deductive verification of object oriented software
play

Deductive Verification of Object-Oriented Software Part B Bernhard - PowerPoint PPT Presentation

Apr 12, 2024 •237 likes •1.82k views

Deductive Verification of Object-Oriented Software Part B Bernhard Beckert | VTSA, 24.28.08.2015 KIT I NSTITUTE FOR T HEORETICAL C OMPUTER S CIENCE www.kit.edu KIT University of the State of Baden-Wuerttemberg and National Laboratory

  1. Rigid and Flexible Terms Example <int i;> \ forall int x ; ( i + 1 . > <i++;> ( i . = x − = x )) ⇒ flexible Interpretation of i depends on computation state Interpretation of x and + do not depend on state ⇒ rigid Locations are always flexible Logical variables, standard functions are always rigid J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 42/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  2. Rigid and Flexible Terms Example <int i;> \ forall int x ; ( i + 1 . > <i++;> ( i . = x − = x )) ⇒ flexible Interpretation of i depends on computation state Interpretation of x and + do not depend on state ⇒ rigid Locations are always flexible Logical variables, standard functions are always rigid J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 42/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  3. Rigid and Flexible Terms Example <int i;> \ forall int x ; ( i + 1 . > <i++;> ( i . = x − = x )) ⇒ flexible Interpretation of i depends on computation state Interpretation of x and + do not depend on state ⇒ rigid Locations are always flexible Logical variables, standard functions are always rigid J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 42/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  4. Rigid and Flexible Terms Example <int i;> \ forall int x ; ( i + 1 . > <i++;> ( i . = x − = x )) ⇒ flexible Interpretation of i depends on computation state Interpretation of x and + do not depend on state ⇒ rigid Locations are always flexible Logical variables, standard functions are always rigid J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 42/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  5. Rigid and Flexible Terms Example <int i;> \ forall int x ; ( i + 1 . > <i++;> ( i . = x − = x )) ⇒ flexible Interpretation of i depends on computation state Interpretation of x and + do not depend on state ⇒ rigid Locations are always flexible Logical variables, standard functions are always rigid J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 42/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  6. Validity A J AVA C ARD DL formula is valid iff it is true in all states. We need a calculus for checking validity of formulas J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 43/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  7. Validity A J AVA C ARD DL formula is valid iff it is true in all states. We need a calculus for checking validity of formulas J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 43/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  8. Part III Program Verification with Dynamic Logic J AVA C ARD DL 7 Sequent Calculus 8 Rules for Programs: Symbolic Execution 9 10 A Calculus for 100% J AVA C ARD 11 Taclets – KeY’s Rule Description Language J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 44/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  9. Part III Program Verification with Dynamic Logic J AVA C ARD DL 7 Sequent Calculus 8 Rules for Programs: Symbolic Execution 9 10 A Calculus for 100% J AVA C ARD 11 Taclets – KeY’s Rule Description Language J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 45/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  10. Sequents and their Semantics Syntax ψ 1 , . . . , ψ m = ⇒ φ 1 , . . . , φ n � �� � � �� � Antecedent Succedent where the φ i , ψ i are formulae (without free variables) Semantics Same as the formula ( ψ 1 & · · · & ψ m ) − > ( φ 1 | · · · | φ n ) J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 46/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  11. Sequents and their Semantics Syntax ψ 1 , . . . , ψ m = ⇒ φ 1 , . . . , φ n � �� � � �� � Antecedent Succedent where the φ i , ψ i are formulae (without free variables) Semantics Same as the formula ( ψ 1 & · · · & ψ m ) − > ( φ 1 | · · · | φ n ) J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 46/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  12. Sequent Rules General form Premisses � �� � Γ 1 = ⇒ ∆ 1 · · · Γ r = ⇒ ∆ r rule name Γ = ⇒ ∆ � �� � Conclusion ( r = 0 possible: closing rules) Soundness If all premisses are valid, then the conclusion is valid Use in practice Goal is matched to conclusion J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 47/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  13. Sequent Rules General form Premisses � �� � Γ 1 = ⇒ ∆ 1 · · · Γ r = ⇒ ∆ r rule name Γ = ⇒ ∆ � �� � Conclusion ( r = 0 possible: closing rules) Soundness If all premisses are valid, then the conclusion is valid Use in practice Goal is matched to conclusion J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 47/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  14. Sequent Rules General form Premisses � �� � Γ 1 = ⇒ ∆ 1 · · · Γ r = ⇒ ∆ r rule name Γ = ⇒ ∆ � �� � Conclusion ( r = 0 possible: closing rules) Soundness If all premisses are valid, then the conclusion is valid Use in practice Goal is matched to conclusion J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 47/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  15. Sequent Rules General form Premisses � �� � Γ 1 = ⇒ ∆ 1 · · · Γ r = ⇒ ∆ r rule name Γ = ⇒ ∆ � �� � Conclusion ( r = 0 possible: closing rules) Soundness If all premisses are valid, then the conclusion is valid Use in practice Goal is matched to conclusion J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 47/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  16. Some Simple Sequent Rules Γ = ⇒ A, ∆ not left Γ , ! A = ⇒ ∆ Γ = ⇒ A, ∆ Γ , B = ⇒ ∆ imp left Γ , A − > B = ⇒ ∆ close goal close by true Γ , A = ⇒ A, ∆ Γ = ⇒ true , ∆ Γ , \ forall t x ; φ, { x/e } φ = ⇒ ∆ all left Γ , \ forall t x ; φ = ⇒ ∆ where e var-free term of type t ′ ≺ t J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 48/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  17. Some Simple Sequent Rules Γ = ⇒ A, ∆ not left Γ , ! A = ⇒ ∆ Γ = ⇒ A, ∆ Γ , B = ⇒ ∆ imp left Γ , A − > B = ⇒ ∆ close goal close by true Γ , A = ⇒ A, ∆ Γ = ⇒ true , ∆ Γ , \ forall t x ; φ, { x/e } φ = ⇒ ∆ all left Γ , \ forall t x ; φ = ⇒ ∆ where e var-free term of type t ′ ≺ t J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 48/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  18. Some Simple Sequent Rules Γ = ⇒ A, ∆ not left Γ , ! A = ⇒ ∆ Γ = ⇒ A, ∆ Γ , B = ⇒ ∆ imp left Γ , A − > B = ⇒ ∆ close goal close by true Γ , A = ⇒ A, ∆ Γ = ⇒ true , ∆ Γ , \ forall t x ; φ, { x/e } φ = ⇒ ∆ all left Γ , \ forall t x ; φ = ⇒ ∆ where e var-free term of type t ′ ≺ t J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 48/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  19. Some Simple Sequent Rules Γ = ⇒ A, ∆ not left Γ , ! A = ⇒ ∆ Γ = ⇒ A, ∆ Γ , B = ⇒ ∆ imp left Γ , A − > B = ⇒ ∆ close goal close by true Γ , A = ⇒ A, ∆ Γ = ⇒ true , ∆ Γ , \ forall t x ; φ, { x/e } φ = ⇒ ∆ all left Γ , \ forall t x ; φ = ⇒ ∆ where e var-free term of type t ′ ≺ t J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 48/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  20. Some Simple Sequent Rules Γ = ⇒ A, ∆ not left Γ , ! A = ⇒ ∆ Γ = ⇒ A, ∆ Γ , B = ⇒ ∆ imp left Γ , A − > B = ⇒ ∆ close goal close by true Γ , A = ⇒ A, ∆ Γ = ⇒ true , ∆ Γ , \ forall t x ; φ, { x/e } φ = ⇒ ∆ all left Γ , \ forall t x ; φ = ⇒ ∆ where e var-free term of type t ′ ≺ t J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 48/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  21. Sequent Calculus Proofs Proof tree Proof is tree structure with goal sequent as root Rules are applied from conclusion (old goal) to premisses (new goals) Rule with no premiss closes proof branch Proof is finished when all goals are closed J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 49/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  22. Sequent Calculus Proofs Proof tree Proof is tree structure with goal sequent as root Rules are applied from conclusion (old goal) to premisses (new goals) Rule with no premiss closes proof branch Proof is finished when all goals are closed J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 49/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  23. Sequent Calculus Proofs Proof tree Proof is tree structure with goal sequent as root Rules are applied from conclusion (old goal) to premisses (new goals) Rule with no premiss closes proof branch Proof is finished when all goals are closed J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 49/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  24. Sequent Calculus Proofs Proof tree Proof is tree structure with goal sequent as root Rules are applied from conclusion (old goal) to premisses (new goals) Rule with no premiss closes proof branch Proof is finished when all goals are closed J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 49/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  25. Part III Program Verification with Dynamic Logic J AVA C ARD DL 7 Sequent Calculus 8 Rules for Programs: Symbolic Execution 9 10 A Calculus for 100% J AVA C ARD 11 Taclets – KeY’s Rule Description Language J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 50/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  26. Part III Program Verification with Dynamic Logic J AVA C ARD DL 7 Sequent Calculus 8 Rules for Programs: Symbolic Execution 9 10 A Calculus for 100% J AVA C ARD 11 Taclets – KeY’s Rule Description Language J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 51/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  27. Proof by Symbolic Program Execution Sequent rules for program formulas? What corresponds to top-level connective in a program? The Active Statement in a Program Sequent rules execute symbolically the active statement J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 52/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  28. Proof by Symbolic Program Execution Sequent rules for program formulas? What corresponds to top-level connective in a program? The Active Statement in a Program l:{try{ i=0; j=0; } finally{ k=0; }} Sequent rules execute symbolically the active statement J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 52/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  29. Proof by Symbolic Program Execution Sequent rules for program formulas? What corresponds to top-level connective in a program? The Active Statement in a Program l:{try{ i=0; j=0; } finally{ k=0; }} Sequent rules execute symbolically the active statement J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 52/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  30. Proof by Symbolic Program Execution Sequent rules for program formulas? What corresponds to top-level connective in a program? The Active Statement in a Program l:{try{ i=0; j=0; } finally{ k=0; }} � �� � � �� � π ω π passive prefix active statement i=0; ω rest Sequent rules execute symbolically the active statement J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 52/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  31. Proof by Symbolic Program Execution Sequent rules for program formulas? What corresponds to top-level connective in a program? The Active Statement in a Program l:{try{ i=0; j=0; } finally{ k=0; }} � �� � � �� � π ω π passive prefix active statement i=0; ω rest Sequent rules execute symbolically the active statement J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 52/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  32. Rules for Symbolic Program Execution If-then-else rule Γ , B = true = ⇒ < p ω > φ, ∆ Γ , B = false = ⇒ < q ω > φ, ∆ Γ = ⇒ <if ( B ) { p } else { q } ω > φ, ∆ Complicated statements/expressions are simplified first, e.g. Γ = ⇒ <v=y; y=y+1; x=v; ω > φ, ∆ Γ = ⇒ <x=y++; ω > φ, ∆ Simple assignment rule Γ = ⇒ { loc := val } < ω > φ, ∆ Γ = ⇒ < loc = val ; ω > φ, ∆ J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 53/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  33. Rules for Symbolic Program Execution If-then-else rule Γ , B = true = ⇒ < p ω > φ, ∆ Γ , B = false = ⇒ < q ω > φ, ∆ Γ = ⇒ <if ( B ) { p } else { q } ω > φ, ∆ Complicated statements/expressions are simplified first, e.g. Γ = ⇒ <v=y; y=y+1; x=v; ω > φ, ∆ Γ = ⇒ <x=y++; ω > φ, ∆ Simple assignment rule Γ = ⇒ { loc := val } < ω > φ, ∆ Γ = ⇒ < loc = val ; ω > φ, ∆ J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 53/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  34. Rules for Symbolic Program Execution If-then-else rule Γ , B = true = ⇒ < p ω > φ, ∆ Γ , B = false = ⇒ < q ω > φ, ∆ Γ = ⇒ <if ( B ) { p } else { q } ω > φ, ∆ Complicated statements/expressions are simplified first, e.g. Γ = ⇒ <v=y; y=y+1; x=v; ω > φ, ∆ Γ = ⇒ <x=y++; ω > φ, ∆ Simple assignment rule Γ = ⇒ { loc := val } < ω > φ, ∆ Γ = ⇒ < loc = val ; ω > φ, ∆ J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 53/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  35. Extending DL by Explicit State Updates Updates explicit syntactic elements in the logic Elementary Updates { loc := val } φ where (roughly) loc a program variable x , an attribute access o.attr , or an array access a [ i ] val is same as loc , or a literal, or a logical variable Parallel Updates { loc 1 := t 1 || · · · || loc n := t n } φ no dependency between the n components (but ‘right wins’ semantics) J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 54/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  36. Extending DL by Explicit State Updates Updates explicit syntactic elements in the logic Elementary Updates { loc := val } φ where (roughly) loc a program variable x , an attribute access o.attr , or an array access a [ i ] val is same as loc , or a literal, or a logical variable Parallel Updates { loc 1 := t 1 || · · · || loc n := t n } φ no dependency between the n components (but ‘right wins’ semantics) J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 54/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  37. Extending DL by Explicit State Updates Updates explicit syntactic elements in the logic Elementary Updates { loc := val } φ where (roughly) loc a program variable x , an attribute access o.attr , or an array access a [ i ] val is same as loc , or a literal, or a logical variable Parallel Updates { loc 1 := t 1 || · · · || loc n := t n } φ no dependency between the n components (but ‘right wins’ semantics) J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 54/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  38. Why Updates? Updates are: lazily applied (i.e. substituted into postcondition) eagerly parallelised + simplified Advantages no renaming required delayed/minimized proof branching (efficient aliasing treatment) J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 55/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  39. Why Updates? Updates are: lazily applied (i.e. substituted into postcondition) eagerly parallelised + simplified Advantages no renaming required delayed/minimized proof branching (efficient aliasing treatment) J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 55/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  40. Symbolic Execution with Updates (by Example) x < y = ⇒ x < y . . . x < y = ⇒ { x:=y || y:=x } <> y < x . . . x < y = ⇒ { t:=x || x:=y || y:=x } <> y < x . . . x < y = ⇒ { t:=x || x:=y }{ y:=t } <> y < x . . . x < y = ⇒ { t:=x }{ x:=y } <y=t;> y < x . . . x < y = ⇒ { t:=x } <x=y; y=t;> y < x . . . = ⇒ x < y − > <int t=x; x=y; y=t;> y < x J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 56/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  41. Symbolic Execution with Updates (by Example) x < y = ⇒ x < y . . . x < y = ⇒ { x:=y || y:=x } <> y < x . . . x < y = ⇒ { t:=x || x:=y || y:=x } <> y < x . . . x < y = ⇒ { t:=x || x:=y }{ y:=t } <> y < x . . . x < y = ⇒ { t:=x }{ x:=y } <y=t;> y < x . . . x < y = ⇒ { t:=x } <x=y; y=t;> y < x . . . = ⇒ x < y − > <int t=x; x=y; y=t;> y < x J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 56/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  42. Symbolic Execution with Updates (by Example) x < y = ⇒ x < y . . . x < y = ⇒ { x:=y || y:=x } <> y < x . . . x < y = ⇒ { t:=x || x:=y || y:=x } <> y < x . . . x < y = ⇒ { t:=x || x:=y }{ y:=t } <> y < x . . . x < y = ⇒ { t:=x }{ x:=y } <y=t;> y < x . . . x < y = ⇒ { t:=x } <x=y; y=t;> y < x . . . = ⇒ x < y − > <int t=x; x=y; y=t;> y < x J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 56/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  43. Symbolic Execution with Updates (by Example) x < y = ⇒ x < y . . . x < y = ⇒ { x:=y || y:=x } <> y < x . . . x < y = ⇒ { t:=x || x:=y || y:=x } <> y < x . . . x < y = ⇒ { t:=x || x:=y }{ y:=t } <> y < x . . . x < y = ⇒ { t:=x }{ x:=y } <y=t;> y < x . . . x < y = ⇒ { t:=x } <x=y; y=t;> y < x . . . = ⇒ x < y − > <int t=x; x=y; y=t;> y < x J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 56/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  44. Symbolic Execution with Updates (by Example) x < y = ⇒ x < y . . . x < y = ⇒ { x:=y || y:=x } <> y < x . . . x < y = ⇒ { t:=x || x:=y || y:=x } <> y < x . . . x < y = ⇒ { t:=x || x:=y }{ y:=t } <> y < x . . . x < y = ⇒ { t:=x }{ x:=y } <y=t;> y < x . . . x < y = ⇒ { t:=x } <x=y; y=t;> y < x . . . = ⇒ x < y − > <int t=x; x=y; y=t;> y < x J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 56/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  45. Symbolic Execution with Updates (by Example) x < y = ⇒ x < y . . . x < y = ⇒ { x:=y || y:=x } <> y < x . . . x < y = ⇒ { t:=x || x:=y || y:=x } <> y < x . . . x < y = ⇒ { t:=x || x:=y }{ y:=t } <> y < x . . . x < y = ⇒ { t:=x }{ x:=y } <y=t;> y < x . . . x < y = ⇒ { t:=x } <x=y; y=t;> y < x . . . = ⇒ x < y − > <int t=x; x=y; y=t;> y < x J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 56/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  46. Symbolic Execution with Updates (by Example) x < y = ⇒ x < y . . . x < y = ⇒ { x:=y || y:=x } <> y < x . . . x < y = ⇒ { t:=x || x:=y || y:=x } <> y < x . . . x < y = ⇒ { t:=x || x:=y }{ y:=t } <> y < x . . . x < y = ⇒ { t:=x }{ x:=y } <y=t;> y < x . . . x < y = ⇒ { t:=x } <x=y; y=t;> y < x . . . = ⇒ x < y − > <int t=x; x=y; y=t;> y < x J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 56/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  47. Program State Representation Local program variables Modeled as non-rigid constants Heap Modeled with theory of arrays: heap : → Heap (the heap in the current state) select : Heap × Object × Field → Any store : Heap × Object × Field × Any → Heap Heap axioms (excerpt) select ( store ( h, o, f, x ) , o, f ) = x select ( store ( h, o, f, x ) , u, f ) = select ( h, u, f ) if o � = u J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 57/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  48. Program State Representation Local program variables Modeled as non-rigid constants Heap Modeled with theory of arrays: heap : → Heap (the heap in the current state) select : Heap × Object × Field → Any store : Heap × Object × Field × Any → Heap Heap axioms (excerpt) select ( store ( h, o, f, x ) , o, f ) = x select ( store ( h, o, f, x ) , u, f ) = select ( h, u, f ) if o � = u J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 57/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  49. Program State Representation Local program variables Modeled as non-rigid constants Heap Modeled with theory of arrays: heap : → Heap (the heap in the current state) select : Heap × Object × Field → Any store : Heap × Object × Field × Any → Heap Heap axioms (excerpt) select ( store ( h, o, f, x ) , o, f ) = x select ( store ( h, o, f, x ) , u, f ) = select ( h, u, f ) if o � = u J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 57/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  50. Handling Abrupt Termination Abrupt termination handled by program transformations Changing control flow = rearranging program parts Example TRY - THROW � if (exc instanceof T) � Γ = ⇒ φ, ∆ {try {e=exc; r} finally {s}} ω else {s throw exc;} Γ = ⇒ <try{throw exc; q} catch(T e){r} finally{s} ω > φ, ∆ J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 58/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  51. Handling Abrupt Termination Abrupt termination handled by program transformations Changing control flow = rearranging program parts Example TRY - THROW � if (exc instanceof T) � Γ = ⇒ φ, ∆ {try {e=exc; r} finally {s}} ω else {s throw exc;} Γ = ⇒ <try{throw exc; q} catch(T e){r} finally{s} ω > φ, ∆ J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 58/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  52. Handling Abrupt Termination Abrupt termination handled by program transformations Changing control flow = rearranging program parts Example TRY - THROW � π if (exc instanceof T) � Γ = ⇒ φ, ∆ {try {e=exc; r} finally {s}} ω else {s throw exc;} Γ = ⇒ < π try{throw exc; q} catch(T e){r} finally{s} ω > φ, ∆ J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 58/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  53. Part III Program Verification with Dynamic Logic J AVA C ARD DL 7 Sequent Calculus 8 Rules for Programs: Symbolic Execution 9 10 A Calculus for 100% J AVA C ARD 11 Taclets – KeY’s Rule Description Language J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 59/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  54. Part III Program Verification with Dynamic Logic J AVA C ARD DL 7 Sequent Calculus 8 Rules for Programs: Symbolic Execution 9 10 A Calculus for 100% J AVA C ARD 11 Taclets – KeY’s Rule Description Language J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 60/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  55. Supported Java Features method invocation with polymorphism/dynamic binding object creation and initialisation arrays abrupt termination throwing of NullPointerExceptions, etc. bounded integer data types transactions All J AVA C ARD language features are fully addressed in KeY J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 61/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  56. Supported Java Features method invocation with polymorphism/dynamic binding object creation and initialisation arrays abrupt termination throwing of NullPointerExceptions, etc. bounded integer data types transactions All J AVA C ARD language features are fully addressed in KeY J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 61/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  57. Java—A Language of Many Features Ways to deal with Java features Program transformation, up-front Local program transformation, done by a rule on-the-fly Modeling with first-order formulas Special-purpose extensions of program logic Pro: Feature needs not be handled in calculus Contra: Modified source code Example in KeY: Very rare: treating inner classes J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 62/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  58. Java—A Language of Many Features Ways to deal with Java features Program transformation, up-front Local program transformation, done by a rule on-the-fly Modeling with first-order formulas Special-purpose extensions of program logic Pro: Flexible, easy to implement, usable Contra: Not expressive enough for all features Example in KeY: Complex expression eval, method inlining, etc., etc. J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 62/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  59. Java—A Language of Many Features Ways to deal with Java features Program transformation, up-front Local program transformation, done by a rule on-the-fly Modeling with first-order formulas Special-purpose extensions of program logic Pro: No logic extensions required, enough to express most features Contra: Creates difficult first-order POs, unreadable antecedents Example in KeY: Dynamic types and branch predicates J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 62/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  60. Java—A Language of Many Features Ways to deal with Java features Program transformation, up-front Local program transformation, done by a rule on-the-fly Modeling with first-order formulas Special-purpose extensions of program logic Pro: Arbitrarily expressive extensions possible Contra: Increases complexity of all rules Example in KeY: Method frames, updates J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 62/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  61. Components of the Calculus Non-program rules 1 first-order rules rules for data-types first-order modal rules induction rules Rules for reducing/simplifying the program (symbolic execution) 2 Replace the program by case distinctions (proof branches) and sequences of updates Rules for handling loops 3 using loop invariants using induction Rules for replacing a method’s invocation by the method’s contract 4 Update simplification 5 J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 63/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  62. Components of the Calculus Non-program rules 1 first-order rules rules for data-types first-order modal rules induction rules Rules for reducing/simplifying the program (symbolic execution) 2 Replace the program by case distinctions (proof branches) and sequences of updates Rules for handling loops 3 using loop invariants using induction Rules for replacing a method’s invocation by the method’s contract 4 Update simplification 5 J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 63/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  63. Components of the Calculus Non-program rules 1 first-order rules rules for data-types first-order modal rules induction rules Rules for reducing/simplifying the program (symbolic execution) 2 Replace the program by case distinctions (proof branches) and sequences of updates Rules for handling loops 3 using loop invariants using induction Rules for replacing a method’s invocation by the method’s contract 4 Update simplification 5 J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 63/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  64. Components of the Calculus Non-program rules 1 first-order rules rules for data-types first-order modal rules induction rules Rules for reducing/simplifying the program (symbolic execution) 2 Replace the program by case distinctions (proof branches) and sequences of updates Rules for handling loops 3 using loop invariants using induction Rules for replacing a method’s invocation by the method’s contract 4 Update simplification 5 J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 63/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  65. Components of the Calculus Non-program rules 1 first-order rules rules for data-types first-order modal rules induction rules Rules for reducing/simplifying the program (symbolic execution) 2 Replace the program by case distinctions (proof branches) and sequences of updates Rules for handling loops 3 using loop invariants using induction Rules for replacing a method’s invocation by the method’s contract 4 Update simplification 5 J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 63/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  66. Part III Program Verification with Dynamic Logic J AVA C ARD DL 7 Sequent Calculus 8 Rules for Programs: Symbolic Execution 9 10 A Calculus for 100% J AVA C ARD 11 Taclets – KeY’s Rule Description Language J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 64/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  67. Part III Program Verification with Dynamic Logic J AVA C ARD DL 7 Sequent Calculus 8 Rules for Programs: Symbolic Execution 9 10 A Calculus for 100% J AVA C ARD 11 Taclets – KeY’s Rule Description Language J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 65/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  68. Taclets: KeY’s Rule Description Language Taclets ... represent sequent calculus rules in KeY use a simple text-based format are descriptive, but with operational flavor are not a tactic metalanguage J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 66/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  69. Taclet Syntax Γ , A, B = ⇒ ∆ andLeft Γ , A & B = ⇒ ∆ Taclet andLeft { \find ( A & B ==> ) \replacewith ( A, B ==>) }; Unique name Find expression: Formula (Term) to be modified Sequent arrow ==> formula must occur top level and on the corresponding side of the sequent. Goal Description: describes new sequent J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 67/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  70. Taclet Syntax Γ , A, B = ⇒ ∆ andLeft Γ , A & B = ⇒ ∆ Taclet andLeft { \find ( A & B ==> ) \replacewith ( A, B ==>) }; Unique name Find expression: Formula (Term) to be modified Sequent arrow ==> formula must occur top level and on the corresponding side of the sequent. Goal Description: describes new sequent J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 67/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  71. Taclet Syntax Γ , A, B = ⇒ ∆ andLeft Γ , A & B = ⇒ ∆ Taclet andLeft { \find ( A & B ==> ) \replacewith ( A, B ==>) }; Unique name Find expression: Formula (Term) to be modified Sequent arrow ==> formula must occur top level and on the corresponding side of the sequent. Goal Description: describes new sequent J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 67/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  72. Taclet Syntax Γ , A, B = ⇒ ∆ andLeft Γ , A & B = ⇒ ∆ Taclet andLeft { \find ( A & B ==> ) \replacewith ( A, B ==>) }; Unique name Find expression: Formula (Term) to be modified Sequent arrow ==> formula must occur top level and on the corresponding side of the sequent. Goal Description: describes new sequent J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 67/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  73. Taclet Syntax Γ , A, B = ⇒ ∆ andLeft Γ , A & B = ⇒ ∆ Taclet andLeft { \find ( A & B ==> ) \replacewith ( A, B ==>) }; Unique name Find expression: Formula (Term) to be modified Sequent arrow ==> formula must occur top level and on the corresponding side of the sequent. Goal Description: describes new sequent J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 67/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  74. Taclet Syntax Some rules are only sound in a certain context Γ , A, B = ⇒ ∆ modusPonens Γ , A, A − > B = ⇒ ∆ Taclet modusPonens { \assumes ( A ==> ) \find ( A -> B ==> ) \replacewith( B ==> ) }; J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 68/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  75. Taclet Syntax Some rules are only sound in a certain context Γ , A, B = ⇒ ∆ modusPonens Γ , A, A − > B = ⇒ ∆ Taclet modusPonens { \assumes ( A ==> ) \find ( A -> B ==> ) \replacewith( B ==> ) }; J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 68/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  76. Taclet Syntax Some rules are only sound in a certain context Γ , A, B = ⇒ ∆ modusPonens Γ , A, A − > B = ⇒ ∆ Taclet modusPonens { \assumes ( A ==> ) \find ( A -> B ==> ) \replacewith( B ==> ) }; J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 68/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  77. Taclet Syntax Proof Splitting: andRight andRight { \find ( ==> A & B ) Γ = ⇒ A, ∆ Γ = ⇒ B, ∆ \replacewith (==> A ); Γ = ⇒ A & B, ∆ \replacewith (==> B ) }; Variable Conditions: allRight allRight { \find ( ==> \forall x;phi ) Γ = ⇒ { x/c } Φ , ∆ ⇒ ∀ T x ; Φ , ∆ , c new \varcond(\ ♥❡✇ (c,\dependingOn(phi))) Γ = \replacewith ( ==> {\subst x;c}phi ) }; J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 69/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  78. Taclet Syntax Proof Splitting: andRight andRight { \find ( ==> A & B ) Γ = ⇒ A, ∆ Γ = ⇒ B, ∆ \replacewith (==> A ); Γ = ⇒ A & B, ∆ \replacewith (==> B ) }; Variable Conditions: allRight allRight { \find ( ==> \forall x;phi ) Γ = ⇒ { x/c } Φ , ∆ ⇒ ∀ T x ; Φ , ∆ , c new \varcond(\ ♥❡✇ (c,\dependingOn(phi))) Γ = \replacewith ( ==> {\subst x;c}phi ) }; J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 69/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  79. Taclets for Program Transformations � π if (exc == null) { � try{ throw new NPE(); catch(T e) {r}; Γ = ⇒ φ } else if (exc instanceof T) {e=exc; r} else throw exc; ω Γ = ⇒ < π try{throw exc; q} catch(T e){r}; ω > φ \find ( <.. tr② { t❤r♦✇ #se; #slist } ❝❛t❝❤ ( #t #v0 ) { #slist1 } ...> post ) \replacewith ( <.. ✐❢ (#se == ♥✉❧❧ ) { tr② { t❤r♦✇ ♥❡✇ NullPointerException (); } ❝❛t❝❤ (#t #v0) { #slist1 } } ❡❧s❡ ✐❢ (#se ✐♥st❛♥❝❡♦❢ #t) { #t #v0 = (#t) #se; #slist1 } ❡❧s❡ t❤r♦✇ #se; ...> post ) J AVA C ARD DL Sequent Calculus Symbolic Execution A Calculus for 100% J AVA C ARD Taclets VTSA, 24.–28.08.2015 70/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  80. Part IV Verifying Information-Flow Properties 12 Information Flow 13 Formalisation in DL 14 Objects and Information Flow Information Flow Formalisation in DL Objects and Information Flow VTSA, 24.–28.08.2015 71/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  81. Part IV Verifying Information-Flow Properties 12 Information Flow 13 Formalisation in DL 14 Objects and Information Flow Information Flow Formalisation in DL Objects and Information Flow VTSA, 24.–28.08.2015 72/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

  82. Language-based Information Security Secret and public information Partitioning of the set of program variables into variables which contain confidential information (“high variables”) – NOT observable by the attacker – variables which contain non-confidential information (“low variables”) – observable by the attacker – Informal definition of non-interference A program is secure, if the initial values of the high variables do not interfere with the final values of the low variables. Information Flow Formalisation in DL Objects and Information Flow VTSA, 24.–28.08.2015 73/102 Bernhard Beckert – Deductive Verification of Object-Oriented Software

Recommend

Deductive Verification of Object-Oriented Software Part A Bernhard Beckert | VTSA,

Deductive Verification of Object-Oriented Software Part A Bernhard Beckert | VTSA,

Deductive Verification of Object-Oriented Software Part A Bernhard Beckert | VTSA, 24.28.08.2015 KIT I NSTITUTE FOR T HEORETICAL C OMPUTER S CIENCE www.kit.edu KIT University of the State of Baden-Wuerttemberg and National Laboratory

1.29k views • 106 slides
Challenges In Deductive Software Verification Reiner Hhnle (with Marieke Huisman, U Twente)

Challenges In Deductive Software Verification Reiner Hhnle (with Marieke Huisman, U Twente)

Challenges In Deductive Software Verification Reiner Hhnle (with Marieke Huisman, U Twente) www.se.tu-darmstadt.de TU Darmstadt, Software Engineering Group Many challenges apply to AD in general Deductive Software Verification

165 views • 15 slides
CMSC 132: Object-Oriented Programming II Object-Oriented Programming Intro Department of

CMSC 132: Object-Oriented Programming II Object-Oriented Programming Intro Department of

CMSC 132: Object-Oriented Programming II Object-Oriented Programming Intro Department of Computer Science University of Maryland, College Park Object-Oriented Programming (OOP) Approach to improving software View software as a

593 views • 18 slides
Towards Deductive Compilation: Implementing a Partial Evaluator Via a Software Verification Tool

Towards Deductive Compilation: Implementing a Partial Evaluator Via a Software Verification Tool

Towards Deductive Compilation: Implementing a Partial Evaluator Via a Software Verification Tool Reiner H ahnle (joint work with Richard Bubel and Ran Ji) Chalmers University of Technology Department of Computer Science and Engineering 10

1.11k views • 82 slides
Unified Static and Runtime Verification of Object-Oriented Software Wolfgang Ahrendt 1 , Mauricio

Unified Static and Runtime Verification of Object-Oriented Software Wolfgang Ahrendt 1 , Mauricio

Unified Static and Runtime Verification of Object-Oriented Software Wolfgang Ahrendt 1 , Mauricio Chimento 1 , Gerardo Schneider 2 , Gordon J. Pace 3 1 Chalmers University of Technology, Gothenburg, Sweden 2 University of Gothenburg, Sweden 3

449 views • 32 slides
Object Oriented Software Development Naufal F. Setiawan School of Computing and Information

Object Oriented Software Development Naufal F. Setiawan School of Computing and Information

Object Oriented Software Development Object Oriented Software Development Naufal F. Setiawan School of Computing and Information Systems University of Melbourne Workshop 2 (All images from Wikimedia Commons) Object Oriented Software

494 views • 18 slides
Object Oriented Software Development Naufal F. Setiawan School of Computing and Information

Object Oriented Software Development Naufal F. Setiawan School of Computing and Information

Object Oriented Software Development Object Oriented Software Development Naufal F. Setiawan School of Computing and Information Systems University of Melbourne Workshop 3 ( Most images from Wikimedia Commons) Object Oriented Software

438 views • 17 slides
Object-Oriented Design No SVN checkout today Software development methods Object-oriented

Object-Oriented Design No SVN checkout today Software development methods Object-oriented

Object-Oriented Design No SVN checkout today Software development methods Object-oriented design with CRC cards LayoutManagers for Java GUIs BallWorlds work time Analysis Design Software Implementation Development Testing

747 views • 30 slides
Object-Oriented Design No SVN checkout today Software development methods Object-oriented

Object-Oriented Design No SVN checkout today Software development methods Object-oriented

Object-Oriented Design No SVN checkout today Software development methods Object-oriented design with CRC cards LayoutManagers for Java GUIs BallWorlds work time Analysis Design Software Implementation Development Testing

793 views • 32 slides
Object Oriented Software Development Naufal F. Setiawan School of Computing and Information

Object Oriented Software Development Naufal F. Setiawan School of Computing and Information

Object Oriented Software Development Object Oriented Software Development Naufal F. Setiawan School of Computing and Information Systems University of Melbourne Workshop 7 Object Oriented Software Development UML Diagrams What is a UML Class

423 views • 16 slides
Object oriented Object oriented Object oriented Object oriented approach and UML approach and

Object oriented Object oriented Object oriented Object oriented approach and UML approach and

Object oriented Object oriented Object oriented Object oriented approach and UML approach and UML approach and UML approach and UML Goals The goals of this chapter are to introduce the object oriented approach to software systems

1.06k views • 92 slides
Object-Oriented Software Design and Software Processes Hans Vangheluwe Modelling, Simulation and

Object-Oriented Software Design and Software Processes Hans Vangheluwe Modelling, Simulation and

Object-Oriented Software Design (COMP 304) 7 January 2005 Object-Oriented Software Design and Software Processes Hans Vangheluwe Modelling, Simulation and Design Lab (MSDL) School of Computer Science, McGill University, Montr eal, Canada

279 views • 17 slides
Object Oriented Software Development Naufal F. Setiawan School of Computing and Information

Object Oriented Software Development Naufal F. Setiawan School of Computing and Information

Object Oriented Software Development Object Oriented Software Development Naufal F. Setiawan School of Computing and Information Systems University of Melbourne Workshop 5 Object Oriented Software Development Keywords What does it mean for a

612 views • 25 slides
Deductive Program Verification with W HY 3 Andrei Paskevich LRI, Universit Paris-Sud

Deductive Program Verification with W HY 3 Andrei Paskevich LRI, Universit Paris-Sud

Deductive Program Verification with W HY 3 Andrei Paskevich LRI, Universit Paris-Sud Toccata, Inria Saclay JCP 2016 1. A short look back 2 / 100 Introduction Software is hard. D ONALD K NUTH ... 1996: Ariane 5 explosion an

1.13k views • 100 slides
Object-Oriented Software Engineering Practical Software Development using UML and Java Chapter 2:

Object-Oriented Software Engineering Practical Software Development using UML and Java Chapter 2:

Object-Oriented Software Engineering Practical Software Development using UML and Java Chapter 2: Review of Object Orientation Lecture 2 2.1 What is Object Orientation? Procedural paradigm: Software is organized around the notion of

435 views • 14 slides
Object-Oriented Software Design and Software Processes Hans Vangheluwe Modelling, Simulation and

Object-Oriented Software Design and Software Processes Hans Vangheluwe Modelling, Simulation and

Object-Oriented Software Design (COMP 304) Object-Oriented Software Design and Software Processes Hans Vangheluwe Modelling, Simulation and Design Lab (MSDL) School of Computer Science, McGill University, Montr eal, Canada Hans Vangheluwe

785 views • 42 slides
Object-Oriented Software Design and Software Processes Hans Vangheluwe Modelling, Simulation and

Object-Oriented Software Design and Software Processes Hans Vangheluwe Modelling, Simulation and

Object-Oriented Software Design (COMP 304) Object-Oriented Software Design and Software Processes Hans Vangheluwe Modelling, Simulation and Design Lab (MSDL) School of Computer Science, McGill University, Montr eal, Canada Hans Vangheluwe

506 views • 22 slides
Object Oriented Object 3 Programming Object 1 Object 2 Object 4 For : COP 3330. Object

Object Oriented Object 3 Programming Object 1 Object 2 Object 4 For : COP 3330. Object

4/13/2017 OOP Object Oriented Object 3 Programming Object 1 Object 2 Object 4 For : COP 3330. Object oriented Programming (Using C++) ht t p: / / www. com pgeom . com / ~pi yush/ t each/ 3330 Objects: State (fields), Behavior (member

632 views • 6 slides
Deductive Program Verification with W HY 3 Andrei Paskevich LRI, Universit Paris-Sud

Deductive Program Verification with W HY 3 Andrei Paskevich LRI, Universit Paris-Sud

Deductive Program Verification with W HY 3 Andrei Paskevich LRI, Universit Paris-Sud Toccata, Inria Saclay http://why3.lri.fr/ejcp-2019 JCP 2019 Software is hard. D ONALD K NUTH 2 / 171 Ensure the absence of bugs Several

2k views • 171 slides
Specification and Verification of Multithreaded Object-Oriented Programs with Separation Logic

Specification and Verification of Multithreaded Object-Oriented Programs with Separation Logic

Specification and Verification of Multithreaded Object-Oriented Programs with Separation Logic Cl ement Hurlin INRIA Sophia Antipolis M editerran ee, France Universiteit Twente, The Netherlands Soutenance de th` ese Th` ese

1.68k views • 130 slides
Imperative vs. object- oriented paradigms 1 11/14/17 Imperative vs. object-oriented u

Imperative vs. object- oriented paradigms 1 11/14/17 Imperative vs. object-oriented u

11/14/17 CSCI-2320 Object-Oriented Paradigm: Ruby Mohammad T . Irfan Imperative vs. object- oriented paradigms 1 11/14/17 Imperative vs. object-oriented u Imperative u Procedural decomposition u Procedures are all powerful u Data is

582 views • 45 slides
Why3 What is why3? A platform for deductive program verification What is why3? A platform

Why3 What is why3? A platform for deductive program verification What is why3? A platform

Why3 What is why3? A platform for deductive program verification What is why3? A platform for deductive program verification Made by: Franois Bobot Martin Clochard Lon Gondelman Jean-Christophe Fillitre Claude

98 views • 9 slides
Verification of Object-Oriented Programs with Invariants Mike Barnett, Robert DeLine, Manual

Verification of Object-Oriented Programs with Invariants Mike Barnett, Robert DeLine, Manual

Verification of Object-Oriented Programs with Invariants Mike Barnett, Robert DeLine, Manual Fahndrich, K. Rustan M. Leino an Wolfram Shulte 1 Overview Goal : design a sound methodology for specifying object invariants that can then be

809 views • 33 slides
Object Management Group (OMG) Object-Oriented Software adopts UML as a standard methodology

Object Management Group (OMG) Object-Oriented Software adopts UML as a standard methodology

Object Management Group (OMG) Object-Oriented Software adopts UML as a standard methodology Engineering (OOSE) Ivar Jacobson Object Modeling Jacobson joins Technique (OMT) Rational Software James Rumbaugh Rumbaugh joins Rational Software

157 views • 4 slides

More recommend