The KeY system 1.0 (Deduction Component)

The KeY system is a development of the ongoing KeY project, whose aim is to integrate formal specification and deductive verification into the industrial software engineering processes. The deductive component of the KeY system is a novel interactive/automated prover for first-order Dynamic Logic for Java. The KeY prover features a userfriendly graphical interface, a backtracking-free free-variable sequent calculus with equality, a simple and powerful theory formalization language called “taclets,” solution procedures for linear and non-linear integer arithmetic, external theorem prover integration, and facilities for proof reuse, among other aspects. The system is publicly available. Introduction. The KeY system is the main software product of the KeY project, a joint effort between the University of Karlsruhe, Chalmers University of Technology in Göteborg, and the University of Koblenz. The KeY system is a formal software development tool that aims to integrate design, implementation, formal specification, and formal verification of object-oriented software as seamlessly as possible. At the core of the system is a deductive verification component, which also can be used as a stand-alone prover. It employs a freevariable sequent calculus for first-order Dynamic Logic for JAVA. The calculus is proof-confluent, i.e., no backtracking is necessary during proof search. While we constantly strive to increase the degree of automation, user interaction remains indispensable in deductive program verification. The main design goal of the KeY prover is thus a seamless integration of automated and interactive proving. Efficiency must be measured in terms of user plus prover, not just prover alone. Therefore, a good user interface for proof state presentation and rule application, a high level of automation, extensibility of the rule base, and a calculus without backtracking are all important features. In this paper we concentrate on the description of the KeY prover and the reasoning techniques it employs. The prover consists of ca. 124,000 lines of JAVA code. The standard rule base consists of 1,725 rules that are written in about 15,000 lines of KeY’s “taclet” rule description language. About 1,300 of these formalize the semantics of the JAVA programming language. The system has been created by 14 implementors since 1999, who spent a total of about 30 person years. Recently, version 1.0 of the KeY system has been released in connection with the KeY book [2]. The KeY tool is available under GPL and can be downloaded from www.key-project.org. The KeY Program Verification System. The architecture of the KeY system is shown in Fig. 1. Optional plugins to the popular Eclipse IDE and to the Borland Together CASE tool suite are intended to lower initial adoption cost for users with no or little training in formal methods. KeY supports several languages for specifying properties of object-oriented models. Many people 1 Not counting comments. These numbers are based on our estimates and the results of the SLOCCount tool (www.dwheeler.com/sloccount). Lightweight Usage of Formal Methods FM expert Logic xpgWizard g English OCL/UML gJML g Logic gTaclets g Borland Together CC Eclipse IDE OCL/NL Tool JML Browser KeY Plugin KeY Plugin OCL/FOL Translation JML/FOL Translation Synthesis of Proof Obligations KeY Prover Rule Base