Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
Springer Nature Link
Log in

An overview of JML tools and applications

  • Special section on formal methods for industrial critical systems
  • Published:
International Journal on Software Tools for Technology Transfer Aims and scope Submit manuscript

Abstract

The Java Modeling Language (JML) can be used to specify the detailed design of Java classes and interfaces by adding annotations to Java source files. The aim of JML is to provide a specification language that is easy to use for Java programmers and that is supported by a wide range of tools for specification typechecking, runtime debugging, static analysis, and verification.

This paper gives an overview of the main ideas behind JML, details about JML’s wide range of tools, and a glimpse into existing applications of JML.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Ahrendt W, Baar T, Beckert B, Bubel R, Giese M, Hähnle R, Menzel W, Mostowski W, Roth A, Schlager S, Schmitt PH (2004) The KeY tool. Softw Syst Model (in press)

  2. Amey P, Chapman R (2002) Industrial strength exception freedom. In: ACM SigAda 2002, pp 1–9

  3. Antoy S, Hamlet D (2000) Automatically checking an implementation against its formal specification. IEEE Trans Softw Eng 26(1):55–69

    Article  Google Scholar 

  4. Barnes J (2003) High integrity software: the SPARK approach to safety and security. Addison-Wesley, Reading, MA

    Google Scholar 

  5. Barnett M, DeLine R, Fähndrich M, Leino KRM, Schulte W (2004) Verification of object-oriented programs with invariants. J Object Technol 3(6):27–56

    Article  Google Scholar 

  6. Barnett M, Leino KRM, Schulte W (2004) The Spec# programming system: An overview. In: Construction and analysis of safe, secure and interoperable smart devices (CASSIS). Lecture notes in computer science, vol . Springer, Berlin Heidelberg New York (in press)

  7. Barnett M, Naumann D (2004) Friends need a bit more: maintaining invariants over shared state. In: Kozen D (ed) Mathematics of program construction. Lecture notes in computer science, vol 3125. Springer, Berlin Heidelberg New York, pp 54–84

  8. Barnett M, Naumann DA, Schulte W, Sun Q (2004) 99.44% pure: useful abstractions in specifications. In: Formal techniques for Java-like programs. Proceedings of the ECOOP’2004 workshop. Technical Report NIII-R0426, University of Nijmegen, pp 11–18

  9. Bartetzko D, Fischer C, Möller M, Wehrheim H (2001) Jass – Java with assertions. In: Havelund K, Rosu G (eds) Workshop on runtime verification at CAV’01. Electronic notes in theoretical computer science, vol 55(2)

  10. Beck K, Gamma E (1998) Test infected: programmers love writing tests. Java Rep 3(7):37–50

    Google Scholar 

  11. van den Berg J, Jacobs B (2001) The LOOP compiler for Java and JML. In: Margaria T, Yi W (eds) TACAS’01. Lecture notes in computer science, vol 2031. Springer, Berlin Heidelberg New York, pp 299–312

  12. Breunesse C-B, van den Berg J, Jacobs B (2002) Specifying and verifying a decimal representation in Java for smart cards. In: Kirchner H, Ringeissen C (eds) AMAST’02. Lecture notes in computer science, vol 2422. Springer, Berlin Heidelberg New York, pp 304–318

  13. Breunesse C-B, Cataño N, Huisman M, Jacobs B (2003) Formal methods for smart cards: an experience report. Technical report, University of Nijmegen. NIII Technical Report NIII-R0316.

    Google Scholar 

  14. Brun Y, Ernst MD (2004) Finding latent code errors via machine learning over program executions. In: Proceedings of the 26th international conference on software engineering (ICSE’04), Edinburgh, UK, 26–28 May 2004

  15. Burdy L, Requet A, Lanet J-L (2003) Java applet correctness: a developer-oriented approach. In: Mandrioli D, Araki K, Gnesi S (ed) FME 2003. Lecture notes in computer science, vol 2805. Springer, Berlin Heidelberg New York, pp 422–439

  16. Cataño N, Huisman M (2002) Formal specification of Gemplus’s electronic purse case study. In: Eriksson LH, Lindsay PA (eds) FME 2002. Lecture notes in computer science, vol 2391. Springer, Berlin Heidelberg New York, pp 272–289

  17. Cataño N, Huisman M (2003) CHASE: A static checker for JML’s assignable clause. In: Zuck LD, Attie PC, Cortesi A, Mukhopadhyay S (eds) VMCAI: Verification, model checking, and abstract interpretation. Lecture notes in computer science, vol 2575. Springer, Berlin Heidelberg New York, pp 26–40

  18. Chalin P (2004) JML support for primitive arbitrary precision numeric types: definition and semantics. J Object Technol 3(6):57–79

    Article  Google Scholar 

  19. Cheon Y (2003) A runtime assertion checker for the Java Modeling Language. Technical Report 03-09, Department of Computer Science, Iowa State University, Ames, IA, April. Author’s PhD dissertation. archives.cs.iastate.edu

  20. Cheon Y, Leavens GT (1994) The Larch/Smalltalk interface specification language. ACM Trans Softw Eng Methodol 3(3):221–253

    Article  Google Scholar 

  21. Cheon Y, Leavens GT (2002) A runtime assertion checker for the Java Modeling Language (JML). In: Arabnia HR, Mun Y (eds) International conference on software engineering research and practice (SERP ’02). CSREA Press, Las Vegas, pp 322–328

  22. Cheon Y, Leavens GT (2002) A simple and practical approach to unit testing: the JML and JUnit way. In: Magnusson B (ed) ECOOP 2002. Lecture notes in computer science, vol 2374. Springer, Berlin Heidelberg New York, pp 231–255

  23. Cheon Y, Leavens GT, Sitaraman M, Edwards S (2003) Model variables: cleanly supporting abstraction in design by contract. Technical Report 03-10, Department of Computer Science, Iowa State University, Ames, Iowa, April 2003

    Google Scholar 

  24. Clifton C (2001) MultiJava: design, implementation, and evaluation of a Java-compatible language supporting modular open classes and symmetric multiple dispatch. Technical Report 01-10, Department of Computer Science, Iowa State University, Ames, Iowa, 50011, November 2001. Available from www.multijava.org

  25. Cok DR (2004) Reasoning with specifications containing method calls in jml. In: Formal techniques for Java-like programs. Proceedings of the ECOOP’2004 Workshop. Technical Report NIII-R0426, University of Nijmegen, The Netherlands, pp 41–48

  26. Detlefs D, Nelson G, Saxe JB (2003) Simplify: a theorem prover for program checking. Technical Report HPL-2003-148, HP Labs, July 2003

  27. Detlefs DL, Leino KRM, Nelson G, Saxe JB (1998) Extended static checking. Research Report 159, Compaq Systems Research Center, December 1998

  28. Dhara KK, Leavens GT (1996) Forcing behavioral subtyping through specification inheritance. In: 18th international conference on software engineering. IEEE Press, New York, pp 258–267

  29. Dodoo N, Donovan A, Lin L, Ernst MD (2002) Selecting predicates for implications in program analysis, 16 March 2002. Draft. http://pag.lcs.mit.edu/∼mernst/pubs/ invariants-implications.ps

  30. Dodoo N, Lin L, Ernst MD (2003) Selecting, refining, and evaluating predicates for program analysis. Technical Report MIT-LCS-TR-914, Massachusetts Institute of Technology, Laboratory for Computer Science, Cambridge, MA, 21 July 2003

  31. Ernst MD (2000) Dynamically Discovering Likely Program Invariants. PhD thesis, Department of Computer Science and Engineering, University of Washington, Seattle, WA

  32. Ernst MD, Cockrell J, Griswold WG, Notkin D (2001) Dynamically discovering likely program invariants to support program evolution. IEEE Trans Softw Eng 27(2):1–25

    Article  MathSciNet  Google Scholar 

  33. Ernst MD, Czeisler A, Griswold WG, Notkin D (2000) Quickly detecting relevant program invariants. In: Proceedings of the 22nd international conference on software engineering (ICSE 2000), pp 449–458

  34. Flanagan C, Joshi R, Leino KRM (2001) Annotation inference for modular checkers. Inf Process Lett 77(2–4):97–108

  35. Flanagan C, Leino KRM (2001) Houdini, an annotation assistant for ESC/Java. In: Oliveira JN, Zave P (eds) FME 2001. Lecture notes in computer science, vol 2021. Springer, Berlin Heidelberg New York, pp 500–517

  36. Flanagan C, Leino KRM, Lillibridge M, Nelson G, Saxe JB, Stata R (2002) Extended static checking for Java. In: ACM SIGPLAN 2002 conference on programming language design and implementation (PLDI’2002), pp 234–245

  37. Flanagan C, Saxe JB (2001) Avoiding exponential explosion: generating compact verification conditions. In: Conference record of the 28th annual ACM symposium on principles of programming languages, January 2001. ACM Press, New York, pp 193–205,

  38. Friendly L (1995) The design of distributed hyperlinked programming documentation. In: Fraïssè S, Garzotto F, Isakowitz T, Nanard J, Nanard M (eds) IWHD’95. Springer, Berlin Heidelberg New York, pp 151–173

  39. Groce A, Visser W (2003) What went wrong: explaining counterexamples. In: 10th international SPIN workshop on model checking of software, Portland, OR, 9–10 May 2003, pp 121–135

  40. Gupta N, Heidepriem ZV (2003) A new structural coverage criterion for dynamic detection of program invariants. In: Proceedings of the 13th annual international conference on automated software engineering (ASE 2003), Montreal, 8–10 October 2003

  41. Guttag JV, Horning JJ (1993) Larch: languages and tools for formal specification. Springer, Berlin Heidelberg New York

  42. Hamie A (2004) Translating the Object Constraint Language into the Java Modeling Language. In: Proceedings of the 2004 ACM symposium on applied computing (SAC’2004). ACM Press, New York, pp 1531–1535

  43. Hangal S, Lam MS (2002) Tracking down software bugs using automatic anomaly detection. In: Proceedings of the 24th international conference on software engineering (ICSE’02), Orlando, FL, 22–24 May 2002, pp 291–301

  44. Harder M, Mellen J, Ernst MD (2003) Improving test suites via operational abstraction. In: Proceedings of the 25th international conference on software engineering (ICSE’03), Portland, OR, 6–8 May 2003, pp 60–71

  45. Henkel J, Diwan A (2003) Discovering algebraic specifications from Java classes. In: 15th European conference on object-oriented programming (ECOOP 2003), Darmstadt, Germany, 23–22 July 2003

  46. Jacobs B, Kiniry J, Warnier M (2003) Java program verification challenges. In: FMCO 2002. Lecture notes in computer science, vol 2852. Springer, Berlin Heidelberg New York, pp 202–219

  47. Jacobs B (2004) Weakest precondition reasoning for Java programs with JML annotations. J Logic Algebr Programm 58(1–2):61–88

  48. Jacobs B, Oostdijk M, Warnier M (2004) Source code verification of a secure payment applet. J Logic Algebr Programm 58(1–2):107–120

  49. Jacobs B, Poll E (2001) A logic for the Java Modeling Language JML. In: Hussmann H (ed) Fundamental approaches to software engineering (FASE). Lecture notes in computer science, vol 2029. Springer, Berlin Heidelberg New York, pp 284–299

  50. Jacobs B, Poll E (2004) Java program verification at Nijmegen: developments and perspective. In: International symposium on software security (ISSS’2003). Lecture notes in computer science, vol 3233. Springer, Berlin Heidelberg New York, pp 134–153

  51. Jacobs B, van den Berg J, Huisman M, van Berkum M, Hensel U, Tews H (1998) Reasoning about Java classes (preliminary report). In: OOPSLA’98, ACM SIGPLAN Notices. ACM Press, New York, 33(10):329–340

  52. Jones CB (1990) Systematic Software Development Using VDM. International series in computer science, 2nd edn. Prentice-Hall, Englewood Cliffs, NJ

  53. Kataoka Y, Ernst MD, Griswold WG, Notkin D (2001) Automated support for program refactoring using invariants. In: Proceedings of the international conference on software maintenance (ICSM 2001), Florence, Italy, 6–10 November 2001, pp 736–743

  54. Kiniry JR, Cok DR (2004) ESC/Java2: Uniting ESC/Java and JML: progress and issues in building and using ESC/Java2 and a report on a case study involving the use of ESC/Java2 to verify portions of an Internet voting tally system. In: Construction and analysis of safe, secure and interoperable smart devices (CASSIS). Lecture notes in computer science, vol . Springer, Berlin Heidelberg New York (in press)

  55. Kramer R (1998) iContract – the Java design by contract tool. TOOLS 26: Technology of object-oriented languages and systems, Los Alamitos, CA, pp 295–307

    Google Scholar 

  56. Leavens GT (1996) An overview of Larch/C++: behavioral specifications for C++ modules. In: Kilov H, Harvey W (eds) Specification of behavioral semantics in object-oriented information modeling, Chap 8. Kluwer, Boston, pp 121–142. An extended version is TR #96-01d, Department of Computer Science, Iowa State University, Ames, Iowa

  57. Leavens GT, Baker AL, Ruby C (1999) JML: A notation for detailed design. In: Kilov H, Rumpe B, Simmonds I (eds) Behavioral specifications of businesses and systems. Kluwer, Boston, pp 175–188

  58. Leavens GT, Baker AL, Ruby C (2003) Preliminary design of JML: a behavioral interface specification language for Java. Technical Report 98-06u, Department of Computer Science, Iowa State University, Ames, IA, April 2003

    Google Scholar 

  59. Leavens GT, Cheon Y, Clifton C, Ruby C, Cok DR (2003) How the design of JML accommodates both runtime assertion checking and formal verification. In: FMCO 2002. Lecture notes in computer science, vol 2852. Springer, Berlin Heidelberg New York, pp 262–284. Also appears as technical report TR03-04, Department of Computer Science, Iowa State University, Ames, IA

  60. Leino KRM (2000) Extended static checking: A ten-year perspective. In: Wilhelm R (ed) Informatics – 10 years back, 10 years ahead. Lecture notes in computer science, vol 2000. Springer, Berlin Heidelberg New York

  61. Leino KRM (2004) Efficient weakest preconditions. Technical Report MSR-TR-2004-34, Microsoft Research, Redmond, WA, April 2004

  62. Leino KRM, Millstein T, Saxe JB (2004) Generating error traces from verification-condition counterexamples. Sci Comput Programm (in press)

  63. Leino KRM, Müller P (2004) Object invariants in dynamic contexts. In: 18th European conference object-oriented programming, (ECOOP 2004), Olso, Norway, 16–18 June 2004, pp 491–516

  64. Leino KRM, Nelson G, Saxe JB (2000) ESC/Java user’s manual. Technical Note 2000-002, Compaq SRC, October

  65. Leino KRM, Saxe JB, Stata R (1999) Checking Java programs via guarded commands. Technical Note 1999-002, Compaq SRC, May

  66. Liblit B, Aiken A, Zheng AX, Jordan MI (2003) Bug isolation via remote program sampling. In: Proceedings of the ACM SIGPLAN 2003 conference on programming language design and implementation, San Diego, 9–11 June 2003, pp 141–154

  67. Lin L, Ernst MD (2004) Improving adaptability via program steering. In: Proceedings of the 2004 international symposium on software testing and analysis (ISSTA 2004), Boston, 12–14 July 2004

  68. Liskov B, Wing J (1994) A behavioral notion of subtyping. ACM Trans Programm Lang Syst 16(6):1811–1841

    Article  Google Scholar 

  69. Marché C, Paulin-Mohring C, Urbain X (2004) The Krakatoa tool for certification of Java/JavaCard programs annotated in JML. J Logic Algebr Programm 58(1–2):89–106

  70. Mariani L, Pezzè M (2004) A technique for verifying component-based software. In: International workshop on test and analysis of component based systems, Barcelona, Spain, 27–28 March 2004

  71. McCamant S, Ernst MD (2003) Predicting problems caused by component upgrades. In: Proceedings of the 10th European conference on software engineering and the 11th ACM SIGSOFT symposium on the foundations of software engineering, Helsinki, Finland, 3–5 September 2003, pp 287–296

  72. McCamant S, Ernst MD (2004) Early identification of incompatibilities in multi-component upgrades. In: 18th European conference on object-oriented programming, (ECOOP 2004), Olso, Norway, 16–18 June 2004

  73. Meyer B (1997) Object-oriented software construction, 2nd edn. Prentice-Hall, Englewood Cliffs, NJ

  74. Meyer J, Poetzsch-Heffter A (2000) An architecture for interactive program provers. In: Graf S, Schwartzbach M (eds) TACAS’00. Lecture notes in computer science, vol 1785. Springer, Berlin Heidelberg New York, pp 63–77

  75. Morgan C (1994) Programming from specifications, 2nd edn. Prentice-Hall International, Hempstead, UK

  76. Müller P, Poetzsch-Heffter A, Leavens GT (2003) Modular specification of frame properties in JML. Concurrency Comput Pract Experience 15(2):117–154

    Article  Google Scholar 

  77. Müller P, Poetzsch-Heffter A, Leavens GT (2003) Modular invariants for object structures. Technical Report 424, ETH Zurich, October

  78. Ne Win T, Ernst MD (2002) Verifying distributed algorithms via dynamic analysis and theorem proving. Technical Report 841, Massachusetts Institute of Technology, Laboratory for Computer Science, Cambridge, MA, 25 May 2002

  79. Ne Win T, Ernst MD, Garland SJ, Kırlı D, Lynch N (2004) Using simulated execution in verifying distributed algorithms. Int J Softw Tools Technol Transfer 6(1):67–76

    Article  Google Scholar 

  80. Nimmer JW, Ernst MD (2002) Automatic generation of program specifications. In: International symposium on software testing and analysis (ISSTA 2002), Rome, Italy, pp 232–242

  81. Nimmer JW, Ernst MD (2002) Invariant inference for static checking: an empirical evaluation. In: ACM SIGSOFT 10th international symposium on the foundations of software engineering (FSE 2002), pp 11–20

  82. Owre S, Rajan S, Rushby JM, Shankar N, Srivas M (1996) PVS: Combining specification, proof checking, and model checking. In: Alur R, Henzinger TA (eds) Computer aided verification. Lecture notes in computer science, vol 1102. Springer, Berlin Heidelberg New York, pp 411–414

  83. Perkins JH, Ernst MD (2004) Efficient incremental algorithms for dynamic detection of likely invariants. In: ACM SIGSOFT 12th international symposium on the foundations of software engineering (FSE 2004), Newport Beach, CA, November 2004

  84. Peters DK, Lorge Parnas D (1998) Using test oracles generated from program documentation. IEEE Trans Softw Eng 24(3):161–173

    Article  Google Scholar 

  85. Poll E, Hartel P, de Jong E (2002) A Java reference model of transacted memory for smart cards. In: Conference on smart card research and advanced application (CARDIS’2002). USENIX, pp 75–86

  86. Poll E, van den Berg J, Jacobs B (2001) Formal specification of the Java Card API in JML: the APDU class. Comput Netw 36(4):407–421

    Article  Google Scholar 

  87. Pytlik B, Renieris M, Krishnamurthi S, Reiss SP (2003) Automated fault localization using potential invariants. In: 5th international workshop on automated and algorithmic debugging (AADEBUG’2003), Ghent, Belgium, 8–10 September 2003

  88. Raghavan AD (2000) Design of a JML documentation generator. Technical Report 00-12, Department of Computer Science, Iowa State University, Ames, IA, July

  89. Raz O, Koopman P, Shaw M (2002) Semantic anomaly detection in online data sources. In: Proceedings of the 24th international conference on software engineering (ICSE’02), Orlando, FL, 22–24 May 2002, pp 302–312

  90. Rumbaugh J, Jacobson I, Booch G (1998) The Unified Modeling Language reference manual. Addison-Wesley, Reading, MA

  91. Warmer J, Kleppe A (1999) The Object Constraint Language: precise modeling with UML. Addison-Wesley, Reading, MA

    Google Scholar 

  92. Xie T, Notkin D (2002) Checking inside the black box: regression fault exposure and localization based on value spectra differences. Technical Report UW-CSE-02-12-04, University of Washington Department of Computer Science and Engineering, Seattle, WA, December

    Google Scholar 

  93. Xie T, Notkin D (2003) Tool-assisted unit test selection based on operational violations. In: Proceedings of the 13th annual international conference on automated software engineering (ASE 2003), Montreal, 8–10 October 2003

Download references

Author information

Authors and Affiliations

  1. INRIA, Sophia-Antipolis, France

    Lilian Burdy

  2. Dept. of Computer Science, University of Texas at El Paso, El Paso, TX, USA

    Yoonsik Cheon

  3. R&D Laboratories, Eastman Kodak Company, Rochester, NY, USA

    David R. Cok

  4. Computer Science & Artificial Intelligence Lab, MIT, Cambridge, MA, USA

    Michael D. Ernst

  5. Dept. of Computer Science, University of Nijmegen, Nijmegen, The Netherlands

    Joseph R. Kiniry & Erik Poll

  6. Dept. of Computer Science, Iowa State University, Ames, IA, USA

    Gary T. Leavens

  7. Microsoft Research, Redmond, WA, USA

    K. Rustan M. Leino

Authors
  1. Lilian Burdy
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yoonsik Cheon
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. David R. Cok
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Michael D. Ernst
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Joseph R. Kiniry
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Gary T. Leavens
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. K. Rustan M. Leino
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Erik Poll
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Erik Poll.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Burdy, L., Cheon, Y., Cok, D. et al. An overview of JML tools and applications. Int J Softw Tools Technol Transfer 7, 212–232 (2005). https://doi.org/10.1007/s10009-004-0167-4

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10009-004-0167-4

Keywords

Search

Navigation