Dynamic Logic with Non-rigid Functions

Size: px

Start display at page:

Download "Dynamic Logic with Non-rigid Functions"

Violet Skinner
5 years ago
Views:

1 Dynamic Logic with Non-rigid Functions A Basis for Object-oriented Program Verification Bernhard Beckert 1 André Platzer 2 1 University of Koblenz-Landau, Department of Computer Science beckert@uni-koblenz.de 2 University of Oldenburg, Department of Computing Science platzer@informatik.uni-oldenburg.de 3rd International Joint Conference on Automated Reasoning B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR 06 1 / 13

2 Object-oriented Dynamic Logic Java Card While B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR 06 2 / 13

3 Object-oriented Dynamic Logic Java Card ODL While ODL only contains essentials of object-orientation. B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR 06 2 / 13

4 Object-oriented Dynamic Logic Java Card ODL While Theoretical investigations Program verification ODL only contains essentials of object-orientation. Natural representation of object-orientation. B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR 06 2 / 13

5 Object-oriented Dynamic Logic Java Card ODL While Theoretical investigations Program verification ODL only contains essentials of object-orientation. Natural representation of object-orientation. B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR 06 2 / 13

6 Outline 1 Motivation 2 The Logic ODL 3 Java ODL Object Creation 4 Calculus State Updates Inference Rules Verification Example Completeness 5 Conclusions & Future Work B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR 06 2 / 13

7 Outline 1 Motivation 2 The Logic ODL 3 Java ODL Object Creation 4 Calculus State Updates Inference Rules Verification Example Completeness 5 Conclusions & Future Work B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR 06 2 / 13

8 The Logic ODL Definition (Type system) nat Object int Date String Null B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR 06 3 / 13

9 The Logic ODL Definition (Object enumerator symbols) obj C : nat C (disjoint bijections for object-types C) Example obj C (3) Definition (Non-rigid function symbols)... change value during program execution & represent object attributes. Example x.a a(x) B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR 06 3 / 13

10 The Logic ODL Definition (Formulas φ).,,,,,,, = (first-order part) [α]φ, α φ (dynamic part) Definition (Programs α) α; γ, if(φ) α else γ, while(φ) α (control-structure) f (t) := t (state update) Details B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR 06 3 / 13

11 The Logic ODL Definition (Formulas φ).,,,,,,, = (first-order part) [α]φ, α φ (dynamic part) Definition (Programs α) α; γ, if(φ) α else γ, while(φ) α (control-structure) f (t) := t, g(r) := r (state update) Details B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR 06 3 / 13

12 Outline 1 Motivation 2 The Logic ODL 3 Java ODL Object Creation 4 Calculus State Updates Inference Rules Verification Example Completeness 5 Conclusions & Future Work B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR 06 3 / 13

13 Java ODL Simple & natural translation of Object creation Dynamic dispatch Side-effects Exception handling Inner classes B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR 06 4 / 13

14 Java ODL: Object Creation Example (Transformation) x := new C() x := obj C (next C), next C := next C + 1 B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR 06 5 / 13

15 Java ODL: Object Creation Example (Transformation) x := new C() x := obj C (next C), next C := next C + 1 Object identity new new Example x := new C(); x := obj C (next C ); //next C := next C + 1 y := new C(); y := obj C (next C + 1) //x y B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR 06 5 / 13

16 Java ODL: Object Creation Example (Transformation) x := new C() x := obj C (next C), next C := next C + 1 Object identity new new Dynamic type checks Example nat Object int Date String Null t instanceof String n : nat t. = obj String (n) B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR 06 5 / 13

17 Outline 1 Motivation 2 The Logic ODL 3 Java ODL Object Creation 4 Calculus State Updates Inference Rules Verification Example Completeness 5 Conclusions & Future Work B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR 06 5 / 13

18 Calculus: State Updates (merge & promote) Merge updates U f (t) := t φ Last change is most recent U, f ( U t) := U t φ Example g(a) := t f (g(a)) := h(g(a)) φ g(a) := t, f (t) := h(t) φ B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR 06 6 / 13

19 Calculus: State Updates (merge & promote) Merge updates U f (t) := t φ U, f ( U t) := U t φ Promote updates Last change is most recent f (t) := t, g(t) := c, f (s) := s f (a) B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR 06 6 / 13

20 Calculus: State Updates (merge & promote) Merge updates U f (t) := t φ U, f ( U t) := U t φ Last change is most recent Promote updates f (t) := t, g(t) := c, f (s) := s f (a) f f (t) := t, f (s) := s B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR 06 6 / 13

21 Calculus: State Updates (merge & promote) Merge updates U f (t) := t φ U, f ( U t) := U t φ Last change is most recent Promote updates f (t) := t, g(t) := c, f (s) := s f (a) f f (t) := t, f (s) := s f (a) B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR 06 6 / 13

22 Calculus: State Updates (merge & promote) Merge updates U f (t) := t φ U, f ( U t) := U t φ Last change is most recent Promote updates f (t) := t, g(t) := c, f (s) := s f (a) f f (t) := t, f (s) := s f (a) if s =. a then s else... fi B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR 06 6 / 13

23 Calculus: State Updates (merge & promote) Merge updates U f (t) := t φ U, f ( U t) := U t φ Last change is most recent Promote updates f (t) := t, g(t) := c, f (s) := s f (a) f f (t) := t, f (s) := s f (a) if s =. a then s else if t =. a then t else f (a) fi fi B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR 06 6 / 13

24 Calculus: State Updates (merge & promote) Merge updates U f (t) := t φ U, f ( U t) := U t φ Last change is most recent Promote updates U f (t) := t, g(t) := c, f (s) := s f (a) f f (t) := t, f (s) := s f (a) if s =. U a then s else if t =. U a then t else f ( U a) fi fi B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR 06 6 / 13

25 Calculus: First-order Part 18 rules A A A, B A B A B A B A B A B A A A B A B A, B A B A B A B A X x x A A t x, x A x A A X x x A A t x, x A x A A A Γ t t, t. = t t t Γ, t. = t t. = t A A Γ t t, t. = t t t Γ, t. = t φ(0) φ(x ) φ(x +1) n φ(n) B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR 06 7 / 13

26 Calculus: Program Logic Part 12 rules α γ φ α; γ φ (e α φ) ( e γ φ) if(e) α else γ φ (e φ(t)) ( e φ(t )) φ(if e then t else t fi) if(e) {α; while(e) α} φ while(e) α φ A B x A x B obj C (i). = obj C (j) i (obj C (i). = obj D (j)). = j o : C (o instanceof C o. = null) Γ U p, p, e [α]p p, e φ A B α A α B Γ U [while(e) α]φ, U f (u) if s ir. = U u then tir else... if s i1. = U u then ti1 else f ( U u) fi... fi Ũ U φ ˆŨ, f 1 ( Ũ s 1 ) := Ũ t 1,..., f n( Ũ s n) := Ũ t n φ B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR 06 8 / 13

27 Verification Example c l a s s E { s t a t i c i n t g ; i n t i d ; E generate ( ) {E r=new E ( ) ; r. i d=g ; g=g+5; return r ; } } x:e (x.id < g [generate] (x.id < r.id)) B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR / 13

28 Verification Example c l a s s E { s t a t i c i n t g ; i n t i d ; E generate ( ) {E r=new E ( ) ; r. i d=g ; g=g+5; return r ; } } x:e (x.id < g [generate] (x.id < r.id)) X.id < g, o(n) =.... X X.id < g X.id < g, o(n) =. X g < g X.id < g ( o(n) =. X X.id < g) (o(n) =. X g < g) X.id < g (if o(n) =. X then g else X.id fi) < g X.id < g r := o(n), n := n+1, o(n).id := g, g := g + 5 (X.id < r.id) X.id < g r := o(n), n := n+1, o(n).id := g [g := g + 5] (X.id < r.id) X.id < g r := o(n), n := n+1 [r.id := g][g := g + 5] (X.id < r.id) X.id < g r := o(n), n := n+1 [r.id := g; g := g + 5] (X.id < r.id) X.id < g [α] (X.id < r.id) X.id < g [α] (X.id < r.id) x:e (x.id < g [α] (x.id < r.id)) B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR / 13

29 Relative Completeness Theorem (Relative completeness) ODL calculus is complete w.r.t. first-order arithmetic: φ implies Taut Arith φ Proof Outline B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR / 13

30 Outline 1 Motivation 2 The Logic ODL 3 Java ODL Object Creation 4 Calculus State Updates Inference Rules Verification Example Completeness 5 Conclusions & Future Work B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR / 13

31 Future Work Verification components as add-on rules Parametric genericity B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR / 13

32 Conclusions ODL is essentials-only object-oriented dynamic logic: 1 object type system 2 object enumerators 3 non-rigid functions Natural translation Java ODL. Calculus proven sound & relatively complete w.r.t. arithmetic. B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR / 13

33 Outline 6 The Logic ODL (Details) Syntax Semantics 7 Transformation (Details) Object Creation Side-effects Exception Handling Dynamic Dispatch 8 Calculus (Details) Calculus of Object Creation - Details Calculus of State Updates - Details Completeness Proof Misc B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR 06-1 / 13

34 The Logic ODL: Syntax Definition (Type system) Type lattice with natural numbers N and finite subtypes B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR 06 0 / 13

35 The Logic ODL: Semantics Definition (Semantics of programs) 1 (s, s ) ρ I,β (f 1 (t1 1,..., tk 1 1 ) := t 1,..., f n (tn, 1..., tn kn ) := t n ) : s = s 0, s = s n, and s i = s i 1 [f i (val I,β (s, ti 1),..., val I,β(s, t k i i )) val I,β (s, t i )] (1 i n). 2 (s, s ) ρ I,β (α; γ) : (s, u) ρ I,β (α) and (u, s ) ρ I,β (γ) for some state u. 3 (s, s ) ρ I,β (if(φ) α else γ) : val I,β (s, φ) = true and (s, s ) ρ I,β (α), or val I,β (s, φ) = false and (s, s ) ρ I,β (γ). 4 (s, s ) ρ I,β (while(φ) α) iff there are n N and s=s 0,..., s n =s for 0 i < n, val I,β (s i, φ) = true and (s i, s i+1 ) ρ I,β (α), and val I,β (s n, φ) = false. B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR 06 1 / 13

36 Outline 6 The Logic ODL (Details) Syntax Semantics 7 Transformation (Details) Object Creation Side-effects Exception Handling Dynamic Dispatch 8 Calculus (Details) Calculus of Object Creation - Details Calculus of State Updates - Details Completeness Proof Misc B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR 06 1 / 13

37 Java ODL: Object Creation Example (Transformation) x := new C() x := obj C (next C), next C := next C + 1 Object identity new new Dynamic type checks Example nat Object int Date String Null t instanceof Object n : nat ( t. = obj Date (n) t. = obj String (n) t. = obj Object (n) ) B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR 06 2 / 13

38 Java ODL: Object Creation Example (Transformation) x := new C() x := obj C (next C), next C := next C + 1 Object identity new new Dynamic type checks B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR 06 2 / 13

39 Java ODL: Side-effects a [ i ++] = b + b vi := i; i := i + 1; vb := b; b := b 1; a(vi) := vb + b i := i + 1, b := b 1, a(i) := b + (b 1) Return B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR 06 4 / 13

40 Java ODL: Exception Handling t r y { while ( d!= 0) { i f ( d < 0) {throw new RangeEx ( d ) ; } e l s e {d=d 1;}} / do something / } catch ( RangeEx r ) {/ h a n d l e range /} E x c e p t i o n r = n u l l ; while ( r == n u l l && d!= 0) { i f ( d < 0) { r = new RangeEx ( d ) ; } e l s e {d=d 1;}} i f ( r == n u l l ) {/ do something /} e l s e i f ( r instanceof RangeEx ) {/ h a n d l e range /} e l s e { return r ; / p a s s up the c a l l t r a c e /} Return B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR 06 6 / 13

41 Java ODL: Dynamic Dispatch c l a s s Car { i n t f o l l o w ( Car d ) {... } } c l a s s Van extends Car { i n t f o l l o w ( Car d ) {... } }... return b. f o l l o w ( d ) ; c l a s s Car { i n t C a r f o l l o w ( Car d ) {... } } c l a s s Van extends Car { i n t V a n f o l l o w ( Car d ) {... } }... i f ( b instanceof Van ) { return ( ( Van ) b ). V a n f o l l o w ( d ) ; } e l s e i f ( b instanceof Car ) { return ( ( Car ) b ). C a r f o l l o w ( d ) ; } e l s e {/ cannot happen when a l l t y p e s a r e known /} Type-casts expressible as v:van v. = b Return B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR 06 8 / 13

42 Outline 6 The Logic ODL (Details) Syntax Semantics 7 Transformation (Details) Object Creation Side-effects Exception Handling Dynamic Dispatch 8 Calculus (Details) Calculus of Object Creation - Details Calculus of State Updates - Details Completeness Proof Misc B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR 06 8 / 13

43 Calculus: Object Creation t instanceof C := n : nat Null<τ C t. = obj τ (n) (R31) (R32) o : C (o instanceof C o. = null) obj C (i). = obj C (j) i. = j B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR 06 9 / 13

44 Calculus: State Updates (merge & promote) Merge updates U f (t) := t φ U, f ( U t) := U t φ Last change is most recent Promote updates U f (t) := t, g(t) := c, f (s) := s f (a) f f (t) := t, f (s) := s f (a) if s =. U a then s else if t =. U a then t else f ( U a) fi fi B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR / 13

45 Calculus: State Updates (merge & promote) Merge updates U f (t) := t φ U, f ( U t) := U t φ Last change is most recent Promote updates ( U ) φ f (t) := t, g(t) := c, f (s) := s f (a) ( f ) φ f (t) := t, f (s) := s f (a) ( if s =. U a then s else if t =. ) φ U a then t else f ( U a) fi fi B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR / 13

46 Calculus: State Updates (merge & promote) Merge updates U f (t) := t φ U, f ( U t) := U t φ Last change is most recent Promote updates ( U ) φ f (t) := t, g(t) := c, f (s) := s f (a) ( f ) φ f (t) := t, f (s) := s f (a) ( if s =. U a then s else if t =. ) φ U a then t else f ( U a) fi fi ( s =. ) U a φ(s ) ( ) s U a... φ(f ( U a)) B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR / 13

47 Calculus: State Updates U f (u) if s ir. = U u then tir else... if s i1. = U u then ti1 else f ( U u) fi... fi where i 1 < < i r are all those indices with f ij = f, for some r 0 Example (State updates with aliasing) f (s) := t g(f (r)) g ( f (s) := t f (r) ) g ( if s =. r then t else f (r) fi ) ( s =. r g(t) ) ( ) s r g(f (r)) (R33) Ũ U φ Ũ, f1 ( Ũ s 1 ) := Ũ t 1,..., f n ( Ũ s n ) := Ũ t n φ B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR / 13

48 Relative Completeness Proof φ implies Taut N φ Proof. 1 propositionally complete 2 first-order complete 3 first-order expressible: φ F FOL φ F 4 term rewrites are Noetherian 5 (rel.) complete for first-order F α G 6 (rel.) complete for first-order dynamic typing Return B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR / 13

49 Use Cases in Java Card DL Use ODL object enumerators for object creation. Use quicker and rel. complete ODL within KeY in automatic verification scenarios. (Trafo combined with compiler construction technology) Import simpler ODL calculus into Java Card DL, for formulas that are sufficiently ODL. B. Beckert, A. Platzer (Koblenz, Oldenburg) Dynamic Logic with Non-rigid Functions IJCAR / 13

A First-Order Logic with First-Class Types

A First-Order Logic with First-Class Types joint work with Peter H. Schmitt and Mattias Ulbrich Institute for Theoretical Computer Science The 8th KeY Symposium, Speyer, 2009 Java Card DL modal logic based