Learn More
A program verifier is a complex system that uses compiler technology, program semantics, property inference, verification-condition generation, automatic decision procedures, and a user interface. This paper describes the architecture of a state-of-the-art program verifier for object-oriented programs. A program verifier is built from a number of complex(More)
The Java Modeling Language (JML) can be used to specify the detailed design of Java classes and interfaces by adding annotations to Java source files. The aim of JML is to provide a specification language that is easy to use for Java programmers and that is supported by a wide range of tools for specification typechecking, runtime debugging, static(More)
An object invariant defines what it means for an object's data to be in a consistent state. Object invariants are central to the design and correctness of object-oriented programs. This paper defines a programming methodology for using object invariants. The methodology, which enriches a program's state space to express when each object invariant holds,(More)
The charter of SRC is to advance both the state of knowledge and the state of the art in computer systems. From our establishment in 1984 by Digital Equipment Corporation (now Compaq), we have performed basic and applied research to support the company's business objectives. Our interests span scaleable systems (including hardware, networks, distributed(More)
This note defines BoogiePL, an intermediate language for program analysis and program verification. The language is a simple coarsely typed imperative language with procedures and arrays, plus support for introducing mathematical functions and declaring properties of these functions. BoogiePL can be used to represent programs written in an imperative source(More)
We develop a logic for reasoning about object-oriented programs. The logic is for a language with an imperative semantics and aliasing, and accounts for self-reference in objects. It is much like a t ype system for objects with subtyping, but our speciications go further than types in detailing pre-and postconditions. We i n tend the logic as an analogue of(More)