Formal Methods for Java (Lecture)

Recently, formal methods have been successfully used to specify and verify large software system. A current example is the Verisoft project, whose goal is to create a fully verified processor, operating system and compiler. In this lecture we will investigate the existing methods for the language Java. The language Java was chosen because it is a mature language, with a semi-formal definition of its semantics (The Java Language Specification). However, to use mathematical reasoning, we need a precise definition of the semantics. Therefore, we will sketch the definition of an operational semantics for Java. Furthermore, we will investigate different formal methods for Java. The starting point will be the language extension JML that allows Design by Contract. This allows to add pre- and postconditions to methods and invariants to classes and loops. These assertions can be checked during runtime and this is the purpose of the JML runtime assertion checker (jmlrac). On the other hand, there are static methods, e.g., ESC/Java and Jahob, that automatically provide mathematical proofs that the Java code ensures the post-condition for each possible pre-condition. If these proofs cannot be found automatically, one can also use theorem provers that assist in finding a proof manually. In this lecture, we will present the different approaches for verification of Java code. In the exercise you will investigate different tools on small practical examples.

Course type	Lecture
Instructors	Jochen Hoenicke¹
Lecture	Tuesday, 16:00–18:00 c.t., in building 106 room 00 007 (MMR) Friday, 10:00-11:00 c.t., in building 106 room 00 007 (MMR)
Exercise	Friday, 11:00–12:00, in building 106 room 00 007 (MMR)
First session	Lecture 23.10.12
Language of instruction	English
Credits	6
Exams	Oral, 06.03.2013, building 052, room 00-017
Course Catalog	Formale Methoden für Java²

News

A new version of the file PriorityQueue.java³ with full annotations has been uploaded. This includes a workaround for a bug in the JMLTools.
On Friday, 11.01.2013, we will have two hours of tutorial to discuss the Christmas sheet. This tutorial will be held by Jochen Hoenicke. Please send your solutions to the Christmas sheet to him (see delivery note on the sheet).
The faculty switched from pen-and-paper evaluations to a new online evaluation system⁴. Please use this system in the period from January 28 until February 8 to give us some feedback on the lecture. You need the RAS login to access the system. The pages are available in German and English. Note that even though you have to log into the system your answers to the questions will be completely anonymous.

Formalia

Admission criteria

You have to do all exercises.

Exercise Submission Scheme

Every Tuesday before the lecture.

Exam

There will be oral exams. The dates of the exams will be published later.

Please register via examination office as usual.

Resources

Literature & Web resources

J. Gosling et al.: The Java Language Specification⁵ (third edition)
T. Lindholm, F. Yellin: The Java Virtual Machine Specification⁶ (second edition)
Home page of the JML Project⁷.G. Leavens et al.. JML Reference Manual⁸ (DRAFT), February 2007.
B. Beckert, R. Hähnle, P. Schmitt (Eds.): Verification of Object-Oriented Software: The KeY Approach⁹, Springer-Verlag, LNCS 4334
M. Barnet, D. Naumann: Friends Need A Bit More: Maintaining Invariants Over Shared State¹⁰, February 2004
Home page of Jahob¹¹
V. Kuncak: Modular Data Structure Verification¹²
Home page of JPF¹³
Home page of Key-Project¹⁴, Release Candidate Key-1.65¹⁵

Slides and Additional Material

Lecture 1¹⁶ (23.10.2012)

Factorial.java: simple¹⁷, model¹⁸, full¹⁹

Lecture 2²⁰ (26.10.2012)
Lecture 3²¹ (30.10.2012)
Lecture 4²² (02.11.2012)
Lecture 5²³ (06.11.2012)

Heap.java : size²⁴, ghost²⁵, datagroup²⁶, complete²⁷
PriorityQueue.java: size²⁸, ghost²⁹, datagroup³⁰, complete³
Test.java³¹

Lecture 6³² (09.11.2012)
Lecture 7³³ (13.11.2012)
Lecture 8³⁴ (16.11.2012)
Lecture 9³⁵ (20.11.2012)

NonNullChecker.java³⁶, NonNull.java³⁷, NonNull.jpf³⁸

Lecture 10³⁹ (23.11.2012)

jpf-aprop: Heap.java⁴⁰, PriorityQueue.java⁴¹, TestPF.jpf⁴²
jml: TestPF.jpf⁴³
TestPF.java⁴⁴

Lecture 11⁴⁵ (27.11.2012)
Lecture 12⁴⁶ (30.11.2012)
Lecture 13⁴⁷ (04.12.2012)
Lecture 14⁴⁸ (07.12.2012)
Lecture 15⁴⁹ (11.12.2012)
Lecture 16⁵⁰ (14.12.2012)
Lecture 17⁵¹ (18.12.2012)
Lecture 18⁵² (21.12.2012)
Lecture 19⁵³ (08.01.2013)
Lecture 20⁵⁴ (15.01.2013)
Lecture 21⁵⁵ (18.01.2013)
Lecture 22⁵⁶ (22.01.2013)
Lecture 23⁵⁷ (25.01.2013)
Lecture 24⁵⁸ (29.01.2013)
Lecture 25⁵⁹ (01.02.2013)

Example: GCD.java⁶⁰

Lecture 26⁶¹ (05.02.2013)

Examples: Mul.java⁶², Search.java⁶³, BubbleSort.java⁶⁴

Lecture 27⁶⁵ (08.02.2013)

Examples: Minimum.java⁶⁶, SearchWithBreak.java⁶⁷

Lecture 28⁶⁸ (12.02.2013)

Example: Triangle.java⁶⁹

Lecture 29⁷⁰ (15.02.2013)

Exercises

Exercise Sheet 0⁷¹ (will be discussed in first tutorial)
Exercise Sheet 1⁷² (submission: 30.10.2012)
Exercise Sheet 2⁷³ (submission: 06.11.2012)
Exercise Sheet 3⁷⁴ (submission: 13.11.2012)

Additional Material: Map.java⁷⁵, Key.java⁷⁶, IntKey.java⁷⁷

Exercise Sheet 4⁷⁸ (submission: 20.11.2012)
Exercise Sheet 5⁷⁹ (submisstion: 27.11.2012)

Additional Material: UsageChecker.java⁸⁰

Exercise Sheet 6⁸¹ (submission: 04.12.2012)
Exercise Sheet 7⁸² (submission: 11.12.2012)

Additional Material: Heap.java⁸³, HeapElem.java⁸⁴, IntHeapElem.java⁸⁵

Exercise Sheet 8⁸⁶ (submission: 18.12.2012)
Christmas Sheet⁸⁷ (submission: 08.01.2013)

Additional Material: PostCondition.java⁸⁸
Solution: ChristmasListener.java⁸⁹, Christmas.jpf⁹⁰

Exercise Sheet 9⁹¹ (submission: 15.01.2013)

Patch to run z3 with Jahob: jahob/src/smtlib/smtCvcl.ml⁹²

Exercise Sheet 10⁹³ (submission: 22.01.2013)
Exercise Sheet 11⁹⁴ (submission: 29.01.2013)
Exercise Sheet 12⁹⁵ (submission: 05.02.2013)
Exercise Sheet 13⁹⁶ (submission: 12.02.2013)

Additional Material: InsertionSort.java⁹⁷

Links

April
Mo	Tu	We	Th	Fr	Sa	Su
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30

https://swt.informatik.uni-freiburg.de/staff/hoenicke/personalPage

https://www.verwaltung.uni-freiburg.de/lsfserver/rds?state=verpublish&vmfile=no&publishid=107408&moduleCall=webInfo&publishConfFile=webInfo&publishSubDir=veranstaltung

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/examples/priorityqueue-complete

https://ilias.uni-freiburg.de/login.php?target=svy_19965&soap_pw=&ext_uid=&cookies=nocookies&client_id=unifreiburg&lang=de

http://java.sun.com/docs/books/jls/index.html

http://java.sun.com/docs/books/jvms/index.html

http://www.jmlspecs.org/

http://www.cs.iastate.edu/%7Eleavens/JML/jmlrefman/jmlrefman_toc.html

http://www.springer.com/east/home/generic/search/results?SGWID=5-40109-22-173712406-0

http://research.microsoft.com/en-us/projects/specsharp/friends.pdf

http://lara.epfl.ch/w/jahob_system

http://lara.epfl.ch/%7Ekuncak/papers/Kuncak07DecisionProceduresModularDataStructureVerification.pdf

http://babelfish.arc.nasa.gov/trac/jpf/wiki

http://www.key-project.org/

http://www.key-project.org/~key/download/releases/key165rc/

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/lec01

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/examples/Factorial-java-simple

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/examples/Factorial-java-model

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/examples/Factorial-java-full

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/lec02

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/lec03

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/lec04

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/lec05

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/examples/heap-size

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/examples/heap-ghost

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/examples/heap-datagroup

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/examples/heap-complete

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/examples/priorityqueue-size

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/examples/priorityqueue-ghost

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/examples/priorityqueue-datagroup

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/examples/test-java

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/lec06

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/lec07

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/lec08

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/lec09

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/examples/nonnullchecker

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/examples/nonnull-java

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/examples/nonnull-jpf

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/lec10

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/examples/heap-aprop

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/examples/priorityqueue-aprop

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/examples/heap-aprop-jpf

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/examples/heap-jpf

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/examples/heap-pf

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/lec11

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/lec12

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/lec13

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/lec14

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/lec15

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/lec16

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/lec17

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/lec18

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/lec19

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/lec20

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/lec21

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/lec22

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/lec23

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/lec24

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/lec25

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/examples/gcd-java

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/lec26

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/examples/mul

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/examples/search-java

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/examples/bubblesort

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/lec27

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/examples/minimum

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/examples/searchwithbreak

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/lec28

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/examples/triangle

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/Slides/lec29

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/exercises/ex00

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/exercises/ex01

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/exercises/ex02

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/exercises/ex03

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/exercises/ex03-data/map-java

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/exercises/ex03-data/key-java

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/exercises/ex03-data/intkey-java

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/exercises/ex04

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/exercises/ex05

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/exercises/ex-data/usagechecker-java

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/exercises/ex06

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/exercises/ex07

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/exercises/ex07-data/heap-java

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/exercises/ex07-data/heapelem-java

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/exercises/ex07-data/intheapelem-java

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/exercises/ex08

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/exercises/christmasex

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/exercises/chistmas-adds/postcondition-java

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/exercises/chistmas-adds/ChristmasListener

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/exercises/chistmas-adds/Christmas.jpf

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/exercises/exercise09

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/smtCvcl.ml

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/exercises/ex10

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/exercises/ex11

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/exercises/ex12

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/exercises/ex13

https://swt.informatik.uni-freiburg.de/teaching/WS2012-13/fm4j/Resources/exercises/ex13-data/insertionsort