Incremental Interactive Verification of the Correctness of Object-Oriented Software

Abstract

Development of correct object-oriented software is difficult, in particular if a formalised proof of its correctness is demanded.A lot of current software is developed using the object-oriented programming paradigm. This paradigm compensated for safety and security issues with imperative programming, such as manual memory management. Popularly used integrated development environments (IDEs) provide features such as debugging and unit testing to facilitate development of robust software, but hardly any development environment supports the development of provable correct software.A tight integration of a proof assistant into a widely used IDE lowers the burden for a developer to prove the correctness of her software.This dissertation introduces Kopitiam, a plugin for the industry-grade IDE Eclipse to interactively prove the correctness of Java software using separation logic. Kopitiam extends Eclipse's Java development perspective with specifications and proof script annotations, and provides an Eclipse development environment for the well-known interactive proof assistant Coq. Kopitiam does not need to be trusted, because the validity of the constructed correctness proof is checked by Coq. In this dissertation I describe the requirements of Kopitiam and solutions to implementation challenges by presenting several generations of Kopitiam. Kopitiam's usefulness is evaluated qualitatively in an experiment.I also present a formalised correctness proof of the snapshotable tree data structure. For efficiency, our implementation uses copy-on-write and shared mutable data, not observable by a client. I further use this data structure to verify the correctness of a solution to the point location problem. The results demonstrate that I am able to verify the correctness of object-oriented software which is used in the wild