Bernhard Beckert

Verification of object-oriented software: The KeY approach

The ultimate goal of program verification is not the theory behind the tools or the tools themselves, but the application of the theory and tools in the software engineering process. Our society relies on the correctness of a vast and growing amount of software. Improving the software engineering process is an important, long-term goal with many steps. Two of those steps are the KeY tool and this KeY book. The material is presented on an advanced level suitable for graduate courses and, of course, active researchers with an interest in verification. The underlying verification paradigm is deductive verification in an expressive program logic. The logic used for reasoning about programs is not a minimalist version suitable for theoretical investigations, but an industrial-strength version. The first-order part is equipped with a type system for modelling of object hierarchies, with underspecification, and with various built-in theories. The program logic covers full Java Card (plus a bit more such as multi-dimensional arrays, characters, and long integers). A lot of emphasis is thereby put on specification, including two widely-used object-oriented specification languages (OCL and JML) and even an interface to natural language generation. The generation of proof obligations from specified code is discussed at length. The book is rounded off by two substantial case studies that are included and presented in detail.

The KeY tool

KeY is a tool that provides facilities for formal specification and verification of programs within a commercial platform for UML based software development. Using the KeY tool, formal methods and object-oriented development techniques are applied in an integrated manner. Formal specification is performed using the Object Constraint Language (OCL), which is part of the UML standard. KeY provides support for the authoring and formal analysis of OCL constraints. The target language of KeY based development is Java Card DL, a proper subset of Java for smart card applications and embedded systems. KeY uses a dynamic logic for Java Card DL to express proof obligations, and provides a state-of-the-art theorem prover for interactive and automated verification. Apart from its integration into UML based software development, a characteristic feature of KeY is that formal specification and verification can be introduced incrementally.

leanTAP: Lean tableau-based deduction

Abstract“prove ((E, F), A, B, C, D) : - !, prove (E, [F ∣ A], B, C, D).prove ((E; F), A, B, C, D) : - !, prove (E, A, B, C, D), prove (F, A, B, C, D).prove (all(H, I), A, B, C, D) : - !, ∖+ length (C, D), copy_term ((H, I, C), (G, F, C)), append (A, [all (H, I)], E), prove(F, E, B, [G ∣ C], D).prove (A,_, [C ∣ D] ,_, _) :-((A= − (B); − (A) = B)) -> (unify(B, C); prove (A, [], D,_,_)).prove (A, [E ∣ F], B, C, D): - prove (E, F, [A∣B], C,D).”implements a first-order theorem prover based on free-variable semantic tableaux. It is complete, sound, and efficient.

A Dynamic Logic for the Formal Verification of Java Card Programs

In this paper, we define a program logic (an instance of Dynamic Logic) for formalising properties of JAVA CARD programs, and we give a sequent calculus for formally verifying such properties. The purpose of this work is to provide a framework for software verification that can be integrated into real-world software development processes.

Formal Verification of Object-Oriented Software

This book presents the thoroughly refereed post-conference proceedings of the International Conference on Formal Verification of Object-Oriented Software, FoVeOOS 2010, held in Paris, France, in June 2010 - organised by COST Action IC0701. The 11 revised full papers presented together with 2 invited talks were carefully reviewed and selected from 21 submissions. Formal software verification has outgrown the area of academic case studies, and industry is showing serious interest. The logical next goal is the verification of industrial software products. Most programming languages used in industrial practice are object-oriented, e.g. Java, C++, or C#. FoVeOOS 2010 aimed to foster collaboration and interactions among researchers in this area

The Even More Liberalized delta-Rule in Free Variable Semantic Tableaux

In this paper we have a closer look at one of the rules of the tableau calculus presented in [3], called the δ-rule, and the modification of this rule, that has been proved to be sound and complete in [6], called the δ+-rule, which uses fewer free variables. We show that, an even more liberalized version, the \(\delta ^{ + ^ + }\)-rule, that in addition reduces the number of different Skolem-function symbols that have to be used, is also sound and complete. Examples show the relevance of this modification for building tableau-based theorem provers.

The KeY Approach: Integrating Object Oriented Design and Formal Verification

This paper reports on the ongoing KeY project aimed at bridging the gap between (a) object-oriented software engineering methods and tools and (b) deductive verification. A distinctive feature of our approach is the use of a commercial CASE tool enhanced with functionality for formal specification and deductive verification.

Free Variable Tableaux for Propositional Modal Logics

We present a sound, complete, modular and lean labelled tableau calculus for many propositional modal logics where the labels contain “free” and “universal” variables. Our “lean” Prolog implementation is not only surprisingly short, but compares favourably with other considerably more complex implementations for modal deduction.

Transformations between signed and classical clause logic

In the last years two automated reasoning techniques for clause normal form arose in which the use of labels are prominently featured: signed logic and annotated logic programming, which can be embedded into the first. The underlying basic idea is to generalise the classical notion of a literal by adorning an atomic formula with a sign or label which in general consists of a possibly ordered set of truth values. In this paper we relate signed logic and classical logic more closely than before by defining two new transformations between them. As a byproduct we obtain a number of new complexity results and proof procedures for signed logics.

The SAT problem of signed CNF formulas

Signed conjunctive normal form (signed CNF) is a classical conjunctive clause form using a generalised notion of literal, called signed literal.A signed literal is an expression of the form S:p, where p is a classical atom and S, its sign, is a subset of a domain N.The informal meaning is “p takes one of the values in S”.Signed formulas are a logical language for knowledge representation that lies in the intersection of the areas constraint programming (CP) many-valued logic (MVL), and annotated logic programming (ALP). This central role of signed CNF justifies a detailed study of its subclasses including algorithms for and complexities of associated satisfiability problems (SAT problems). Although signed logic is used since the 1960s, there are only few systematic investigations of its properties. In contrast to work done in ALP and MVL, our present work is a more fine-grained study for the case of propositional CNF. We highlight the most interesting lines of current research: (i) signed versions of some main proponents of classical deduction systems including non-trivial refinements having no classical counterpart; (ii) incomplete local search methods for satisfiability checking of signed formulas; (iii) phase transition phenomena as known, for example, from classical SAT and the influence of the cardinality of N on the crossover point; (iv) the complexity of the SAT problem for signed CNF and its subclasses.