from explicit to implicit dynamic frames in java dynamic
play

From Explicit to Implicit Dynamic Frames in Java Dynamic Logic and - PowerPoint PPT Presentation

May 01, 2023 •315 likes •755 views

. . . From Explicit to Implicit Dynamic Frames in Java Dynamic Logic and KeY . Wojciech Mostowski Halmstad University . . NWPT 2015, 21 st October 2015 hh.se . . Overview 1 Context 2 Permission-based verification 3 Permissions with

  1. . . . From Explicit to Implicit Dynamic Frames in Java Dynamic Logic and KeY . Wojciech Mostowski Halmstad University . . NWPT 2015, 21 st October 2015 hh.se

  2. . . Overview 1 Context 2 Permission-based verification 3 Permissions with explicit framing 4 From self framing to implicit frames 5 Translation of Separation Logic 6 Wrap-up . hh.se

  3. http://www.key-project.org . KeY: Marriage of the two to enable interactive verification with permissions Both work with Design-by-Contract principles and (modified) JML Self-contained, automated interactive verifier Specification language JML with dynamic frames – JML* Emphasis on Java, based on Dynamic Logic Deductive Verification of Object-Oriented Programs . Automated tool support, Chalice/Silicon based JML with permissions on the specification layer Permission-based Separation Logic for Java Verification of Concurrent Data Structures VerCors: Projects. . http://fmt.cs.utwente.nl/research/projects/VerCors/ hh.se

  4. . KeY: Marriage of the two to enable interactive verification with permissions Both work with Design-by-Contract principles and (modified) JML Self-contained, automated interactive verifier Specification language JML with dynamic frames – JML* Emphasis on Java, based on Dynamic Logic Deductive Verification of Object-Oriented Programs . Automated tool support, Chalice/Silicon based JML with permissions on the specification layer Permission-based Separation Logic for Java Verification of Concurrent Data Structures VerCors: Projects. . http://fmt.cs.utwente.nl/research/projects/VerCors/ http://www.key-project.org hh.se

  5. . KeY: Marriage of the two to enable interactive verification with permissions Both work with Design-by-Contract principles and (modified) JML Self-contained, automated interactive verifier Specification language JML with dynamic frames – JML* Emphasis on Java, based on Dynamic Logic Deductive Verification of Object-Oriented Programs . Automated tool support, Chalice/Silicon based JML with permissions on the specification layer Permission-based Separation Logic for Java Verification of Concurrent Data Structures VerCors: Projects. . http://fmt.cs.utwente.nl/research/projects/VerCors/ http://www.key-project.org hh.se

  6. Each heap read access guarded by p 1 (or 100%) Each heap write access guarded by p 1 Forking & locking Representatives: Separation Logic and Implicit Dynamic Frames (absence of data races) Verification guarantees non-interference for heap access [Resource invariants] Permission transfers (produce/consume style) . Synchronisation: Programs are verified (thread locally) w.r.t. these annotations Specifications provide permission annotations (fractions) Classical Permission-Based Reasoning . . hh.se

  7. . . Classical Permission-Based Reasoning Specifications provide permission annotations (fractions) Programs are verified (thread locally) w.r.t. these annotations Synchronisation: Forking & locking Permission transfers (produce/consume style) [Resource invariants] Verification guarantees non-interference for heap access (absence of data races) Representatives: Separation Logic and Implicit Dynamic Frames . Each heap read access guarded by p ≤ 1 (or 100%) Each heap write access guarded by p = 1 hh.se

  8. . . Classical Permission-Based Reasoning Specifications provide permission annotations (fractions) Programs are verified (thread locally) w.r.t. these annotations Synchronisation: Forking & locking Permission transfers (produce/consume style) [Resource invariants] Verification guarantees non-interference for heap access (absence of data races) Representatives: Separation Logic and Implicit Dynamic Frames . Each heap read access guarded by p ≤ 1 (or 100%) Each heap write access guarded by p = 1 hh.se

  9. . . Classical Permission-Based Reasoning Example . class Counter { int c; //@ requires Perm( this .c, 1); ensures Perm( this .c, 1); void increase() { this .c++; } void use() { lock(); increase(); unlock(); } //@ requires true ; ensures Perm( this .c, 1); native void lock(); //@ requires Perm( this .c, 1); ensures true ; native void unlock(); } hh.se

  10. where framing is explicit: Explicitly listed read and write frames ( accessible & assignable ) Changes specified in terms of old and new values ( \old ) . . Explicit and Implicit Framing In Separation Logic-like reasoning framing is implicit: Write permission indicates that a location might be changed Read permission indicates that a location might be read Both are very important for modular reasoning Heap locations without permission are out of scope JML* and Java Dynamic Logic are based on the original dynamic frames idea Explicit heap (logic) variable Frames can be abstract . hh.se

  11. . . Explicit and Implicit Framing In Separation Logic-like reasoning framing is implicit: Write permission indicates that a location might be changed Read permission indicates that a location might be read Both are very important for modular reasoning Heap locations without permission are out of scope JML* and Java Dynamic Logic are based on the original dynamic frames idea Explicit heap (logic) variable Frames can be abstract . where framing is explicit: Explicitly listed read and write frames ( accessible & assignable ) Changes specified in terms of old and new values ( \old ) hh.se

  12. heap heapAtPre o Object f Field o f fp o f o f get heap anon heap allLocs fp anonHeap get (accessible) (assignable) . Java Dynamic Logic . JML* Example . . class Counter { int c; //@ model \locset fp = this .c; //@ ensures this .c == \old ( this .c) + 1; assignable fp; void increase() { this .c++; } //@ ensures \result == this .c; accessible fp; int /*@ strictly_pure @*/ get() { return this .c; } } hh.se

  13. . . (accessible) (assignable) Java Dynamic Logic . JML* Example . class Counter { int c; //@ model \locset fp = this .c; //@ ensures this .c == \old ( this .c) + 1; assignable fp; void increase() { this .c++; } //@ ensures \result == this .c; accessible fp; int /*@ strictly_pure @*/ get() { return this .c; } } ∀ o : Object , f : Field ( o , f ) ∈ fp ∨ o . f @ heap = o . f @ heapAtPre get () = { heap : = anon ( heap , allLocs \ fp , anonHeap ) } get () hh.se

  14. . . Permissions in JML* Symbolic permissions Additional flexibility for complex permission flows 2 Second heap to store permissions Parallel to the regular heap Separate framing Heaps named explicitly Can be switched-off – sequential reasoning 3 Method to show self-framing of specifications w.r.t. permissions Self-framing is not automatic like in Separation Logic 4 Modular specifications with abstractions – synchronisation through Java API . 1 Permission system that allows for the new = modified old specification style hh.se

  15. . . Permissions in JML* Symbolic permissions Additional flexibility for complex permission flows 2 Second heap to store permissions Parallel to the regular heap Separate framing Heaps named explicitly Can be switched-off – sequential reasoning 3 Method to show self-framing of specifications w.r.t. permissions Self-framing is not automatic like in Separation Logic 4 Modular specifications with abstractions – synchronisation through Java API . 1 Permission system that allows for the new = modified old specification style hh.se

  16. . . Permissions in JML* Symbolic permissions Additional flexibility for complex permission flows 2 Second heap to store permissions Parallel to the regular heap Separate framing Heaps named explicitly Can be switched-off – sequential reasoning 3 Method to show self-framing of specifications w.r.t. permissions Self-framing is not automatic like in Separation Logic 4 Modular specifications with abstractions – synchronisation through Java API . 1 Permission system that allows for the new = modified old specification style hh.se

  17. . . Permissions in JML* Symbolic permissions Additional flexibility for complex permission flows 2 Second heap to store permissions Parallel to the regular heap Separate framing Heaps named explicitly Can be switched-off – sequential reasoning 3 Method to show self-framing of specifications w.r.t. permissions Self-framing is not automatic like in Separation Logic 4 Modular specifications with abstractions – synchronisation through Java API . 1 Permission system that allows for the new = modified old specification style hh.se

  18. . Example . Permissions in JML* . public class ArrayList { Object[] cnt; int s; //@ model \locset fp = s, cnt, cnt[*]; //@ requires \readPerm ( \perm (s)); //@ ensures \result == s; //@ accessible <heap> fp; accessible <permissions> \nothing ; /*@ pure @*/ int size() { return s; } //@ requires \readPerm ( \perm (cnt)); //@ requires \writePerm ( \perm (s)) && \writePerm ( \perm (cnt[s])); //@ ensures size() == \old (size()) + 1; //@ assignable <heap> fp; assignable <permissions> \strictly_nothing ; void add(Object o) { cnt[s++] = o; } } hh.se

  19. . Example . Permissions in JML* . public class ArrayList { Object[] cnt; int s; //@ model \locset fp = s, cnt, cnt[*]; //@ requires \readPerm ( \perm (s)); //@ ensures \result == s; //@ accessible <heap> fp; accessible <permissions> \nothing ; /*@ pure @*/ int size() { return s; } //@ requires \readPerm ( \perm (cnt)); //@ requires \writePerm ( \perm (s)) && \writePerm ( \perm (cnt[s])); //@ ensures size() == \old (size()) + 1; //@ assignable <heap> fp; assignable <permissions> \strictly_nothing ; void add(Object o) { cnt[s++] = o; } } hh.se

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Gradual Program Verification (with Implicit Dynamic Frames) Johannes Bader , Karlsruhe Institute of

Gradual Program Verification (with Implicit Dynamic Frames) Johannes Bader , Karlsruhe Institute of

Gradual Program Verification (with Implicit Dynamic Frames) Johannes Bader , Karlsruhe Institute of Technology / Microsoft Jonathan Aldrich , Carnegie Mellon University ric Tanter , University of Chile int getFour(int i) requires ?; // not sure

789 views • 61 slides
Dynamic Memory Allocation in the Heap (malloc and free) Now: Explicit allocators (a.k.a. manual

Dynamic Memory Allocation in the Heap (malloc and free) Now: Explicit allocators (a.k.a. manual

Dynamic Memory Allocation in the Heap (malloc and free) Now: Explicit allocators (a.k.a. manual memory management) Later: implicit allocators (a.k.a. automatic memory management) Heap Allocation Addr Perm Contents Managed by Initialized

420 views • 31 slides
Sp ace frames Organic Architecture Dynamic structures for all architectural applications,

Sp ace frames Organic Architecture Dynamic structures for all architectural applications,

Sp ace frames Organic Architecture Dynamic structures for all architectural applications, Geometries and forms only limited by the designers Imagination. Eye Of Qatar 4400 mtr2 Marina Twin Towers 1800 mtr2 Free Form Al Mansour Gate

221 views • 4 slides
Analysis of Overhead in Dynamic Java Performance Monitoring Vojtch Hork, Jaroslav Kotr,

Analysis of Overhead in Dynamic Java Performance Monitoring Vojtch Hork, Jaroslav Kotr,

Analysis of Overhead in Dynamic Java Performance Monitoring Vojtch Hork, Jaroslav Kotr, Peter Libi and Petr Tma Charles University in Prague Context: Dynamic Monitoring of Production Systems Dynamic Monitoring of Production Systems

999 views • 61 slides
Static Analysis of Java Dynamic Proxies George Fourtounis (gfour@di.uoa.gr) George Kastrinis

Static Analysis of Java Dynamic Proxies George Fourtounis (gfour@di.uoa.gr) George Kastrinis

Static Analysis of Java Dynamic Proxies George Fourtounis (gfour@di.uoa.gr) George Kastrinis (gkastrinis@di.uoa.gr) Yannis Smaragdakis (yannis@smaragd.org) University of Athens, Greece ISSTA18, July 17, 2018, Amsterdam, Netherlands Dynamic

403 views • 23 slides
Dynamic Memory Allocation Anne Bracy CS 3410 Computer Science Cornell University Note: these

Dynamic Memory Allocation Anne Bracy CS 3410 Computer Science Cornell University Note: these

Dynamic Memory Allocation Anne Bracy CS 3410 Computer Science Cornell University Note: these slides derive from those by Markus Pschel at CMU 1 Today Basic concepts Implicit free lists Explicit free lists Segregated free lists

613 views • 49 slides
Type Systems: Big Idea Static vs. Dynamic Typing Expressiveness (+ Dynamic) Dont have

Type Systems: Big Idea Static vs. Dynamic Typing Expressiveness (+ Dynamic) Dont have

Type Systems: Big Idea Static vs. Dynamic Typing Expressiveness (+ Dynamic) Dont have to worry about types (+ Dynamic) Dependent on input (- Dynamic) Runtime overhead (- Dynamic) Serve as documentation (+ Static)

572 views • 24 slides
Dynamic Memory Allocation in the Heap (malloc and free) Explicit allocators (a.k.a. manual memory

Dynamic Memory Allocation in the Heap (malloc and free) Explicit allocators (a.k.a. manual memory

Dynamic Memory Allocation in the Heap (malloc and free) Explicit allocators (a.k.a. manual memory management) Heap Allocation Addr Perm Contents Managed by Initialized Stack 2 N -1 RW Procedure context Compiler Run-time Programmer,

565 views • 31 slides
Open, extensible dynamic programming systems or just how deep is the dynamic rabbit hole?

Open, extensible dynamic programming systems or just how deep is the dynamic rabbit hole?

DLS, Portland, 2006 10 23 Open, extensible dynamic programming systems or just how deep is the dynamic rabbit hole? Ian Piumarta Viewpoints Research Institute ian@squeakland.org dynamic dynamic? data? extending objects

719 views • 42 slides
Runtime Specialization Java has never been so dynamic before Stephan Herrmann Simply Retail.

Runtime Specialization Java has never been so dynamic before Stephan Herrmann Simply Retail.

Runtime Specialization Java has never been so dynamic before Stephan Herrmann Simply Retail. Two Camps Strict Rules No Ceremony compiler detects errors Freedom Modularity Flexibility separate maintenance self modifying code Enforced

304 views • 17 slides
Not Smooth High degree approximation Explicit y=f(x) Implicit f(x,y)=0 Parametric

Not Smooth High degree approximation Explicit y=f(x) Implicit f(x,y)=0 Parametric

Polylines: Piecewise linear approximation to curves Not Smooth High degree approximation Explicit y=f(x) Implicit f(x,y)=0 Parametric x=x(t), y=y(t) Explicit Representation y = f ( x ) Essentially a function plot over some

582 views • 29 slides
Iron* - An Introduction to Getting Dynamic on .NET //kristiankristensen.dk

Iron* - An Introduction to Getting Dynamic on .NET //kristiankristensen.dk

Iron* - An Introduction to Getting Dynamic on .NET //kristiankristensen.dk twitter.com/kkristensen mail@kristiankristensen.dk Question Agenda Dynamic Languages Dynamic Demo! Language Runtime 45 min 15 min Why Dynamic Languages

689 views • 33 slides
Internet Technologies 5-Dynamic Web F. Ricci 2010/2011 Content The &quot;meanings&quot; of

Internet Technologies 5-Dynamic Web F. Ricci 2010/2011 Content The &quot;meanings&quot; of

Internet Technologies 5-Dynamic Web F. Ricci 2010/2011 Content The &quot;meanings&quot; of dynamic Building dynamic content with Java EE (server side) HTML forms: how to send to the server the input PHP: a simpler language for

1.22k views • 52 slides
Dynamic Memory Allocation Today Dynamic memory allocation mechanisms &amp; policies

Dynamic Memory Allocation Today Dynamic memory allocation mechanisms &amp; policies

Dynamic Memory Allocation Today Dynamic memory allocation mechanisms &amp; policies Memory bugs Chris Riesbeck, Spring 2010 Original: Fabian Bustamante Wednesday, November 2, 2011 Dynamic memory allocation Application Dynamic

1.2k views • 47 slides
Session 14: Explicit and Implicit Cooperation 1. Nash equilibrium versus collective action.

Session 14: Explicit and Implicit Cooperation 1. Nash equilibrium versus collective action.

Session 14: Explicit and Implicit Cooperation 1. Nash equilibrium versus collective action. 2. Honeywell-GE merger. 3. P&amp;M meets LPG: Sustaining cooperation through repeated interaction. Session 14 Explicit and Implicit Cooperation

492 views • 14 slides
Dynamic Motion Simulation ME 24-688 Introduction to CAD/CAE Tools Lecture Topics Dynamic

Dynamic Motion Simulation ME 24-688 Introduction to CAD/CAE Tools Lecture Topics Dynamic

Week 11 - Lecture Dynamic Motion Simulation ME 24-688 Introduction to CAD/CAE Tools Lecture Topics Dynamic Simulation Overview Common Use Cases and Terms Dynamic Simulation Workflow Joint Properties and Types Dynamic

575 views • 40 slides
KeYmaera: A Hybrid Theorem Prover for Hybrid Systems Andr e Platzer Jan-David Quesel

KeYmaera: A Hybrid Theorem Prover for Hybrid Systems Andr e Platzer Jan-David Quesel

KeYmaera: A Hybrid Theorem Prover for Hybrid Systems Andr e Platzer Jan-David Quesel University of Oldenburg, Department of Computing Science, Germany International Joint Conference on Automated Reasoning, Sydney 2008 Andr e Platzer,

533 views • 25 slides
Propositional Dynamic Logic With Belnapian Truth Values Igor Sedlr Institute of Computer

Propositional Dynamic Logic With Belnapian Truth Values Igor Sedlr Institute of Computer

Propositional Dynamic Logic With Belnapian Truth Values Igor Sedlr Institute of Computer Science, Czech Academy of Sciences, Prague AiML 2016, Budapest, 31 August 2016 Overview BPDL , a four-valued paraconsistent version of propositional dy-

462 views • 23 slides
The Surprise Examination Paradox in Dynamic Epistemic Logic Alexandru Marcoci ESSLLI 2010

The Surprise Examination Paradox in Dynamic Epistemic Logic Alexandru Marcoci ESSLLI 2010

The Surprise Examination Paradox in Dynamic Epistemic Logic Alexandru Marcoci ESSLLI 2010 Workshop: Logic, Rationality, Interaction August 17, 2010 Alexandru Marcoci The Surprise Examination Paradox in DEL Introduction SEP has widely been

549 views • 36 slides
Individual Voltage Scaling in Logic and Memory Circuits towards Runtime Energy Optimization in

Individual Voltage Scaling in Logic and Memory Circuits towards Runtime Energy Optimization in

Individual Voltage Scaling in Logic and Memory Circuits towards Runtime Energy Optimization in Processors Jun Shiomi, Tohru Ishihara, Hidetoshi Onodera Graduate School of Informatics, Kyoto University, Japan 1 Energy Reduction by Dynamic

556 views • 21 slides
Proof-theoretic semantics for dynamic logics Alessandra Palmigiano Joint work with Sabine

Proof-theoretic semantics for dynamic logics Alessandra Palmigiano Joint work with Sabine

Proof-theoretic semantics for dynamic logics Alessandra Palmigiano Joint work with Sabine Frittella, Giuseppe Greco, Alexander Kurz, Vlasta Sikimic www.appliedlogictudelft.nl Computer and Information Sciences University of Strathclyde 6

505 views • 15 slides
From Philosophical to Industrial Logic Moshe Y. Vardi Rice University Thread I:

From Philosophical to Industrial Logic Moshe Y. Vardi Rice University Thread I:

From Philosophical to Industrial Logic Moshe Y. Vardi Rice University Thread I: Entscheidungsproblem Entscheidungsproblem ( The Decision Problem ) [Hilbert-Ackermann, 1928]: Decide if a given first- order sentence is valid (dually, Satisfiable

698 views • 40 slides
Logics for Petri nets with propagating failures Leandro Gomes, Alexandre Madeira and Mario

Logics for Petri nets with propagating failures Leandro Gomes, Alexandre Madeira and Mario

Logics for Petri nets with propagating failures Leandro Gomes, Alexandre Madeira and Mario Benevides 8 th IPM International Conference on Fundamentals of Software Engineering, 2 nd May 2019 Outline Background and motivations Petri nets with A

645 views • 51 slides
Weighted linear dynamic logic Manfred Droste 1 and George Rahonis 2 1 Leipzig University, Germany 2

Weighted linear dynamic logic Manfred Droste 1 and George Rahonis 2 1 Leipzig University, Germany 2

Weighted linear dynamic logic Manfred Droste 1 and George Rahonis 2 1 Leipzig University, Germany 2 Aristotle University of Thessaloniki, Greece GandALF 2016 Catania, September 15, 2016 George Rahonis (University of Thessaloniki) Weighted linear

569 views • 20 slides

More recommend