Introduction to JavaCard Dynamic Logic

Similar documents
Fundamentals of Software Engineering

Fundamentals of Software Engineering

Software Engineering using Formal Methods

Formal Systems II: Applications

Fundamentals of Software Engineering

Introduction to Programming Using Java (98-388)

Verifying Java Programs Verifying Java Programs with KeY

Dynamic Logic with Non-rigid Functions

Weiss Chapter 1 terminology (parenthesized numbers are page numbers)

Verifying Java Programs with KeY

Verifying Java Programs Verifying Java Programs with KeY

CS313D: ADVANCED PROGRAMMING LANGUAGE

Getting started with Java

Formal Methods for Java

Assignment 4: Semantics

Motivation was to facilitate development of systems software, especially OS development.

Motivation was to facilitate development of systems software, especially OS development.

Computer Science Department Carlos III University of Madrid Leganés (Spain) David Griol Barres

Static Checking and Type Systems

COP4020 Programming Languages. Functional Programming Prof. Robert van Engelen

Brief Summary of Java

CSC Java Programming, Fall Java Data Types and Control Constructs

Chapter 13: Reference. Why reference Typing Evaluation Store Typings Safety Notes

CSE431 Translation of Computer Languages

(Not Quite) Minijava

1 Shyam sir JAVA Notes

2 rd class Department of Programming. OOP with Java Programming

Array. Prepared By - Rifat Shahriyar

10/30/2010. Introduction to Control Statements. The if and if-else Statements (cont.) Principal forms: JAVA CONTROL STATEMENTS SELECTION STATEMENTS

Pierce Ch. 3, 8, 11, 15. Type Systems

3. Java - Language Constructs I

CMSC131. Inheritance. Object. When we talked about Object, I mentioned that all Java classes are "built" on top of that.

School of Computer Science CPS109 Course Notes 5 Alexander Ferworn Updated Fall 15

CS111: PROGRAMMING LANGUAGE II

Administrivia. Java Review. Objects and Variables. Demo. Example. Example: Assignments

Object Oriented Programming: In this course we began an introduction to programming from an object-oriented approach.

3. Java - Language Constructs I

COP 3330 Final Exam Review

Language Fundamentals Summary

G Programming Languages - Fall 2012

Programming Languages Third Edition. Chapter 7 Basic Semantics

Exceptions, Case Study-Exception handling in C++.

Objectives. Problem Solving. Introduction. An overview of object-oriented concepts. Programming and programming languages An introduction to Java

The Compiler So Far. Lexical analysis Detects inputs with illegal tokens. Overview of Semantic Analysis

Lecture 8 CS 412/413 Spring '00 -- Andrew Myers 2. Lecture 8 CS 412/413 Spring '00 -- Andrew Myers 4

OOPs Concepts. 1. Data Hiding 2. Encapsulation 3. Abstraction 4. Is-A Relationship 5. Method Signature 6. Polymorphism 7. Constructors 8.

Following is the general form of a typical decision making structure found in most of the programming languages:

AP COMPUTER SCIENCE JAVA CONCEPTS IV: RESERVED WORDS

The role of semantic analysis in a compiler

DOWNLOAD PDF CORE JAVA APTITUDE QUESTIONS AND ANSWERS

6. Operatoren. 7. Safe Programming: Assertions. Table of Operators. Table of Operators - Explanations. Tabular overview of all relevant operators

PROGRAMMING FUNDAMENTALS

CS1622. Semantic Analysis. The Compiler So Far. Lecture 15 Semantic Analysis. How to build symbol tables How to use them to find

Operational Semantics of Cool

Object-oriented programming. and data-structures CS/ENGRD 2110 SUMMER 2018

Computer Components. Software{ User Programs. Operating System. Hardware

Intermediate Code, Object Representation, Type-Based Optimization

Java Basics. Object Orientated Programming in Java. Benjamin Kenwright

Software Engineering using Formal Methods

The Arithmetic Operators. Unary Operators. Relational Operators. Examples of use of ++ and

The Arithmetic Operators

COMP 2355 Introduction to Systems Programming

OCaml. ML Flow. Complex types: Lists. Complex types: Lists. The PL for the discerning hacker. All elements must have same type.

Compiler Construction

Intermediate Code Generation

Operators and Expressions

Programming Languages

CSE 504. Expression evaluation. Expression Evaluation, Runtime Environments. One possible semantics: Problem:

Formal Specification and Verification

Compiler Construction

CSC 1214: Object-Oriented Programming

Semantic Analysis. Outline. The role of semantic analysis in a compiler. Scope. Types. Where we are. The Compiler Front-End

Semantic Analysis. CSE 307 Principles of Programming Languages Stony Brook University

Formale Entwicklung objektorientierter Software

BIT Java Programming. Sem 1 Session 2011/12. Chapter 2 JAVA. basic

CS 330 Lecture 18. Symbol table. C scope rules. Declarations. Chapter 5 Louden Outline

Instructor: SIR MUHAMMAD NAVEED Created by: ARSLAN AHMED SHAAD ( ) MUHAMMAD BILAL ( ) ISIT:

Software Engineering using Formal Methods

Chapter 6 Introduction to Defining Classes

CMSC 132: Object-Oriented Programming II

Chapter 7 Control I Expressions and Statements

SE352b: Roadmap. SE352b Software Engineering Design Tools. W3: Programming Paradigms

Compiler Construction

Anatomy of a Compiler. Overview of Semantic Analysis. The Compiler So Far. Why a Separate Semantic Analysis?

Basic Principles of analysis and testing software

Object oriented programming. Instructor: Masoud Asghari Web page: Ch: 3

Java Identifiers, Data Types & Variables

x = 3 * y + 1; // x becomes 3 * y + 1 a = b = 0; // multiple assignment: a and b both get the value 0

Index COPYRIGHTED MATERIAL

CONTENTS: Array Usage Multi-Dimensional Arrays Reference Types. COMP-202 Unit 6: Arrays

Array. Array Declaration:

Compiler Construction

COMP 202 Java in one week

PASS4TEST IT 인증시험덤프전문사이트

THE CONCEPT OF OBJECT

Variables and Bindings

Java Loop Control. Programming languages provide various control structures that allow for more complicated execution paths.

Outline. Overview. Control statements. Classes and methods. history and advantage how to: program, compile and execute 8 data types 3 types of errors

CSE450. Translation of Programming Languages. Lecture 11: Semantic Analysis: Types & Type Checking

CS4215 Programming Language Implementation. Martin Henz

Transcription:

Introduction to JavaCard Dynamic Logic Prof. P. H. Schmitt, Christian Engel, Benjamin Weiß December 10, 2008 Introduction to JavaCard Dynamic Logic December 10, 2008 1 / 13

Some Java Features Assignments, complex expressions with side effects int i = 0; if ((i=2) >= 2) {i++;} // value of i? Introduction to JavaCard Dynamic Logic December 10, 2008 2 / 13

Some Java Features Assignments, complex expressions with side effects int i = 0; if ((i=2) >= 2) {i++;} // value of i? Abrupt termination Introduction to JavaCard Dynamic Logic December 10, 2008 2 / 13

Some Java Features Assignments, complex expressions with side effects int i = 0; if ((i=2) >= 2) {i++;} // value of i? Abrupt termination Exceptions (try catch finally) Introduction to JavaCard Dynamic Logic December 10, 2008 2 / 13

Some Java Features Assignments, complex expressions with side effects int i = 0; if ((i=2) >= 2) {i++;} // value of i? Abrupt termination Exceptions (try catch finally) Local jumps return, break, continue Introduction to JavaCard Dynamic Logic December 10, 2008 2 / 13

Some Java Features Assignments, complex expressions with side effects int i = 0; if ((i=2) >= 2) {i++;} // value of i? Abrupt termination Exceptions (try catch finally) Local jumps return, break, continue Aliasing Different navigation expressions may be same object reference I = o.age. = 1 -> u.age = 2; o.age. = u.age? Depends on whether I = o. = u Introduction to JavaCard Dynamic Logic December 10, 2008 2 / 13

Some Java Features Assignments, complex expressions with side effects int i = 0; if ((i=2) >= 2) {i++;} // value of i? Abrupt termination Exceptions (try catch finally) Local jumps return, break, continue Aliasing Different navigation expressions may be same object reference I = o.age. = 1 -> u.age = 2; o.age. = u.age? Depends on whether I = o. = u Method calls, blocks Introduction to JavaCard Dynamic Logic December 10, 2008 2 / 13

Some Java Features Assignments, complex expressions with side effects int i = 0; if ((i=2) >= 2) {i++;} // value of i? Abrupt termination Exceptions (try catch finally) Local jumps return, break, continue Aliasing Different navigation expressions may be same object reference I = o.age. = 1 -> u.age = 2; o.age. = u.age? Depends on whether I = o. = u Method calls, blocks Solution within KeY to be discussed in detail Introduction to JavaCard Dynamic Logic December 10, 2008 2 / 13

More Java Features Addressed in KeY Java s rules for localisation of attributes and method implementations (polymorphism, dynamic binding) Introduction to JavaCard Dynamic Logic December 10, 2008 3 / 13

More Java Features Addressed in KeY Java s rules for localisation of attributes and method implementations (polymorphism, dynamic binding) Scope (class/instance) Context (static/runtime) Visibility super Introduction to JavaCard Dynamic Logic December 10, 2008 3 / 13

More Java Features Addressed in KeY Java s rules for localisation of attributes and method implementations (polymorphism, dynamic binding) Scope (class/instance) Context (static/runtime) Visibility super Solution: branch proof if implementation not uniquely determined Introduction to JavaCard Dynamic Logic December 10, 2008 3 / 13

More Java Features Addressed in KeY Java s rules for localisation of attributes and method implementations (polymorphism, dynamic binding) Scope (class/instance) Context (static/runtime) Visibility super Solution: branch proof if implementation not uniquely determined Run time errors (null pointer exceptions) Functions that model attributes are partially defined Introduction to JavaCard Dynamic Logic December 10, 2008 3 / 13

More Java Features Addressed in KeY Java s rules for localisation of attributes and method implementations (polymorphism, dynamic binding) Scope (class/instance) Context (static/runtime) Visibility super Solution: branch proof if implementation not uniquely determined Run time errors (null pointer exceptions) Functions that model attributes are partially defined Solution: optional rule set enforces proof of!(o. = null) (whenever object reference o accessed) Introduction to JavaCard Dynamic Logic December 10, 2008 3 / 13

More Java Features Java Card data types boolean, char, String int, byte, long (cyclic!) Arrays Solution: optional rule sets IN/int, rules for built-ins Introduction to JavaCard Dynamic Logic December 10, 2008 4 / 13

More Java Features Java Card data types boolean, char, String int, byte, long (cyclic!) Arrays Solution: optional rule sets IN/int, rules for built-ins Object creation and initialisation Trick to keep same universe U in all states: all objects exist anytime, use attributes o.created, o.initialized Introduction to JavaCard Dynamic Logic December 10, 2008 4 / 13

Side Effects and Complex Expressions int i = 0; if ((i=2) >= 2) {i++;} // value of i? Java expressions can assign values (assignment operators) FOL/DL terms have no side effects Introduction to JavaCard Dynamic Logic December 10, 2008 5 / 13

Side Effects and Complex Expressions int i = 0; if ((i=2) >= 2) {i++;} // value of i? Java expressions can assign values (assignment operators) FOL/DL terms have no side effects Decomposition of complex terms following symbolic execution as defined for expressions Java language specification Local program transformations iterated-assignment Γ ==> π y = t; x = y; ω φ, Γ ==> π x = y = t; ω φ, t simple Introduction to JavaCard Dynamic Logic December 10, 2008 5 / 13

Side Effects and Complex Expressions int i = 0; if ((i=2) >= 2) {i++;} // value of i? Java expressions can assign values (assignment operators) FOL/DL terms have no side effects Decomposition of complex terms following symbolic execution as defined for expressions Java language specification Local program transformations iterated-assignment Γ ==> π y = t; x = y; ω φ, Γ ==> π x = y = t; ω φ, t simple Temporary program variables var<n> store intermediate results if-eval Γ ==> π boolean v new; v new = b; if (v new ) {α}; ω φ, Γ ==> π if (b) {α}; ω φ, where b complex Introduction to JavaCard Dynamic Logic December 10, 2008 5 / 13

Side Effects and Complex Expressions, Cont d Applying rule to statement including guard with side effect is incorrect Restrict applicability of if-then and other rules with guards: Guard expression needs to be simple (ie, side effect-free) if-split Γ, b =. TRUE ==> π α; ω φ, Γ, b =. FALSE ==> π ω φ, Γ ==> π if (b) {α}; ω φ, where b simple javadl/complex.key Demo Introduction to JavaCard Dynamic Logic December 10, 2008 6 / 13

Abrupt Termination Redirection of control flow via return, break, continue, exceptions π try {ξα} catch(e) {γ} finally {ɛ}; ω φ Introduction to JavaCard Dynamic Logic December 10, 2008 7 / 13

Abrupt Termination Redirection of control flow via return, break, continue, exceptions π try {ξα} catch(e) {γ} finally {ɛ}; ω φ Solution: rules work on first active statement, try part of prefix Introduction to JavaCard Dynamic Logic December 10, 2008 7 / 13

Abrupt Termination Redirection of control flow via return, break, continue, exceptions π try {ξα} catch(e) {γ} finally {ɛ}; ω φ Solution: rules work on first active statement, try part of prefix try-throw (exc simple) π if (exc instanceof Exception) { Γ ==> try {e = exc; γ} finally {ɛ} φ, } else {ɛ throw exc}; ω Γ ==> π try {throw exc; α} catch(e) {γ} finally {ɛ}; ω φ, Introduction to JavaCard Dynamic Logic December 10, 2008 7 / 13

Aliasing Naive alias resolution causes proof split (on o. = u) at each access Γ ==> o.age. = 1 -> u.age = 2; o.age. = u.age, Introduction to JavaCard Dynamic Logic December 10, 2008 8 / 13

Aliasing Naive alias resolution causes proof split (on o. = u) at each access Γ ==> o.age. = 1 -> u.age = 2; o.age. = u.age, Unnecessary in many cases! Γ ==> o.age. = 1 -> u.age = 2; o.age = 2; o.age. = u.age, Γ ==> o.age. = 1 -> u.age = 2; u.age. = 2, Introduction to JavaCard Dynamic Logic December 10, 2008 8 / 13

Aliasing Naive alias resolution causes proof split (on o. = u) at each access Γ ==> o.age. = 1 -> u.age = 2; o.age. = u.age, Unnecessary in many cases! Γ ==> o.age. = 1 -> u.age = 2; o.age = 2; o.age. = u.age, Γ ==> o.age. = 1 -> u.age = 2; u.age. = 2, Updates avoid such proof splits: Delayed state computation until clear what actually required Simplification of updates Introduction to JavaCard Dynamic Logic December 10, 2008 8 / 13

Updates for Java Let loc be either one of program variable x Introduction to JavaCard Dynamic Logic December 10, 2008 9 / 13

Updates for Java Let loc be either one of program variable x attribute access o.attr (o has object type) Introduction to JavaCard Dynamic Logic December 10, 2008 9 / 13

Updates for Java Let loc be either one of program variable x attribute access o.attr (o has object type) array access a[i] (a has array type, not discussed here) Introduction to JavaCard Dynamic Logic December 10, 2008 9 / 13

Updates for Java Let loc be either one of where program variable x attribute access o.attr (o has object type) array access a[i] (a has array type, not discussed here) assign Γ ==> {loc := val} π ω φ, Γ ==> π loc=val; ω φ, loc and val satisfy above restrictions val is a side-effect free term, {loc := val} is DL update (usage and semantics as in simple DL) Introduction to JavaCard Dynamic Logic December 10, 2008 9 / 13

Computing Effect of Updates: Attributes Use conditional terms to delay splitting further (\if (t1 = t2) \then t \else e) I,β = { t I,β t I,β 1 = t I,β 2 e I,β otherwise Introduction to JavaCard Dynamic Logic December 10, 2008 10 / 13

Computing Effect of Updates: Attributes Use conditional terms to delay splitting further (\if (t1 = t2) \then t \else e) I,β = { t I,β t I,β 1 = t I,β 2 e I,β otherwise Computing update followed by attribute access {o.a := t}o.a t {o.a := t}u.b ({o.a := t}u).b {o.a := t}u.a \if (({o.a:=t}u)=o) \then t \else ({o.a:=t}u).a Introduction to JavaCard Dynamic Logic December 10, 2008 10 / 13

Computing Effect of Updates: Attributes Use conditional terms to delay splitting further (\if (t1 = t2) \then t \else e) I,β = Computing update followed by attribute access { t I,β t I,β 1 = t I,β 2 e I,β otherwise {o.a := t}o.a t {o.a := t}u.b ({o.a := t}u).b {o.a := t}u.a \if (({o.a:=t}u)=o) \then t \else ({o.a:=t}u).a Example {o.a := o}o.a.a.b Introduction to JavaCard Dynamic Logic December 10, 2008 10 / 13

Computing Effect of Updates: Attributes Use conditional terms to delay splitting further (\if (t1 = t2) \then t \else e) I,β = Computing update followed by attribute access { t I,β t I,β 1 = t I,β 2 e I,β otherwise {o.a := t}o.a t {o.a := t}u.b ({o.a := t}u).b {o.a := t}u.a \if (({o.a:=t}u)=o) \then t \else ({o.a:=t}u).a Example {o.a := o}o.a.a.b {o.a := o}o.a.a.b Introduction to JavaCard Dynamic Logic December 10, 2008 10 / 13

Computing Effect of Updates: Attributes Use conditional terms to delay splitting further (\if (t1 = t2) \then t \else e) I,β = Computing update followed by attribute access { t I,β t I,β 1 = t I,β 2 e I,β otherwise {o.a := t}o.a t {o.a := t}u.b ({o.a := t}u).b {o.a := t}u.a \if (({o.a:=t}u)=o) \then t \else ({o.a:=t}u).a Example {o.a := o}o.a.a.b ({o.a := o}o.a.a).b Introduction to JavaCard Dynamic Logic December 10, 2008 10 / 13

Computing Effect of Updates: Attributes Use conditional terms to delay splitting further (\if (t1 = t2) \then t \else e) I,β = Computing update followed by attribute access { t I,β t I,β 1 = t I,β 2 e I,β otherwise {o.a := t}o.a t {o.a := t}u.b ({o.a := t}u).b {o.a := t}u.a \if (({o.a:=t}u)=o) \then t \else ({o.a:=t}u).a Example {o.a := o}o.a.a.b ( \if (({o.a := o}o.a) = o) \then o \else ({o.a := o}o.a).a ).b Introduction to JavaCard Dynamic Logic December 10, 2008 10 / 13

Computing Effect of Updates: Attributes Use conditional terms to delay splitting further (\if (t1 = t2) \then t \else e) I,β = Computing update followed by attribute access { t I,β t I,β 1 = t I,β 2 e I,β otherwise {o.a := t}o.a t {o.a := t}u.b ({o.a := t}u).b {o.a := t}u.a \if (({o.a:=t}u)=o) \then t \else ({o.a:=t}u).a Example {o.a := o}o.a.a.b ( \if (o = o) \then o \else o.a ).b Introduction to JavaCard Dynamic Logic December 10, 2008 10 / 13

Computing Effect of Updates: Attributes Use conditional terms to delay splitting further (\if (t1 = t2) \then t \else e) I,β = Computing update followed by attribute access { t I,β t I,β 1 = t I,β 2 e I,β otherwise {o.a := t}o.a t {o.a := t}u.b ({o.a := t}u).b {o.a := t}u.a \if (({o.a:=t}u)=o) \then t \else ({o.a:=t}u).a Example {o.a := o}o.a.a.b o.b Introduction to JavaCard Dynamic Logic December 10, 2008 10 / 13

Parallel Updates Computing update followed by update results in parallel update: {l 1 := r 1 }{l 2 := r 2 } = {{l 1 := r 1 }, {{l 1 := r 1 } l 2 := {l 1 := r 1 }r 2 }} where {l := r} f (t 1,..., t n ) = f ({l := r}t 1,..., {l := r}t n ) Introduction to JavaCard Dynamic Logic December 10, 2008 11 / 13

Parallel Updates Computing update followed by update results in parallel update: {l 1 := r 1 }{l 2 := r 2 } = {{l 1 := r 1 }, {{l 1 := r 1 } l 2 := {l 1 := r 1 }r 2 }} where {l := r} f (t 1,..., t n ) = f ({l := r}t 1,..., {l := r}t n ) Syntax {l 1 := v 1,..., l n := v n } Introduction to JavaCard Dynamic Logic December 10, 2008 11 / 13

Parallel Updates Computing update followed by update results in parallel update: {l 1 := r 1 }{l 2 := r 2 } = {{l 1 := r 1 }, {{l 1 := r 1 } l 2 := {l 1 := r 1 }r 2 }} where {l := r} f (t 1,..., t n ) = f ({l := r}t 1,..., {l := r}t n ) Syntax {l 1 := v 1,..., l n := v n } Semantics All l i and v i computed in old state All updates done simultaneously If conflict l i = l j, v i v j later update wins Introduction to JavaCard Dynamic Logic December 10, 2008 11 / 13

Method Call Method call with actual parameters arg 1,..., arg n {arg 1 := t 1,..., arg n := t n, o := t o } o.m(arg 1,..., arg n ); φ Where method declaration is: void m(t 1 p 1,..., T n p n ) Introduction to JavaCard Dynamic Logic December 10, 2008 12 / 13

Method Call Method call with actual parameters arg 1,..., arg n {arg 1 := t 1,..., arg n := t n, o := t o } o.m(arg 1,..., arg n ); φ Where method declaration is: void m(t 1 p 1,..., T n p n ) What the rule method-call does: (type conformance of arg i to T i guaranteed by Java compiler) Introduction to JavaCard Dynamic Logic December 10, 2008 12 / 13

Method Call Method call with actual parameters arg 1,..., arg n {arg 1 := t 1,..., arg n := t n, o := t o } o.m(arg 1,..., arg n ); φ Where method declaration is: void m(t 1 p 1,..., T n p n ) What the rule method-call does: (type conformance of arg i to T i guaranteed by Java compiler) for each formal parameter p i of m declare & initialize new local variable T i p i = arg i ; Introduction to JavaCard Dynamic Logic December 10, 2008 12 / 13

Method Call Method call with actual parameters arg 1,..., arg n {arg 1 := t 1,..., arg n := t n, o := t o } o.m(arg 1,..., arg n ); φ Where method declaration is: void m(t 1 p 1,..., T n p n ) What the rule method-call does: (type conformance of arg i to T i guaranteed by Java compiler) for each formal parameter p i of m declare & initialize new local variable T i p i = arg i ; look up implementation class C of m split proof, if implementation not determinable Introduction to JavaCard Dynamic Logic December 10, 2008 12 / 13

Method Call Method call with actual parameters arg 1,..., arg n {arg 1 := t 1,..., arg n := t n, o := t o } o.m(arg 1,..., arg n ); φ Where method declaration is: void m(t 1 p 1,..., T n p n ) What the rule method-call does: (type conformance of arg i to T i guaranteed by Java compiler) for each formal parameter p i of m declare & initialize new local variable T i p i = arg i ; look up implementation class C of m split proof, if implementation not determinable make concrete call o.c::m(p 1,..., p n ) Introduction to JavaCard Dynamic Logic December 10, 2008 12 / 13

Method Body Expand After processing code that binds actual to formal parameters (symbolic execution of T i p i = arg i ; ) method-body-expand Γ ==> π method-frame(c(o)){ b } ω φ, Γ ==> π o.c::m(p 1,..., p n ); ω φ, Introduction to JavaCard Dynamic Logic December 10, 2008 13 / 13

Method Body Expand After processing code that binds actual to formal parameters (symbolic execution of T i p i = arg i ; ) method-body-expand Γ ==> π method-frame(c(o)){ b } ω φ, Γ ==> π o.c::m(p 1,..., p n ); ω φ, Symbolic Execution Introduction to JavaCard Dynamic Logic December 10, 2008 13 / 13

Method Body Expand After processing code that binds actual to formal parameters (symbolic execution of T i p i = arg i ; ) method-body-expand Γ ==> π method-frame(c(o)){ b } ω φ, Γ ==> π o.c::m(p 1,..., p n ); ω φ, Symbolic Execution Only static information available, proof splitting Introduction to JavaCard Dynamic Logic December 10, 2008 13 / 13

Method Body Expand After processing code that binds actual to formal parameters (symbolic execution of T i p i = arg i ; ) method-body-expand Γ ==> π method-frame(c(o)){ b } ω φ, Γ ==> π o.c::m(p 1,..., p n ); ω φ, Symbolic Execution Only static information available, proof splitting Runtime infrastructure required in calculus Introduction to JavaCard Dynamic Logic December 10, 2008 13 / 13

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback