Formal Methods for Java
Recently, formal methods have been successfully used to specify and verify large software system. A current example is the Verisoft project, whose goal is to create a fully verified processor, operating system and compiler. In this lecture we will investigate the existing methods for the language Java. The language Java was chosen because it is a mature language, with a semi-formal definition of its semantics (The Java Language Specification). However, to use mathematical reasoning, we need a precise definition of the semantics. Therefore, we will sketch the definition of an operational semantics for Java. Furthermore, we will investigate different formal methods for Java. The starting point will be the language extension JML that allows Design by Contract. This allows to add pre- and postconditions to methods and invariants to classes and loops. These assertions can be checked during runtime and this is the purpose of the JML runtime assertion checker (jmlrac). On the other hand, there are static methods, e.g., ESC/Java and Jahob, that automatically provide mathematical proofs that the Java code ensures the post-condition for each possible pre-condition. If these proofs cannot be found automatically, one can also use theorem provers that assist in finding a proof manually. In this lecture, we will present the different approaches for verification of Java code. In the exercise you will investigate different tools on small practical examples.
| Course type | Lecture |
|---|---|
| Instructors | Jochen Hoenicke |
| Lecture |
Wednesday, 16:00–18:00 c.t., in building 106 room 00 007 (MMR) Friday, 10:00-11:00 c.t., in building 106 room 00 007 (MMR) |
| Exercise | Friday, 11:00–12:00, in building 106 room 00 007 (MMR) |
| First session | Lecture 26.10.11 |
| Language of instruction | English |
| Credits | 6 |
| Exams | Oral, Time and Place 14./15.03.2012 |
| Course Catalog | Formale Methoden für Java |
News
- Solutions to the exercise sheets might be handed in at the beginning of lecture on Wednesday
Formalia
Admission criteria
You have to do all exercises.
Exercise Submission Scheme
Every Wednesday before the lecture.
Exam
There will be oral exams. The exam will take place on 14th or 15th of March.
Please register via examination office as usual.Resources
Literature
- J. Gosling et al.: The Java Language Specification (third edition)
- T. Lindholm, F. Yellin: The Java Virtual Machine Specification (second edition)
- Home page of the JML Project.G. Leavens et al.. JML Reference Manual (DRAFT), February 2007.
- B. Beckert, R. Hähnle, P. Schmitt (Eds.): Verification of Object-Oriented Software: The KeY Approach, Springer-Verlag, LNCS 4334
- M. Barnet, D. Naumann: Friends Need A Bit More: Maintaining Invariants Over Shared State, February 2004
- Home page of Jahob
- V. Kuncak: Modular Data Structure Verification
- Home page of JPF
Slides
- Lecture 1 (Wednesday, 26.10.2011)
- Lecture 2 (Friday, 28.10.2011)
- Lecture 3 (Wednesday, 02.11.2011)
- Lecture 4 (Friday, 04.11.2011)
- Lecture 5 (Wednesday, 09.11.2011)
- Common classes for examples: PriorityQueue.java, Test.java
- Priority Queue example with model variable: Heap.java
- Priority Queue example with ghost variable: Heap.java
- Lecture 6 (Friday, 11.11.2011)
- Lecture 7 (Wednesday, 16.11.2011)
- Lecture 8 (Friday, 18.11.2011)
- Lecture 9 (Wednesday, 23.11.2011)
- Lecture 10 (Friday, 25.11.2011)
- Lecture 11 (Wednesday, 30.11.2011)
- KeY examples:
- Lecture 12 (Friday, 02.12.2011)
- Lecture 13 (Wednesday, 07.12.2011)
- Examples: execution.key, while.key, gcd.java
- Lecture 14 (Friday, 09.12.2011)
- Lecture 15 (Wednesday, 14.12.2011)
- Examples: Mul.java, Search.java, BubbleSort.java
- Lecture 16 (Friday, 16.12.2011)
- Lecture 17 (Wednesday, 21.12.2011)
- Example: SimpleMap.java
- Lecture 18 (Friday, 23.12.2011)
- Example: McCarthy.java, McCarthy.java.proof (corresponding KeY proof)
- Lecture 19 (Wednesday, 11.01.2012)
- Lecture 20 (Friday, 13.01.2012)
- Lecture 21 (Wednesday, 18.01.2012)
- Lecture 22 (Friday, 20.01.2012)
- Lecture 23 (Wednesday, 25.01.2012)
- Lecture 24 (Friday, 27.01.2012)
- Lecture 25 (Wednesday, 01.02.2012)
- Lecture 26 (Friday, 03.02.2012)
- Lecture 27 (Wednesday, 08.02.2012)
- Lecture 28 (Friday, 10.02.2012)
- Examples: Common Classes: PriorityQueue.java, Heap.java
- Example: Test.java
- Example: TestPF.java, TestPF.jpf
- Example: TestBitSet.java, TestSet.jpf
- Example: TestBitBucket.java, BitBucket,java, TestBucket.jpf
- Lecture 29 (Wednesday, 15.02.2012)
- Lecture 30 (Friday, 17.02.2012)
Exercises
- Exercise Sheet 0 (no submission - discussed on Friday, 28.10.2011)
- Exercise Sheet 1 (submission: 02.11.2011)
- Exercise Sheet 2 (submission: 09.11.2011)
- Exercise Sheet 3 (submission: 16.11.2011) Additional Material: Map.java, Key.java, IntKey.java
- Exercise Sheet 4 (submission: 23.11.2011) Additional Material: InsertionSort.java
- Exercise Sheet 5 (submission: 30.11.2011) Additional Material: Heap.java, HeapElem.java, IntHeapElem.java
- Exercise Sheet 6 (submission: 07.12.2011)
- Exercise Sheet 7 (submission: 14.12.2011)
- Exercise Sheet 8 (submission: 21.12.2011) Additional Material: InsertionSort.java
- Christmas Sheet (no submission - just exam preparation) Additional Material: christmas.tar.bz2
- Exercise Sheet 9 (submission: 18.01.2012)
- Exercise Sheet 10 (submission: 25.01.2012)
- Exercise Sheet 11 (submission: 01.02.2012)
- Exercise Sheet 12 (submission: 08.02.2012) Additional Material: NonNullChecker.java, NonNull.java
- Exercise Sheet 13 (submission: 15.02.2012) Additional Material: MyStack.java, MyStack.jpf