Proving What Programs Do Not

One of the most difficult tasks in program verification is the "frame problem": guaranteeing that programs produce nothing more than their advertised effects. Even in a closed-world context, where the entire program is known, this is a delicate task especially in the presence of a modern programming language model with references and aliasing. As part of a general effort to verify the correctness of contract-equipped Eiffel software, involving proofs as part of a battery of verification techniques (along with others such as automatic contract-based testing), we are developing complementary approaches to mastering the frame problem, meant to be integrated in a practical proof workbench. One of these approaches relies on explicit specification of frame properties (modify/use); another infers these properties from a static analysis of the software. This is work in progress and the author reports directions of development and current advances rather than fully worked-out solutions or tools. The results include a systematic study of the aliasing phenomenon and point the way towards a general theory of object-oriented programming.