An approach to compositional reasoning about concurrent objects and futures

Distributed and concurrent object-oriented systems are difficult to analyze due to the complexity of their concurrency, communication, and synchronization mechanisms. Rather than performing analysis at the code level of mainstream objectoriented languages such as Java and C++, we consider an imperative, objectoriented language with a simpler concurrency model. This language, based on concurrent objects communicating by asynchronous method calls and futures, avoids some difficulties of mainstream object-oriented programming languages related to compositionality and aliasing. In particular, reasoning about futures is handled by means of histories. Compositional verification systems facilitate system analysis, allowing components to be analyzed independently of their environment. In this paper, a compositional proof system in dynamic logic for partial correctness is established based on communication histories and class invariants. The soundness and relative completeness of this proof system follow by construction using a transformational approach from a sequential language with a non-deterministic assignment operator

Enforcing Behavioral Constraints in Evolving Aspect-Oriented Programs

Reasoning, specification, and verification of Aspect-Oriented (AO) programs presents unique challenges especially as such programs evolve over time. Components, base-code and aspects alike, may be easily added, removed, interchanged, or presently unavailable at unpredictable frequencies. Consequently, modular reasoning of such programs is highly attractive as it enables tractable evolution, otherwise necessitating that the entire program be reexamined each time a component is changed. It is well known, however, that modular reasoning about AO programs is difficult. In this paper, we present our ongoing work in constructing a rely-guarantee style reasoning system for the Aspect-Oriented Programming (AOP) paradigm, adopting a trace-based approach to deal with the plug-n-play nature inherent to these programs, thus easing AOP evolution

Pekeraliasing i Hoare-logikk

We study problems that comes up when Hoare logic is used to prove programs written in object oriented languages (i.e. Java). The main problem we study, is due to pointer aliasing. Traditional Hoare logic handles programs where every syntactical distinct variable name represent a distinct storage location. Two variables x and y will always represent distinct locations. This does not hold when we extend our programming language width objects and pointers to objects. If two pointer variables x and y points to the same object, then (with dot notation) x.a and y.a represent the same location. This lead us into the unfortunate situation where it is not straight forward to prove the simple Hoare triplet {x.a=4}y.a:=y.a+1{x.a=5}. The assignment modifies the condition to seemingly unrelated objects. In our example study, we look into various proofs for a linked list data structure. After trying and failing, we come up with methods to prove programs both backward and forward. The method for backward construction is similar to a method developed by R. Bornat, but we use a simpler sematic. It is important to be careful when we compare references. If x and y points to the same object, and we do an assignment to x.a, we also have to update y.a. The hard part is to decide if two arbitrary references refers to the same object. We also compare the two methods we got for proof construction (i.e forward and backward). We find several advantages with forward reasonning. If the precondition to an assignment contains a lot of alias information, this information can be used "as we go" in forward reasonning. In backward proof construction, we might have to go all the way back to the precondition before we can use this information. The same goes for information we get from test. In many cases, this leads us to simpler proof in the forward case. The predicates are simpler. We also see an advantage in the expressive power of the predicates in the forward case. In forward reasonning, the predicates always contains all the alias information we can have at a given point in the proof. This is not the case in backward construction

An Approach to Compositional Reasoning about Concurrent Objects and Futures

Distributed and concurrent object-oriented systems are difficult to analyze due to the complexity of their concurrency, communication, and synchronization mechanisms. Rather than performing analysis at the code level of mainstream objectoriented languages such as Java and C++, we consider an imperative, objectoriented language with a simpler concurrency model. This language, based on concurrent objects communicating by asynchronous method calls and futures, avoids some difficulties of mainstream object-oriented programming languages related to compositionality and aliasing. In particular, reasoning about futures is handled by means of histories. Compositional verification systems facilitate system analysis, allowing components to be analyzed independently of their environment. In this paper, a compositional proof system in dynamic logic for partial correctness is established based on communication histories and class invariants. The soundness and relative completeness of this proof system follow by construction using a transformational approach from a sequential language with a non-deterministic assignment operator

Observable behavior of dynamic systems: component reasoning for concurrent objects

Current object-oriented approaches to distributed programs may be criticized in several respects. First, method calls are generally synchronous, which leads to muc

Compositional Reasoning about Shared Futures

Distributed and concurrent object-oriented systems are difficult to analyze due to the complexity of their concurrency, communication, and synchronization mechanisms. The future mechanism extends the traditional method call communication model by facilitating sharing of references to futures. By assigning method call result values to futures, third party objects may pick up these values. This may reduce the time spent waiting for replies in a distributed environment. However, futures add a level of complexity to program analysis, as the program semantics becomes more involved. This paper presents a model for asynchronously communicating objects, where return values from method calls are handled by futures. The model facilitates invariant specifications over the locally visible communication history of each object. Compositional reasoning is supported, as each object may be specified and verified independently of its environment. A kernel object-oriented language with futures inspired by the ABS modeling language is considered. A compositional proof system for this language is presented, formulated within dynamic logic