2013
DOI: 10.1007/978-3-642-38592-6_3
|View full text |Cite
|
Sign up to set email alerts
|

A Case Study in Formal Verification Using Multiple Explicit Heaps

Abstract: In the context of the KeY program verifier and the associated Dynamic Logic for Java we discuss the first instance of applying a generalised approach to the treatment of memory heaps in verification. Namely, we allow verified programs to simultaneously modify several different, but possibly location sharing, heaps. In this paper we detail this approach using the Java Card atomic transactions mechanism, the modelling of which requires two heaps to be considered simultaneously-the basic and the transaction backu… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
6
0

Year Published

2014
2014
2020
2020

Publication Types

Select...
5
2

Relationship

4
3

Authors

Journals

citations
Cited by 8 publications
(6 citation statements)
references
References 21 publications
0
6
0
Order By: Relevance
“…We attribute the relative ease of reasoning with our new permissions to the explicit approach, i.e., not hiding or assuming information in the verification context, like it is commonly done in separation logic-based verification methods [19]. Our explicit approach in verification has proven itself efficient also in our preceding work [17]. To enable fully flexible reasoning about arbitrary multi-threaded Java programs, we are currently working on the generation of the complete and sound proof obligations in KeY Java dynamic logic, and on optimising our permission system for lemmabased reasoning in KeY.…”
Section: Discussionmentioning
confidence: 91%
See 1 more Smart Citation
“…We attribute the relative ease of reasoning with our new permissions to the explicit approach, i.e., not hiding or assuming information in the verification context, like it is commonly done in separation logic-based verification methods [19]. Our explicit approach in verification has proven itself efficient also in our preceding work [17]. To enable fully flexible reasoning about arbitrary multi-threaded Java programs, we are currently working on the generation of the complete and sound proof obligations in KeY Java dynamic logic, and on optimising our permission system for lemmabased reasoning in KeY.…”
Section: Discussionmentioning
confidence: 91%
“…All the existing machinery of KeY for operating on the regular heap variable scales to the operation on an arbitrary, but fixed number of heaps simultaneously [17]. What remains is to lift this extension to the specification language JML * , KeY's version of JML [7].…”
Section: Application In Reasoning About Concurrent Programsmentioning
confidence: 99%
“…The construction of the verification method and the permission splitting and recombining system guarantee that verified programs are data-race free. In our work we developed a new symbolic permission system that is an alternative to the classical fractional systems [3] and we plugged it into KeY verification logic through the use of a new additional permission heap [23]. This new heap integrates seamlessly into our model methods specification methodology which we use to encapsulate permission specifications for concurrent Java programs.…”
Section: Methodsmentioning
confidence: 98%
“…Adding this permission heap means adding a second heap variable, which we simply call permissions, and extending the verification mechanisms of Java Dynamic Logic from one heap to two heaps. In fact, one can use more than two heaps in JDL easily, as long as the number of heaps is fixed, all mechanisms that work with the single heap variable extend naturally to multiple heaps [12]. For example, for proving the framing property (1) above, stemming from the assignable clauses, now two quantifiers, over the two heaps, are needed.…”
Section: Dynamic Frames With Permissionsmentioning
confidence: 99%