Formal Specification and Verification of JDK’s Identity Hash Map Implementation

Hash maps are a common and important data structure in efficient algorithm implementations. Despite their wide-spread use, real-world implementations are not regularly verified. In this paper, we present the first case study of the IdentityHashMap class in the Java JDK. We specified its behavior using the Java Modeling Language (JML) and proved correctness for the main insertion and lookup methods with KeY, a semi-interactive theorem prover for JML-annotated Java programs. Furthermore, we report how unit testing and bounded model checking can be leveraged to find a suitable specification more quickly. We also investigated where the bottlenecks in the verification of hash maps lie for KeY by comparing required automatic proof effort for different hash map implementations and draw conclusions for the choice of hash map implementations regarding their verifiability.

[1]  Jakob Zwirchmayr,et al.  Model Checking AUTOSAR Components with CBMC , 2021, 2021 Formal Methods in Computer Aided Design (FMCAD).

[2]  Frank S. de Boer,et al.  History-Based Specification and Verification of Java Collections in KeY , 2020, IFM.

[3]  Thomas Thüm,et al.  Experience Report on Formally Verifying Parts of OpenJDK's API with KeY , 2018, F-IDE@FLoC.

[4]  Daniel Kroening,et al.  JBMC: A Bounded Model Checking Tool for Verifying Java Bytecode , 2018, CAV.

[5]  Daniel Kroening,et al.  Model checking boot code from AWS data centers , 2018, Formal Methods in System Design.

[6]  Bernhard Beckert,et al.  Proving JDK's Dual Pivot Quicksort Correct , 2017, VSTTE.

[7]  François Pottier,et al.  Verifying a hash table and its iterators in higher-order separation logic , 2017, CPP.

[8]  Reiner Hähnle,et al.  A General Lattice Model for Merging Symbolic Execution Branches , 2016, ICFEM.

[9]  Daniel Kroening,et al.  Verification of tree-based hierarchical read-copy update in the Linux kernel , 2016, 2018 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[10]  Nadia Polikarpova,et al.  Formal Aspects of Computing Formal Aspects of Computing A fully verified container library , 2017 .

[11]  David R. Cok,et al.  OpenJML: Software verification for Java 7 using JML, OpenJDK, and Eclipse , 2014, F-IDE.

[12]  Gary T. Leavens,et al.  Behavioral interface specification languages , 2012, CSUR.

[13]  David R. Cok,et al.  OpenJML: JML for Java 7 by Extending OpenJDK , 2011, NASA Formal Methods.

[14]  Daniel M. Zimmerman,et al.  JMLUnit: The Next Generation , 2010, FoVeOOS.

[15]  Michael Norrish,et al.  seL4: formal verification of an OS kernel , 2009, SOSP '09.

[16]  Stefan Kowalewski,et al.  Model checking C source code for embedded systems , 2009, International Journal on Software Tools for Technology Transfer.

[17]  Daniel Jackson,et al.  Elements of style: analyzing a software design feature with a counterexample detector , 1996, ISSTA '96.

[18]  Bertrand Meyer,et al.  Applying 'design by contract' , 1992, Computer.

[19]  Bernhard Beckert,et al.  Modular Verification of JML Contracts Using Bounded Model Checking , 2020, ISoLA.

[20]  Bernhard Beckert,et al.  Deductive Software Verification – The KeY Book , 2016, Lecture Notes in Computer Science.

[21]  Robert Sedgewick,et al.  Algorithms, 4th Edition , 2011 .