Peter H. Schmitt

Verification of object-oriented software: The KeY approach

The ultimate goal of program verification is not the theory behind the tools or the tools themselves, but the application of the theory and tools in the software engineering process. Our society relies on the correctness of a vast and growing amount of software. Improving the software engineering process is an important, long-term goal with many steps. Two of those steps are the KeY tool and this KeY book. The material is presented on an advanced level suitable for graduate courses and, of course, active researchers with an interest in verification. The underlying verification paradigm is deductive verification in an expressive program logic. The logic used for reasoning about programs is not a minimalist version suitable for theoretical investigations, but an industrial-strength version. The first-order part is equipped with a type system for modelling of object hierarchies, with underspecification, and with various built-in theories. The program logic covers full Java Card (plus a bit more such as multi-dimensional arrays, characters, and long integers). A lot of emphasis is thereby put on specification, including two widely-used object-oriented specification languages (OCL and JML) and even an interface to natural language generation. The generation of proof obligations from specified code is discussed at length. The book is rounded off by two substantial case studies that are included and presented in detail.

The KeY tool

KeY is a tool that provides facilities for formal specification and verification of programs within a commercial platform for UML based software development. Using the KeY tool, formal methods and object-oriented development techniques are applied in an integrated manner. Formal specification is performed using the Object Constraint Language (OCL), which is part of the UML standard. KeY provides support for the authoring and formal analysis of OCL constraints. The target language of KeY based development is Java Card DL, a proper subset of Java for smart card applications and embedded systems. KeY uses a dynamic logic for Java Card DL to express proof obligations, and provides a state-of-the-art theorem prover for interactive and automated verification. Apart from its integration into UML based software development, a characteristic feature of KeY is that formal specification and verification can be introduced incrementally.

Automated Deduction — A Basis for Applications

Volume I: Foundations. Calculi and Methods. Preface W. Bibel, P.H. Schmitt. Part One: Tableau and Connection Calculi. Introduction U. Furbach. 1. Analytic Tableaux B. Beckert, R. Hahnle. 2. Clausal Tableaux R. Letz. 3. Variants of Clausal Tableaux P. Baumgartner, U. Furbach. 4. Cuts in Tableaux U. Egly. 5. Compressions and Extensions W. Bibel, et al. Part Two: Special Calculi and Refinements. Introduction U. Petermann. 6. Theory Reasoning P. Baumgartner, U. Petermann. 7. Unification Theory F. Baader, K.U. Schulz. 8. Rigid E-Unification B. Beckert. 9. Sorted Unification and Tree Automata C. Weidenbach. 10. Dimensions of Types in Logic Programming G. Meyer, C. Beierle. 11. Equational Reasoning in Saturation-Based Theorem Proving L. Bachmair, H. Ganzinger. 12. Higher-Order Rewriting and Equational Reasoning T. Nipkow, C. Prehofer. 13. Higher-Order Automated Theorem Proving M. Kohlhase. Index. Volume II: Systems and Implementation Techniques. Introduction T. Nipkow, W. Reif. 1. Structured Specifications and Interactive Proofs with KIV W. Reif, et al. 2. Proof Theory at Work: Program Development in the Minlog System H. Benl, et al. 3. Interactive and Automated Proof Construction in Type Theory M. Strecker, et al. 4. Integrating Automated and Interactive Theorem Proving W. Ahrendt, et al. Part Two: Representation and Optimization Techniques. Introduction J. Siekmann, D. Fehrer. 5. Term Indexing P. Graf, D. Fehrer. 6. Developing Deduction Systems: The Toolbox Style D. Fehrer. 7. Specifications of Inference Rules: Extensions of the PTTP Technique G. Neugebauer, U. Petermann. 8. Proof Analysis, Generalization and Reuse T. Kolbe, C. Walther. Part Three: Parallel Inference Systems. Introduction W. Kuchlin. 9. Parallel Term Rewriting with PaReDuX R. Bundgen, et al. 10. Parallel Theorem Provers Based on SETHEO J. Schumann, et al. 11. Massively Parallel Reasoning S.-E. Bornscheuer, et al. Part Four: Comparison and Cooperation of Theorem Provers. Introduction J. Avenhaus. 12. Extension Methods in Automated Deduction M. Baaz, et al. 13. A Comparison of Equality Reasoning Heuristics J. Denzinger, M. Fuchs. 14. Cooperating Theorem Provers J. Denzinger, I. Dahn. Index. Volume III: Applications. Part One: Automated Theorem Proving in Mathematics. Introduction M. Kohlhase. 1. Lattice-Ordered Groups in Deduction I. Dahn. 2. Superposition Theorem Proving for Commutative Rings J. Stuber. 3. How to Augment a Formal System with a Boolean Algebra Component H.J. Ohlbach, J. Kuhler. 4. Proof Planning: A practical Approach to Mechanized Reasoning in Mathematics M. Kerber. Part Two: Automated Deduction in Software Engineering and hardware Design. Introduction J. Schumann. 5. Program Synthesis C. Kreitz. 6. Termination Analysis for Functional Programs J. Giesl, et al. 7. The WAM Case Study: Verifying Compiler Correctness for Prolog with KIV G. Schellhorn, W. Ahrendt. 8. Using Automated Theorem Provers in Verification of Protocols I. Dahn, J. Schumann. 9. Theorem Proving in Large Theories W. Reif, G. Schellhorn. 10. Analyzing Rule Sets for the Calculation of Banking Fees by a Theorem Prover with Constraints F. Stolzenburg, B. Thomas. 11. Deduction-Based Software Component Retrieval B. Fischer, et al. 12. Rewrite Based hardware Verification with ReDuX R. Bundgen. Index.

The Liberalized delta-Rule in Free Variable Semantic Tableaux

In this paper we have a closer look at one of the rules of the tableau calculus presented by Fitting [4], called the δ-rule. We prove that a modification of this rule, called the δ+-rule, which uses fewer free variables, is also sound and complete. We examine the relationship between the δ+-rule and variations of the δ-rule presented by Smullyan [9]. This leads to a second proof of the soundness of the δ+-rule. An example shows the relevance of this modification for building tableau-based theorem provers.

An order-sorted logic for knowledge representation systems

Abstract Hybrid knowledge representation systems (such as those of the KL-ONE family) distinguish between taxonomical information (that is represented in the T-Box) and assertional information (which is contained in the A-Box). The basic concepts that establish a particular view of the world are considered static and given, once the knowledge base is set up, and these concepts are represented in the taxonomical hierarchy of the T-Box. For some applications in natural language processing this approach is insufficient as the taxonomical hierarchy may be changed while parsing new sentences. It may thus become necessary to express the changing taxonomical information in both the taxonomical hierarchy (the T-Box) and in the assertional knowledge base (the A-Box). In this case the notorious problems of coupling the two kinds of information (i.e. the A-Box and the T-Box) within one deductive calculus become even more complex, and we distinguish two approaches: a close coupling and a loose coupling. Within the framework of an order-sorted predicate logic we present a close coupling between the taxonomic information (that is expressed in the sort hierarchy) and the axiomatic part. We give a rigorous model-theoretic semantics, and present a deduction calculus that is based on three specially tailored rules of inference (extended order-sorted resolution, subsort resolution, and elimination). These rules are shown to be sound and complete for a clausal knowledge base which represents taxonomic information partly through sorts and partly by explicit sortal predication. This approach has been implemented in the knowledge representation language LLILOG which is used in a natural language understanding project for German.

The Even More Liberalized delta-Rule in Free Variable Semantic Tableaux

In this paper we have a closer look at one of the rules of the tableau calculus presented in [3], called the δ-rule, and the modification of this rule, that has been proved to be sound and complete in [6], called the δ+-rule, which uses fewer free variables. We show that, an even more liberalized version, the \(\delta ^{ + ^ + }\)-rule, that in addition reduces the number of different Skolem-function symbols that have to be used, is also sound and complete. Examples show the relevance of this modification for building tableau-based theorem provers.

The KeY Approach: Integrating Object Oriented Design and Formal Verification

This paper reports on the ongoing KeY project aimed at bridging the gap between (a) object-oriented software engineering methods and tools and (b) deductive verification. A distinctive feature of our approach is the use of a commercial CASE tool enhanced with functionality for formal specification and deductive verification.

The KeY System: Integrating Object-Oriented Design and Formal Methods

This paper gives a brief description of the KeY system, a tool written as part of the ongoing KeY project, which is aimed at bridging the gap between (a) OO software engineering methods and tools and (b) deductive verification. The KeY system consists of a commercial CASE tool enhanced with functionality for formal specification and deductive verification.

The KeY Platform for Verification and Analysis of Java Programs

The KeY system offers a platform of software analysis tools for sequential Java. Foremost, this includes full functional verification against contracts written in the Java Modeling Language. But the approach is general enough to provide a basis for other methods and purposes: (i) complementary validation techniques to formal verification such as testing and debugging, (ii) methods that reduce the complexity of verification such as modularization and abstract interpretation, (iii) analyses of non-functional properties such as information flow security, and (iv) sound program transformation and code generation. We show that deductive technology that has been developed for full functional verification can be used as a basis and framework for other purposes than pure functional verification. We use the current release of the KeY system as an example to explain and prove this claim.

Deductive Software Verification - The KeY Book

Static analysis of software with deductive methods is a highly dynamic field of research on the verge of becoming a mainstream technology in software engineering. It consists of a large portfolio of - mostly fully automated - analyses: formal verification, test generation, security analysis, visualization, and debugging. All of them are realized in the state-of-art deductive verification framework KeY. This book is the definitive guide to KeY that lets you explore the full potential of deductive software verification in practice. It contains the complete theory behind KeY for active researchers who want to understand it in depth or use it in their own work. But the book also features fully self-contained chapters on the Java Modeling Language and on Using KeY that require nothing else than familiarity with Java. All other chapters are accessible for graduate students (M.Sc. level and beyond). The KeY framework is free and open software, downloadable from the book companion website which contains also all code examples mentioned in this book.