Weak Arithmetic Completeness of Object-Oriented First-Order Assertion Networks

1. 28-01-2013 Weak Arithmetic Completeness of Object-Oriented First-Order Assertion Networks Stijn de Gouw, Frank S. de Boer, Richard Bubel, Wolfgang Ahrendt 1

2. Completeness: Hoare Logic Example Hoare triple: {x=0} x := x+3 {x>0} Completeness if S |= {p} Stmt {q} then {p} Stmt {q} is provable • Proof system (rules + axioms) for statements • Proof system (rules + axioms) for assertions • Expressiveness: strongest postcondition (in the example: x=3) 2

3. Existing Results Harel: completeness for arithmetical structures (incl. finite ADTs) Assertion language: first-order, addition and multiplication Tucker & Zucker: completeness for arbitrary structures Assertion language: (weak) second-order Apt: decidable assertions suffice, but only with auxiliary variables 2

4. Our result z.val := 2 3

5. Arrays as Objects Semantics: many-sorted structure S = (N, D1, …, Dn, I) where I(op) is a function/relation and op is a function/relation symbol 4

6. Proof sketch of our result • Uniforminstrumentationwithauxiliary variables • For eachcomputation step, record ifandhow the state changes Example: field assignmente.x := e’. Add array variables • pc[i] = j if line j was executed in i-thcomputation step • x’’[i]=trueif in the i-th step, the field x of some object was changed • x’[i]= <o,v> if in the i-th step, the value v was assignedto field x of object o j: pc[|pc|] := j; x’[|pc] := <e, e’>; e.x := e’; x’’[|pc|] := true; |pc| := |pc| + 1 Instrumentation allows ‘recovering’ computation in anassertion, andconsequentlycandefine ‘reachablestates’ 5

7. Conclusion • Express heap properties with auxiliary variables, only Presburger needed (decidable) • Uniform instrumentation, but ‘heavy’:can do better in special cases (example) • KeY Java theorem prover available, reasoning of object creation at abstraction level of prog language: http://keyaoc.hats-project.eu 6