issues, from requirements negotiation to product selection and integration. The correct tradeoff is reached after having analyzed advantages and issues correlated to the reuse. Despite the reuse failures in real cases, many efforts have been made to make this idea successful. In this context of software reuse in open source projects, we address the problem of reusing annotated components proposing a rigorous approach to assure the quality of the application under construction. We introduce the concept of caller-based slicing as a way of certifying that the integration of a component annotated with a contract into a system will preserve the correct behavior of the former, avoiding malfunctioning after integration. To complement the efforts done and the benefits of slicing techniques, there is also a need to find an efficient way to visualize the main program with the annotated components and the slices. To take full profit of visualization, it is crucial to combine the visualization of the control/data flow with the textual representation of source code. To attain this objective, we extend the notions of System Dependence Graph and Slicing Criterion to cope with annotations.Fundação para a Ciência e a Tecnologia (FCT

A visual inspector for Boogie programs

Design-by-Contract is an approach that allows a program- mer to specify the expected behavior of a component by means of pre- conditions, postconditions and invariants. These annotations (or logical assertions that complement the code) can be seen as a form of enriched software documentation and they can be used to verify that a program is correct with respect to its contracts. Boogie is an intermediate verification language that is being used by more and more software verification tools as a target language. Actually, sev- eral annotation languages are nowadays translated to Boogie language. Despite of its efficiency and popularity, Boogie, that is also a program verifier, does not contain visual information for the user. So, understand- ing how it works is a difficult task. In this paper, we will discuss a visual tool that we developed to help in comprehending Boogie programs.Fundação para a Ciência e a Tecnologia (FCT

GamaBoogie : a contract-based slicer for Boogie programs

Dissertação de mestrado em Engenharia de InformáticaIn the context of the Informatics Engineering MSc. degree (MEI), second year, this document describes and discusses a master thesis project in the area of source code analysis using slicing and program verification techniques. Design-by-Contract is an approach that allows a programmer to specify the expected behaviour of a component by the means of preconditions, postconditions and invariants. These annotations (or contracts) can be seen as a form of enriched software documentation and they are used to verify that the program is correct with respect to these contracts. On one hand, slicing the program to extract the code that is relevant for the contracts reduce the size of the program and improves its verification. On the other hand, using the contract to slice a program in a finer, more sensible semantic way, enables to optimise the code reducing it to the minimum necessary to keep the postcondition true. Following the last research direction, Daniela da Cruz introduced in her Ph.D. thesis the concepts of Assertion-based Slicing and Contract-based Slicing to explore (at an intra-procedural or interprocedural level) the optimisation of code according to the semantics expressed by contracts. Her approach is based on the source code analyses and her slicing uses annotations present in the procedures. This thesis focuses on the study of BoogiePL language and its use as an intermediate representation for annotated programs in order to build slices of Boogie programs (instead of slicing the source code). Boogie compiler is used to generate the verification conditions in SMT just for the computed slice; these conditions can be then passed to the Z3 Prover to ensure that all contracts are preserved when invoking annotated procedures. The final objective is to make possible the comparison between the SMT code produced by this approach and the code currently generated by GamaSlicer, expecting to obtain a more efficient solution. To implement that idea, a tool called GamaBoogie was developed. That tool, at the end, offers more than its main functionality in slicing and verifying. Actually it allows to inspect and visualise boogie programs; this functionality seems to be very useful for Boogie program comprehension.No contexto do Mestrado em Engenharia Informática (MEI), segundo ano, este documento é uma dissertação que descreve e discute um projeto de tese de mestrado na área de análise de código fonte utilizando técnicas de slicing e de verificação de programas. Design-by-Contract é uma abordagem que permite ao programador especificar o comportamento esperado de um componente por meio de pré-condições, pós-condições e invariantes. Estas anotações (ou contratos) podem ser vistos como uma forma de enriquecer a documentação do software e são usados �para verificar se o programa está correto com relação a esses contratos. Por um lado, fazer o slicing do programa para extrair o código que é relevante para os contratos, pode reduzir o tamanho do programa e melhorar a sua verificação. Por outro lado, usando o contrato para fazer o slicing de um programa de forma mais sensível à semântica, permite otimizar o código reduzindo-o ao mínimo necessário para manter o contrato válido. Seguindo a direção da última pesquisa, Daniela da Cruz introduziu na sua tese de doutoramento os conceitos de Assertion-based Slicing e Contract-based Slicing para explorar (a nível intraprocedimento ou inter-procedimento) a otimização de código de acordo com a semântica expressa por contratos. A sua abordagem é baseada na análise de código fonte e o slicing aplicado a tais programas utiliza anotações presentes nos procedimentos. Esta tese centra-se no estudo da linguagem BoogiePL e no seu uso como uma representação intermédia para programas anotados a fim de construir slices de programas Boogie (em vez de fazer o slicing ao nível do código fonte). O compilador Boogie é usado para gerar as condições de verificação em SMT apenas para o slice calculado; essas condições podem ser passadas para o Prover Z3 para garantir que todos os contratos são preservados quando invocados os procedimentos anotados. O objetivo final é tornar possível a comparação entre o código final produzido por esta abordagem e o código atualmente gerado pelo GamaSlicer, com a expetativa de obter uma solução mais eficiente. Para implementar essa ideia, uma ferramenta chamada GamaBoogie foi desenvolvida. Essa ferramenta, no final, oferece mais do que sua funcionalidade principal de slicing e verificação. Na verdade, permite inspecionar e visualizar programas Boogie; esta funcionalidade demonstrou ser útil para a compreensão de programas Boogie