Abstract
Many state-based specification languages, including the Java Modeling Language (JML), contain at their core specification constructs familiar to most undergraduates: e.g., assertions, pre- and postconditions, and invariants. Unfortunately, these constructs are not sufficiently expressive to permit formal modular verification of programs written in modern object-oriented languages like Java. The necessary extra constructs for specifying an object-oriented module include (perhaps the less familiar) frame properties, datagroups, and ghost and model fields. These constructs help specifiers deal with potential problems related to, for example, unexpected side effects, aliasing, class invariants, inheritance, and lack of information hiding. This tutorial paper focuses on JML’s realization of these constructs, explaining their meaning while illustrating how they can be used to address the stated problems.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Ahrendt, W., Baar, T., Beckert, B., Bubel, R., Giese, M., Hähnle, R., Menzel, W., Mostowski, W., Roth, A., Schlager, S., Schmitt, P.H.: The KeY tool. Software and System Modeling 4, 32–54 (2005)
America, P.: Designing an object-oriented language with behavioural subtyping. In: de Bakker, J.W., Rozenberg, G., de Roever, W.-P. (eds.) REX 1990. LNCS, vol. 489, pp. 60–90. Springer, Heidelberg (1991)
Burdy, L., Cheon, Y., Cok, D.R., Ernst, M., Kiniry, J.R., Leavens, G.T., Leino, K.R.M., Poll, E.: An overview of JML tools and applications. International Journal on Software Tools for Technology Transfer (STTT) 7(3), 212–232 (2005)
Barnett, M., DeLine, R., Fähndrich, M., Leino, K.R.M., Schulte, W.: Verification of object-oriented programs with invariants. Journal of Object Technology 3(6), 27–56 (2004)
Bartetzko, D., Fischer, C., Möller, M., Wehrheim, H.: Jass — Java with assertions. In: Workshop on Runtime Verification at CAV 2001 (2001); Published in ENTCS, Havelund, K., Rosu G. (eds.) vol. 55(2) (2001)
van den Berg, J., Jacobs, B.: The LOOP compiler for Java and JML. In: Margaria, T., Yi, W. (eds.) ETAPS 2001 and TACAS 2001. LNCS, vol. 2031, pp. 299–312. Springer, Heidelberg (2001)
Barnett, M., Leino, K.R.M., Schulte, W.: The Spec# programming system: An overview. In: Barthe, G., Burdy, L., Huisman, M., Lanet, J.-L., Muntean, T. (eds.) CASSIS 2004. LNCS, vol. 3362, pp. 49–69. Springer, Heidelberg (2005)
Borgida, A., Mylopoulos, J., Reiter, R.: On the frame problem in procedure specifications. IEEE Transactions on Software Engineering 21(10), 785–798 (1995)
Burdy, L., Requet, A., Lanet, J.-L.: Java applet correctness: A developer-oriented approach. In: Araki, K., Gnesi, S., Mandrioli, D. (eds.) FME 2003. LNCS, vol. 2805, pp. 422–439. Springer, Heidelberg (2003)
Barnett, M., Naumann Wolfram Schulte, D.A., Sun, Q.: 99.44% pure: Useful abstractions in specification. In: Formal Techniques for Java-like Programs (FTfJP 2004), pp. 11–19 (May 2004), http://www.cs.ru.nl/ftfjp/2004/Purity.pdf
Chalin, P.: Towards support for non-null types and non-null-by-default in Java. In: Formal Techniques for Java-like Programs (FTfJP) (to appear, 2006)
Cok, D.R., Kiniry, J.R.: ESC/Java2: Uniting ESC/Java and JML. Technical report, University of Nijmegen, NIII Technical Report NIII-R0413 (2004)
Cheon, Y., Leavens, G.T.: A runtime assertion checker for the Java Modeling Language (JML). In: Arabnia, H.R., Mun, Y. (eds.) The International Conference on Software Engineering Research and Practice (SERP 2002), June 2002, pp. 322–328. CSREA Press (2002)
Cheon, Y., Leavens, G.T., Sitaraman, M., Edwards, S.: Model variables: Cleanly supporting abstraction in design by contract. Software:Practice and Experience 35(6), 583–599 (2005)
David R. Cok. Reasoning with specifications containing method calls in JML. Journal of Object Technology, 4(8):77–103, 2005.
Dhara, K.K., Leavens, G.T.: Forcing behavioral subtyping through specification inheritance. In: 18th International Conference on Software Engineering, pp. 258–267. IEEE Computer Society Press, Los Alamitos (1996)
Darvas, Á., Müller, P.: Reasoning about method calls in JML Specifications. In: Formal Techniques for Java-like Programs (FTfJP) (2005)
Huizing, K., Kuiper, R.: Verification of object-oriented programs using class invariants. In: Maibaum, T.S.E. (ed.) ETAPS 2000 and FASE 2000. LNCS, vol. 1783, pp. 208–221. Springer, Heidelberg (2000)
Hoare, C.A.R.: An axiomatic basis for computer programming. Communications of the ACM 12(10), 576–583 (1969)
Hoare, C.A.R.: Proof of correctness of data representations. Acta Informatica 1(4), 271–281 (1972)
Jacobs, B., Leino, K.R.M., Piessens, F., Schulte, W.: Safe concurrency for aggregate objects with invariants. In: IEEE International Conference on Software Engineering (SEFM 2005), pp. 137–147. IEEE Computer Society Press, Los Alamitos (2005)
Jones, C.B.: The early search for tractable ways of reasoning about programs. IEEE Annals of the History of Computing 25(2), 26–49 (2003)
Leavens, G.T., Baker, A.L., Ruby, C.: Preliminary design of JML: A behavioral interface specification language for Java. Technical Report 98-06-rev29, Iowa State University, Department of Computer Science; (January 2006) (to appear) ( ACM SIGSOFT Software Engineering Notes)
Leavens, G.T., Cheon, Y.: Design by Contract with JML (2005) Draft, available from jmlspecs.org
Leavens, G.T., Cheon, Y., Clifton, C., Ruby, C., Cok, D.R.: How the design of JML accommodates both runtime assertion checking and formal verification. Science of Computer Programming 55(1–3), 185–208 (2005)
Leavens, G.T., Dhara, K.K.: Concepts of behavioral subtyping and a sketch of their extension to component-based systems. In: Leavens, G.T., Sitaraman, M. (eds.) Foundations of Component-Based Systems, ch. 6, pp. 113–135. Cambridge University Press, Cambridge (2000)
Leavens, G.T.: Modular verification of object-oriented programs with subtypes. Technical Report 90–09, Department of Computer Science, Iowa State University, Ames, Iowa, 50011 (July 1990), Available by anonymous ftp from ftp.cs.iastate.edu , and by e-mail from almanac@cs.iastate.edu
Rustan, K., Leino, M.: Data groups: Specifying the modification of extended state. In: OOPSLA 1998 Conference Proceedings. ACM SIGPLAN Notices, vol. 33(10), pp. 144–153. ACM, New York (1998)
Liskov, B., Guttag, J.: Program Development in Java. The MIT Press, Cambridge (2001)
Liskov, B.: Data abstraction and hierarchy. ACM SIGPLAN Notices 23(5), 17–34 (1988); Revised version of the keynote address given at OOPSLA 1987
Leino, K.R.M., Müller, P.: A verification methodology for model fields. In: Sestoft, P. (ed.) ESOP 2006. LNCS, vol. 3924, pp. 115–130. Springer, Heidelberg (2006)
Leavens, G.T., Poll, E., Clifton, C., Cheon, Y., Ruby, C., Cok, D.R., Müller, P., Kiniry, J.R., Chalin, P.: JML Reference Manual. Department of Computer Science, Iowa State University (January 2006), Available from: http://www.jmlspecs.org
Liskov, B., Wing, J.: A behavioral notion of subtyping. ACM Transactions on Programming Languages and Systems 16(6), 1811–1841 (1994)
Leavens, G.T., Weihl, W.E.: Specification and verification of object-oriented programs using supertype abstraction. Acta Informatica 32(8), 705–778 (1995)
Meyer, B.: Applying “Design by Contract”. Computer 25(10), 40–51 (1992)
Meyer, B.: Object-oriented Software Construction, 2nd edn. Prentice Hall, New York (1997)
Middelkoop, R., Huizing, C., Kuiper, R., Luit, E.: Cooperation-based invariants for OO languages. In: Proceedings of the International Workshop on Formal Aspects of Component Software (FACS 2005) (2005)
Mitchell, R., McKim, J.: Design by Contract by Example. Addison-Wesley, Indianapolis (2002)
Morgan, C.: Programming from Specifications, 2nd edn. Prentice Hall International, Hempstead (1994)
Meyer, J., Poetzsch-Heffter, A.: An architecture for interactive program provers. In: Schwartzbach, M.I., Graf, S. (eds.) ETAPS 2000 and TACAS 2000. LNCS, vol. 1785, pp. 63–77. Springer, Heidelberg (2000)
Müller, P., Poetzsch-Heffter, A., Leavens, G.T.: Modular specification of frame properties in JML. Concurrency, Computation Practice and Experience 15, 117–154 (2003)
P. Müller, A. Poetzsch-Heffter, G.T. Leavens. Modular invariants for layered object structures. Technical Report 424, ETH Zurich (March 2005)
Marché, C., Paulin-Mohring, C., Urbain, X.: The Krakatoa tool for certification of Java/JavaCard programs annotated in JML. Journal of Logic and Algebraic Programming 58(1–2), 89–106 (2004)
Naumann, D.A.: Observational purity and encapsulation. In: Cerioli, M. (ed.) FASE 2005. LNCS, vol. 3442, pp. 190–204. Springer, Heidelberg (2005)
Noble, J., Vitek, J., Potter, J.: Flexible alias protection. In: Jul, E. (ed.) ECOOP 1998. LNCS, vol. 1445, pp. 158–185. Springer, Heidelberg (1998)
Poetzsch-Heffter, A.: Specification and verification of object-oriented programs. Habilitation thesis, Technical University of Munich (January 1997)
Ruby, C., Leavens, G.T.: Safely creating correct subclasses without seeing superclass code. In: OOPSLA 2000 Conference on Object-Oriented Programming, Systems, Languages, and Applications, Minneapolis, Minnesota. ACM SIGPLAN Notices, vol. 35(10), pp. 208–228 (October 2000)
Rosenblum, D.S.: Towards a method of programming with assertions. In: Proceedings of the 14th International Conference on Software Engineering, pp. 92–104 (May 1992)
Rosenblum, D.S.: A practical approach to programming with assertions. IEEE Transactions on Software Engineering 21(1), 19–31 (1995)
Szyperski, C.: Component Software. Addison-Wesley, Reading (1998)
Wing, J.M.: A specifier’s introduction to formal methods. Computer 23(9), 8–24 (1990)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chalin, P., Kiniry, J.R., Leavens, G.T., Poll, E. (2006). Beyond Assertions: Advanced Specification and Verification with JML and ESC/Java2. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, WP. (eds) Formal Methods for Components and Objects. FMCO 2005. Lecture Notes in Computer Science, vol 4111. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11804192_16
Download citation
DOI: https://doi.org/10.1007/11804192_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-36749-9
Online ISBN: 978-3-540-36750-5
eBook Packages: Computer ScienceComputer Science (R0)