TY - GEN
T1 - coma, an Intermediate Verification Language with Explicit Abstraction Barriers
AU - Paskevich, Andrei
AU - Patault, Paul
AU - Filliâtre, Jean Christophe
N1 - Publisher Copyright:
© The Author(s) 2025.
PY - 2025/1/1
Y1 - 2025/1/1
N2 - We introduce coma, a formally defined intermediate verification language. Specification annotations in coma take the form of assertions mixed with the executable program code. A special programming construct representing the abstraction barrier is used to separate, inside a subroutine, the “interface” part of the code, which is verified at every call site, from the “implementation” part, which is verified only once, at the definition site. In comparison with traditional contract-based specification, this offers us an additional degree of freedom, as we can provide separate specification (or none at all) for different execution paths. We define a verification condition generator for coma and prove its correctness. For programs where specification is given in a traditional way, with abstraction barriers at the function entries and exits, our verification conditions are similar to the ones produced by a classical weakest-precondition calculus. For programs where abstraction barriers are placed in the middle of a function definition, the user-written specification is seamlessly completed with the verification conditions generated for the exposed part of the code. In addition, our procedure can factorize selected subgoals on the fly, which leads to more compact verification conditions. We illustrate the use of coma on two non-trivial examples, which have been formalized and verified using our implementation: a second-order regular expression engine and a sorting algorithm written in unstructured assembly code.
AB - We introduce coma, a formally defined intermediate verification language. Specification annotations in coma take the form of assertions mixed with the executable program code. A special programming construct representing the abstraction barrier is used to separate, inside a subroutine, the “interface” part of the code, which is verified at every call site, from the “implementation” part, which is verified only once, at the definition site. In comparison with traditional contract-based specification, this offers us an additional degree of freedom, as we can provide separate specification (or none at all) for different execution paths. We define a verification condition generator for coma and prove its correctness. For programs where specification is given in a traditional way, with abstraction barriers at the function entries and exits, our verification conditions are similar to the ones produced by a classical weakest-precondition calculus. For programs where abstraction barriers are placed in the middle of a function definition, the user-written specification is seamlessly completed with the verification conditions generated for the exposed part of the code. In addition, our procedure can factorize selected subgoals on the fly, which leads to more compact verification conditions. We illustrate the use of coma on two non-trivial examples, which have been formalized and verified using our implementation: a second-order regular expression engine and a sorting algorithm written in unstructured assembly code.
UR - https://www.scopus.com/pages/publications/105004796049
U2 - 10.1007/978-3-031-91121-7_8
DO - 10.1007/978-3-031-91121-7_8
M3 - Conference contribution
AN - SCOPUS:105004796049
SN - 9783031911200
T3 - Lecture Notes in Computer Science
SP - 175
EP - 201
BT - Programming Languages and Systems - 34th European Symposium on Programming, ESOP 2025, Held as Part of the International Joint Conferences on Theory and Practice of Software, ETAPS 2025, Proceedings
A2 - Vafeiadis, Viktor
PB - Springer Science and Business Media Deutschland GmbH
T2 - 34th European Symposium on Programming, ESOP 2025, which was held as part of the International Joint Conferences on Theory and Practice of Software, ETAPS 2025
Y2 - 3 May 2025 through 8 May 2025
ER -