Relational Semantics of Procedures

Procedure Contracts and Their Meaning

Reasoning about Procedures by Inlining Contracts

Frame Conditions and Invariants

Specification Variables with Definitions: ListReverse.java

Ghost Specification Variables: CursorList.java

• variables that are under user
• public and private invariants
• specifying simple iterators

Modeling Cycles: CircularList.java

(Implicit) Dynamic Frames

• Hiding Reusable Objects (not Just Fields or inner classes) by using Variables in Modifies Clauses

Doing Proofs Using Specification Variables: PriorityQueueAnnot.java

• more in this paper

Continued in Lecture 19