Abstract
KeY is a tool that provides facilities for formal specification and verification of programs within a commercial platform for UML based software development. Using the KeY tool, formal methods and object-oriented development techniques are applied in an integrated manner. Formal specification is performed using the Object Constraint Language (OCL), which is part of the UML standard. KeY provides support for the authoring and formal analysis of OCL constraints. The target language of KeY based development is Java Card DL, a proper subset of Java for smart card applications and embedded systems. KeY uses a dynamic logic for Java Card DL to express proof obligations, and provides a state-of-the-art theorem prover for interactive and automated verification. Apart from its integration into UML based software development, a characteristic feature of KeY is that formal specification and verification can be introduced incrementally.
Similar content being viewed by others
References
Ahrendt W (2002) Deductive search for errors in free data type specifications using model generation. In: Voronkov A (ed) Automated Deduction – CADE-18, 18th International Conference on Automated Deduction, Copenhagen, Denmark, LNCS, vol 2392. Springer-Verlag
Ahrendt W, Baar T, Beckert B, Giese M, Habermalz E, Hähnle R, Menzel W, Schmitt PH (2000) The KeY approach: Integrating object oriented design and formal verification. In: Ojeda-Aciego M, de Guzmán IP, Brewka G, Pereira LM (eds) Proc. 8th European Workshop on Logics in AI (JELIA), LNCS, vol 1919. Springer-Verlag, pp 21–36, Oct.
Ahrendt W, Baar T, Beckert B, Giese M, Hähnle R, Menzel W, Mostowski W, Schmitt PH (2002) The KeY system: Integrating object-oriented design and formal methods. In: Kutsche R-D, Weber H (eds) Fundamental Approaches to Software Engineering (FASE), Part of Joint European Conferences on Theory and Practice of Software, ETAPS, Grenoble, LNCS, vol 2306. Springer-Verlag, pp 327–330
Androutsopoulos K (2002) Using SMV to model check RSDS specifications. Technical Report TR-02-07, King’s College of London, Department of Computing Science
ANTLR homepage. At http://www.antlr.org/
Baar T (2002) How to ground meta-circular OCL descriptions: A set-theoretic approach. In: Clark T, Evans A, Lano K (eds) Proceedings, Fourth Workshop on Rigorous Object-Oriented Methods, London
Baar T (2003) The definition of transitive closure with ocl: Limitations and applications. In: Proceedings, Fifth Andrei Ershov International Conference, Perspectives of System Informatics, Novosibirsk, Russia, LNCS, vol 2890. Springer, pp 358–365, July
Baar T (2003) Über die Semantikbeschreibung OCL-artiger Sprachen. PhD thesis, Fakultät für Informatik, Universität Karlsruhe. ISBN 3-8325-0433-8, Logos Verlag, Berlin
Baar T (2004) Metamodels without metacircularities. L’Objet. To appear
Baar T, Beckert B, Schmitt PH (2001) An extension of Dynamic Logic for modelling OCL’s @pre operator. In: Proceedings, Fourth Andrei Ershov International Conference, Perspectives of System Informatics, Novosibirsk, Russia, LNCS, vol 2244. Springer, pp 47–54
Baar T, Hähnle R (2000) An integrated metamodel for OCL types. In: France R, Rumpe B, Whittle J (eds) Proc. OOPSLA 2000 Workshop Refactoring the UML: In Search of the Core, Minneapolis/MI, USA, Oct.
Baar T, Hähnle R, Sattler T, Schmitt PH (2000) Entwurfsmustergesteuerte Erzeugung von OCL-Constraints. In: Mehlhorn K, Snelting G (eds) Softwaretechnik-Trends, Informatik Aktuell, pp 389–404. Springer-Verlag, Sept. In German.
Balser M, Reif W, Schellhorn G, Stenzel K, Thums A (2000) Formal system development with KIV. In: Maibaum T (ed) Fundamental Approaches to Software Engineering, LNCS, vol 1783. Springer-Verlag
Beck K (1999) Embracing change with Extreme Programming. Computer 32:70–77, Oct.
Beckert B (2001) A dynamic logic for the formal verification of Java Card programs. In: Attali I, Jensen T (eds) Java on Smart Cards: Programming and Security. Revised Papers, Java Card 2000, International Workshop, Cannes, France, LNCS, vol 2041. Springer-Verlag, pp 6–24
Beckert B, Giese M, Habermalz E, Hähnle R, Roth A, Rümmer P, Schlager S (2004) Taclets: A new paradigm for writing theorem provers. Revista De La Real Academia De Ciencias Exactas, Fisicas Y Naturales. To appear.
Beckert B, Keller U, Schmitt PH (2002) Translating the Object Constraint Language into first-order predicate logic. In: Proceedings, VERIFY, Workshop at Federated Logic Conferences (FLoC), Copenhagen, Denmark. Available at http://i12www.ira.uka.de/∼key/doc/2002/BeckertKellerSchmitt02.ps.gz
Beckert B, Mostowski W (2003) A program logic for handling Java Card’s transaction mechanism. In: Pezzè M (ed) Proceedings, Fundamental Approaches to Software Engineering (FASE) Conference, LNCS, vol 2621. Warsaw, Poland. Springer, pp 246–260, April
Beckert B, Schlager S (2001) A sequent calculus for first-order dynamic logic with trace modalities. In: Gorè R, Leitsch A, Nipkow T (eds) Proceedings, International Joint Conference on Automated Reasoning, Siena, Italy, LNCS vol 2083. Springer, pp 626–641
Beckert B, Schlager S (2004) Software verification with integrated data type refinement for integer arithmetic. In: Proceedings, International Conference on Integrated Formal Methods, Canterbury, UK, LNCS. Springer. To appear
Beckert B, Schmitt PH (2003) Program verification using change information. In: Proceedings, Software Engineering and Formal Methods (SEFM), Brisbane, Australia. IEEE Press, pp 91–99
Boehm BW (1988) A spiral model of software development and enhancement. IEEE Computer 21(5):61–72
Borland Together homepage. At http://www.borland.com/together/index.html
Breu R, Grosu R, Huber F, Rumpe B, Schwerin W (1997) Towards a precise semantics for object-oriented modeling techniques. In: Bosch J, Mitchell S (eds) Object-Oriented Technology, ECOOP’97 Post Conference Workshop Reader, Jyväskylä, Finland, LNCS, vol 1357. Springer-Verlag
Brucker AD, Wolff B (2002) HOL-OCL: Experiences, consequences and design choices. In: Jézéquel J-M, Hussmann H, Cook S (eds) UML 2002: Model Engineering, Concepts and Tools, LNCS, vol 2460. Springer-Verlag, pp 196–211
Bubel R, Hähnle R (2003) Formal specification of security-critical railway software with the KeY system. In: Arts T, Fokkink W (eds) Proceedings, Eighth International Workshop on Formal Methods for Industrial Critical Systems (FMICS), Electronic Notes in Theoretical Computer Science, vol 80. Elsevier
Chen Z (2000) Java Card Technology for Smart Cards: Architecture and Programmer’s Guide. Java Series. Addison-Wesley, June
Cook S, Daniels J (1994) Designing Object Systems: Object-Oriented Modelling with Syntropy. The Object-Oriented Series. Prentice Hall
Crocker D (2002) Perfect Developer: A tool for rigorous object-oriented software development. In: Clark T, Evans A, Lano K (eds) Proc. Fourth Workshop on Rigorous Object-Oriented Methods, London
Darvas A, Hähnle R, Sands D (2003) A theorem proving approach to analysis of secure information flow. In: Gorrieri R (ed) Workshop on Issues in the Theory of Security (WITS). IFIP WG 1.7, ACM SIGPLAN and GI FoMSESS
Dresden-OCL homepage. At http://dresden-ocl.sourceforge.net/
Evans A, Bruel J-M, France R, Lano K, Rumpe B (1998) Making UML precise. In: Andrade L, Moreira A, Deshpande A, Kent S (eds) Proceedings of the OOPSLA’98 Workshop on Formalizing UML. Why? How?
Finger F (2000) Design and implementation of a modular OCL compiler. Diplomarbeit, Technische Universität Dresden, Fakultät für Informatik, Mar.
Fowler M, Scott K (1997) UML Destilled. Applying the Standard Object Modeling Language. Addison-Wesley
France R (1999) A problem-oriented analysis of basic UML static requirements modeling concepts. In: Proceedings of the 1999 ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications. ACM Press, pp 57–69
Fujita H, Hasegawa R (1991) A model generation theorem prover in KL1 using a ramified-stack algorithm. In: Furukawa K (ed) Proceedings 8th International Conference on Logic Programming, Paris/France. MIT Press, pp 535–548
Gamma E, Helm R, Johnson R, Vlissides J (1995) Design Patterns: Elements of Reusable Object-Oriented Software. Addison-Wesley, Reading/MA
Giese M (2001) Incremental closure of free variable tableaux. In: Goré, R., Leitsch A, Nipkow T (eds) Proc. Intl. Joint Conference on Automated Reasoning (IJCAR), Siena, Italy, LNCS, vol 2083. Springer-Verlag, pp 545–560
Giese M (2003) Taclets and the KeY prover. In: Lüth C, Aspinall D (eds) Intl., Workshop on User Interfaces for Theorem Provers, UITP 2003, Rome, Italy. Arcane, Rome, pp 74–80. Also as Tech. Report 189, Inst. f. Informatik, Albert-Ludwigs-Universität, Freiburg
Habermalz E (2000) Interactive theorem proving with schematic theory specific rules. Technical Report 19/00, Fakultät für Informatik, Universität Karlsruhe. Available at http://i12www.ira.uka.de/∼key/doc/2000/stsr.ps.gz
Hähnle R, Johannisson K, Ranta A (2002) An authoring tool for informal and formal requirements specifications. In: Kutsche R-D, Weber H (eds) Fundamental Approaches to Software Engineering (FASE), Part of Joint European Conferences on Theory and Practice of Software, ETAPS, Grenoble, LNCS, vol 2306. Springer-Verlag, pp 233–248
Harel D (1984) Dynamic logic. In: Gabbay D, Guenthner F (eds) Handbook of Philosophical Logic, volume II: Extensions of Classical Logic, chapter 10. Reidel, Dordrecht, pp 497–604
Harel D, Kozen D, Tiuryn J (2000) Dynamic Logic. MIT Press
Holzmann GJ (2001) Economics of software verification. In: Proc., Workshop on Program Analysis for Software Tools and Engineering, Snowbird, Utah, USA, ACM, June
Hutter D, Langenstein B, Sengler C, Siekmann JH, Stephan W (1996) Deduction in the Verification Support Environment (VSE). In: Gaudel M-C, Woodcock J (eds) Proceedings, Formal Methods Europe: Industrial Benefits Advances in Formal Methods. Springer
Jacobson I, Rumbaugh J, Booch G (1999) The Unified Software Development Process. Object Technology Series. Addison-Wesley, Reading/MA
JavaCC homepage. At http://www.webgain.com/products/java_cc/
JUnit homepage. At http://junit.sourceforge.net/
Keller U (2002) Übersetzung von OCL-Constraints in Formeln einer Dynamischen Logik für Java. Diplomarbeit, Fakultät für Informatik, Universität Karlsruhe. In German
Klebanov V (2003) Proof Re-Use in Java Software Verification. Diplomarbeit, Fakultät für Informatik, Universität Karlsruhe
Kozen D, Tiuryn J (1990) Logics of programs. In: van Leeuwen J (ed) Handbook of Theoretical Computer Science, volume B: Formal Models and Semantics, chapter 14. The MIT Press, pp 789–840
Lano K, Clark D, Androutsopoulos K (2002) Formalising inter-model consistency of the UML. In: Kuzniarz L, Reggio G, Sourrouille JL, Huzar Z (eds) Blekinge Institute of Technology, Research Report 2002:06. UML 2002, Model Engineering, Concepts and Tools. Workshop on Consistency Problems in UML-based Software Development. Workshop Materials. Department of Software Engineering and Computer Science, Blekinge Institute of Technology, pp 133–148
Larsson D, Mostowski W (2004) Specifying Java Card API in OCL. In: OCL 2.0 Workshop at UML 2003, ENTCS. Elsevier. To appear
Mellor SJ, D’Souza D, Clark T, Evans A, Kent S (2001) Infrastructure and Superstructure of the Unified Modeling Language 2.0 (Response to UML2.0 RfP). Technical report, Submission to the OMG
Meyer B (1997) Object-Oriented Software Construction. Prentice-Hall, Englewood Cliffs, second edition
Mostowski W (2002) Rigorous development of JavaCard applications. In: Clark T, Evans A, Lano K (eds) Proc. Fourth Workshop on Rigorous Object-Oriented Methods, London. Available at http://www.cs.chalmers.se/∼woj/papers/room2002.ps.gz
Response to the UML OCL RfP (2002) June. OMG document ad/2002-05-09
Object Modeling Group (2003) Unified Modelling Language Specification, version 1.5, Mar.
Owre S, Rajan S, Rushby J, Shankar N, Srivas M (1996) PVS: Combining specification, proof checking, and model checking. In: Alur R, Henzinger TA (eds) Computer-Aided Verification, CAV ’96, LNCS, vol 1102. Springer-Verlag, pp 411–414, July/August
Paulson LC (1994) Isabelle: a generic theorem prover, LNCS, vol 828. Springer-Verlag
Pratt VR (1977) Semantical considerations on Floyd-Hoare logic. In: Proceedings, 18th Annual IEEE Symposium on Foundation of Computer Science
Recoder homepage. http://recoder.sourceforge.net/
Richters M (2002) A Precise Approach to Validating UML Models and OCL Constraints, BISS Monographs, vol 14. Logos Verlag. PhD thesis, Universität Bremen
Roth A (2002) Deduktiver Softwareentwurf am Beispiel des Java Collections Frameworks. Diplomarbeit, Fakultät für Informatik, Universität Karlsruhe, June. In German
Schmitt PH (2001) A model theoretic semantics of OCL. In: Beckert B, France R, Hähnle R, Jacobs B (eds) Proceedings, IJCAR Workshop on Precise Modelling and Deduction for Object-oriented Software Development, Siena, Italy. Technical Report DII 07/01, Dipartimento di Ingegneria dell’Informazione, Università degli Studi di Siena, pp 43–57
Snook C, Wheeler P, Butler M (2003) Preliminary tool extensions for integration of UML and B. IST-2000-30103 project deliverable D4.1.2. Available at http://www.keesda.com/pussee/
Stenzel K (2001) Verification of java card programs. Technical report 2001-5, Institut für Informatik, Universität Augsburg, Germany. Available at http://www.Informatik.Uni-Augsburg.de/swt/fmg/papers/
Sun Microsystems, Inc. (2001) Java Card 2.0 Language Subset and Virtual Machine Specification, Palo Alto/CA, Oct.
Sun Microsystems, Inc. (2002) Java Card 2.2 Platform Specification, Palo Alto/CA, USA, Sept.
von Oheimb D (2000) Axiomatic semantics for Javalight. In: Drossopoulou S, Eisenbach S, Jacobs B, Leavens GT, Müller P, Poetzsch-Heffter A (eds) Proceedings, Formal Techniques for Java Programs, Workshop at ECOOP’00, Cannes, France
von Oheimb D (2001) Analyzing Java in Isabelle/HOL. PhD thesis, Institut für Informatik, Technische Universität München, Jan.
Warmer J, Kleppe A (1999) OCL: The constraint language of the UML. Journal of Object-Oriented Programming, 12(1):10–13,28, Mar.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Ahrendt, W., Baar, T., Beckert, B. et al. The KeY tool. Softw Syst Model 4, 32–54 (2005). https://doi.org/10.1007/s10270-004-0058-x
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10270-004-0058-x