Verifying OpenJDK's LinkedList using KeY

As a particular case study of the formal verification of state-of-the-art, real software, we discuss the specification and verification of a corrected version of the implementation of a linked list as provided by the Java Collection framework

A Tutorial on Verifying LinkedList Using KeY

This is a tutorial paper on using KeY to demonstrate formal verification of state-of-the-art, real software. In sufficient detail for a beginning user of JML and KeY, the specification and verification of part of a corrected version of the java.util.LinkedList class of the Java Collection framework is explained. The paper includes video material that shows recordings of interactive sessions, and project files with solutions. As such, this material is also interesting for the expert user and the developer of KeY as a ‘benchmark’ for specification and (automatic) verification techniques

Integrating ADTs in KeY and their application to history-based reasoning about collection

We discuss integrating abstract data types (ADTs) in the KeY theorem prover by a new approach to model data types using Isabelle/HOL as an interactive back-end, and represent Isabelle theorems as user-defined taclets in KeY. As a case study of this new approach, we reason about Java’s Collection interface using histories, and we prove the correctness of several clients that operate on multiple objects, thereby significantly improving the state-of-the-art of history-based reasoning. Open Science. Includes video material (Bian and Hiep in FigShare, 2021. https://doi.org/10.6084/m9.figshare.c.5413263) and a source code artifact (Bian et al. in Zenodo, 2022. https://doi.org/10.5281/zenodo.7079126)

History-based specification and verification of Java Collections in KeY

In this feasibility study we discuss reasoning about the correctness of Java interfaces using histories, with a particular application to Java’s Collection interface. We introduce a new specification method (in the KeY theorem prover) using histories, that record method invocations including their parameters and return value, on an interface. We outline the challenges of proving client code correct with respect to arbitrary implementations, and describe a practical specification and verification effort of part of the Collection interface using KeY (including source and video material)

The importance of NOx control for peak ozone mitigation based on a sensitivity study using CMAQ‐HDDM‐3D model during a typical episode over the Yangtze River delta region, China.

In recent years, ground-level ozone (O3) has been one of the main pollutants hindering air quality compliance in China's large city-clusters including the Yangtze River Delta (YRD) region. In this work, we utilized the process analysis (PA) and the higher-order decoupled direct method (HDDM-3D) tools embedded in the Community Multiscale Air Quality model (CMAQ) to characterize O3 formation and sensitivities to precursors during a typical O3 pollution episode over the YRD region in July 2018. Results indicate that gas-phase chemistry contributed dominantly to the ground-level O3 although a significant proportion was chemically produced at the middle and upper boundary layer before reaching the surface via diffusion process. Further analysis of the chemical pathways of O3 and Ox formation provided deep insights into the sensitivities of O3 to its precursors that were consistent with the HDDM results. The first-order sensitivities of O3 to anthropogenic volatile organic compounds (AVOC) were mainly positive but small, and temporal variations were negligible compared with those to NOx. During the peak O3 time in the afternoon, the first- and second-order sensitivities of O3 to NOx were significantly positive and negative, respectively, suggesting a convex response of O3 to NOx over most areas including Shanghai, Hangzhou, Nanjing and Hefei. These findings further highlighted an accelerated decrease in ground-level O3 in the afternoon corresponding to continuous decrease of NOx emissions in the afternoon. Therefore, over the YRD region including its metropolises, NOx emission reductions will be more important in reducing the afternoon peak O3 concentration compared with the effect of VOC emission control alone

Significant Impact of Reactive Chlorine on Complex Air Pollution Over the Yangtze River Delta Region, China

27 pags., 17 figs., 3 tabs.The chlorine radical (Cl) plays a crucial role in the formation of secondary air pollutants by determining the total atmospheric oxidative capacity (AOC). However, there are still large discrepancies among studies on chlorine chemistry, mainly due to uncertainties from three aspects: (a) Anthropogenic emissions of reactive chlorine species from disinfectant usage are typically overlooked. (b) The heterogeneous reaction uptake coefficients used in air quality models resulted in certain differences. (c) The co-effect of anthropogenic and natural emissions is rarely investigated. In this study, the Weather Research and Forecasting (WRF)-Community Multiscale Air Quality (CMAQ) modeling system (updated with 21 new reactions and a comprehensive emissions inventory) was used to simulate the combined impact of chlorine emissions on the air quality of a coastal city cluster in the Yangtze River Delta (YRD) region. The results indicate that the new emissions of reactive chlorine and the updated gas-phase and heterogeneous chlorine chemistry can significantly enhance the AOC by 21.3%, 8.7%, 43.3%, and 58.7% in spring, summer, autumn, and winter, respectively. This is more evident in inland areas with high Cl concentrations. Our updates to the chlorine chemistry also increases the monthly mean maximum daily 8-hr average (MDA 8) O3 mixing ratio by 4.1–7.0 ppbv in different seasons. Additionally, chlorine chemistry promotes the formation of fine particulate matter (PM2.5), with maximum monthly average enhancements of 4.7–13.3 μg/m3 in different seasons. This study underlines the significance of adding full chlorine emissions and updating chlorine chemistry in air quality models, and demonstrates that chlorine chemistry may significantly impact air quality over coastal regions.This research is supported by the National Natural Science Foundation of China under Grant 42075144. The CSIC team is supported by the European Research Council Executive Agency under the European Union's Horizon 2020 Research and Innovation Programme (Project ERC-2016- COG 726349 CLIMAHAL). The HKPolyU team is supported by the Hong Kong Research Grants Council (Project T24-504/17-N). This work is supported by Shanghai Technical Service Center of Science and Engineering Computing, Shanghai University.Peer reviewe

Verifying OpenJDK's LinkedList using KeY: Video

In this 30 minute session, we show how to prove the correctness of the method contract of unlinkLast of java.util.LinkedList using the KeY prover. The method contract is specified using JML (not shown in video)

Integrating ADTs in KeY and their Application to History-based Reasoning : Video Material

This is the collection of video material that used in "Integrating ADTs in KeY and their Application to History-based Reasoning". It contains screen recordings of interactive proof sessions with the KeY theorem prover. Each video displays how to create a proof for case study. The method contracts are expressed in the Java Modeling Language (not shown in the video). We discuss integrating abstract data types (ADTs) in the KeY theorem prover by a new approach to model data types using Isabelle/HOL as an interactive back-end, and translate Isabelle theorems to user-defined taclets in KeY. As a case study of this new approach, we reason about Java's Collection interface using histories, and we prove the correctness of several clients that operate on multiple objects, thereby significantly improving the state-of-the-art of history-based reasoning

Reasoning About Invariant Properties of Object-oriented Programs - dynamic frames

This video shows how to proving reachability property of push method .The method contract is specified in JML (not shown in this video)

A tutorial on verifying LinkedList using KeY: Video material

This collection of video material consists of screen recordings of interactive proof sessions with the KeY theorem prover. Each video displays how to create a proof for part of one method contract, or proofs of several method contracts. The method contracts are expressed in the Java Modeling Language with KeY-specific extensions (not shown in the video)