Making Whiley Boogie!

Utting, Mark; Pearce, David J.; Groves, Lindsay

doi:10.1007/978-3-319-66845-1_5

Cited by 8 publications

(6 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Outsourcing has its benefits, namely: shifting the burden of VC generation (which can be non-trivial to implement in general) to a separate, reusable tool that multiple languages can target. Notable disadvantages however include high potential for "impedance mismatches" when translating between IVLs [3], or (more commonly) when translating the constructs of the rich 'high level' specification language into the 'lower level' representation employed by a particular IVL [32]-or vice versa [10]. These mismatches in turn can complicate error reporting efforts, including VC feedback on failed verification attempts.…”

Section: Related Workmentioning

confidence: 99%

F-IDEs with Features and VCs Designed to Assist Human Reasoning When Verification Fails

Sun

Welch

Sitaraman

2021

Electron. Proc. Theor. Comput. Sci.

View full text Add to dashboard Cite

This paper summarizes our efforts to aid human reasoning when verification fails through the use of two distinct Formalization Integrated Development Environments (F-IDEs) that we have developed. Both environments are modular and facilitate reasoning about the full behavior of object-based code. The first environment, referred to as the web-IDE, has been used for several years to teach aspects of formal specification and verification, including why and where verification conditions (VCs) arise and how to use them when verification fails. The second F-IDE, RESOLVE Studio, remains experimental, but is a more fully-fledged environment backed by a sequent-based VC generator that produces VCs with fewer extraneous givens. While the environments and VC generation techniques are necessarily language specific, the principles of alternative VC generation methods, F-IDE features, and observations about their impact on novices and experienced users are more generally applicable.1 https://resolve.cs.clemson.edu/teaching 2 https://www.jetbrains.com/

show abstract

Section: Related Workmentioning

confidence: 99%

F-IDEs with Features and VCs Designed to Assist Human Reasoning When Verification Fails

Sun

Welch

Sitaraman

2021

Electron. Proc. Theor. Comput. Sci.

View full text Add to dashboard Cite

show abstract

“…Languages such as Dependent JavaScript [10] and Refined TypeScript [33] incorporate sophisticated type systems, but the power of the e in T predicate and semantic subtyping (supported by SRS) seems to be particularly suited for programming REST clients. Whiley [26] is a programming language that features a rich type system and flow typing; it uses Boogie only to check the verification conditions [31]. Contrary to SRS, neither of these solutions specifically addresses REST calls.…”

Section: Related Workmentioning

confidence: 99%

SafeRESTScript: Statically Checking REST API Consumers

Burnay,

Lopes,

Vasconcelos

2020

Preprint

View full text Add to dashboard Cite

Consumption of REST services has become a popular means of invoking code provided by third parties, particularly in web applications. Nowadays programmers of web applications can choose TypeScript over JavaScript to benefit from static type checking that enables validating calls to local functions or to those provided by libraries. Errors in calls to REST services, however, can only be found at run-time.In this paper, we present SafeRESTScript (SRS, for short) a language that extends the support of static analysis to calls to REST services, with the ability to statically find common errors such as missing or invalid data in REST calls and misuse of the results from such calls. SafeRESTScript features a syntax similar to JavaScript and is equipped with (i) a rich collection of types-including objects, arrays and refinement types-and (ii) primitives to natively support REST calls that are statically validated against specifications of the corresponding APIs. Specifications are written in HeadREST, a language that also features refinement types and supports the description of semantic aspects of REST APIs in a style reminiscent of Hoare triples. We present SafeRESTScript and its validation system, based on a generalpurpose verification tool (Boogie). The evaluation of SafeRESTScript and of the prototype implementations for its validator, available in the form of an Eclipse plugin, is also discussed.

show abstract

“…Whiley is a programming language with first-class support for software specifications that is designed to simplify verification [75,76,77,78,79,80,93,96,97,98]. For example, arithmetic types in Whiley consist of unbounded integers and explicit support is provided for distinguishing between pure functions versus side-effecting methods.…”

Section: Introductionmentioning

confidence: 99%

Finding Bugs with Specification-Based Testing is Easy!

Chin¹,

Pearce²

2021

Programming

View full text Add to dashboard Cite

Automated specification-based testing has a long history with several notable tools having emerged. For example, QuickCheck for Haskell focuses on testing against user-provided properties. Others, such as JMLUnit, use specifications in the form of pre-and post-conditions to drive testing. An interesting (and under-explored) question is how effective this approach is at finding bugs in practice. In general, one would assume automated testing is less effective at bug finding than static verification. But, how much less effective? To shed light on this question, we consider automated testing of programs written in Whiley -a language with first-class support for specifications. Whilst originally designed with static verification in mind, we have anecdotally found automated testing for Whiley surprisingly useful and cost-effective. For example, when an error is detected with automated testing, a counterexample is always provided. This has motivated the more rigorous empirical examination presented in this paper. To that end, we provide a technical discussion of the implementation behind an automated testing tool for Whiley. Here, a key usability concern is the ability to parameterise the input space, and we present novel approaches for references and lambdas. We then report on several large experiments investigating the tool's effectiveness at bug finding using a range of benchmarks, including a suite of 1800+ mutants. The results indicate the automated testing is effective in many cases, and that sampling offers useful performance benefits with only modest reductions in bug-finding capability. Finally, we report on some real-world uses of the tool where it has proved effective at finding bugs (such as in the standard library). ACM CCS 2012Software and its engineering → Software testing and debugging; Theory of computation → Automated reasoning;

show abstract

Making Whiley Boogie!

Cited by 8 publications

References 27 publications

F-IDEs with Features and VCs Designed to Assist Human Reasoning When Verification Fails

F-IDEs with Features and VCs Designed to Assist Human Reasoning When Verification Fails

SafeRESTScript: Statically Checking REST API Consumers

Finding Bugs with Specification-Based Testing is Easy!

Contact Info

Product

Resources

About