Verification of object-oriented software: The KeY approach

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 4334 LNAI, Issue , 2007, Pages 1-678

[No Author Info available]

Author keywords

[No Author keywords available]

Indexed keywords

EID: 38849137985     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: None     Document Type: Conference Paper

References (214)

1. Martín Abadi and K. Rustan M. Leino. A logic of object-oriented programs. In Michel Bidoit and Max Dauchet, editors, Proc. TAPSOFT: Theory and Practice of Software Development, 7th International Joint Conference CAAP/FASE, Lille, France, volume 1214 of LNCS, pages 682-696. Springer, 1997.
2. Jean-Raymond Abrial. Event based sequential program development: Application to constructing a pointer program. In Keijiro Araki, Stefania Gnesi, and Dino Mandrioli, editors, Proc. Formal Methods, International Symposium of Formal Methods Europe, Pisa, Italy, volume 2805, pages 51-74. Springer, September 2003.
3. Jean-Raymond Abrial. The B Book: Assigning Programs to Meanings. Cambridge University Press, August 1996.
4. Wolfgang Ahrendt, Thomas Baar, Bernhard Beckert, Richard Bubel, Martin Giese, Reiner Hähnle, Wolfram Menzel, Wojciech Mostowski, Andreas Roth, Steffen Schlager, and Peter H. Schmitt. The KeY tool: integrating object oriented design and formal verification. Software and System Modeling, 4(1):32-54, 2005a.
5. Wolfgang Ahrendt, Andreas Roth, and Ralf Sasse. Automatic validation of transformation rules for Java verification against a rewriting semantics. In Geoff Sutcliffe and Andrei Voronkov, editors, Proc. 12th International Conference on Logic for Programming, Artificial Intelligence and Reasoning, Montego Bay, Jamaica, volume 3835 of LNCS, pages 412-426. Springer, December 2005b.
6. Christopher Alexander. A Pattern Language: Towns, Buildings, Construction. Number 2 in Center for Environmental Structure series. Oxford University Press, New York, 1977.
7. Christopher Alexander. The origins of pattern theory: The future of the theory and the generation of a living world. IEEE Software, pages 71-82, September/October 1999.
8. Paulo Sergio Almeida. Controlling sharing of state in data types. In M. Aksit and S. Matsuoka, editors, ECOOP '97-Object-Oriented Programming, volume 1241 of LNCS, pages 32-59. Springer, 1997.
9. Gustav Andersson. OCL constraints for design patterns in the KeY project. Master's thesis, Department of Computer Science and Engineering, Chalmers University of Technology, June 2005.
10. Tawcesup Apiwattanapong, Alessandro Orso, and Mary Jean Harrold. A differencing algorithm for object-oriented programs. In Proc. 19th IEEE International Conference on Automated Software Engineering, pages 2-13, Linz, Austria, September 2004. IEEE Computer Society.
11. Thomas Baar. OCL and graph transformations: A symbiotic alliance to alleviate the frame problem. In Jean-Michel Bruel, editor, Satellite Events at the MoDELS 2005 Conference: MoDELS 2005 International Workshops, Montego Bay, Jamaica, Revised Selected Papers, volume 3844 of LNCS, pages 20-31. Springer, 2006.
12. Thomas Baar, Reiner Hähnle, Theo Sattler, and Peter H. Schmitt. Entwurfsmustergesteuerte Erzeugung von OCL-Constraints. In Kurt Mehlhorn and Gregor Snelting, editors, Softwaretechnik-Trends, Informatik Aktuell, pages 389-404. Springer-Verlag, September 2000.
13. Thomas Baar, Bernhard Beckert, and Peter H. Schmitt. An extension of Dynamic Logic for modelling OCL's @ pre operator. In Dines Bjørner, Manfred Broy, and Alexandre V. Zamulin, editors, Proc. Fourth Andrei Ershov International Conference, Perspectives of System Informatics, Novosibirsk, Russia, volume 2244 of LNCS, pages 47-54. Springer, 2001.
14. Thomas Ball and Sriram K. Rajamani. Boolean programs: A model and process for software analysis. Technical Report MSR-TR-200-14, Microsoft Research, 2000.
15. Thomas Ball, Byron Cook, Vladimir Levin, and Sriram K. Rajamani. SLAM and static driver verifier: Technology transfer of formal methods inside Microsoft. In Eerke A. Boiten, John Derrick, and Graeme Smith, editors, Proc. Integrated Formal Methods, 4th International Conference, IFM 2004, Canterbury, UK, volume 2999 of LNCS, pages 1-20. Springer, 2004.
16. Michael Balser, Wolfgang Reif, Gerhard Schellhorn, Kurt Stenzel, and Andreas Thums. Formal system development with KIV. In T. Maibaum, editor, Proc. Fundamental Approaches to Software Engineering, Berlin, Germany, volume 1783 of LNCS, pages 363-366. Springer, 2000.
17. Richard Banach and Michael Poppleton. Retrenchment: An Engineering Variation on Refinement. In Didier Bert, editor, B'98: Recent Advances in the Development and Use of the B Method, Second International B Conference, Montpellier, France, April 22-24, 1998, Proceedings, volume 1393 of LNCS, pages 129-147. Springer, 1998.
18. Richard Banach and Michael Poppleton. Sharp retrenchment, modulated refinement and punctured simulation. Formal Aspects of Computing, 11: 498-540, 1999.
19. Michael Barnett and David A. Naumann. Friends need a bit more: Maintaining invariants over shared state. In Dexter Kozen and Carron Shankland, editors, Proc. Mathematics of Program Construction, 7th International Conference, Stirling, Scotland, UK, volume 3125 of LNCS, pages 54-84. Springer, 2004.
20. Mike Barnett, K. Rustan M. Leino, and Wolfram Schulte. The Spec# programming system: an overview. In Gilles Barthe, Lilian Burdy, Marieke Huisman, Jean-Louis Lanet, and Traian Muntean, editors, Post Conference Proceedings of CASSIS: Construction and Analysis of Safe, Secure and Interoperable Smart devices, Marseille, volume 3362 of LNCS, pages 49-69. Springer-Verlag, 2005.
21. Gilles Barthe, Pedro R. D'Argenio, and Tamara Rezk. Secure information flow by self-composition. In Proc. 17th IEEE Computer Security Foundations Workshop, CSFW-17, Pacific Grove, CA, USA, pages 100-114. IEEE Computer Society, 2004.
22. Gilles Barthe, Mariela Pavlova, and Gerardo Schneider. Precise analysis of memory consumption using program logic. In Bernhard Beckert and Bernhard Aichernig, editors, Proc. Software Engineering and Formal Methods Conference, Koblenz, Germany, pages 86-95. IEEE Computer Society, 2005.
23. Markus Baum. Proof Visualization. Studienarbeit, Department of Computer Science, University of Karlsruhe, 2006.
24. Bernhard Beckert. A dynamic logic for the formal verification of Java Card programs. In I. Attali and T. Jensen, editors, Java on Smart Cards: Programming and Security. Revised Papers, Java Card 2000, International Workshop, Cannes, France, volume 2041 of LNCS, pages 6-24. Springer, 2001.
25. Bernhard Beckert and Vladimir Klebanov. Must program verification systems and calculi be verified? In Proceedings, 3rd International Verification Workshop (VERIFY), Workshop at Federated Logic Conferences (FLoC), Seattle, USA, pages 34-41, 2006.
26. Bernhard Beckert and Wojciech Mostowski. A program logic for handling Java Card's transaction mechanism. In Mauro Pezzé, editor, Proceedings, Fundamental Approaches to Software Engineering (FASE), Warsaw, Poland, volume 2621 of LNCS, pages 246-260. Springer-Verlag, 2003.
27. Bernhard Beckert and André Platzer. Dynamic logic with non-rigid functions: A basis for object-oriented program verification. In U. Furbach and N. Shankar, editors, Proceedings, International Joint Conference on Automated Reasoning, Seattle, USA, volume 4130 of LNCS, pages 266-280. Springer, 2006.
28. Bernhard Beckert and Bettina Sasse. Handling Java's abrupt termination in a sequent calculus for Dynamic Logic. In B. Beckert, R. France, R. Hähnle, and B. Jacobs, editors, Proceedings, IJCAR Workshop on Precise Modelling and Deduction for Object-oriented Software Development, Siena, Italy, pages 5-14. Technical Report DII 07/01, Dipartimento di Ingegneria dell'Informazione, Università degli Studi di Siena, 2001.
29. Bernhard Beckert and Steffen Schlager. Software verification with integrated data type refinement for integer arithmetic. In Eerke A. Boiten, John Derrick, and Graeme Smith, editors, Proceedings, International Conference on Integrated Formal Methods, Canterbury, UK, volume 2999 of LNCS, pages 207-226. Springer, 2004.
30. Bernhard Beckert and Steffen Schlager. Refinement and retrenchment for programming language data types. Formal Aspects of Computing, 17(4): 423-442, 2005.
31. Bernhard Beckert and Steffen Schlager. A sequent calculus for first-order dynamic logic with trace modalities. In R. Gorè, A. Leitsch, and T. Nipkow, editors, Proceedings, International Joint Conference on Automated Reasoning, Siena, Italy, LNCS 2083, pages 626-641. Springer, 2001.
32. Bernhard Beckert and Peter H. Schmitt. Program verification using change information. In Proceedings, Software Engineering and Formal Methods (SEFM), Brisbane, Australia, pages 91-99. IEEE Press, 2003.
33. Bernhard Beckert and Kerry Trentelman. Second-order principles in specification languages for object-oriented programs. In G. Suttcliff and A. Voronkov, editors, Proceedings, 12th International Conference on Logic for Programming, Artificial Intelligence and Reasoning, Montego Bay, Jamaica, volume 3835 of LNCS. Springer, 2005.
34. Bernhard Beckert, Martin Giese, Elmar Habermalz, Reiner Hähnle, Andreas Roth, Philipp Rümmer, and Steffen Schlager. Taclets: a new paradigm for constructing interactive theorem provers. Revista de la Real Academia de Ciencias Exactas, Físicas y Naturales, Serie A: Matemáticas, 98(1):17-53, 2004. Special Issue on Symbolic Computation in Logic and Artificial Intelligence.
35. Bernhard Beckert, Thorsten Bormer, and Vladimir Klebanov. Reusing proofs when program verification systems are modified. In Proc. Software Certificate Management Workshop (SoftCeMent), Long Beach, USA, pages 41-46, 2005a.
36. Bernhard Beckert, Steffen Schlager, and Peter H. Schmitt. An improved rule for while loops in deductive program verification. In Kung-Kiu Lau, editor, Proceedings, Seventh International Conference on Formal Engineering Methods (ICFEM), Manchester, UK, volume 3785 of LNCS, pages 315-329. Springer, 2005b.
37. Mordechai Ben-Ari. Mathematical Logic for Computer Science. Springer Verlag, second edition, 2003.
38. Eerke Boiten and John Derrick. IO-Refinement in Z. In A. Evans, D. Duke, and T. Clark, editors, 3rd BCS-FACS Northern Formal Methods Workshop, Electronic Workshops in Computing. Springer-Verlag, September 1998.
39. Chandrasekhar Boyapati, Barbara Liskov, and Liuba Shrira. Ownership types for object encapsulation. In Cindy Norris and Jr. James B. Fenwick, editors, Proc. 30th ACM SIGPLAN-SIGACT Symposium on Principles of programming languages (POPL), volume 38, 1 of ACM SIGPLAN Notices, pages 213-223, New Orleans, Louisiana, January 2003. ACM Press.
40. Robert Boyer. Proving theorems about Java and the JVM with ACL2. In M. Broy and M. Pizka, editors, Models, Algebras and Logic of Engineering Software, pages 227-290. IOS Press, Amsterdam, 2003.
41. Robert S. Boyer and J Strother Moore. A Computational Logic Handbook. Academic Press, New York, 1988.
42. John Boyland. Alias burying: Unique variables without destructive reads. Software-Practice and Experience, 31(6):533-553, May 2001.
43. Cees-Bart Breunesse. On JML: Topics in Tool-assisted Verification of Java Programs. PhD thesis, Radboud University of Nijmegen, 2006.
44. Cees-Bart Breunesse and Erik Poll. Verifying JML specifications with model fields. In Proc. Workshop on Formal Techniques for Java-like Programs, pages 51-60, 2003. Technical Report 408, ETH Zurich.
45. Cees-Bart Breunesse, Bart Jacobs, and Joachim van den Berg. Specifying and verifying a decimal representation in Java for smart cards. In H. Kirchner and C. Ringeissen, editors, Algebraic Methodology and Software Technology (AMAST'02), LNCS, pages 304-318. Springer-Verlag, 2002.
46. Manfred Broy and Peter Pepper. Combining algebraic and algorithmic reasoning: An approach to the Schorr-Waite algorithm. ACM Transactions on Programming Languages and Systems, 4(3):362-381, 1982. doi: http://doi.acm.org/10.1145/357172.357175.
47. Achim D. Brucker and Burkhart Wolff. A proposal for a formal OCL semantics in Isabelle/HOL. In César Muñoz, Sophiène Tahar, and Víctor Carreño, editors, Theorem Proving in Higher Order Logics, volume 2410 of LNCS, pages 99-114. Springer-Verlag, Hampton, VA, USA, 2002.
48. Richard Bubel. Behandlung der Initialisierung von Klassen und Objekten in einer dynamischen Logik für Java Card. Studienarbeit, Fakultät für Informatik, Universität Karlsruhe, August 2001.
49. Richard Bubel and Reiner Hähnle. Integration of informal and formal development of object-oriented safety-critical software - a case study with the KeY system. Software Tools for Technology Transfer, 7(3): 197-211, June 2005.
50. Richard Bubel, Andreas Roth, and Philipp Rümmer. Ensuring correctness of lightweight tactics for Java Card dynamic logic. In Prel. Proc. of Workshop on Logical Frameworks and Meta-Languages (LFM), pages 84-105, 2004.
51. Lilian Burdy, Antoine Requet, and Jean-Louis Lanet. JAVA applet correctness: A developer-oriented approach. In Keijiro Araki, Stefania Gnesi, and Dino Mandrioli, editors, Proc. Formal Methods Europe, Pisa, Italy, volume 2805 of LNCS, pages 422-439. Springer-Verlag, 2003.
52. Lilian Burdy, Yoonsik Cheon, David Cok, Michael Ernst, Joe Kiniry, Gary T. Leavens, K. Rustan M. Leino, and Erik Poll. An overview of JML tools and applications. International Journal on Software Tools for Technology Transfer, 7(3):212-232, June 2005.
53. David A. Burke and Kristofer Johannisson. Translating formal software specifications to natural language: A grammar-based approach. In Philippe Blache, Edward Stabler, Joan Busquets, and Richard Moot, editors, Proc. Logical Aspects of Computational Linguistics (LACL), volume 3402 of LNCS, pages 51-66. Springer-Verlag, 2005.
54. Daniel Burrows. Static encapsulation analysis of Featherweight Java. Master's thesis, Graduate School of Pennsylvania State University, 2005.
55. Rod M. Burstall. Program proving as hand simulation with a little induction. In Information Processing '74, pages 308-312. Elsevier/North-Holland, 1974.
56. Patrice Chalin. Improving JML: For a safer and more effective language. In Keijiro Araki, Stefania Gnesi, and Dino Mandrioli, editors, Proc. Formal Methods Europe, Pisa, Italy, volume 2805 of LNCS, pages 440-461. Springer-Verlag, 2003.
57. Patrice Chalin. JML support for primitive arbitrary precision numeric types: Definition and semantics. Journal of Object Technology, 3(6):57-79, 2004.
58. Zhiqun Chen. Java Card Technology for Smart Cards: Architecture and Programmer's Guide. Java Series. Addison-Wesley, June 2000.
59. Tony Clark and Jos Warmer, editors. Object Modeling with the OCL, The Rationale behind the Object Constraint Language, volume 2263 of LNCS. Springer-Verlag, 2002.
60. Dave Clarke, John Potter, and James Noble. Ownership types for flexible alias protection. In Prc. ACM Conference on Object-Oriented Programming Systems, Languages and Applications (OOPSLA), pages 48-64, Vancouver, Canada, October 1998.
61. Robert L. Constable and Michael J. O'Donnell. A Programming Logic, with an Introduction to the PL/CV Verifier. Winthrop Publishers, 1978.
62. Byron Cook, Andreas Podelski, and Andrey Rybalchenko. Termination proofs for systems code. In Michael I. Schwartzbach and Thomas Ball, editors, Proc. ACM SIGPLAN Conference on Programming Language Design and Implementation, Ottawa, Ontario, Canada, volume 41, 6 of ACM SIGPLAN Notices, pages 415-426. ACM Press, June 2006.
63. Stephen A. Cook. Soundness and completeness of an axiom system for program verification. SIAM Journal of Computing, 7(1):70-90, 1978.
64. James O. Coplien. Software Patterns. SIGS Management Briefings. SIGS, New York, 1996.
65. John Corwin, David F. Bacon, David Grove, and Chet Murthy. MJ: A rational module system for Java and its applications. In Proc18th annual ACM SIGPLAN conference on Object-oriented Programing, Systems, Languages, and Applications (OOPSLA), pages 241-254, Anaheim, California, USA, 2003. ACM Press, doi: http://doi.acm.org/10.1145/949305.949326.
66. Hans-Joachim Daniels. Multilingual syntax editing for software specifications. Diplomarbeit, Fakultät für Informatik, Universität Karlsruhe, 2005.
67. Ádám Darvas, Reiner Hähnle, and Dave Sands. A theorem proving approach to analysis of secure information flow. In Dieter Hutter and Markus Ullmann, editors, Proc. 2nd International Conference on Security in Pervasive Computing, volume 3450 of LNCS, pages 193-209. Springer-Verlag, 2005.
68. Ewen Denney and Bernd Fischer. Software certification and software certificate management systems. In Proc. Software Certificate Management Workshop (SoftCeMent), Long Beach, USA, pages 1-6, 2005.
69. John Derrick and Eerke Boiten. Refinement in Z and Object-Z: Foundations and Advanced Applications. Formal Approaches to Computing and Information Technology. Springer-Verlag, 2001.
70. David L. Detlefs, K. Rustan M. Leino, Greg Nelson, and James B. Saxe. Extended static checking. Research Report #1998-159, Compaq Systems Research Center, Palo Alto, USA, December 1998.
71. Gilles Dowek, Amy Felty, Hugo Herbelin, Gérard Huet, Chet Murthy, Catherine Parent, Christine Paulin-Mohring, and Benjamin Werner. The Coq proof assistant user's guide. Rapport Techniques 154, INRIA, Rocquencourt, France, 1993. Version 5.8.
72. Matthew B. Dwyer, George S. Avrunin, and James C. Corbett. Property specification patterns for finite-state verification. In Mark Ardis, editor, Proc. 2nd Workshop on Formal Methods in Software Practice (FMSP-98), pages 7-15, New York, March 1998. ACM Press.
73. Matthew B. Dwyer, George S. Avrunin, and James C. Corbett. Patterns in property specifications for finite-state verification. In Proc. 21st International Conference on Software Engineering, pages 411-420. IEEE Computer Society Press, ACM Press, 1999.
74. Hans-Dieter Ebbinghaus, Jörg Flum, and Wolfgang Thomas. Mathematical logic. Undergraduate texts in mathematics. Springer Verlag, 1984.
75. Herbert B. Enderton. A Mathematical Introduction to Logic. Academic Press, second edition, 2000.
76. Christian Engel. A Translation from JML to JavaDL. Studienarbeit, Fakultät für Informatik, Universität Karlsruhe, February 2005.
77. European Space Agency. Ariane 501 inquiry board report, July 1996.
78. Azadeh Farzan, Feng Chen, José Meseguer, and Grigore Roşu. Formal analysis of Java programs in JavaFAN. In R. Alur and D. Peled, editors, Proceedings, 16th International Conference on Computer Aided Verification (CAV), volume 3114 of LNCS, pages 501-505. Springer, 2004.
79. Melvin C. Fitting. First-Order Logic and Automated Theorem Proving. Springer-Verlag, New York, second edition, 1996.
80. Melvin C. Fitting and Richard L. Mendelsohn. First-Order Modal Logic. Kluwer Academic Publishers, 1999.
81. Cormac Flanagan, K. Rustan M. Leino, Mark Lillibridge, Greg Nelson, James B. Saxe, and Raymie Stata. Extended static checking for Java. In Proc. ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation, Berlin, pages 234-245. ACM Press, 2002.
82. Jean Gallier. Logic for Computer Science. Harper & Row Publisher, 1986. Revised online version from 2003 available from author's web page at http://www.cis.upenn.edu/~jean/gbooks/logic.html.
83. Erich Gamma, Richard Helm, Ralph Johnson, and John Vlissides. Design Patterns: Elements of Reusable Object-Oriented Software. Addison-Wesley, Reading/MA, 1995.
84. Tobias Gedell and Reiner Hähnle. Automating verification of loops by parallelization. In Miki Herrmann, editor, Proc. Intl. Conf. on Logic for Programming Artificial Intelligence and Reasoning, Pnhom Penh, Cambodia, LNCS. Springer-Verlag, October 2006.
85. Robert Geisler, Marcus Klar, and Felix Cornelius. InterACT: An interactive theorem prover for algebraic specifications. In Martin Wirsing and Maurice Nivat, editors, Proc. 5th International Conference on Algebraic Methodology and Software Technology (AMAST), Munich, Germany, volume 1101 of LNCS, pages 563-566. Springer-Verlag, 1996.
86. Martin Giese. Incremental closure of free variable tableaux. In Rajeev Gore, Alexander Leitsch, and Tobias Nipkow, editors, Proc. Intl. Joint Conf. on Automated Reasoning IJCAR, Siena, Italy, volume 2083 of LNCS, pages 545-560. Springer-Verlag, 2001.
87. Martin Giese. Taclets and the KeY prover. In David Aspinall and Cristoph Lüth, editors, Proc. User Interfaces for Theorem Provers Workshop, Rome, Italy, Electronic Notes in Theoretical Computer Science. Elsevier, 2004.
88. Martin Giese. A calculus for type predicates and type coercion. In Bernhard Beckert, editor, Automated Reasoning with Analytic Tableaux and Related Methods, Tableaux 2005, volume 3702 of LNAI, pages 123-137. Springer, 2005.
89. Martin Giese and Daniel Larsson. Simplifying transformations of OCL constraints. In L. Briand, editor, 8th Intl. Conf. on Model Driven Engineering Languages and Systems, volume 3713 of LNCS, pages 309-323. Springer-Verlag, 2005.
90. Christoph Gladisch. Verification of C with KeY. Diplomarbeit, Department of Computer Science, University of Koblenz-Landau, 2006.
91. Kurt Gödel. Über formal unentscheidbare Sätze der Principia Mathematica und verwandter Systeme I. Monatshefte für Mathematik und Physik, 38: 173-198, 1931.
92. Martin Gogolla and Mark Richters. Expressing UML class diagrams properties with OCL. In Tony Clark and Jos Warmer, editors, Object Modeling with the OCL, The Rationale behind the Object Constraint Language, volume 2263 of LNCS, pages 85-114. Springer-Verlag, 2002.
93. Joseph Goguen and Jose Meseguer. Order-sorted algebra I: Equational deduction for multiple inheritance, overloading, exceptions and partial operations. Theoretical Computer Science, 105(2):217-273, 1992.
94. Reuben Louis Goodstein. On the restricted ordinal theorem. Journal of Symbolic Logic, 9(2):33-41, 1944.
95. James Gosling, Bill Joy, Guy Steele, and Gilad Bracha. The Java Language Specification. Addison Wesley, 2nd edition, 2000.
96. Jean Goubault-Larrecq and Ian Mackie. Proof Theory and Automated Deduction, volume 6 of Applied Logic Series. Kluwer Academic Publishers, May 1997.
97. David Gries and Fred B. Schneider. Avoiding the undefined by underspecification. In Jan van Leeuwen, editor, Computer Science Today: Recent Trends and Developments, volume 1000 of LNCS, pages 366-373. Springer-Verlag, New York, NY, 1995.
98. Yuri Gurevich. Evolving algebras 1993: Lipari guide. In Egon Borger, editor, Specification and Validation Methods, pages 9-36. Oxford University Press, 1995.
99. Elmar Habermalz. Interactive theorem proving with schematic theory specific rules. Technical Report 19/00, Fakultät für Informatik, Universität Karlsruhe, 2000a.
100. Elmar Habermalz. Ein dynamisches automatisierbares interaktives Kalkül für schematische theoriespezifische Regeln. PhD thesis, Universität Karlsruhe, 2000b.
101. Reiner Hähnle. Many-valued logic, partiality, and abstraction in formal specification languages. Logic Journal of the IPGL, 13(4):415-433, July 2005.
102. Reiner Hähnle and Wojciech Mostowski. Verification of safety properties in the presence of transactions. In Gilles Barthe and Marieke Huisman, editors, Proceedings, Construction and Analysis of Safe, Secure and Interoperable Smart devices (CASSIS'04) Workshop, volume 3362 of LNCS, pages 151-171. Springer, 2005.
103. Reiner Hähnle and Peter H. Schmitt. The liberalized 6-rule in free variable semantic tableaux. Journal of Automated Reasoning, 13(2):211-222, October 1994.
104. Reiner Hähnle and Angela Wallenburg. Using a software testing technique to improve theorem proving. In Alex Petrenko and Andreas Ulrich, editors, Post Conference Proceedings, 3rd International Workshop on Formal Approaches to Testing of Software (FATES), Montréal, Canada, LNCS. Springer-Verlag, 2003.
105. Reiner Hähnle, Kristofer Johannisson, and Aarne Ranta. An authoring tool for informal and formal requirements specifications. In Ralf-Detlef Kutsche and Herbert Weber, editors, Fundamental Approaches to Software Engineering (FASE), Grenoble, France, volume 2306 of LNCS, pages 233-248. Springer-Verlag, 2002.
106. David Harel. First-Order Dynamic Logic. Springer, 1979.
107. David Harel. Dynamic logic. In D. Gabbay and F. Guenthner, editors, Handbook of Philosophical Logic, volume II: Extensions of Classical Logic, chapter 10, pages 497-604. Reidel, Dordrecht, 1984.
108. David Harel, Dexter Kozen, and Jerzy Tiuryn. Dynamic Logic. MIT Press, 2000.
109. John Harrison. Formal verification of IA-64 division algorithms. In M. Aagaard and J. Harrison, editors, Proceedings, Theorem Proving in Higher Order Logics (TPHOLs), LNCS 1869, pages 234-251. Springer, 2000.
110. John Harrison. A machine-checked theory of floating point arithmetic. In Yves Bertot, Gilles Dowek, André Hirschowitz, Christine Paulin, and Laurent Théry, editors, Proceedings, Theorem Proving in Higher Order Logics (TPHOLs), Nice, France, LNCS 1690, pages 113-130. Springer, 1999.
111. Jifeng He, Tony Hoare, and Jeff W. Sanders. Data refinement refined. In B. Robinet and R. Wilhelm, editors, European Symposium on Programming, volume 213 of LNCS, pages 187-196. Springer, 1986.
112. Maritta Heisel, Wolfgang Reif, and Werner Stephan. Program verification by symbolic execution and induction. In K. Morik, editor, Proc. 11th German Workshop on Artificial Intelligence, volume 152 of Informatik Fachberichte. Springer-Verlag, 1987.
113. C. A. R. Hoare. An axiomatic basis for computer programming. Communications of the ACM, 12(10):576-580, 583, October 1969.
114. Tony Hoare. The verifying compiler: A grand challenge for computing research. Journal of the ACM, 50(1):63-69, 2003.
115. Tony Hoare. The ideal of verified software. In Thomas Ball and Robert B. Jones, editors, Proc. Computer Aided Verification, 18th International Conference (CAV), Seattle, WA, USA, volume 4144 of LNCS, pages 5-16. Springer-Verlag, 2006. URL http://dx.doi.org/10.1007/11817963_4.
116. John Hogg. Islands: Aliasing protection in object-oriented languages. In Andreas Paepcke, editor, Proc. Conference on Object-Oriented Programming Systems, Languages, and Applications (OOPSLA), pages 271-285. ACM Press, 1991.
117. Gerard J. Holzmann. The SPIN Model Checker. Pearson Education, 2003.
118. Engelbert Hubbers and Erik Poll. Reasoning about card tears and transactions in Java Card. In Michel Wermelinger and Tiziana Margaria, editors, Proc. Fundamental Approaches to Software Engineering (FASE), Barcelona, Spain, volume 2984 of LNCS, pages 114-128. Springer-Verlag, 2004a.
119. Engelbert Hubbers and Erik Poll. Transactions and non-atomic API calls in Java Card: specification ambiguity and strange implementation behaviours. Dept. of Computer Science NIII-R0438, Radboud University Nijmegen, 2004b.
120. Thierry Hubert and Claude Marché. A case study of C source code verification: the Schorr-Waite algorithm. In Bernhard K. Aichernig and Bernhard Beckert, editors, Proc. Third IEEE International Conference on Software Engineering and Formal Methods (SEFM), Koblenz, Germany, pages 190-199. IEEE Computer Society, 2005.
121. Marieke Huisman. Java Program Verification in Higher-Order Logic with PVS and Isabelle. PhD thesis, University of Nijmegen, The Netherlands, 2001.
122. Kees Huizing and Ruurd Kuiper. Verification of object oriented programs using class invariants. In T. S. E. Maibaum, editor, Proc. Fundamental Approaches to Software Engineering, Third International Conference, (FASE), Berlin, Germany, volume 1783 of LNCS, pages 208-221, 2000.
123. Michael Huth and Mark Ryan. Logic in Computer Science. Cambridge University Press, second edition, 2004.
124. Atsushi Igarashi, Benjamin C. Pierce, and Philip Wadler. Featherweight Java: A minimal core calculus for Java and GJ. ACM Transactions on Programming Languages and Systems, 23(3):396-450, 2001.
125. Bart Jacobs. Java's Integral Types in PVS. In E. Najim, U. Nestmann, and P. Stevens, editors, Formal Methods for Open Object-Based Distributed Systems (FMOODS 2003), volume 2884 of LNCS, pages 1-15. Springer, 2003.
126. Bart Jacobs and Erik Poll. A logic for the Java Modeling Language. In Heinrich Hußmann, editor, Proc. Fundamental Approaches to Software Engineering, 4th International Conference (FASE), Genova, Italy, volume 2029 of LNCS, pages 284-299. Springer-Verlag, 2001.
127. Bart Jacobs and Erik Poll. JAVA program verification at Nijmegen: Developments and perspective. In Software Security - Theories and Systems: Second Mext-NSF-JSPS International Symposium, ISSS 2003, Tokyo, Japan, November 4-6, 2003. Revised Papers, volume 3233 of LNCS, pages 134-153. Springer, 2003.
128. Bart Jacobs, Joseph Kiniry, and Martijn Warmer. Java Program Verification Challenges. In Frank S. de Boer, Marcello M. Bonsangue, Susanne Graf, and Willem-Paul de Roever, editors, Formal Methods for Components and Objects, volume 2852 of LNCS, pages 202-219. Springer, Berlin, 2003.
129. Bart Jacobs, Claude Marché, and Nicole Rauch. Formal verification of a commercial smart card applet with multiple tools. In Charles Rattray, Savitri Maharaj, and Carron Shankland, editors, Proc. 10th Conf. on Algebraic Methodology and Software Technology (AMAST), Stirling, UK, volume 3116 of LNCS, pages 241-257. Springer-Verlag, July 2004.
130. Janna Khegai, Bengt Nordström, and Aarne Ranta. Multilingual syntax editing in GF. In Alexander Gelbukh, editor, Intelligent Text Processing and Computational Linguistics (CICLing-2003), volume 2588 of LNCS. Springer, 2003.
131. James C. King. A program verifier. PhD thesis, Carnegie-Mellon University, 1969.
132. James C. King. Symbolic execution and program testing. Communications of the ACM, 19(7):385-394, July 1976.
133. Laurie Kirby and Jeff Paris. Accessible independence results for Peano arithmetic. Bull. London. Math. Soc., 14:285-293, 1982.
134. Gerwin Klein and Tobias Nipkow. A machine-checked model for a Java-like language, virtual machine and compiler. ACM Transactions on Programming Languages and Systems, 28:619-695, 2006.
135. Thomas Kolbe and Christoph Walther. Reusing proofs. In Anthony G. Cohn, editor, Proc. 11th European Conference on Artificial Intelligence, Amsterdam, The Netherlands, pages 80-84. John Wiley and Sons, 1994.
136. Sascha Konrad, Laura A. Campbell, Betty H. C. Cheng, and Min Deng. A requirements patterns-driven approach to specify systems and check properties. In Thomas Ball and Sriram K. Rajamani, editors, Proc. Model Checking Software, 10th International SPIN Workshop. Portland, OR, USA, volume 2648 of LNCS, pages 18-33. Springer-Verlag, 2003.
137. Dexter Kozen and Jerzy Tiuryn. Logics of programs. In Jan van Leeuwen, editor, Handbook of Theoretical Computer Science, volume B: Formal Models and Semantics, chapter 14, pages 789-840. The MIT Press, 1990.
138. Daniel Larsson and Reiner Hähnle. Symbolic fault injection. Technical Report 2006-17, Department of Computer Science and Engineering, Chalmers University of Technology and Göteborg University, 2006.
139. Daniel Larsson and Wojciech Mostowski. Specifying JAVA CARD API in OCL. In Peter H. Schmitt, editor, OCL 2.0 Workshop at UML 2003, volume 102C of ENTCS, pages 3-19. Elsevier, November 2004.
140. Gary T. Leavens and Krishna Kishore Dhara. Concepts of behavioral subtyping and a sketch of their extension to component-based systems. In Gary T. Leavens and Murali Sitaraman, editors, Foundations of Component-Based Systems, chapter 6, pages 113-135. Cambridge University Press, 2000.
141. Gary T. Leavens, Albert L. Baker, and Clyde Ruby. JML: A Notation for Detailed Design. In Haim Kilov, Bernhard Rumpe, and Ian Simmonds, editors, Behavioral Specifications of Businesses and Systems, pages 175-188. Kluwer, 1999.
142. Gary T. Leavens, Albert L. Baker, and Clyde Ruby. Preliminary design of JML: A behavioral interface specification language for Java. Technical Report 98-06y, Iowa State University, Department of Computer Science, 2003. Revised June 2004.
143. Gary T. Leavens, Erik Poll, Curtis Clifton, Yoonsik Cheon, Clyde Ruby, David Cok, Peter Müller, Joseph Kiniry, and Patrice Chalin. JML Reference Manual, August 2006. Draft revision 1.197.
144. K. Rustan M. Leino. Efficient weakest preconditions. Information Processing Letters, 93(6):281-288, 2005. doi: http://dx.doi.org/10.1016/j. ipl.2004.10.015.
145. Barbara Liskov and John Guttag. Program development in Java: abstraction, specification, and object-oriented design. Addison-Wesley, Reading, MA, USA, 2000.
146. Barbara Liskov and Jeannette M. Wing. A behavioral notion of subtyping. ACM Trans. Program. Lang. Syst., 16(6):1811-1841, 1994.
147. Maria Manzano. Extensions of First Order Logic, volume 19 of Cambridge Tracts in Theoretical Computer Science. Cambridge University Press, 1996. Chapter VI and VII on many-sorted logic.
148. Claude Marché and Nicolas Rousset. Verification of JAVA CARD applets behavior with respect to transactions and card tears. In Proc. Software Engineering and Formal Methods (SEFM), Pune, India. IEEE CS Press, 2006.
149. Claude Marché, Christine Paulin-Mohring, and Xavier Urbain. The KRAKATOA tool for certification of Java/Java Card programs annotated in JML. Journal of Logic and Algebraic Programming, 58(1-2):89-106, 2004.
150. Renaud Marlet and Cédric Mesnil. Demoney: A demonstrative electronic purse - Card specification. Technical Report SECSAFE-TL-007, Trusted Logic S.A., November 2002.
151. Renaud Marlet and Daniel Le Métayer. Security properties and JAVA CARD specificities to be studied in the SecSafe project. Technical Report SECSAFE-TL-006, Trusted Logic S.A., August 2001.
152. Farhad Mehta and Tobias Nipkow. Proving pointer programs in higher-order logic. In Franz Baader, editor, Proc. 19th Intern. Conf. on Automated Deduction (CADE), Miami, FL, USA, volume 2741 of LNCS, pages 121-135. Springer-Verlag, 2003.
153. Erica Melis and Axel Schairer. Similarities and reuse of proofs in formal software verification. In Barry Smyth and Pádraig Cunningham, editors, Proc. European Workshop on Advances in Case-Based Reasoning (EW-CBR), Dublin, Ireland, volume 1488 of LNCS, pages 76-78, 1998.
154. Erica Melis and Jon Whittle. Analogy in inductive theorem proving. J. Autom. Reason., 22(2):117-147, 1999. doi: http://dx.doi.org/10.1023/A: 1005936130801.
155. José Meseguer and Grigore Rosu. Rewriting logic semantics: From language specifications to formal analysis tools. In D. Basin and M. Rusinowitch, editors, Automated Reasoning, Second International Joint Conference, IJ-CAR 2004, Cork, Ireland, Proceedings, volume 3097 of LNCS, pages 1-44. Springer, 2004.
156. Bertrand Meyer. Applying "design by contract". IEEE Computer, 25(10): 40-51, October 1992.
157. Jörg Meyer and Arnd Poetzsch-Heffter. An architecture for interactive program provers. In Susanne Graf and Michael I. Schwartzbach,
158. Carroll Morgan. Programming from specifications. International series in computer science. Prentice-Hall, 1990.
159. Wojciech Mostowski. Formalisation and verification of Java Card security properties in dynamic logic. In Maura Cerioli, editor, Proc. Fundamental Approaches to Software Engineering (FASE), Edinburgh, volume 3442 of LNCS, pages 357-371. Springer-Verlag, April 2005.
160. Wojciech Mostowski. Formal reasoning about non-atomic JAVA CARD methods in Dynamic Logic. In Jayadev Misra, Tobias Nipkow, and Emil Sekerinski, editors, Proceedings, Formal Methods (FM) 2006, Hamilton, Ontario, Canada, volume 4085 of LNCS, pages 444-459. Springer, August 2006.
161. Wojciech Mostowski. Rigorous development of JAVA CARD applications. In T. Clarke, A. Evans, and K. Lano, editors, Proceedings, Fourth Workshop on Rigorous Object-Oriented Methods, London, U.K., March 2002.
162. Peter Müller. Modular specification and verification of object-oriented programs. Springer-Verlag, 2002.
163. Peter Müller, Arnd Poetzsch-Heffter, and Gary T. Leavens. Modular invariants for layered object structures. Science of Computer Programming, 62 (3):253-286, October 2006.
164. Eugene W. Myers. An O(N D) difference algorithm and its variations. Algorithmica, 1(2):251-266, 1986.
165. Stanislas Nanchen, Hubert Schmid, Peter H. Schmitt, and Robert F. Stärk. The ASMKeY prover. Technical Report 436, Department of Computer Science, ETH Zürich and Institute for Logic, Complexity and Deduction Systems, Universität Karlsruhe, 2003.
166. Anil Nerode and Richard A. Shore. Logic for Applications. Springer (second edition), 1979.
167. Tobias Nipkow. Jinja: Towards a comprehensive formal semantics for a Java-like language. In H. Schwichtenberg and K. Spies, editors, Proceedings, Marktobderdorf Summer School 2003. IOS Press, 2003.
168. Tobias Nipkow, Lawrence C. Paulson, and Markus Wenzel. Isabelle/HOL - A Proof Assistant for Higher-Order Logic, volume 2283 of LNCS. Springer-Verlag, 2002.
169. OCL 2.0. Object Constraint Language Specification, version 2.0. Object Modeling Group, June 2005. OMG document formal/2006-05-01.
170. David von Oheimb and Tobias Nipkow. Machine-checking the Java specification: Proving type-safety. In Jim Alves-Foss, editor, Formal Syntax and Semantics of Java, volume 1523 of LNCS. Springer-Verlag, June 1999.
171. Ola Olsson and Angela Wallenburg. Customised induction rules for proving correctness of imperative programs. In Bernhard Beckert and Bernhard Aichernig, editors, Proceedings, Software Engineering and Formal Methods (SEFM), Koblenz, Germany, pages 180-189. IEEE Press, 2005.
172. Frank Ortmeier, Wolfgang Reif, and Gerhard Schellhorn. Formal safety analysis of a radio-based railroad crossing using deductive cause-consequence analysis (DCCA). In Mario Dal Cin, Mohamed Kaâniche, and András Pataricza, editors, Proc. 5th European Dependable Computing Conference, Budapest, Hungary, volume 3463 of LNCS, pages 210-224. Springer-Verlag, 2005.
173. S. Owre, S. Rajan, J.M. Rushby, N. Shankar, and M.K. Srivas. PVS: Combining specification, proof checking, and model checking. In Rajeev Alur and Thomas A. Henzinger, editors, Computer-Aided Verification, CAV '96, volume 1102 of LNCS, pages 411-414. Springer, July/August 1996.
174. Jing Pan. A theorem proving approach to analysis of secure information flow using data abstraction. Master's thesis, Chalmers University of Technology and Göteborg University, 2005.
175. Lawrence C. Paulson. Isabelle: a generic theorem prover, volume 828 of LNCS. Springer-Verlag, 1994.
176. Mariela Pavlova, Gilles Barthe, Lilian Burdy, Marieke Huisman, and JeanLouis Lanet. Enforcing high-level security properties for applets. In Jean-Jacques Quisquater, Pierre Paradinas, Yves Deswarte, and Anas Abou El Kalam, editors, IFIP 18th World Computer Congress 2004, Smart Card Research and Advanced Applications (CARDIS), Toulouse, France. Kluwer, 2004.
177. Cees Pierik and Frank S. de Boer. A syntax-directed Hoare logic for object-oriented programming concepts. In Elie Najm, Uwe Nestmann, and Perdita Stevens, editors, Proc. Formal Methods for Open Object-Based Distributed Systems, 6th IFIP WG 6.1 International Conference (FMOODS), Paris, France, volume 2884 of LNCS, pages 64-78. Springer-Verlag, 2003.
178. André Platzer. Using a program verification calculus for constructing specifications from implementations. Studienarbeit, Universität Karlsruhe, Fakultät für Informatik, 2004a.
179. André Platzer. An object-oriented dynamic logic with updates. Master's thesis, Universität Karlsruhe, Fakultät für Informatik, September 2004b.
180. Arnd Poetzsch-Heffter. Specification and verification of object-oriented programs. Habilitation thesis, Technical University of Munich, January 1997.
181. Arnd Poetzsch-Heffter and Peter Müller. A programming logic for sequential Java. In S. D. Swierstra, editor, Proc. European Symposium on Programming (ESOP), Amsterdam, The Netherlands, volume 1576 of LNCS, 1999.
182. Erik Poll, Joachim van den Berg, and Bart Jacobs. Specification of the JAVA CARD API in JML. In J. Domingo-Ferrer, D. Chan, and A. Watson, editors, Fourth Smart Card Research and Advanced Application Conference (CARDIS'2000), pages 135-154. Kluwer Academic Publishers, 2000.
183. Vaughan R. Pratt. Semantical considerations on Floyd-Hoare logic. In Proc. 17th Annual IEEE Symposium on Foundation of Computer Science, Houston, TX, USA, pages 109-121. IEEE Computer Society, 1977.
184. Aarne Ranta. Grammatical Framework: A type-theoretical grammar formalism. The Journal of Functional Programming, 14(2):145-189, 2004.
185. Wolfgang Reif and Kurt Stenzel. Reuse of proofs in software verification. In Rudrapatna K. Shyamasundar, editor, Proc. Foundations of Software Technology and Theoretical Computer Science, Bombay, India, volume 761 of LNCS, pages 284-293. Springer-Verlag, 1993.
186. Alan Robinson and Andrei Voronkov, editors. Handbook of Automated Reasoning. Elsevier Science B.V., 2001.
187. Andreas Roth. Specification and verification of encapsulation in Java programs. In Martin Steffen and Gianluigi Zavattaro, editors, Proc. Formal Methods for Open Object-Based Distributed Systems, 7th IFIP WG 6.1 International Conference (FMOODS), Athens, Greece, volume 3535 of LNCS, pages 195-210. Springer-Verlag, 2005.
188. Andreas Roth. Specification and Verification of Object-oriented Components. PhD thesis, Fakultät für Informatik der Universität Karlsruhe, 2006.
189. Philipp Rümmer. Generating counterexamples for Java Dynamic logic. In Wolfgang Ahrendt, Peter Baumgartner, and Hans de Nivelle, editors, Preliminary Proceedings of Workshop on Disproving at CADE 20, pages 32-44, July 2005.
190. G. Schellhorn, H. Grandy, D. Haneberg, and W. Reif. The Mondex challenge: Machine checked proofs for an electronic purse. Technical report 2006-2, Institut für Informatik, Universität Augsburg, Germany, 2006.
191. Steffen Schlager. Handling of Integer Arithmetic in the Verification of Java Programs. Diplomarbeit, Fakultät für Informatik, Universität Karlsruhe, May 2002.
192. Herbert Schorr and William M. Waite. An efficient machine-independent procedure for garbage collection in various list structures. Communications of the ACM, 10(8):501-506, 1967. doi: http://doi.acm.org/10.1145/363534. 363554.
193. Yoav Shoham. What is the frame problem? In Frank M. Brown, editor, The Frame Problem in Artificial Intelligence, pages 5-21. Morgan Kaufmann Publishers: San Mateo, CA, 1987.
194. Kurt Stenzel. A formally verified calculus for full Java Card. In Charles Rattray, Savi Maharaj, and Carron Shankland, editors, Proc. Algebraic Methodology and Software Technology, A MAST 2004, Stirling, Scotland, UK, volume 3116 of LNCS, pages 491-505. Springer-Verlag, 2004.
195. Kurt Stenzel. Verification of Java Card Programs. PhD thesis, Institut für Informatik, Universität Augsburg, Germany, July 2005.
196. Werner Stephan, Bruno Langenstein, Andreas Nonnengart, and Georg Rock. Verification support environment. In Dieter Hutter and Werner Stephan, editors, Mechanizing Mathematical Reasoning, Essays in Honor of Jörg H. Siekmann on the Occasion of His 60th Birthday, volume 2605 of LNCS, pages 476 493. Springer-Verlag, 2005.
197. Aaron Stump, Clark W. Barrett, and David L. Dill. CVC: A Cooperating Validity Checker. In Ed Brinksma and Kim Guldstrand Larsen, editors, 14th International Conference on Computer Aided Verification (CAV), volume 2404 of LNCS, pages 500-504. Springer, 2002. Code Conventions for the Java Programming Language. Sun Microsystems, Inc., 2003a. Available at java.sun.com/docs/codeconv.
198. JAVA CARD 2.2.1 Application Programming Interface. Sun Microsystems, Inc., Santa Clara, California, USA, October 2003b.
199. JAVA CARD 2.2.1 Runtime Environment Specification. Sun Microsystems, Inc., Santa Clara, California, USA, October 2003c.
200. JAVA CARD 2.2.1 Virtual Machine Specification. Sun Microsystems, Inc., Santa Clara, California, USA, October 2003d.
201. Nikolai Tillmann and Wolfram Schulte. Parameterized unit tests. In Michel Wermelinger and Harald Gall, editors, Proc. 10th European Software Engineering Conference/13th ACM SIGSOFT Intl. Symp. on Foundations of Software Engineering, 2005, Lisbon, Portugal, pages 253-262. ACM Press, 2005.
202. Kerry Trentelman. Proving correctness of Java Card DL taclets using Bali. In Bernhard Aichernig and Bernhard Beckert, editors, Proc. 3rd IEEE International Conference on Software Engineering and Formal Methods (SEFM), Koblenz, Germany, pages 160-169, 2005.
203. Joachim van den Berg and Bart Jacobs. The LOOP compiler for Java and JML. In Tiziana Margaria and Wang Yi, editors, Proc. 7th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), Genova, Italy, volume 2031 of LNCS, pages 299-312, 2001.
204. David von Oheimb. Analyzing Java in Isabelle/HOL: Formalization, Type Safety and Hoare Logic. PhD thesis, Technische Universität München, 2001a.
205. light. In Sophia Drosso pou lou, Susan Eisenbach, Bart Jacobs, Gary T. Leavens, Peter Müller, and Arnd Poetzsch-Heffter, editors, Proc. Formal Techniques for Java Programs, Workshop at ECOOP'00, Cannes, France, 2000.
206. David von Oheimb. Hoare logic for Java in Isabelle/HOL. Concurrency and Computation: Practice and Experience, 13:1173-1214, 2001b.
207. David von Oheimb and Tobias Nipkow. Hoare logic for NanoJava: Auxiliary variables, side effects, and virtual methods revisited. In Lars-Henrik Eriksson and Peter A. Lindsay, editors, Proc. Getting IT Right, International Symposium of Formal Methods Europe, Copenhagen, Denmark, volume 2391 of LNCS, pages 89-105. Springer-Verlag, 2002.
208. Jos Warmer and Anneke Kleppe. The Object Constraint Language: Getting Your Models Ready for MDA. Object Technology Series. Addison-Wesley, Reading/MA, August 2003.
209. Jos Warmer and Anneke Kleppe. The Object Constraint Language: Precise Modelling with UML. Object Technology Series. Addison-Wesley, Reading/MA, 1999a.
210. Jos Warmer and Anneke Kleppe. OCL: The constraint language of the UML. Journal of Object-Oriented Programming, 12(1):10-13,28, March 1999b.
211. Benjamin Weiß. Proving encapsulation in KeY with the Universe type system. Studienarbeit, Fakultät für Informatik, Universität Karlsruhe, 2006.
212. Hongseok Yang. An example of local reasoning in BI pointer logic: the Schorr-Waite graph marking algorithm, January 2001.
213. Ernst Zermelo. Beweis dass jede Menge wohlgeordnet werden kann. Mathematische Annalen, 59:514-516, 1904.
214. Kaizhong Zhang and Dennis Shasha. Simple fast algorithms for the editing distance between trees and related problems. SIAM Journal on Computing, 18(6):1245-1262, 1989.