the esc java2 calculi and object logics
play

The ESC/Java2 Calculi and Object Logics Implications on - PowerPoint PPT Presentation

Dec 28, 2022 •8 likes •278 views

The ESC/Java2 Calculi and Object Logics Implications on Specification and Verification Joseph Kiniry Department of Computer Science University College Dublin ESC/Java2 ESC/Java2 is an extended static checker based upon DEC/Compaq SRC

  1. The ESC/Java2 Calculi and Object Logics Implications on Specification and Verification Joseph Kiniry Department of Computer Science University College Dublin

  2. ESC/Java2 ESC/Java2 is an extended static checker based upon DEC/Compaq SRC ESC/Java operates on JML-annotated Java code behaves like a compiler error messages similar to javac & gcc completely automated hides enormous complexity from user Department of Computer Science 2 University College Dublin

  3. What is Extended Static Checking? annotated static checker Error: … source type systems Error: wrong number of arguments to call lint & modern compilers Error: unreachable code full program verification Error: qsort does not yield a sorted array Department of Computer Science 3 University College Dublin

  4. Why Not Just Test? testing is essential, but expensive to write and maintain finds errors late misses many errors static checking and testing are complementary techniques Department of Computer Science 4 University College Dublin

  5. Comparison of Static Checkers quality 100% full program verification Loop ESC/Java2 extended static ESC/Modula III checking SRC ESC/Java type systems lint e ff ort Note: graph is not to scale Department of Computer Science University College Dublin

  6. ESC/Java2 Use JML- Modularly checks for: annotated program null-dereference errors array bounds errors type cast errors ESC/Java2 specification violations race conditions & deadlocks “null-dereference … dozens of other errors error on line 486” Department of Computer Science 6 University College Dublin

  7. Soundness and Completeness a sound and complete prover is non- automated, very complex, and expensive modular checking properties of arithmetic and floats complex invariants and data structures instead, design and build an unsound and incomplete verification tool trade soundness and completeness for automation and usability Department of Computer Science 7 University College Dublin

  8. JML: The Java Modeling Language a behavioral interface specification language syntax and semantics are very close to Java annotations written as comments in code JML is a very rich language standard constructs include preconditions, postconditions, invariants, etc. one language used for documentation, runtime checking, and formal verification Department of Computer Science 8 University College Dublin

  9. A JML Example and ESC/Java2 Demo int extractMin() { class Bag { int m = Integer.MAX_VALUE; int[] a; int mindex = 0; int n; for (int i = 1; i <= n; i++) { if (a[i] < m) { Bag(int[] input) { mindex = i; n = input.length; m = a[i]; a = new int[n]; } System.arraycopy(input, 0, } a, 0, n); n--; } a[mindex] = a[n]; return m; boolean isEmpty() { } return n == 0; } } Department of Computer Science 9 University College Dublin

  10. The Annotated Class class Bag { //@ requires !empty; /*@ non_null */ int[] a; //@ modifies empty; int n; //@ modifies n, a[*]; //@ invariant 0 <= n && n <= a.length; public int extractMin() { //@ ghost public boolean empty; int m = Integer.MAX_VALUE; //@ invariant empty == (n == 0); int mindex = 0; for (int i = 0; i < n; i++) { //@ requires input != null; if (a[i] < m) { //@ ensures this.empty == (input.length == 0); mindex = i; public Bag(int[] input) { m = a[i]; n = input.length; } a = new int[n]; } System.arraycopy(input, 0, a, 0, n); n--; //@ set empty = n == 0; //@ set empty = n == 0; } //@ assert empty == (n == 0); a[mindex] = a[n]; //@ ensures \result == empty; return m; public boolean isEmpty() { } return n == 0; } } Department of Computer Science 10 University College Dublin

  11. ESC/Java2 Architecture JML- annotated translator verification program conditions automatic theorem prover counter- examples warning post-processor messages Department of Computer Science 11 University College Dublin

  12. The ESC/Java2 Object Logic partial semantics for Java and JML written in unsorted first-order logic highly tuned to current theorem prover’s capabilities and quirks Nelson’s Simplify prover circa mid-80s originally consisted of 81 axioms extended by 20 axioms in ESC/Java2 Department of Computer Science 12 University College Dublin

  13. Example Java Type Axioms (DEFPRED (<: t0 t1)) ;anti-symmetry (BG_PUSH (BG_PUSH (<: |T_java.lang.Object| (FORALL |T_java.lang.Object|)) (t0 t1) (IMPLIES (AND (<: t0 t1) (<: t1 t0)) ; <: reflexive (EQ t0 t1)))) (BG_PUSH (FORALL (t) (<: t t))) ; primitive types are final (BG_PUSH (FORALL (t) ; <: transitive (IMPLIES (<: t |T_boolean|) (BG_PUSH (EQ t (FORALL (t0 t1 t2) |T_boolean|)))) (IMPLIES (AND (<: t0 t1) (<: t1 t2)) (<: t0 t2)))) Department of Computer Science 13 University College Dublin

  14. Examples Showing Java Incompleteness (BG_PUSH (FORALL (x) (IFF (is x |T_char|) (AND (<= 0 x) (<= x 65535))))) (BG_PUSH (FORALL (x) (IFF (is x |T_byte|) (AND (<= -128 x) (<= x 127))))) (BG_PUSH (FORALL (x) (IFF (is x |T_short|) (AND (<= -32768 x) (<= x 32767))))) (BG_PUSH (FORALL (x) (IFF (is x |T_int|) (AND (<= intFirst x) (<= x intLast))))) (BG_PUSH (FORALL (x) (IFF (is x |T_long|) (AND (<= longFirst x) (<= x longLast))))) (BG_PUSH (< longFirst intFirst)) (BG_PUSH (< intFirst -1000000)) (BG_PUSH (< 1000000 intLast)) (BG_PUSH (< intLast longLast)) Department of Computer Science 14 University College Dublin

  15. Examples of Java & JML Semantics (DEFPRED (is x t)) (BG_PUSH (FORALL (x t) (is (cast x t) t))) (BG_PUSH (FORALL (x t) (IMPLIES (is x t) (EQ (cast x t) x)))) (BG_PUSH (FORALL (e a i) (is (select (select (asElems e) a) i) (elemtype (typeof a))))) (DEFPRED (nonnullelements x e) (AND (NEQ x null) (FORALL (i) (IMPLIES (AND (<= 0 i) (< i (arrayLength x))) (NEQ (select (select e x) i) null))))) Department of Computer Science 15 University College Dublin

  16. ESC/Java Calculi used for verification condition generation in Dijkstra wp/wlp style easy for small/research languages much harder for “real world” languages typed concurrent object-oriented language dynamic memory allocation and GC exceptions aliasing Department of Computer Science 16 University College Dublin

  17. VC Generation for Java annotated x = a[ i++ ]; source assume preconditions assume invariants ... i0 = i; i = i + 1; guarded assert (LABEL null@218: a != null); assert (LABEL IndexNeg@218: 0 <= i0); commands assert (LABEL IndexTooBig@218: i0 < a.length); x = elems[a][i0]; ... assert postconditions verification assert invariants condition ∀ i 0 . ( i 0 = i = ⇒ . . . ) Department of Computer Science 17 University College Dublin

  18. Verification Condition formula in unsorted, first-order predicate calculus equality and function symbols quantifiers arithmetic operators select and store operations e.g., ∀ x. ∀ y. ∃ z. ( x > y = ⇒ z × 2 == . . . Department of Computer Science 18 University College Dublin

  19. Example Verification Condition verification condition large & unstructured (EXPLIES (LBLNEG |vc.Bag.isEmpty.11.2| (IMPLIES (AND (EQ |n@pre:3.6| |n: 3.6|) (EQ |n:3.6| (asField |n:3.6| T_int)) (EQ |a@pre:2.8| |a:2.8|) (EQ |a: 2.8| (asField |a:2.8| (array T_int))) (< (fClosedTime |a:2.8|) alloc) (EQ |MAX_VALUE@pre:10..| |MAX_VALUE:10..|) (EQ |@true| (is |MAX_VALUE:10..| T_int)) (EQ |length@pre:unknown| |length:unknown|) (EQ |length:unknown| (asField |length:unknown| T_int)) (EQ |elems@pre| elems) (EQ elems (asElems elems)) (< (eClosedTime elems) alloc) (EQ LS (asLockSet LS)) (EQ |alloc@pre| alloc) (EQ |state@pre| state)) (NOT (AND (EQ |@true| (is this T_Bag)) (EQ |@true| (isAllocated this alloc)) (NEQ this null) (EQ RES (integralEQ (select |n:3.6| this) 0)) (LBLPOS |trace.Return^0,12.4| (EQ |@true| |@true|)) (NOT (LBLNEG |Exception@13.2| (EQ |ecReturn| |ecReturn|))))))) (AND (DISTINCT |ecReturn|) (< 1000000 pos2147483647))) Department of Computer Science 19 University College Dublin

  20. Problems with Current Logic unsorted no mental model, no type checking tightly coupled to Simplify prover unmaintained, two generations old very incomplete want to verify new properties and some functional specifications never checked for soundness Department of Computer Science 20 University College Dublin

  21. A New ESC/Java2 Logic partial semantics for Java and JML written in sorted first-order logic independent of any particular prover written in SMT-LIB supported by many new provers ~100 axioms thus far no reduction because no subsorts or overloading Department of Computer Science 21 University College Dublin

  22. Sorts of New Logic :sorts ( # sort that represents *values* of Java's boolean base type Boolean # sort that represents *values* of all Java's base types # but for Boolean Number # sort that represents all Java non-base types ReferenceType # ... represents object references Reference # ... represents object values Object # Boolean, Number, Object fields BooleanField NumberField ReferenceField # ... represents the heap Memory ) Department of Computer Science 22 University College Dublin

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Display calculi in non-classical logics Revantha Ramanayake Vienna University of Technology (TU

Display calculi in non-classical logics Revantha Ramanayake Vienna University of Technology (TU

Display calculi in non-classical logics Revantha Ramanayake Vienna University of Technology (TU Wien) Prague seminar of substructural logics March 2829, 2014 Revantha Ramanayake (TU Wien) Display calculi in non-classical logics 1 / 51

973 views • 52 slides
Nominal Process Calculi and Modal Logics Johannes Borgstrm Uppsala University Based on joint

Nominal Process Calculi and Modal Logics Johannes Borgstrm Uppsala University Based on joint

Nominal Process Calculi and Modal Logics Johannes Borgstrm Uppsala University Based on joint work since 2015 with Ram nas Gutkovas Lars-Henrik Eriksson Joachim Parrow Tjark Weber 1 Introduction to Nominal Process Calculi CCS with

1.39k views • 104 slides
Machine-checked Interpolation Theorems for Substructural Logics using Display Calculi Jeremy E.

Machine-checked Interpolation Theorems for Substructural Logics using Display Calculi Jeremy E.

Machine-checked Interpolation Theorems for Substructural Logics using Display Calculi Jeremy E. Dawson James Brotherston Rajeev Gor e Research School of Computer Science, Australian National University University College London, UK IJCAR,

325 views • 31 slides
Analytic Calculi for Substructural Logics: Theory and Applications Agata Ciabattoni Vienna

Analytic Calculi for Substructural Logics: Theory and Applications Agata Ciabattoni Vienna

Analytic Calculi for Substructural Logics: Theory and Applications Agata Ciabattoni Vienna University of Technology agata@logic.at Proof Theory &amp; Universal Algebra Computation Introduction Chapter I Curry-Howard Correspondence Chapter II

916 views • 73 slides
Sequent Calculi for Normal Update Logics Katsuhiko Sano 1 Minghui Ma 2 1 Graduate School of

Sequent Calculi for Normal Update Logics Katsuhiko Sano 1 Minghui Ma 2 1 Graduate School of

Sequent Calculi for Normal Update Logics Katsuhiko Sano 1 Minghui Ma 2 1 Graduate School of Letters, Hokkaido University, Japan 2 Institute of Logic and Coginition, Sun Yat-Sen University, China. ICLA 2019 @ IIT Delhi, 4th March 2019 Outline

400 views • 23 slides
Sequent calculi for logics of agency: the deliberative STIT Edi Pavlovi c (joint work with

Sequent calculi for logics of agency: the deliberative STIT Edi Pavlovi c (joint work with

Sequent calculi for logics of agency: the deliberative STIT Edi Pavlovi c (joint work with Sara Negri) University of Helsinki PhDs in Logic XI April 26, 2019 Edi Pavlovi c (Helsinki) The deliberative STIT PhDs in Logic XI 1 / 41

897 views • 41 slides
ESC/Java2 vs. JMLForge Juan Pablo Galeotti, Alessandra Gorla,

ESC/Java2 vs. JMLForge Juan Pablo Galeotti, Alessandra Gorla,

ESC/Java2 vs. JMLForge Juan Pablo Galeotti, Alessandra Gorla, Andreas Rau Saarland University, Germany ESC/Java2: the formula is built using Dijsktras

439 views • 43 slides
Soundness and Completeness Warnings in ESC/Java2 Joe Kiniry, Alan Morkan, and Barry Denby

Soundness and Completeness Warnings in ESC/Java2 Joe Kiniry, Alan Morkan, and Barry Denby

Soundness and Completeness Warnings in ESC/Java2 Joe Kiniry, Alan Morkan, and Barry Denby presented by David Cok Systems Research Group School of Computer Science and Informatics University College Dublin ESC/Java2 by design, neither sound

628 views • 33 slides
ESC/Java2 Use and Features David Cok, Joe Kiniry, Erik Poll Eastman Kodak Company, University

ESC/Java2 Use and Features David Cok, Joe Kiniry, Erik Poll Eastman Kodak Company, University

ESC/Java2 Use and Features David Cok, Joe Kiniry, Erik Poll Eastman Kodak Company, University College Dublin, and Radboud University Nijmegen David Cok, Joe Kiniry &amp; Erik Poll - ESC/Java2 &amp; JML Tutorial p.1/ ?? The ESC/Java2 tool

923 views • 24 slides
ESC/Java2 Use and Features David Cok, Joe Kiniry, Erik Poll Eastman Kodak Company, University

ESC/Java2 Use and Features David Cok, Joe Kiniry, Erik Poll Eastman Kodak Company, University

ESC/Java2 Use and Features David Cok, Joe Kiniry, Erik Poll Eastman Kodak Company, University College Dublin, and Radboud University Nijmegen David Cok, Joe Kiniry &amp; Erik Poll - ESC/Java2 &amp; JML Tutorial p.1/ ?? The ESC/Java2 tool

489 views • 19 slides
Interpreting Sequent Calculi as ClientServer Games Chris Fermller Theory and Logic Group

Interpreting Sequent Calculi as ClientServer Games Chris Fermller Theory and Logic Group

SYSMICS Kickoff Meeting Barcelona, Sept. 2016 Interpreting Sequent Calculi as ClientServer Games Chris Fermller Theory and Logic Group Vienna University of Technology 1 Background 2 Background substructural logics are often motivated

955 views • 71 slides
ESC/Java2 Warnings David Cok, Joe Kiniry, and Erik Poll Eastman Kodak Company, University College

ESC/Java2 Warnings David Cok, Joe Kiniry, and Erik Poll Eastman Kodak Company, University College

ESC/Java2 Warnings David Cok, Joe Kiniry, and Erik Poll Eastman Kodak Company, University College Dublin, and Radboud University Nijmegen David Cok, Joe Kiniry &amp; Erik Poll - ESC/Java2 &amp; JML Tutorial p.1/ ?? Types of ESC/Java2

1.15k views • 36 slides
Program Verification using JML and ESC/Java2 Erik Poll Radboud University Nijmegen p.1/36

Program Verification using JML and ESC/Java2 Erik Poll Radboud University Nijmegen p.1/36

Program Verification using JML and ESC/Java2 Erik Poll Radboud University Nijmegen p.1/36 Outline of this tutorial formal specifcation language JML program verification using ESC/Java2 p.2/36 The Java Modeling Language JML

471 views • 36 slides
Proof Theory in The Light of Categories Giovanni Cin a &amp; Giuseppe Greco April 5, 2013 1 /

Proof Theory in The Light of Categories Giovanni Cin a &amp; Giuseppe Greco April 5, 2013 1 /

Proof Theory in The Light of Categories Giovanni Cin a &amp; Giuseppe Greco April 5, 2013 1 / 37 Part 1 - Proof Theory From global- to local-rules calculi 1 Axiomatic Calculi Natural Deduction Calculi Sequent Calculi Cut-elimination

1.01k views • 72 slides
Computational interpretations of logics Silvia Ghilezan University of Novi Sad, Serbia Belgrade,

Computational interpretations of logics Silvia Ghilezan University of Novi Sad, Serbia Belgrade,

Computational interpretations of intuitionistic logic Sequent term calculi for intuitionistic logic Gtz -calculus with intersection types Computational interpretations of logics Silvia Ghilezan University of Novi Sad, Serbia Belgrade,

777 views • 38 slides
Description Logics Description Logics and Logics Enrico Franconi franconi@cs.man.ac.uk

Description Logics Description Logics and Logics Enrico Franconi franconi@cs.man.ac.uk

Description Logics Description Logics and Logics Enrico Franconi franconi@cs.man.ac.uk http://www.cs.man.ac.uk/franconi Department of Computer Science, University of Manchester (1/9) Tense Logic: (point ontology) Tense logic is a

380 views • 9 slides
PDFs in Drupal Making PDFs work well in Drupal 8 Presented by Dan Hansen - Sevaa Group, Inc.

PDFs in Drupal Making PDFs work well in Drupal 8 Presented by Dan Hansen - Sevaa Group, Inc.

PDFs in Drupal Making PDFs work well in Drupal 8 Presented by Dan Hansen - Sevaa Group, Inc. @DanAtSevaa @Sevaa #DrupalConNA Introduction - Who Am I? Dan Hansen Lead Developer at Sevaa Group, Inc. Worked with Drupal for 7 years Acquia

446 views • 28 slides
Class and Office Hours Structural Programming and Data Structures Winter 2000 Class: Mondays,

Class and Office Hours Structural Programming and Data Structures Winter 2000 Class: Mondays,

Class and Office Hours Structural Programming and Data Structures Winter 2000 Class: Mondays, Wednesdays and Fridays from 14:00 to 14:50 CMPUT 102: Introduction Dr. Osmar R. Zaane Office Hours: Tuesdays and Thursdays from 11:00 to 11:45

301 views • 15 slides
Introduction Goal: Use programmers design decisions with automatic checking todetect potential

Introduction Goal: Use programmers design decisions with automatic checking todetect potential

0.5 setgray0 0.5 setgray1 Introduction Goal: Use programmers design decisions with automatic checking todetect potential errors. Extended Static Checking (ESC) tries to prove correctness at compile-time helps finding run-time exceptions

302 views • 11 slides
New Evolutions in the X Window System Matthieu Herrb and Matthias Hopf EuroBSDCon 2005 - Basel

New Evolutions in the X Window System Matthieu Herrb and Matthias Hopf EuroBSDCon 2005 - Basel

New Evolutions in the X Window System Matthieu Herrb and Matthias Hopf EuroBSDCon 2005 - Basel Introduction The X Window System is 20 years old Started new evolutions in last years Some new features are already available On-going

421 views • 18 slides
Exams Gerth Stlting Brodal Algorithms and Data Structures Retreat, Sandbjerg, Denmark, March 3,

Exams Gerth Stlting Brodal Algorithms and Data Structures Retreat, Sandbjerg, Denmark, March 3,

Autogenerating Algorithms and Data Structures Exams Gerth Stlting Brodal Algorithms and Data Structures Retreat, Sandbjerg, Denmark, March 3, 2020 Algorithms and Data Structures Cource ADS 10 ECTS, 2 nd semester 1991 - 2003 Written exam ADS

668 views • 29 slides
Minimal Polynomials Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical

Minimal Polynomials Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical

Minimal Polynomials Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical Engineering Indian Institute of Technology Bombay October 9, 2014 1 / 13 Factoring x q x over a Field F q and F p Example F = { 0 , 1 , y , y + 1 }

412 views • 13 slides
A Survey of Polynomial Results (Number Theory Seminar) Abdullah Al-Shaghay Dalhousie University

A Survey of Polynomial Results (Number Theory Seminar) Abdullah Al-Shaghay Dalhousie University

A Survey of Polynomial Results (Number Theory Seminar) Abdullah Al-Shaghay Dalhousie University Monday March 25, 2019 Abdullah Al-Shaghay (Dalhousie University) Monday March 25, 2019 1 / 24 Overview Cyclotomic Polynomials 1 Sums of Roots

958 views • 48 slides
Lecture 6.4: Galois groups Matthew Macauley Department of Mathematical Sciences Clemson

Lecture 6.4: Galois groups Matthew Macauley Department of Mathematical Sciences Clemson

Lecture 6.4: Galois groups Matthew Macauley Department of Mathematical Sciences Clemson University http://www.math.clemson.edu/~macaule/ Math 4120, Modern Algebra M. Macauley (Clemson) Lecture 6.4: Galois groups Math 4120, Modern Algebra 1

405 views • 7 slides

More recommend