Skip to main content
SpringerLink
Log in

The KeY tool

Integrating object oriented design and formal verification

  • Regular Paper
  • Published:
Software & Systems Modeling Aims and scope Submit manuscript

Abstract

KeY is a tool that provides facilities for formal specification and verification of programs within a commercial platform for UML based software development. Using the KeY tool, formal methods and object-oriented development techniques are applied in an integrated manner. Formal specification is performed using the Object Constraint Language (OCL), which is part of the UML standard. KeY provides support for the authoring and formal analysis of OCL constraints. The target language of KeY based development is Java Card DL, a proper subset of Java for smart card applications and embedded systems. KeY uses a dynamic logic for Java Card DL to express proof obligations, and provides a state-of-the-art theorem prover for interactive and automated verification. Apart from its integration into UML based software development, a characteristic feature of KeY is that formal specification and verification can be introduced incrementally.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Ahrendt W (2002) Deductive search for errors in free data type specifications using model generation. In: Voronkov A (ed) Automated Deduction – CADE-18, 18th International Conference on Automated Deduction, Copenhagen, Denmark, LNCS, vol 2392. Springer-Verlag

  2. Ahrendt W, Baar T, Beckert B, Giese M, Habermalz E, Hähnle R, Menzel W, Schmitt PH (2000) The KeY approach: Integrating object oriented design and formal verification. In: Ojeda-Aciego M, de Guzmán IP, Brewka G, Pereira LM (eds) Proc. 8th European Workshop on Logics in AI (JELIA), LNCS, vol 1919. Springer-Verlag, pp 21–36, Oct.

  3. Ahrendt W, Baar T, Beckert B, Giese M, Hähnle R, Menzel W, Mostowski W, Schmitt PH (2002) The KeY system: Integrating object-oriented design and formal methods. In: Kutsche R-D, Weber H (eds) Fundamental Approaches to Software Engineering (FASE), Part of Joint European Conferences on Theory and Practice of Software, ETAPS, Grenoble, LNCS, vol 2306. Springer-Verlag, pp 327–330

  4. Androutsopoulos K (2002) Using SMV to model check RSDS specifications. Technical Report TR-02-07, King’s College of London, Department of Computing Science

  5. ANTLR homepage. At http://www.antlr.org/

  6. Baar T (2002) How to ground meta-circular OCL descriptions: A set-theoretic approach. In: Clark T, Evans A, Lano K (eds) Proceedings, Fourth Workshop on Rigorous Object-Oriented Methods, London

  7. Baar T (2003) The definition of transitive closure with ocl: Limitations and applications. In: Proceedings, Fifth Andrei Ershov International Conference, Perspectives of System Informatics, Novosibirsk, Russia, LNCS, vol 2890. Springer, pp 358–365, July

  8. Baar T (2003) Über die Semantikbeschreibung OCL-artiger Sprachen. PhD thesis, Fakultät für Informatik, Universität Karlsruhe. ISBN 3-8325-0433-8, Logos Verlag, Berlin

  9. Baar T (2004) Metamodels without metacircularities. L’Objet. To appear

  10. Baar T, Beckert B, Schmitt PH (2001) An extension of Dynamic Logic for modelling OCL’s @pre operator. In: Proceedings, Fourth Andrei Ershov International Conference, Perspectives of System Informatics, Novosibirsk, Russia, LNCS, vol 2244. Springer, pp 47–54

  11. Baar T, Hähnle R (2000) An integrated metamodel for OCL types. In: France R, Rumpe B, Whittle J (eds) Proc. OOPSLA 2000 Workshop Refactoring the UML: In Search of the Core, Minneapolis/MI, USA, Oct.

    Google Scholar 

  12. Baar T, Hähnle R, Sattler T, Schmitt PH (2000) Entwurfsmustergesteuerte Erzeugung von OCL-Constraints. In: Mehlhorn K, Snelting G (eds) Softwaretechnik-Trends, Informatik Aktuell, pp 389–404. Springer-Verlag, Sept. In German.

  13. Balser M, Reif W, Schellhorn G, Stenzel K, Thums A (2000) Formal system development with KIV. In: Maibaum T (ed) Fundamental Approaches to Software Engineering, LNCS, vol 1783. Springer-Verlag

  14. Beck K (1999) Embracing change with Extreme Programming. Computer 32:70–77, Oct.

    Article  Google Scholar 

  15. Beckert B (2001) A dynamic logic for the formal verification of Java Card programs. In: Attali I, Jensen T (eds) Java on Smart Cards: Programming and Security. Revised Papers, Java Card 2000, International Workshop, Cannes, France, LNCS, vol 2041. Springer-Verlag, pp 6–24

  16. Beckert B, Giese M, Habermalz E, Hähnle R, Roth A, Rümmer P, Schlager S (2004) Taclets: A new paradigm for writing theorem provers. Revista De La Real Academia De Ciencias Exactas, Fisicas Y Naturales. To appear.

  17. Beckert B, Keller U, Schmitt PH (2002) Translating the Object Constraint Language into first-order predicate logic. In: Proceedings, VERIFY, Workshop at Federated Logic Conferences (FLoC), Copenhagen, Denmark. Available at http://i12www.ira.uka.de/∼key/doc/2002/BeckertKellerSchmitt02.ps.gz

  18. Beckert B, Mostowski W (2003) A program logic for handling Java Card’s transaction mechanism. In: Pezzè M (ed) Proceedings, Fundamental Approaches to Software Engineering (FASE) Conference, LNCS, vol 2621. Warsaw, Poland. Springer, pp 246–260, April

  19. Beckert B, Schlager S (2001) A sequent calculus for first-order dynamic logic with trace modalities. In: Gorè R, Leitsch A, Nipkow T (eds) Proceedings, International Joint Conference on Automated Reasoning, Siena, Italy, LNCS vol 2083. Springer, pp 626–641

  20. Beckert B, Schlager S (2004) Software verification with integrated data type refinement for integer arithmetic. In: Proceedings, International Conference on Integrated Formal Methods, Canterbury, UK, LNCS. Springer. To appear

  21. Beckert B, Schmitt PH (2003) Program verification using change information. In: Proceedings, Software Engineering and Formal Methods (SEFM), Brisbane, Australia. IEEE Press, pp 91–99

  22. Boehm BW (1988) A spiral model of software development and enhancement. IEEE Computer 21(5):61–72

    Article  Google Scholar 

  23. Borland Together homepage. At http://www.borland.com/together/index.html

  24. Breu R, Grosu R, Huber F, Rumpe B, Schwerin W (1997) Towards a precise semantics for object-oriented modeling techniques. In: Bosch J, Mitchell S (eds) Object-Oriented Technology, ECOOP’97 Post Conference Workshop Reader, Jyväskylä, Finland, LNCS, vol 1357. Springer-Verlag

  25. Brucker AD, Wolff B (2002) HOL-OCL: Experiences, consequences and design choices. In: Jézéquel J-M, Hussmann H, Cook S (eds) UML 2002: Model Engineering, Concepts and Tools, LNCS, vol 2460. Springer-Verlag, pp 196–211

  26. Bubel R, Hähnle R (2003) Formal specification of security-critical railway software with the KeY system. In: Arts T, Fokkink W (eds) Proceedings, Eighth International Workshop on Formal Methods for Industrial Critical Systems (FMICS), Electronic Notes in Theoretical Computer Science, vol 80. Elsevier

  27. Chen Z (2000) Java Card Technology for Smart Cards: Architecture and Programmer’s Guide. Java Series. Addison-Wesley, June

    Google Scholar 

  28. Cook S, Daniels J (1994) Designing Object Systems: Object-Oriented Modelling with Syntropy. The Object-Oriented Series. Prentice Hall

    Google Scholar 

  29. Crocker D (2002) Perfect Developer: A tool for rigorous object-oriented software development. In: Clark T, Evans A, Lano K (eds) Proc. Fourth Workshop on Rigorous Object-Oriented Methods, London

  30. Darvas A, Hähnle R, Sands D (2003) A theorem proving approach to analysis of secure information flow. In: Gorrieri R (ed) Workshop on Issues in the Theory of Security (WITS). IFIP WG 1.7, ACM SIGPLAN and GI FoMSESS

  31. Dresden-OCL homepage. At http://dresden-ocl.sourceforge.net/

  32. Evans A, Bruel J-M, France R, Lano K, Rumpe B (1998) Making UML precise. In: Andrade L, Moreira A, Deshpande A, Kent S (eds) Proceedings of the OOPSLA’98 Workshop on Formalizing UML. Why? How?

  33. Finger F (2000) Design and implementation of a modular OCL compiler. Diplomarbeit, Technische Universität Dresden, Fakultät für Informatik, Mar.

  34. Fowler M, Scott K (1997) UML Destilled. Applying the Standard Object Modeling Language. Addison-Wesley

  35. France R (1999) A problem-oriented analysis of basic UML static requirements modeling concepts. In: Proceedings of the 1999 ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications. ACM Press, pp 57–69

  36. Fujita H, Hasegawa R (1991) A model generation theorem prover in KL1 using a ramified-stack algorithm. In: Furukawa K (ed) Proceedings 8th International Conference on Logic Programming, Paris/France. MIT Press, pp 535–548

  37. Gamma E, Helm R, Johnson R, Vlissides J (1995) Design Patterns: Elements of Reusable Object-Oriented Software. Addison-Wesley, Reading/MA

    Google Scholar 

  38. Giese M (2001) Incremental closure of free variable tableaux. In: Goré, R., Leitsch A, Nipkow T (eds) Proc. Intl. Joint Conference on Automated Reasoning (IJCAR), Siena, Italy, LNCS, vol 2083. Springer-Verlag, pp 545–560

  39. Giese M (2003) Taclets and the KeY prover. In: Lüth C, Aspinall D (eds) Intl., Workshop on User Interfaces for Theorem Provers, UITP 2003, Rome, Italy. Arcane, Rome, pp 74–80. Also as Tech. Report 189, Inst. f. Informatik, Albert-Ludwigs-Universität, Freiburg

  40. Habermalz E (2000) Interactive theorem proving with schematic theory specific rules. Technical Report 19/00, Fakultät für Informatik, Universität Karlsruhe. Available at http://i12www.ira.uka.de/∼key/doc/2000/stsr.ps.gz

  41. Hähnle R, Johannisson K, Ranta A (2002) An authoring tool for informal and formal requirements specifications. In: Kutsche R-D, Weber H (eds) Fundamental Approaches to Software Engineering (FASE), Part of Joint European Conferences on Theory and Practice of Software, ETAPS, Grenoble, LNCS, vol 2306. Springer-Verlag, pp 233–248

  42. Harel D (1984) Dynamic logic. In: Gabbay D, Guenthner F (eds) Handbook of Philosophical Logic, volume II: Extensions of Classical Logic, chapter 10. Reidel, Dordrecht, pp 497–604

  43. Harel D, Kozen D, Tiuryn J (2000) Dynamic Logic. MIT Press

  44. Holzmann GJ (2001) Economics of software verification. In: Proc., Workshop on Program Analysis for Software Tools and Engineering, Snowbird, Utah, USA, ACM, June

  45. Hutter D, Langenstein B, Sengler C, Siekmann JH, Stephan W (1996) Deduction in the Verification Support Environment (VSE). In: Gaudel M-C, Woodcock J (eds) Proceedings, Formal Methods Europe: Industrial Benefits Advances in Formal Methods. Springer

  46. Jacobson I, Rumbaugh J, Booch G (1999) The Unified Software Development Process. Object Technology Series. Addison-Wesley, Reading/MA

  47. JavaCC homepage. At http://www.webgain.com/products/java_cc/

  48. JUnit homepage. At http://junit.sourceforge.net/

  49. Keller U (2002) Übersetzung von OCL-Constraints in Formeln einer Dynamischen Logik für Java. Diplomarbeit, Fakultät für Informatik, Universität Karlsruhe. In German

  50. Klebanov V (2003) Proof Re-Use in Java Software Verification. Diplomarbeit, Fakultät für Informatik, Universität Karlsruhe

  51. Kozen D, Tiuryn J (1990) Logics of programs. In: van Leeuwen J (ed) Handbook of Theoretical Computer Science, volume B: Formal Models and Semantics, chapter 14. The MIT Press, pp 789–840

  52. Lano K, Clark D, Androutsopoulos K (2002) Formalising inter-model consistency of the UML. In: Kuzniarz L, Reggio G, Sourrouille JL, Huzar Z (eds) Blekinge Institute of Technology, Research Report 2002:06. UML 2002, Model Engineering, Concepts and Tools. Workshop on Consistency Problems in UML-based Software Development. Workshop Materials. Department of Software Engineering and Computer Science, Blekinge Institute of Technology, pp 133–148

  53. Larsson D, Mostowski W (2004) Specifying Java Card API in OCL. In: OCL 2.0 Workshop at UML 2003, ENTCS. Elsevier. To appear

  54. Mellor SJ, D’Souza D, Clark T, Evans A, Kent S (2001) Infrastructure and Superstructure of the Unified Modeling Language 2.0 (Response to UML2.0 RfP). Technical report, Submission to the OMG

  55. Meyer B (1997) Object-Oriented Software Construction. Prentice-Hall, Englewood Cliffs, second edition

  56. Mostowski W (2002) Rigorous development of JavaCard applications. In: Clark T, Evans A, Lano K (eds) Proc. Fourth Workshop on Rigorous Object-Oriented Methods, London. Available at http://www.cs.chalmers.se/∼woj/papers/room2002.ps.gz

  57. Response to the UML OCL RfP (2002) June. OMG document ad/2002-05-09

  58. Object Modeling Group (2003) Unified Modelling Language Specification, version 1.5, Mar.

  59. Owre S, Rajan S, Rushby J, Shankar N, Srivas M (1996) PVS: Combining specification, proof checking, and model checking. In: Alur R, Henzinger TA (eds) Computer-Aided Verification, CAV ’96, LNCS, vol 1102. Springer-Verlag, pp 411–414, July/August

  60. Paulson LC (1994) Isabelle: a generic theorem prover, LNCS, vol 828. Springer-Verlag

  61. Pratt VR (1977) Semantical considerations on Floyd-Hoare logic. In: Proceedings, 18th Annual IEEE Symposium on Foundation of Computer Science

  62. Recoder homepage. http://recoder.sourceforge.net/

  63. Richters M (2002) A Precise Approach to Validating UML Models and OCL Constraints, BISS Monographs, vol 14. Logos Verlag. PhD thesis, Universität Bremen

  64. Roth A (2002) Deduktiver Softwareentwurf am Beispiel des Java Collections Frameworks. Diplomarbeit, Fakultät für Informatik, Universität Karlsruhe, June. In German

  65. Schmitt PH (2001) A model theoretic semantics of OCL. In: Beckert B, France R, Hähnle R, Jacobs B (eds) Proceedings, IJCAR Workshop on Precise Modelling and Deduction for Object-oriented Software Development, Siena, Italy. Technical Report DII 07/01, Dipartimento di Ingegneria dell’Informazione, Università degli Studi di Siena, pp 43–57

  66. Snook C, Wheeler P, Butler M (2003) Preliminary tool extensions for integration of UML and B. IST-2000-30103 project deliverable D4.1.2. Available at http://www.keesda.com/pussee/

  67. Stenzel K (2001) Verification of java card programs. Technical report 2001-5, Institut für Informatik, Universität Augsburg, Germany. Available at http://www.Informatik.Uni-Augsburg.de/swt/fmg/papers/

  68. Sun Microsystems, Inc. (2001) Java Card 2.0 Language Subset and Virtual Machine Specification, Palo Alto/CA, Oct.

  69. Sun Microsystems, Inc. (2002) Java Card 2.2 Platform Specification, Palo Alto/CA, USA, Sept.

  70. von Oheimb D (2000) Axiomatic semantics for Javalight. In: Drossopoulou S, Eisenbach S, Jacobs B, Leavens GT, Müller P, Poetzsch-Heffter A (eds) Proceedings, Formal Techniques for Java Programs, Workshop at ECOOP’00, Cannes, France

  71. von Oheimb D (2001) Analyzing Java in Isabelle/HOL. PhD thesis, Institut für Informatik, Technische Universität München, Jan.

  72. Warmer J, Kleppe A (1999) OCL: The constraint language of the UML. Journal of Object-Oriented Programming, 12(1):10–13,28, Mar.

Download references

Author information

Authors and Affiliations

  1. Department of Computing Science, Chalmers University of Technology, 41296, Gothenburg, Sweden

    Wolfgang Ahrendt, Martin Giese, Reiner Hähnle & Wojciech Mostowski

  2. Software Engineering Laboratory, Swiss Federal Institute of Technology in Lausanne, 1015, Lausanne EPFL, Switzerland

    Thomas Baar

  3. Institute for Computer Science, University of Koblenz-Landau, 56072, Koblenz, Germany

    Bernhard Beckert

  4. Department of Computer Science, University of Karlsruhe, 76128, Karlsruhe, Germany

    Richard Bubel, Wolfram Menzel, Andreas Roth, Steffen Schlager & Peter H. Schmitt

Authors
  1. Wolfgang Ahrendt
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Thomas Baar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bernhard Beckert
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Richard Bubel
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Martin Giese
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Reiner Hähnle
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Wolfram Menzel
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Wojciech Mostowski
    View author publications

    You can also search for this author in PubMed Google Scholar

  9. Andreas Roth
    View author publications

    You can also search for this author in PubMed Google Scholar

  10. Steffen Schlager
    View author publications

    You can also search for this author in PubMed Google Scholar

  11. Peter H. Schmitt
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Wolfgang Ahrendt.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Ahrendt, W., Baar, T., Beckert, B. et al. The KeY tool. Softw Syst Model 4, 32–54 (2005). https://doi.org/10.1007/s10270-004-0058-x

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10270-004-0058-x

Keywords

Search

Navigation