Implementation-level verification of algorithms with KeY

Bruns, Daniel; Mostowski, Wojciech; Ulbrich, Mattias

doi:10.1007/s10009-013-0293-y

Cited by 10 publications

(9 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A JML* specification of red-black trees was proposed in [30], but the specification has not been verified. A successful deductive verification of a tree operation specified in JML* has been reported in [31]. However, they use extensions to JML such as abstract data types and complex frame conditions that cannot be reduced to standard JML.…”

Section: Applying the Approach To Treesmentioning

confidence: 98%

Specifying linked data structures in JML for combining formal verification and testing

Gladisch

Tyszberowicz

2015

Science of Computer Programming

View full text Add to dashboard Cite

We show how to write concise and readable specifications of linked data structures that are applicable for both formal deductive verification and testing. A singly linked list and a binary search tree are provided as examples. The main characteristic of the specifications is the use of observer methods, in particular to express reachability of elements in a data structure. The specifications are written in the Java Modeling Language (JML) and do not require extensions of that language. This paper addresses a mixed audience of users and developers in the fields of formal verification, testing, and specification language design. We provide an in-depth description of the proposed specifications and analyze the implications both for verification and testing. Based on this analysis we have developed verification techniques that are implemented in the deductive verification tool KeY and enable fully automatic verification of the linked list example. This techniques are also described in this paper.

show abstract

Section: Applying the Approach To Treesmentioning

confidence: 98%

Specifying linked data structures in JML for combining formal verification and testing

Gladisch

Tyszberowicz

2015

Science of Computer Programming

View full text Add to dashboard Cite

show abstract

“…@ accessible footprintUntilLeft(t); @ measured_by height; @ model boolean leftSubTree(Tree t) { return t == this || (left != null && left.leftSubTree(t)); } @*/ Figure 5. An excerpt of the solution to the Tree challenge from [5].…”

Section: Terminationmentioning

confidence: 99%

Dynamic dispatch for method contracts through abstract predicates

Mostowski

Ulbrich²

2015

Proceedings of the 14th International Conference on Modularity

Self Cite

View full text Add to dashboard Cite

Dynamic method dispatch is a core feature of object-oriented programming by which the executed implementation for a polymorphic method is only chosen at runtime. In this paper, we present a specification and verification methodology which extends the concept of dynamic dispatch to design-by-contract specifications.The formal specification language JML has only rudimentary means for polymorphic abstraction in expressions. We promote these to fully flexible specification-only query methods called model methods that can, like ordinary methods, be overridden to give specifications a new semantics in subclasses in a transparent and modular fashion. Moreover, we allow them to refer to more than one program state which give us the possibility to fully abstract and encapsulate two-state specification contexts, i.e., history constraints and method postconditions.We provide the semantics for model methods by giving a translation into a first order logic and according proof obligations. We fully implemented this framework in the KeY program verifier and successfully verified relevant examples.

show abstract

“…Although this challenge does not, e.g., require the use of two-state model methods or in fact even inheritance, the solution that uses model methods is far more elegant than all the other solutions we have (unsuccessfully) tried previously. The challenge and our solution are described in full in [9], here we only present the essence of our solution.…”

Section: Model Methods In Practicementioning

confidence: 99%

Transactions on Modularity and Composition I

Chiba¹,

Leavens²,

Ziarek³

et al. 2016

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Dynamic method dispatch is a core feature of object-oriented programming by which the executed implementation for a polymorphic method is only chosen at runtime. In this paper, we present a specification and verification methodology which extends the concept of dynamic dispatch to design-by-contract specifications.The formal specification language JML has only rudimentary means for polymorphic abstraction in expressions. We promote these to fully flexible specification-only query methods called model methods that can, like ordinary methods, be overridden to give specifications a new semantics in subclasses in a transparent and modular fashion. Moreover, we allow them to refer to more than one program state which give us the possibility to fully abstract and encapsulate two-state specification contexts, i.e., history constraints and method postconditions. Finally, we provide an elegant and flexible mechanism to specify restrictions on specifications in subtypes. Thus behavioural subtyping can be enforced, yet it still allows for other specification paradigms.We provide the semantics for model methods by giving a translation into a first order logic and according proof obligations. We fully implemented this framework in the KeY program verifier and successfully verified relevant examples. We have also implemented an extension to KeY to support permission-based verification of concurrent Java programs. In this context model methods provide a modular specification method to treat code synchronisation through API methods.

show abstract

Implementation-level verification of algorithms with KeY

Cited by 10 publications

References 21 publications

Specifying linked data structures in JML for combining formal verification and testing

Specifying linked data structures in JML for combining formal verification and testing

Dynamic dispatch for method contracts through abstract predicates

Transactions on Modularity and Composition I

Contact Info

Product

Resources

About