Experience Report on Formally Verifying Parts of OpenJDK's API with KeY

Abstract: Deductive verification of software has not yet found its way into industry, as complexity and scalability issues require highly specialized experts. The long-term perspective is, however, to develop verification tools aiding industrial software developers to find bugs or bottlenecks in software systems faster and more easily. The KeY project constitutes a framework for specifying and verifying software systems, aiming at making formal verification tools applicable for mainstream software development. To help t… Show more

“…As in another approach [16], one could use a static field that encodes a closed enumeration of the possible implementations, e.g. set or list, and specify \result directly.…”

“…What complicates static verification is that it requires formal specifications. Two known approaches are by Huisman [12] and Knüppel et al [16], but their specifications are not complete nor demonstrate the verification of various clients and implementations. Generally speaking, there seems to be no obvious strategy in specifying Java interfaces so that its clients and its implementations can be verified statically by means of a theorem prover.…”

History-Based Specification and Verification of Java Collections in KeY

“…As in another approach [16], one could use a static field that encodes a closed enumeration of the possible implementations, e.g. set or list, and specify \result directly.…”

“…What complicates static verification is that it requires formal specifications. Two known approaches are by Huisman [12] and Knüppel et al [16], but their specifications are not complete nor demonstrate the verification of various clients and implementations. Generally speaking, there seems to be no obvious strategy in specifying Java interfaces so that its clients and its implementations can be verified statically by means of a theorem prover.…”

History-Based Specification and Verification of Java Collections in KeY

“…Knüppel et al [14] provide a report on the specification and verification of some methods of the classes ArrayList, Arrays, and Math of the OpenJDK Collections framework using KeY. Their report is mainly meant as a "stepping stone towards a case study for future research."…”

“…This paper (and [14]) has shown that the specification and verification of actual library software poses a number of serious challenges to formal verification. In our case study, we used KeY to verify Java's linked list.…”

“…In practice, the maximum array length turns out to be 2 31 − 5, as some bytes are reserved for object headers, but this may vary between Java versions[11,14].…”

Verifying OpenJDK’s LinkedList using KeY

Integrating ADTs in KeY and Their Application to History-Based Reasoning