Abstract
Type systems and modern type checkers can be used very successfully to obtain formal correctness guarantees with little specification overhead. However, type systems in practical scenarios have to trade precision for decidability and scalability. Tools for deductive verification, on the other hand, can prove general properties in more cases than a typical type checker can, but they do not scale well. We present a method to complement the scalability of expressive type systems with the precision of deductive program verification approaches. This is achieved by translating the type uses whose correctness the type checker cannot prove into assertions in a specification language, which can be dealt with by a deductive verification tool. Type uses whose correctness the type checker can prove are instead turned into assumptions to aid the verification tool in finding a proof.Our novel approach is introduced both conceptually for a simple imperative language, and practically by a concrete implementation for the Java programming language. The usefulness and power of our approach has been evaluated by discharging known false positives from a real-world program and by a small case study.
Highlights
Type systems are used very successfully to obtain formal correctness guarantees with little specification overhead
We show that our approach can be used to detect false positives in type checking by applying the Java Modeling Language (JML) translation to several code snippets taken from Daikon [Ernst et al 2007]
We demonstrate our approach in a case study in the form of a small program that was annotated with property qualifiers, type checked using the generic property type checker, and the JML translation is checked by KeY and OpenJML
Summary
Type systems are used very successfully to obtain formal correctness guarantees with little specification overhead. Tools for deductive verification, on the other hand, can prove the properties behind a type system (non-nullness in the example) more often than a typical type checker can This increase in completeness comes at a price and they do not scale as well as type systems. The type-enriched program can be checked by an automatic, well-scaling type checker Those remaining few false positives that could not be discharged by the type checker are presented to a program verification tool which can use its full reasoning power to discharge the remaining formal obligations using deductive reasoning. A realization of the approach for Java using the Checker Framework for pluggable property types, and KeY and OpenJML for deductive verification.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
