This paper reports on the ongoing KeY project aimed at bridging the gap between (a) object-oriented software engineering methods and tools and (b) deductive verification. A distinctive feature of our approach is the use of a commercial CASE tool enhanced with functionality for formal specifiation and deductive verification.

In this paper, we define a translation of UML class diagrams with OCL constraints into first-order predicate logic. The goal is logical reasoning about UML models, realized by an interactive theorem prover. We put an emphasis on usability of the formulas resulting from the translation, and we have developed optimisations and heuristics to enhance the e#ciency of the theorem proving process.

KeY is a tool that provides facilities for formal specification and verification of programs within a commercial platform for UML based software development. Using the KeY tool, formal methods and object-oriented development techniques are applied in an integrated manner. Formal specification is performed using the Object Constraint Language (OCL), which is part of the UML standard. KeY provides support for the authoring and formal analysis of OCL constraints. The target language of KeY based development is JAVA CARD, a proper subset of JAVA for smart card applications and embedded systems. KeY uses a dynamic logic for JAVA CARD to express proof obligations, and provides a state-of-the-art theorem prover for interactive and automated verification. Apart from its integration into UML based software development, a characteristic feature of KeY is that formal specification and verification can be introduced incrementally.

In this paper we showby using the example of UML, how a software engineering method can benefit from an integrative mathematical foundation. The mathematical foundation is given by a mathematical system model. This model provides the basis both for integrating the various description techniques of UML and for implementing methodical support. After describing the basic concepts of the system model, wegiveashortoverview of the UML description techniques.

We outline and clarify the essential concepts of the componentware paradigm. Based on the proposed definitions, we introduce a number of useful description techniques, and sketch a flexible process model for component-based development. The presented techniques and concepts serve as building blocks of an overall methodology for componentware which is the focus of our current work. Keywords: Componentware, Methodology, Description Techniques, Process Model 1 Introduction Componentware is concerned with the development of software systems by using components as the essential building blocks. It is not a revolutionary approach but incorporates successful concepts from established paradigms like objectorientation while trying to overcome some of their deficiencies. Proper encapsulation of common functionality, for example, and intuitive graphical description techniques like class diagrams are keys to the widespread success of an object-oriented software development process. However, the ...

Abstract. KeY is a tool that provides facilities for formal specification and verification of programs within a commercial platform for UML based software development. Using the KeY tool, formal methods and object-oriented development techniques are applied in an integrated manner. Formal specification is performed using the Object Constraint Language (OCL), which is part of the UML standard. KeY provides support for the authoring and formal analysis of OCL constraints. The target language of KeY based development is Java Card DL, a proper subset of Java for smart card applications and embedded systems. KeY uses a dynamic logic for Java Card DL to express proof obligations, and provides a state-of-the-art theorem prover for interactive and automated verification. Apart from its integration into UML based software development, a characteristic feature of KeY is that formal specification and verification can be introduced incrementally. Keywords: Object-oriented design – Formal specification – Formal verification – UML – OCL – Design patterns – Java 1

We present an OCL-like formal notation for interface constraints, called ICL, suited to describe the required observable behavior of any correct interface implementation (provided by some class). The semantics of the ICL notation is defined by a translation to the observational logic institution. For specifying constraints on classes we use a subset of OCL to express invariants and pre- and post-conditions on operations. The semantics of the OCL expressions is defined by a translation into an algebraic specification. Using these semantic foundations we introduce a formal correctness notion for implementation relations between interfaces and classes and we show how to prove implementation correctness by using observational proof techniques.

In a systematic development of distributed interactive software systems composed of components we work with a basic system model and description techniques providing specific views and abstractions of systems such as . the interface view, . the distribution view, and . the state transition view.

. We introduce a mathematical model of components that can be used for the description of both hardware and software units forming distributed interactive systems. As part of a distributed system a component interacts with its environment by exchanging messages in a time frame. The interaction is performed by accepting input and by producing output messages on named channels. We describe forms of composition and three forms of refinement, namely property refinement, glass box refinement, and interaction refinement. Finally, we prove the compositionality of the mathematical model with respect to the introduced refinement relations. 1. Introduction For a discipline of system development firmly based on a scientific theory we need a clear notion of components and ways to manipulate and to compose them. In this paper, we introduce a mathematical model of a component with the following characteristics: . A component is interactive. . It is connected with its environments by named and ty...

Abstract. In this paper, we present an approach to define the semantics for object-oriented modeling languages. One important property of this semantics is to support underspecified and incomplete models. To this end, semantics is given as predicates over elements of the semantic domain. This domain is called the system model which is a general declarative characterization of object systems. The system model is very detailed since it captures various relevant structural, behavioral, and interaction aspects. This allows us to re-use the system model as a domain for various kinds of object-oriented modeling languages. As a major consequence, the integration of language semantics is straight-forward. The whole approach is supported by tools that do not constrain the semantics definition’s expressiveness and flexibility while making it machinecheckable. 1