Formal Methods for Java

Recently, formal methods have been successfully used to specify and verify large software system. A current example is the Verisoft project, whose goal is to create a fully verified processor, operating system and compiler. In this lecture we will investigate the existing methods for the language Java. The language Java was chosen because it is a mature language, with a semi-formal definition of its semantics (The Java Language Specification). However, to use mathematical reasoning, we need a precise definition of the semantics. Therefore, we will sketch the definition of an operational semantics for Java. Furthermore, we will investigate different formal methods for Java. The starting point will be the language extension JML that allows Design by Contract. This allows to add pre- and postconditions to methods and invariants to classes and loops. These assertions can be checked during runtime and this is the purpose of the JML runtime assertion checker (jmlrac). On the other hand, there are static methods, e.g., ESC/Java and Jahob, that automatically provide mathematical proofs that the Java code ensures the post-condition for each possible pre-condition. If these proofs cannot be found automatically, one can also use theorem provers that assist in finding a proof manually. In this lecture, we will present the different approaches for verification of Java code. In the exercise you will investigate different tools on small practical examples.

Course type	Lecture
Instructors	Jochen Hoenicke¹
Lecture	Wednesday, 16:00–18:00 c.t., in building 106 room 00 007 (MMR) Friday, 10:00-11:00 c.t., in building 106 room 00 007 (MMR)
Exercise	Friday, 11:00–12:00, in building 106 room 00 007 (MMR)
First session	Lecture 26.10.11
Language of instruction	English
Credits	6
Exams	Oral, Time and Place 14./15.03.2012
Course Catalog	Formale Methoden für Java²

News

Solutions to the exercise sheets might be handed in at the beginning of lecture on Wednesday

Formalia

Admission criteria

You have to do all exercises.

Exercise Submission Scheme

Every Wednesday before the lecture.

Exam

There will be oral exams. The exam will take place on 14th or 15th of March.

Please register via examination office as usual.

Resources

Literature

J. Gosling et al.: The Java Language Specification³ (third edition)
T. Lindholm, F. Yellin: The Java Virtual Machine Specification⁴ (second edition)
Home page of the JML Project⁵.G. Leavens et al.. JML Reference Manual⁶ (DRAFT), February 2007.
B. Beckert, R. Hähnle, P. Schmitt (Eds.): Verification of Object-Oriented Software: The KeY Approach⁷, Springer-Verlag, LNCS 4334
M. Barnet, D. Naumann: Friends Need A Bit More: Maintaining Invariants Over Shared State⁸, February 2004
Home page of Jahob⁹
V. Kuncak: Modular Data Structure Verification¹⁰
Home page of JPF¹¹

Slides

Lecture 1¹² (Wednesday, 26.10.2011)
Lecture 2¹³ (Friday, 28.10.2011)
Lecture 3¹⁴ (Wednesday, 02.11.2011)
Lecture 4¹⁵ (Friday, 04.11.2011)
Lecture 5¹⁶ (Wednesday, 09.11.2011)

Common classes for examples: PriorityQueue.java¹⁷, Test.java¹⁸
Priority Queue example with model variable: Heap.java¹⁹
Priority Queue example with ghost variable: Heap.java²⁰

Lecture 6²¹ (Friday, 11.11.2011)
Lecture 7²² (Wednesday, 16.11.2011)
Lecture 8²³ (Friday, 18.11.2011)
Lecture 9²⁴ (Wednesday, 23.11.2011)
Lecture 10²⁵ (Friday, 25.11.2011)
Lecture 11²⁶ (Wednesday, 30.11.2011)

KeY examples:

andcommute.key²⁷
hilbert1.key²⁸, hilbert2.key²⁹, hilbert3.key³⁰, hilbert4.key³¹, hilbert5.key³²
quant1.key³³, quant2.key³⁴, quant3.key³⁵
eqsymm.key³⁶, eqtrans.key³⁷

Lecture 12³⁸ (Friday, 02.12.2011)
Lecture 13³⁹ (Wednesday, 07.12.2011)

Examples: execution.key⁴⁰, while.key⁴¹, gcd.java⁴²

Lecture 14⁴³ (Friday, 09.12.2011)
Lecture 15⁴⁴ (Wednesday, 14.12.2011)

Examples: Mul.java⁴⁵, Search.java⁴⁶, BubbleSort.java⁴⁷

Lecture 16⁴⁸ (Friday, 16.12.2011)
Lecture 17⁴⁹ (Wednesday, 21.12.2011)

Example: SimpleMap.java⁵⁰

Lecture 18⁵¹ (Friday, 23.12.2011)

Example: McCarthy.java⁵², McCarthy.java.proof⁵³ (corresponding KeY proof)

Lecture 19⁵⁴ (Wednesday, 11.01.2012)
Lecture 20⁵⁵ (Friday, 13.01.2012)
Lecture 21⁵⁶ (Wednesday, 18.01.2012)
Lecture 22⁵⁷ (Friday, 20.01.2012)
Lecture 23⁵⁸ (Wednesday, 25.01.2012)
Lecture 24⁵⁹ (Friday, 27.01.2012)
Lecture 25⁶⁰ (Wednesday, 01.02.2012)
Lecture 26⁶¹ (Friday, 03.02.2012)
Lecture 27⁶² (Wednesday, 08.02.2012)
Lecture 28⁶³ (Friday, 10.02.2012)

Examples: Common Classes: PriorityQueue.java⁶⁴, Heap.java⁶⁵
Example: Test.java⁶⁶
Example: TestPF.java⁶⁷, TestPF.jpf⁶⁸
Example: TestBitSet.java⁶⁹, TestSet.jpf⁷⁰
Example: TestBitBucket.java⁷¹, BitBucket,java⁷², TestBucket.jpf⁷³

Lecture 29⁷⁴ (Wednesday, 15.02.2012)
Lecture 30⁷⁵ (Friday, 17.02.2012)

Exercises

Exercise Sheet 0⁷⁶ (no submission - discussed on Friday, 28.10.2011)
Exercise Sheet 1⁷⁷ (submission: 02.11.2011)
Exercise Sheet 2⁷⁸ (submission: 09.11.2011)
Exercise Sheet 3⁷⁹ (submission: 16.11.2011) Additional Material: Map.java⁸⁰, Key.java⁸¹, IntKey.java⁸²
Exercise Sheet 4⁸³ (submission: 23.11.2011) Additional Material: InsertionSort.java⁸⁴
Exercise Sheet 5⁸⁵ (submission: 30.11.2011) Additional Material: Heap.java⁸⁶, HeapElem.java⁸⁷, IntHeapElem.java⁸⁸
Exercise Sheet 6⁸⁹ (submission: 07.12.2011)
Exercise Sheet 7⁹⁰ (submission: 14.12.2011)
Exercise Sheet 8⁹¹ (submission: 21.12.2011) Additional Material: InsertionSort.java⁹²
Christmas Sheet⁹³ (no submission - just exam preparation) Additional Material: christmas.tar.bz2⁹⁴
Exercise Sheet 9⁹⁵ (submission: 18.01.2012)
Exercise Sheet 10⁹⁶ (submission: 25.01.2012)
Exercise Sheet 11⁹⁷ (submission: 01.02.2012)
Exercise Sheet 12⁹⁸ (submission: 08.02.2012) Additional Material: NonNullChecker.java⁹⁹, NonNull.java¹⁰⁰
Exercise Sheet 13¹⁰¹ (submission: 15.02.2012) Additional Material: MyStack.java¹⁰², MyStack.jpf¹⁰³

Links

March
Mo	Tu	We	Th	Fr	Sa	Su
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30
31

https://swt.informatik.uni-freiburg.de/staff/hoenicke/personalPage

https://www.verwaltung.uni-freiburg.de/lsfserver/rds?state=verpublish&vmfile=no&publishid=100626&moduleCall=webInfo&publishConfFile=webInfo&publishSubDir=veranstaltung

http://java.sun.com/docs/books/jls/index.html

http://java.sun.com/docs/books/jvms/index.html

http://www.jmlspecs.org/

http://www.cs.iastate.edu/%7Eleavens/JML/jmlrefman/jmlrefman_toc.html

http://www.springer.com/east/home/generic/search/results?SGWID=5-40109-22-173712406-0

http://research.microsoft.com/en-us/projects/specsharp/friends.pdf

http://lara.epfl.ch/w/jahob_system

http://lara.epfl.ch/%7Ekuncak/papers/Kuncak07DecisionProceduresModularDataStructureVerification.pdf

http://babelfish.arc.nasa.gov/trac/jpf/wiki

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/lec01

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/lec02

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/lec03

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/lec04

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/lec05

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/examples/priorityqueuejava

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/examples/testjava

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/examples/heapjava-datagroup

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/examples/heapjava-ghost

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/lec06

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/lec07

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/lec08.pdf

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/lec09

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/lec10

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/lec11

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/examples/andcommute-key

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/examples/hilbert1-key

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/examples/hilbert2-key

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/examples/hilbert3-key

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/examples/hilbert4-key

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/examples/hilbert5-key

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/examples/quant1-key

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/examples/quant2-key

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/examples/quant3-key

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/examples/eqsymm-key

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/examples/eqtrans-key

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/lec12

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/lec13

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/examples/execution-key

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/examples/while-key

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/examples/gcd-java

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/lec14

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/lec15

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/examples/mul-java

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/examples/search-java

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/examples/bubblesort-java

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/lec16

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/lec17

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/examples/simplemap-java

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/lec18

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/examples/mccarthy-java

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/examples/mccarthy-java-proof

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/lec19

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/lec20

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/lec21

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/lec22

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/lec23

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/lec24

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/lec25

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/lec26

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/lec27

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/lec28

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/examples/priorityqueuejava%20%28JPF%29

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/examples/heapjava%20%28JPF%29

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/examples/testjava_jpf

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/examples/testpf-java

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/examples/testpf-jpf

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/examples/testbitset-java

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/examples/testset-jpf

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/examples/testbitbucket-java

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/examples/bitbucket-java

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/examples/testbucket-jpf

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/lec29

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/Slides/lec30

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/exercises/ex00

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/exercises/ex01

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/exercises/ex02

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/exercises/ex03

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/exercises/mapjava

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/exercises/keyjava

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/exercises/intkeyjava

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/exercises/ex04

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/exercises/insertionsortjava

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/exercises/ex05

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/exercises/heapjava

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/exercises/heapelemjava

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/exercises/intheapelemjava

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/exercises/ex06

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/exercises/ex07

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/exercises/ex08

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/exercises/insertionsortjava2

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/exercises/christmas-sheet

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/exercises/christmas-additional

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/exercises/ex09

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/exercises/ex10

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/exercises/ex11

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/exercises/ex12

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/exercises/nonnullchecker-java

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/exercises/nonnull-java

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/exercises/ex13

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/exercises/mystack-java

https://swt.informatik.uni-freiburg.de/teaching/winter-term-2011-2012/fm4j/Resources/exercises/mystack-jpf