The KeY project Sequent calculus Java Card DL Updates The active - - PowerPoint PPT Presentation

the key project
SMART_READER_LITE
LIVE PREVIEW

The KeY project Sequent calculus Java Card DL Updates The active - - PowerPoint PPT Presentation

Mar 15, 2023 15 likes •176 views

The KeY project G abor Angyal Introduction History Material The KeY project JavaCard JML The KeY project Sequent calculus Java Card DL Updates The active statement The Assignment Rule The Rule for if-else G abor Angyal Loops

slide-1
SLIDE 1

The KeY project G´ abor Angyal Introduction

History Material The KeY project JavaCard JML Sequent calculus

Java Card DL

Updates The active statement The Assignment Rule The Rule for if-else Loops Unwinding while loops Loop Invariants End

The KeY project

G´ abor Angyal June 15, 2011

slide-2
SLIDE 2

The KeY project G´ abor Angyal Introduction

History Material The KeY project JavaCard JML Sequent calculus

Java Card DL

Updates The active statement The Assignment Rule The Rule for if-else Loops Unwinding while loops Loop Invariants End

History

  • Formal software development tool
  • University of Karlsruhe (1998)
  • Karlsruhe Institute of Technology and Chalmers

University of Technology, Gothenburg

slide-3
SLIDE 3

The KeY project G´ abor Angyal Introduction

History Material The KeY project JavaCard JML Sequent calculus

Java Card DL

Updates The active statement The Assignment Rule The Rule for if-else Loops Unwinding while loops Loop Invariants End

Material

  • KeY quick tour
  • ”The KeY Tool” paper

http://key-project.org/

slide-4
SLIDE 4

The KeY project G´ abor Angyal Introduction

History Material The KeY project JavaCard JML Sequent calculus

Java Card DL

Updates The active statement The Assignment Rule The Rule for if-else Loops Unwinding while loops Loop Invariants End

The KeY project

  • Verification of formal specification
  • Automated and interactive mode
  • JavaCard
  • JML
slide-5
SLIDE 5

The KeY project G´ abor Angyal Introduction

History Material The KeY project JavaCard JML Sequent calculus

Java Card DL

Updates The active statement The Assignment Rule The Rule for if-else Loops Unwinding while loops Loop Invariants End

JavaCard

  • Java-based applications
  • Smart Cards

The language

  • Precise subset of Java
  • Missing types char, double, float and long
  • Missing features transient qualifier; enums; arrays of

more than one dimension; finalization; object cloning; threads

slide-6
SLIDE 6

The KeY project G´ abor Angyal Introduction

History Material The KeY project JavaCard JML Sequent calculus

Java Card DL

Updates The active statement The Assignment Rule The Rule for if-else Loops Unwinding while loops Loop Invariants End

JML - proof obligations

Example

/*@ @ public normal_behavior @ requires idx < int_list.length; @ assignable idx , int_list; @ ensures idx == \old(idx) + 1; @ ensures int_list [\ old(idx )] == v; @*/ p u b l i c void add ( i n t v ) throws Exception { i f ( i d x < i n t l i s t . l e n g t h ) { i n t l i s t [ i d x ] = v ; i d x++; } e l s e throw new Exception ( ” Array i s f u l l . ” ) ; }

slide-7
SLIDE 7

The KeY project G´ abor Angyal Introduction

History Material The KeY project JavaCard JML Sequent calculus

Java Card DL

Updates The active statement The Assignment Rule The Rule for if-else Loops Unwinding while loops Loop Invariants End

JML

Loop invariant

i n t max value = i n t l i s t [ 0 ] ; i n t i= 0 ; /*@ loop_invariant 0<=i && i<idx && @ (\ forall int j; j >=0 && j<i; int_list[j] <= max_value ); @ assignable max_value , i; */ while ( i < i d x ) { i = i + 1; i n t g = i n t l i s t [ i ] ; i f ( max value < g ) max value = g ; }

slide-8
SLIDE 8

The KeY project G´ abor Angyal Introduction

History Material The KeY project JavaCard JML Sequent calculus

Java Card DL

Updates The active statement The Assignment Rule The Rule for if-else Loops Unwinding while loops Loop Invariants End

Sequent calculus

Form

φ1, ..., φm ⊢ ψ1, ..., ψn (m, n ≥ 0)

Sematics

φ1 ∧ ... ∧ φm → ψ1 ∨ ... ∨ ψn (m, n ≥ 0)

slide-9
SLIDE 9

The KeY project G´ abor Angyal Introduction

History Material The KeY project JavaCard JML Sequent calculus

Java Card DL

Updates The active statement The Assignment Rule The Rule for if-else Loops Unwinding while loops Loop Invariants End

JavaCardDL

typed first-order dynamic logic

Additional operators

  • pφ means that program p terminates and in its

final state formula φ holds.

  • [p]φ means that if program p terminates then in its

final state formula φ holds.

slide-10
SLIDE 10

The KeY project G´ abor Angyal Introduction

History Material The KeY project JavaCard JML Sequent calculus

Java Card DL

Updates The active statement The Assignment Rule The Rule for if-else Loops Unwinding while loops Loop Invariants End

Updates

Syntax

{v1 := ϕ1...vm := ϕ1}pφ {v1 := ϕ1...vm := ϕ1}[p]φ

Example

{i := aj := b}tmp = i; i = j; j = tmp; i = b&j = a

slide-11
SLIDE 11

The KeY project G´ abor Angyal Introduction

History Material The KeY project JavaCard JML Sequent calculus

Java Card DL

Updates The active statement The Assignment Rule The Rule for if-else Loops Unwinding while loops Loop Invariants End

The Active Statement in a Program

  • πpω - program
  • π - non-active prefix
  • p - active statement
  • ω - the rest
slide-12
SLIDE 12

The KeY project G´ abor Angyal Introduction

History Material The KeY project JavaCard JML Sequent calculus

Java Card DL

Updates The active statement The Assignment Rule The Rule for if-else Loops Unwinding while loops Loop Invariants End

The Assignment Rule

The aliasing problem

Does ”o1.a = 1” still holds after the execution of the assignment ”o2.a = 2”?

Transform it to an update

Γ ⊢ {ξp}πωφ Γ ⊢ {ξ}πpωφ

slide-13
SLIDE 13

The KeY project G´ abor Angyal Introduction

History Material The KeY project JavaCard JML Sequent calculus

Java Card DL

Updates The active statement The Assignment Rule The Rule for if-else Loops Unwinding while loops Loop Invariants End

The Rule for if-else

Γ, b ⊢ {ξ}πpωφ ; Γ, !b ⊢ {ξ}πqωφ Γ ⊢ {ξ}πif (b)p else q ωφ

slide-14
SLIDE 14

The KeY project G´ abor Angyal Introduction

History Material The KeY project JavaCard JML Sequent calculus

Java Card DL

Updates The active statement The Assignment Rule The Rule for if-else Loops Unwinding while loops Loop Invariants End

Unwinding while loops

while ( b ) { d o s t u f f ; } i f ( b ) { d o s t u f f ; } while ( b ) { d o s t u f f ; }

  • Apply if-else rule.
  • Apply assignment rules.
slide-15
SLIDE 15

The KeY project G´ abor Angyal Introduction

History Material The KeY project JavaCard JML Sequent calculus

Java Card DL

Updates The active statement The Assignment Rule The Rule for if-else Loops Unwinding while loops Loop Invariants End

Loop Invariants

{ξ}while(b){do stuff ; }φ

  • P - Loop invariant
  • t - variant

such that ...

  • P is initially valid
  • The body of the loop must preserve P
  • The body of the loop must decrease t
  • P ∧ b ⇒ t > 0
  • P ∧ t = 0 ⇒ φ
slide-16
SLIDE 16

The KeY project G´ abor Angyal Introduction

History Material The KeY project JavaCard JML Sequent calculus

Java Card DL

Updates The active statement The Assignment Rule The Rule for if-else Loops Unwinding while loops Loop Invariants End