jml model fields
play

JML Model Fields Christian Engel ITI, Universit at Karlsruhe 08. - PowerPoint PPT Presentation

Oct 26, 2022 •257 likes •563 views

JML What are model fields? Translation to JavaDL Demo JML Model Fields Christian Engel ITI, Universit at Karlsruhe 08. Juni 2005 Christian Engel JML Model Fields JML What are model fields? Translation to JavaDL Demo Outline JML 1

  1. JML What are model fields? Translation to JavaDL Demo JML Model Fields Christian Engel ITI, Universit¨ at Karlsruhe 08. Juni 2005 Christian Engel JML Model Fields

  2. JML What are model fields? Translation to JavaDL Demo Outline JML 1 What are model fields? 2 Translation to JavaDL 3 Axiomatic approach Interpretation as model methods/queries Demo 4 Christian Engel JML Model Fields

  3. JML What are model fields? Translation to JavaDL Demo JML JML . . . . . . is a specification language tailored to Java. Christian Engel JML Model Fields

  4. JML What are model fields? Translation to JavaDL Demo JML JML . . . . . . is a specification language tailored to Java. . . . serves as an input language for KeY. Christian Engel JML Model Fields

  5. JML What are model fields? Translation to JavaDL Demo JML JML . . . . . . is a specification language tailored to Java. . . . serves as an input language for KeY. . . . can be used for specifying method contracts and loop invariants. Christian Engel JML Model Fields

  6. JML What are model fields? Translation to JavaDL Demo JML JML . . . . . . is a specification language tailored to Java. . . . serves as an input language for KeY. . . . can be used for specifying method contracts and loop invariants. . . . allows declaring model methods and model fields. Christian Engel JML Model Fields

  7. JML What are model fields? Translation to JavaDL Demo Model fields Model fields are only visible on the level of specification. Christian Engel JML Model Fields

  8. JML What are model fields? Translation to JavaDL Demo Model fields Model fields are only visible on the level of specification. Example: //@ public model int a; Christian Engel JML Model Fields

  9. JML What are model fields? Translation to JavaDL Demo Model fields Model fields are only visible on the level of specification. Example: //@ public model int a; The represents clause defines, how the value of a model field is related to the implementation. Christian Engel JML Model Fields

  10. JML What are model fields? Translation to JavaDL Demo Model fields Model fields are only visible on the level of specification. Example: //@ public model int a; The represents clause defines, how the value of a model field is related to the implementation. /*@ public represents a \ such that 0<=a && a<size(); @*/ Christian Engel JML Model Fields

  11. JML What are model fields? Translation to JavaDL Demo The represents clause The represents clause defines a relation R ( x , ~ q ) between a model field x and a vector ~ q , consisting of fields and methods. //@ model t x; //@ represents x \ such that R(x,~ q); Christian Engel JML Model Fields

  12. JML What are model fields? Axiomatic approach Translation to JavaDL Interpretation as model methods/queries Demo The axiomatic approach – a first attempt A first attempt: We interpret R ( x , ˜ q ) as an axiom that holds in every state of the program. Christian Engel JML Model Fields

  13. JML What are model fields? Axiomatic approach Translation to JavaDL Interpretation as model methods/queries Demo The axiomatic approach – a first attempt A first attempt: We interpret R ( x , ˜ q ) as an axiom that holds in every state of the program. But: This is not possible, since there can be a state s , in which R ( x , ˜ q ) is equivalent to false . Christian Engel JML Model Fields

  14. JML What are model fields? Axiomatic approach Translation to JavaDL Interpretation as model methods/queries Demo The axiomatic approach – a first attempt A first attempt: We interpret R ( x , ˜ q ) as an axiom that holds in every state of the program. But: This is not possible, since there can be a state s , in which R ( x , ˜ q ) is equivalent to false . Solution: The axiom we have to use is: ( ∃ a : t ( R ( a , ˜ q ))) → R ( x , ˜ q ) Christian Engel JML Model Fields

  15. JML What are model fields? Axiomatic approach Translation to JavaDL Interpretation as model methods/queries Demo The axiomatic approach expressed in JavaDL Let φ ( x ) be a first order formula with occurences of x . Christian Engel JML Model Fields

  16. JML What are model fields? Axiomatic approach Translation to JavaDL Interpretation as model methods/queries Demo The axiomatic approach expressed in JavaDL Let φ ( x ) be a first order formula with occurences of x . x is the result of the translation of a model field x of type t . Christian Engel JML Model Fields

  17. JML What are model fields? Axiomatic approach Translation to JavaDL Interpretation as model methods/queries Demo The axiomatic approach expressed in JavaDL Let φ ( x ) be a first order formula with occurences of x . x is the result of the translation of a model field x of type t . R ( x , ˜ q ) is the formula provided by the represents clause. Christian Engel JML Model Fields

  18. JML What are model fields? Axiomatic approach Translation to JavaDL Interpretation as model methods/queries Demo The axiomatic approach expressed in JavaDL Let φ ( x ) be a first order formula with occurences of x . x is the result of the translation of a model field x of type t . R ( x , ˜ q ) is the formula provided by the represents clause. Then we get the formula: ∀ x ′ : t ( { x := x ′ } ( A ( x ) → φ ( x ))) with A ( x ) := ( ∃ a : t ( R ( a , ˜ q ))) → R ( x , ˜ q ) Christian Engel JML Model Fields

  19. JML What are model fields? Axiomatic approach Translation to JavaDL Interpretation as model methods/queries Demo Drawbacks of the axiomatic approach bigger, less readable formulas Christian Engel JML Model Fields

  20. JML What are model fields? Axiomatic approach Translation to JavaDL Interpretation as model methods/queries Demo Drawbacks of the axiomatic approach bigger, less readable formulas not applicable for recursively defined represents clauses Christian Engel JML Model Fields

  21. JML What are model fields? Axiomatic approach Translation to JavaDL Interpretation as model methods/queries Demo Drawbacks of the axiomatic approach bigger, less readable formulas not applicable for recursively defined represents clauses One possible solution: Use Taclets Γ ⊢ φ ( x ()) , ∆ Christian Engel JML Model Fields

  22. JML What are model fields? Axiomatic approach Translation to JavaDL Interpretation as model methods/queries Demo Drawbacks of the axiomatic approach bigger, less readable formulas not applicable for recursively defined represents clauses One possible solution: Use Taclets Γ ⊢ φ ( x ()) , ∃ x ′ : t ( R ( x ′ , ˜ q )) , ∆ Γ ⊢ φ ( x ()) , ∆ Christian Engel JML Model Fields

  23. JML What are model fields? Axiomatic approach Translation to JavaDL Interpretation as model methods/queries Demo Drawbacks of the axiomatic approach bigger, less readable formulas not applicable for recursively defined represents clauses One possible solution: Use Taclets Γ ⊢ φ ( x ()) , ∃ x ′ : t ( R ( x ′ , ˜ q )) , ∆ Γ , R ( x () , ˜ q ) ⊢ φ ( x ()) , ∆ Γ ⊢ φ ( x ()) , ∆ Christian Engel JML Model Fields

  24. JML What are model fields? Axiomatic approach Translation to JavaDL Interpretation as model methods/queries Demo Representing model fields by model methods Another approach: Model fields are represented by model method that are free of side effects and have a “suitable” specification. Christian Engel JML Model Fields

  25. JML What are model fields? Axiomatic approach Translation to JavaDL Interpretation as model methods/queries Demo Representing model fields by model methods Another approach: Model fields are represented by model method that are free of side effects and have a “suitable” specification. Let φ ( x ) and R(x, � q) be defined as on the previous slides. We get the formula: φ ( m ()) where m () is the model method associated with R(x, � q) . Christian Engel JML Model Fields

  26. JML What are model fields? Axiomatic approach Translation to JavaDL Interpretation as model methods/queries Demo Representing model fields by model methods The specification of m (): /*@ public normal_behavior @ requires (\exists t x; R(x,q)); @ assignable \nothing; @ ensures R(\result, q); @*/ Christian Engel JML Model Fields

  27. JML What are model fields? Translation to JavaDL Demo Demo Christian Engel JML Model Fields

  28. JML What are model fields? Translation to JavaDL Demo The interface LimitedIntContainer public interface LimitedIntContainer{ /*@ @ public model int value; @ public model boolean regularState; @*/ /*@ public normal_behavior @ ensures regularState ==> \result == value; @*/ int /*@ pure @*/ available(); } Christian Engel JML Model Fields

  29. JML What are model fields? Translation to JavaDL Demo The class PayCard public class PayCard implements LimitedIntContainer{ /*@ public represents value <- balance; @ public represents regularState <- @ (unsuccessfulOperations <= 3); @*/ public /*@pure@*/ int available() { if (unsuccessfulOperations<=3) return balance; return 0; } ... } Christian Engel JML Model Fields

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Model Theory of Fields with Operators Piotr Kowalski Instytut Matematyczny Uniwersytetu Wroc

Model Theory of Fields with Operators Piotr Kowalski Instytut Matematyczny Uniwersytetu Wroc

May 9: Model theory of fields May 11 Model theory of fields with operators Model Theory of Fields with Operators Piotr Kowalski Instytut Matematyczny Uniwersytetu Wroc lawskiego PhDs in Logic VIII, Darmstadt, May 9-11, 2016 Kowalski

488 views • 35 slides
Fields and model-theoretic classification, 1 Artem Chernikov UCLA Model Theory conference

Fields and model-theoretic classification, 1 Artem Chernikov UCLA Model Theory conference

Fields and model-theoretic classification, 1 Artem Chernikov UCLA Model Theory conference Stellenbosch, South Africa, Jan 9 2017 Definable sets Let M = ( M , R i , f i , c i ) denote a first-order structure with some distinguished relations

449 views • 21 slides
Fields and model-theoretic classification, 3 Artem Chernikov UCLA Model Theory conference

Fields and model-theoretic classification, 3 Artem Chernikov UCLA Model Theory conference

Fields and model-theoretic classification, 3 Artem Chernikov UCLA Model Theory conference Stellenbosch, South Africa, Jan 12 2017 Simple theories Definition [Shelah] A formula ( x ; y ) has the tree property (TP) if there is k &lt; and a

202 views • 19 slides
Fields and model-theoretic classification, 2 Artem Chernikov UCLA Model Theory conference

Fields and model-theoretic classification, 2 Artem Chernikov UCLA Model Theory conference

Fields and model-theoretic classification, 2 Artem Chernikov UCLA Model Theory conference Stellenbosch, South Africa, Jan 11 2017 NIP Definition Let T be a complete first-order theory in a language L . 1. A (partitioned) formula ( x , y )

562 views • 25 slides
Markov Random Fields and its Applications Huiwen Chang Introduction Markov Random

Markov Random Fields and its Applications Huiwen Chang Introduction Markov Random

Markov Random Fields and its Applications Huiwen Chang Introduction Markov Random Fields(MRF) A kind of undirected graphical model To model vision problems: Low level: image restoration, segmentation, texture analysis High

901 views • 89 slides
Recursively saturated real closed fields Paola DAquino Seconda Universita di Napoli Model

Recursively saturated real closed fields Paola DAquino Seconda Universita di Napoli Model

Recursively saturated real closed fields Paola DAquino Seconda Universita di Napoli Model Theory and Proof Theory of Arithmetic Bedlewo, 24 July 2012 Real closed fields D EFINITION A real closed field is a model of the theory of the

508 views • 28 slides
What do we do? Flying fields Types of model aircraft Typical electric trainer

What do we do? Flying fields Types of model aircraft Typical electric trainer

Who are we? What do we do? Flying fields Types of model aircraft Typical electric trainer plane How much does it cost? How do I get started? Our club web site Training Oops moments

557 views • 23 slides
Outline Shelahs classification theory and NTP 2 Examples of fields with NTP 2 Implications of

Outline Shelahs classification theory and NTP 2 Examples of fields with NTP 2 Implications of

Fields with NTP 2 Artem Chernikov Hebrew University of Jerusalem Model theory seminar Konstanz, 6 May 2013 Outline Shelahs classification theory and NTP 2 Examples of fields with NTP 2 Implications of NTP 2 for properties of definable groups

608 views • 25 slides
Current and Voltage Excitations for the Formulations Eddy Current Model Coupling Fields and

Current and Voltage Excitations for the Formulations Eddy Current Model Coupling Fields and

Eddy Current Model Variational Current and Voltage Excitations for the Formulations Eddy Current Model Coupling Fields and Circuits Ralf Hiptmair and Oliver Sterz Generator Currents oliver.sterz@iwr.uni-heidelberg.de Excitation IWR-TS

519 views • 28 slides
Convergence of correlations in the 2D Ising model: primary fields [ and the stress-energy tensor

Convergence of correlations in the 2D Ising model: primary fields [ and the stress-energy tensor

Convergence of correlations in the 2D Ising model: primary fields [ and the stress-energy tensor ] Dmitry Chelkak [ ENS, Paris &amp; Steklov Institute, St. Petersburg ] [ Sample of a critical 2D Ising configuration (with two disorders), c

1.24k views • 54 slides
Enhancements for two Fields in Writer for AOO 4.1 a developer's perspective Oliver-Rainer

Enhancements for two Fields in Writer for AOO 4.1 a developer's perspective Oliver-Rainer

Enhancements for two Fields in Writer for AOO 4.1 a developer's perspective Oliver-Rainer Wittmann, orw@apache.org @ Agenda The enhancements Writer's model for Fields Details on the implementations Challenges and chosen approaches

145 views • 12 slides
Rectangular torus dynamo model and magnetic fields in the outer rings of galaxies E.A.Mikhailov,

Rectangular torus dynamo model and magnetic fields in the outer rings of galaxies E.A.Mikhailov,

Rectangular torus dynamo model and magnetic fields in the outer rings of galaxies E.A.Mikhailov, A.D.Khokhryakova Faculty of Physics, M.V.Lomonosov State University, Moscow, Russia ____________________________________________ XI

569 views • 23 slides
Neutron stars in a perturbative f(R) gravity model with strong magnetic fields and contributions

Neutron stars in a perturbative f(R) gravity model with strong magnetic fields and contributions

Neutron stars in a perturbative f(R) gravity model with strong magnetic fields and contributions of quark matter Myung-Ki Cheoun Soongsil University, Seoul, Korea http://ssanp.ssu.ac.kr Neutron Star Matter (NSMAT) Sendai, Japan Nov. 22,

515 views • 35 slides
V-topologies, t-Henselian Fields and Definable Valuations Katharina Dupont Department of

V-topologies, t-Henselian Fields and Definable Valuations Katharina Dupont Department of

1 V-topologies, t-Henselian Fields and Definable Valuations Katharina Dupont Department of Mathematics University of Constance British Postgraduate Model Theorie Conference, 2011 2 Outline V-Topologies and t-Henselian Fields 1

783 views • 28 slides
The Quest for Scalar Fields The fields of Nature: Observed particles are described by Fermi

The Quest for Scalar Fields The fields of Nature: Observed particles are described by Fermi

From (and ) to Carlos Martins CAUP (Porto) &amp; DAMTP (Cambridge) The Quest for Scalar Fields The fields of Nature: Observed particles are described by Fermi spinors Gauge forces are described by boson vector fields

357 views • 31 slides
Variations on a Theme: Fields of Definition, Fields of Moduli, Automorphisms, and Twists

Variations on a Theme: Fields of Definition, Fields of Moduli, Automorphisms, and Twists

Fields of Definition / Fields of Moduli Automorphism Groups Twists Variations on a Theme: Fields of Definition, Fields of Moduli, Automorphisms, and Twists Michelle Manes (mmanes@math.hawaii.edu) ICERM Workshop Moduli Spaces Associated to

754 views • 47 slides
Justification Logic Who? Natalia Kotsani - based on the work of S. Artemov (The Logic of

Justification Logic Who? Natalia Kotsani - based on the work of S. Artemov (The Logic of

Justification Logic Who? Natalia Kotsani - based on the work of S. Artemov (The Logic of Justification, 2008) When? 28 November 2012 Table of contents 3.Basic Systems Justification Logic J 0 Logical Awareness Constants Specification Basic

293 views • 15 slides
Formal Specification with Z ch ? = right arrow Software Engineering Software Engineering right

Formal Specification with Z ch ? = right arrow Software Engineering Software Engineering right

These slides are based on Jonathan Jackys The Way of Z Forward Editor ch ? : CHAR Formal Specification with Z ch ? = right arrow Software Engineering Software Engineering right = Andreas Zeller Saarland University

417 views • 24 slides
Techniques for the system requirements unambiguous To describe the use of algebraic

Techniques for the system requirements unambiguous To describe the use of algebraic

Formal Specification Objectives To explain why formal specification techniques help discover problems in Techniques for the system requirements unambiguous To describe the use of algebraic techniques for interface specification of

69 views • 6 slides
Formal Specification and Verification Classical logic (4) 13.05.2014 Viorica

Formal Specification and Verification Classical logic (4) 13.05.2014 Viorica

Formal Specification and Verification Classical logic (4) 13.05.2014 Viorica Sofronie-Stokkermans e-mail: sofronie@uni-koblenz.de 1 Limitations of Propositional Logic Fixed, finite number of objects Cannot express: let G be group with

898 views • 68 slides
Ghosts for Lists: from Axiomatic to Executable Specifications Frdric Loulergue Allan

Ghosts for Lists: from Axiomatic to Executable Specifications Frdric Loulergue Allan

Ghosts for Lists: from Axiomatic to Executable Specifications Frdric Loulergue Allan Blanchard Nikolai Kosmatov June 29, 2018 @ Tests &amp; Proofs 2018 0/21 - F.Loulergue, A.Blanchard, N.Kosmatov - June 29, 2018 Contents 01.

749 views • 31 slides
An Axiomatic Approach to Liveness for Differential Equations Yong Kiam Tan Andr e Platzer

An Axiomatic Approach to Liveness for Differential Equations Yong Kiam Tan Andr e Platzer

An Axiomatic Approach to Liveness for Differential Equations Yong Kiam Tan Andr e Platzer Computer Science Department, Carnegie Mellon University FM, 10th Oct 2019 1 Outline Motivation 1 Logical Approach to ODE Liveness 2 Concrete

1.09k views • 63 slides
Operational Semantics This course Why semantics? y := 1; precise specification of software

Operational Semantics This course Why semantics? y := 1; precise specification of software

Operational Semantics This course Why semantics? y := 1; precise specification of software and while ( x = 1) do ( y := x y ; x := x 1) hardware First we assign 1 to y , then we test whether facilitate reasoning about systems:

355 views • 10 slides
Programming Language Elements for Correctness Proofs Gergely Dvai ELTE University, Budapest

Programming Language Elements for Correctness Proofs Gergely Dvai ELTE University, Budapest

Programming Language Elements for Correctness Proofs Gergely Dvai ELTE University, Budapest Department of Programming Languages and Compilers Supervisor: Dr. Zoltn Csrnyei Motivation A considerable part of software products' life

204 views • 19 slides

More recommend