Proving and Disproving in Dynamic Logic for Java

This thesis is about proving the functional correctness and incorrectness of imperative, object-oriented programs. One of the main approaches for the first item is deductive program verification, whereas the second item is traditionally handled by techniques like testing. In this thesis, we show how both correctness and incorrectness can be covered by dynamic logic for Java (a program logic) and be handled using similar techniques. The theorem prover KeY, which provides an implementation of dynamic logic for Java, was used for experiments and was extended for this purpose. We introduce the concept of taclets, which is the rule language that is used to implement the calculus for Java dynamic logic in KeY. Apart from a detailed introduction of the language and complete definitions of the semantics of taclets, reasoning about the correctness of taclets is discussed. This part of the thesis is the most complete account on taclets so far. The concept of updates is described, which is the central component for performing symbolic execution in Java dynamic logic. Updates are systematically developed as an imperative programming language that provides the following constructs: assignments, guards, sequential composition and bounded as well as unbounded parallel composition. The language is equipped both with a denotational semantics and a correct rewriting system for execution, whereby the latter is a generalisation of the syntactic application of substitutions. The normalisation of updates is discussed.

[1]  Martin Giese,et al.  Taclets and the KeY Prover , 2004, UITP@TPHOLs.

[2]  Bertrand Meyer,et al.  Object-Oriented Software Construction, 2nd Edition , 1997 .

[3]  Mary Lou Soffa,et al.  Automated test data generation using an iterative relaxation method , 1998, SIGSOFT '98/FSE-6.

[4]  Jon Edvardsson,et al.  A Survey on Automatic Test Data Generation , 2002 .

[5]  Koen Claessen,et al.  QuickCheck: a lightweight tool for random testing of Haskell programs , 2000, ICFP.

[6]  Tobias Nipkow,et al.  Machine-Checking the Java Specification: Proving Type-Safety , 1999, Formal Syntax and Semantics of Java.

[7]  G. Plotkin,et al.  Proof, language, and interaction: essays in honour of Robin Milner , 2000 .

[8]  Amy P. Felty,et al.  The Coq proof assistant user's guide : version 5.6 , 1990 .

[9]  Chang Liu,et al.  Term rewriting and all that , 2000, SOEN.

[10]  Lars-Åke Fredlund,et al.  A verification tool for ERLANG , 2003, International Journal on Software Tools for Technology Transfer.

[11]  Natarajan Shankar,et al.  PVS: Combining Specification, Proof Checking, and Model Checking , 1996, FMCAD.

[12]  Arnd Poetzsch-Heffter,et al.  An Architecture for Interactive Program Provers , 2000, TACAS.

[13]  K. Rustan M. Leino,et al.  The Spec# Programming System: An Overview , 2004, CASSIS.

[14]  Greg Nelson,et al.  A generalization of Dijkstra's calculus , 1989, ACM Trans. Program. Lang. Syst..

[15]  Yuri Gurevich,et al.  Evolving algebras 1993: Lipari guide , 1995, Specification and validation methods.

[16]  Bart Jacobs,et al.  Reasoning about Java classes: preliminary report , 1998, OOPSLA '98.

[17]  G. Gentzen Untersuchungen über das logische Schließen. I , 1935 .

[18]  J. Michael Spivey,et al.  The Z notation - a reference manual , 1992, Prentice Hall International Series in Computer Science.

[19]  David Detlefs,et al.  Simplify: a theorem prover for program checking , 2005, JACM.

[20]  K. Claessen,et al.  New Techniques that Improve MACE-style Finite Model Finding , 2007 .

[21]  Lennart Augustsson,et al.  Cayenne—a language with dependent types , 1998, ICFP '98.

[22]  Bernhard Beckert,et al.  Dynamic Logic , 2007, The KeY Approach.

[23]  Krzysztof R. Apt,et al.  Ten Years of Hoare's Logic: A Survey—Part I , 1981, TOPL.

[24]  Maritta Heisel,et al.  Program Verification by Symbolic Execution and Induction , 1987, GWAI.

[25]  Bernhard Beckert,et al.  Verification of Object-Oriented Software. The KeY Approach - Foreword by K. Rustan M. Leino , 2007, The KeY Approach.

[26]  M. E. Szabo,et al.  The collected papers of Gerhard Gentzen , 1969 .

[27]  Nachum Dershowitz,et al.  In handbook of automated reasoning , 2001 .

[28]  Sarfraz Khurshid,et al.  Korat: automated testing based on Java predicates , 2002, ISSTA '02.

[29]  Klaus Havelund,et al.  Model Checking Programs , 2004, Automated Software Engineering.

[30]  Philipp Rümmer,et al.  Ensuring the Correctness of Lightweight Tactics for JavaCard Dynamic Logic , 2008, Electron. Notes Theor. Comput. Sci..

[31]  Hanbing Liu,et al.  Java Program Verification via a JVM Deep Embedding in ACL2 , 2004, TPHOLs.

[32]  Wolfgang Reif,et al.  Flaw Detection in Formal Specifications , 2001, IJCAR.

[33]  Peter W. O'Hearn,et al.  Symbolic Execution with Separation Logic , 2005, APLAS.

[34]  Robert Geisler,et al.  InterACT: An Interactive Theorem Prover for Algebraic Specifications , 1996, AMAST.

[35]  Kerry Trentelman,et al.  Proving correctness of JavaCard DL taclets using Bali , 2005, Third IEEE International Conference on Software Engineering and Formal Methods (SEFM'05).

[36]  Martin Giese,et al.  Incremental Closure of Free Variable Tableaux , 2001, IJCAR.

[37]  Fausto Giunchiglia,et al.  NUSMV: a new symbolic model checker , 2000, International Journal on Software Tools for Technology Transfer.

[38]  Michael J. C. Gordon,et al.  From LCF to HOL: a short history , 2000, Proof, Language, and Interaction.

[39]  Robert F. Stärk,et al.  A Logic for Abstract State Machines , 2001, J. Univers. Comput. Sci..

[40]  Bernhard Beckert Taclets: A New Paradigm for Constructing Interactive Theorem Provers , 2004 .

[41]  Jean-Louis Lanet,et al.  Java Applet Correctness: A Developer-Oriented Approach , 2003, FME.

[42]  Philipp Rümmer,et al.  Sequential, Parallel, and Quantified Updates of First-Order Structures , 2006, LPAR.

[43]  Elmar Habermalz Ein dynamisches automatisierbares interaktives Kalkül für schematische theoriespezifische Regeln , 2000 .

[44]  Kurt Stenzel A Formally Verified Calculus for Full Java Card , 2004, AMAST.

[45]  Bernhard Beckert,et al.  The KeY tool , 2005, Software & Systems Modeling.

[46]  Sarfraz Khurshid,et al.  TestEra: a novel framework for automated testing of Java programs , 2001, Proceedings 16th Annual International Conference on Automated Software Engineering (ASE 2001).

[47]  Ralf Sasse,et al.  Automatic Validation of Transformation Rules for Java Verification Against a Rewriting Semantics , 2005, LPAR.

[48]  Melvin Fitting,et al.  First-Order Logic and Automated Theorem Proving , 1990, Graduate Texts in Computer Science.

[49]  Bernhard Beckert,et al.  Dynamic logic with non-rigid functions a basis for object-oriented program verification , 2006 .

[50]  Reiner Hähnle,et al.  Automating Verification of Loops by Parallelization , 2006, LPAR.

[51]  Reiner Hähnle,et al.  Tableaux and Related Methods , 2001, Handbook of Automated Reasoning.

[52]  Jean-Raymond Abrial,et al.  The B-book - assigning programs to meanings , 1996 .

[53]  Greg Nelson,et al.  Extended static checking for Java , 2002, PLDI '02.

[54]  Sarfraz Khurshid,et al.  Generalized Symbolic Execution for Model Checking and Testing , 2003, TACAS.

[55]  E. Zermelo Beweis, daß jede Menge wohlgeordnet werden kann , 1904 .

[56]  Edsger W. Dijkstra,et al.  A Discipline of Programming , 1976 .

[57]  Martín Abadi,et al.  Explicit substitutions , 1989, POPL '90.

[58]  Bernhard Beckert,et al.  A Dynamic Logic for the Formal Verification of Java Card Programs , 2000, Java Card Workshop.

[59]  David von Oheimb Hoare logic for Java in Isabelle/HOL , 2001, Concurr. Comput. Pract. Exp..

[60]  José Meseguer,et al.  Rewriting Logic Semantics: From Language Specifications to Formal Analysis Tools , 2004, IJCAR.

[61]  James C. King,et al.  Symbolic execution and program testing , 1976, CACM.

[62]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[63]  Lawrence Charles Paulson,et al.  Isabelle/HOL: A Proof Assistant for Higher-Order Logic , 2002 .