Skip to main content
SpringerLink
Log in

Beyond Assertions: Advanced Specification and Verification with JML and ESC/Java2

  • Conference paper
Formal Methods for Components and Objects (FMCO 2005)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 4111))

Included in the following conference series:

Abstract

Many state-based specification languages, including the Java Modeling Language (JML), contain at their core specification constructs familiar to most undergraduates: e.g., assertions, pre- and postconditions, and invariants. Unfortunately, these constructs are not sufficiently expressive to permit formal modular verification of programs written in modern object-oriented languages like Java. The necessary extra constructs for specifying an object-oriented module include (perhaps the less familiar) frame properties, datagroups, and ghost and model fields. These constructs help specifiers deal with potential problems related to, for example, unexpected side effects, aliasing, class invariants, inheritance, and lack of information hiding. This tutorial paper focuses on JML’s realization of these constructs, explaining their meaning while illustrating how they can be used to address the stated problems.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ahrendt, W., Baar, T., Beckert, B., Bubel, R., Giese, M., Hähnle, R., Menzel, W., Mostowski, W., Roth, A., Schlager, S., Schmitt, P.H.: The KeY tool. Software and System Modeling 4, 32–54 (2005)

    Article  Google Scholar 

  2. America, P.: Designing an object-oriented language with behavioural subtyping. In: de Bakker, J.W., Rozenberg, G., de Roever, W.-P. (eds.) REX 1990. LNCS, vol. 489, pp. 60–90. Springer, Heidelberg (1991)

    Chapter  Google Scholar 

  3. Burdy, L., Cheon, Y., Cok, D.R., Ernst, M., Kiniry, J.R., Leavens, G.T., Leino, K.R.M., Poll, E.: An overview of JML tools and applications. International Journal on Software Tools for Technology Transfer (STTT) 7(3), 212–232 (2005)

    Google Scholar 

  4. Barnett, M., DeLine, R., Fähndrich, M., Leino, K.R.M., Schulte, W.: Verification of object-oriented programs with invariants. Journal of Object Technology 3(6), 27–56 (2004)

    Article  Google Scholar 

  5. Bartetzko, D., Fischer, C., Möller, M., Wehrheim, H.: Jass — Java with assertions. In: Workshop on Runtime Verification at CAV 2001 (2001); Published in ENTCS, Havelund, K., Rosu G. (eds.) vol. 55(2) (2001)

    Google Scholar 

  6. van den Berg, J., Jacobs, B.: The LOOP compiler for Java and JML. In: Margaria, T., Yi, W. (eds.) ETAPS 2001 and TACAS 2001. LNCS, vol. 2031, pp. 299–312. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  7. Barnett, M., Leino, K.R.M., Schulte, W.: The Spec# programming system: An overview. In: Barthe, G., Burdy, L., Huisman, M., Lanet, J.-L., Muntean, T. (eds.) CASSIS 2004. LNCS, vol. 3362, pp. 49–69. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  8. Borgida, A., Mylopoulos, J., Reiter, R.: On the frame problem in procedure specifications. IEEE Transactions on Software Engineering 21(10), 785–798 (1995)

    Article  Google Scholar 

  9. Burdy, L., Requet, A., Lanet, J.-L.: Java applet correctness: A developer-oriented approach. In: Araki, K., Gnesi, S., Mandrioli, D. (eds.) FME 2003. LNCS, vol. 2805, pp. 422–439. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  10. Barnett, M., Naumann Wolfram Schulte, D.A., Sun, Q.: 99.44% pure: Useful abstractions in specification. In: Formal Techniques for Java-like Programs (FTfJP 2004), pp. 11–19 (May 2004), http://www.cs.ru.nl/ftfjp/2004/Purity.pdf

  11. Chalin, P.: Towards support for non-null types and non-null-by-default in Java. In: Formal Techniques for Java-like Programs (FTfJP) (to appear, 2006)

    Google Scholar 

  12. Cok, D.R., Kiniry, J.R.: ESC/Java2: Uniting ESC/Java and JML. Technical report, University of Nijmegen, NIII Technical Report NIII-R0413 (2004)

    Google Scholar 

  13. Cheon, Y., Leavens, G.T.: A runtime assertion checker for the Java Modeling Language (JML). In: Arabnia, H.R., Mun, Y. (eds.) The International Conference on Software Engineering Research and Practice (SERP 2002), June 2002, pp. 322–328. CSREA Press (2002)

    Google Scholar 

  14. Cheon, Y., Leavens, G.T., Sitaraman, M., Edwards, S.: Model variables: Cleanly supporting abstraction in design by contract. Software:Practice and Experience 35(6), 583–599 (2005)

    Article  Google Scholar 

  15. David R. Cok. Reasoning with specifications containing method calls in JML. Journal of Object Technology, 4(8):77–103, 2005.

    Article  Google Scholar 

  16. Dhara, K.K., Leavens, G.T.: Forcing behavioral subtyping through specification inheritance. In: 18th International Conference on Software Engineering, pp. 258–267. IEEE Computer Society Press, Los Alamitos (1996)

    Google Scholar 

  17. Darvas, Á., Müller, P.: Reasoning about method calls in JML Specifications. In: Formal Techniques for Java-like Programs (FTfJP) (2005)

    Google Scholar 

  18. Huizing, K., Kuiper, R.: Verification of object-oriented programs using class invariants. In: Maibaum, T.S.E. (ed.) ETAPS 2000 and FASE 2000. LNCS, vol. 1783, pp. 208–221. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  19. Hoare, C.A.R.: An axiomatic basis for computer programming. Communications of the ACM 12(10), 576–583 (1969)

    Article  MATH  Google Scholar 

  20. Hoare, C.A.R.: Proof of correctness of data representations. Acta Informatica 1(4), 271–281 (1972)

    Article  MATH  Google Scholar 

  21. Jacobs, B., Leino, K.R.M., Piessens, F., Schulte, W.: Safe concurrency for aggregate objects with invariants. In: IEEE International Conference on Software Engineering (SEFM 2005), pp. 137–147. IEEE Computer Society Press, Los Alamitos (2005)

    Google Scholar 

  22. Jones, C.B.: The early search for tractable ways of reasoning about programs. IEEE Annals of the History of Computing 25(2), 26–49 (2003)

    Article  MathSciNet  Google Scholar 

  23. Leavens, G.T., Baker, A.L., Ruby, C.: Preliminary design of JML: A behavioral interface specification language for Java. Technical Report 98-06-rev29, Iowa State University, Department of Computer Science; (January 2006) (to appear) ( ACM SIGSOFT Software Engineering Notes)

    Google Scholar 

  24. Leavens, G.T., Cheon, Y.: Design by Contract with JML (2005) Draft, available from jmlspecs.org

  25. Leavens, G.T., Cheon, Y., Clifton, C., Ruby, C., Cok, D.R.: How the design of JML accommodates both runtime assertion checking and formal verification. Science of Computer Programming 55(1–3), 185–208 (2005)

    Article  MATH  MathSciNet  Google Scholar 

  26. Leavens, G.T., Dhara, K.K.: Concepts of behavioral subtyping and a sketch of their extension to component-based systems. In: Leavens, G.T., Sitaraman, M. (eds.) Foundations of Component-Based Systems, ch. 6, pp. 113–135. Cambridge University Press, Cambridge (2000)

    Google Scholar 

  27. Leavens, G.T.: Modular verification of object-oriented programs with subtypes. Technical Report 90–09, Department of Computer Science, Iowa State University, Ames, Iowa, 50011 (July 1990), Available by anonymous ftp from ftp.cs.iastate.edu , and by e-mail from almanac@cs.iastate.edu

  28. Rustan, K., Leino, M.: Data groups: Specifying the modification of extended state. In: OOPSLA 1998 Conference Proceedings. ACM SIGPLAN Notices, vol. 33(10), pp. 144–153. ACM, New York (1998)

    Google Scholar 

  29. Liskov, B., Guttag, J.: Program Development in Java. The MIT Press, Cambridge (2001)

    Google Scholar 

  30. Liskov, B.: Data abstraction and hierarchy. ACM SIGPLAN Notices 23(5), 17–34 (1988); Revised version of the keynote address given at OOPSLA 1987

    Google Scholar 

  31. Leino, K.R.M., Müller, P.: A verification methodology for model fields. In: Sestoft, P. (ed.) ESOP 2006. LNCS, vol. 3924, pp. 115–130. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  32. Leavens, G.T., Poll, E., Clifton, C., Cheon, Y., Ruby, C., Cok, D.R., Müller, P., Kiniry, J.R., Chalin, P.: JML Reference Manual. Department of Computer Science, Iowa State University (January 2006), Available from: http://www.jmlspecs.org

  33. Liskov, B., Wing, J.: A behavioral notion of subtyping. ACM Transactions on Programming Languages and Systems 16(6), 1811–1841 (1994)

    Article  Google Scholar 

  34. Leavens, G.T., Weihl, W.E.: Specification and verification of object-oriented programs using supertype abstraction. Acta Informatica 32(8), 705–778 (1995)

    MATH  MathSciNet  Google Scholar 

  35. Meyer, B.: Applying “Design by Contract”. Computer 25(10), 40–51 (1992)

    Article  Google Scholar 

  36. Meyer, B.: Object-oriented Software Construction, 2nd edn. Prentice Hall, New York (1997)

    MATH  Google Scholar 

  37. Middelkoop, R., Huizing, C., Kuiper, R., Luit, E.: Cooperation-based invariants for OO languages. In: Proceedings of the International Workshop on Formal Aspects of Component Software (FACS 2005) (2005)

    Google Scholar 

  38. Mitchell, R., McKim, J.: Design by Contract by Example. Addison-Wesley, Indianapolis (2002)

    Google Scholar 

  39. Morgan, C.: Programming from Specifications, 2nd edn. Prentice Hall International, Hempstead (1994)

    MATH  Google Scholar 

  40. Meyer, J., Poetzsch-Heffter, A.: An architecture for interactive program provers. In: Schwartzbach, M.I., Graf, S. (eds.) ETAPS 2000 and TACAS 2000. LNCS, vol. 1785, pp. 63–77. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  41. Müller, P., Poetzsch-Heffter, A., Leavens, G.T.: Modular specification of frame properties in JML. Concurrency, Computation Practice and Experience 15, 117–154 (2003)

    Article  MATH  Google Scholar 

  42. P. Müller, A. Poetzsch-Heffter, G.T. Leavens. Modular invariants for layered object structures. Technical Report 424, ETH Zurich (March 2005)

    Google Scholar 

  43. Marché, C., Paulin-Mohring, C., Urbain, X.: The Krakatoa tool for certification of Java/JavaCard programs annotated in JML. Journal of Logic and Algebraic Programming 58(1–2), 89–106 (2004)

    Article  MATH  Google Scholar 

  44. Naumann, D.A.: Observational purity and encapsulation. In: Cerioli, M. (ed.) FASE 2005. LNCS, vol. 3442, pp. 190–204. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  45. Noble, J., Vitek, J., Potter, J.: Flexible alias protection. In: Jul, E. (ed.) ECOOP 1998. LNCS, vol. 1445, pp. 158–185. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  46. Poetzsch-Heffter, A.: Specification and verification of object-oriented programs. Habilitation thesis, Technical University of Munich (January 1997)

    Google Scholar 

  47. Ruby, C., Leavens, G.T.: Safely creating correct subclasses without seeing superclass code. In: OOPSLA 2000 Conference on Object-Oriented Programming, Systems, Languages, and Applications, Minneapolis, Minnesota. ACM SIGPLAN Notices, vol. 35(10), pp. 208–228 (October 2000)

    Google Scholar 

  48. Rosenblum, D.S.: Towards a method of programming with assertions. In: Proceedings of the 14th International Conference on Software Engineering, pp. 92–104 (May 1992)

    Google Scholar 

  49. Rosenblum, D.S.: A practical approach to programming with assertions. IEEE Transactions on Software Engineering 21(1), 19–31 (1995)

    Article  Google Scholar 

  50. Szyperski, C.: Component Software. Addison-Wesley, Reading (1998)

    Google Scholar 

  51. Wing, J.M.: A specifier’s introduction to formal methods. Computer 23(9), 8–24 (1990)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Concordia University, Montréal, Québec, Canada

    Patrice Chalin

  2. University College Dublin, Ireland

    Joseph R. Kiniry

  3. Iowa State University, Ames, Iowa, USA

    Gary T. Leavens

  4. Radboud University Nijmegen, the Netherlands

    Erik Poll

Authors
  1. Patrice Chalin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Joseph R. Kiniry
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Gary T. Leavens
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Erik Poll
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Centre for Mathematics and Computer Science, CWI, Kruislaan 413, 1098, Amsterdam, SJ, The Netherlands

    Frank S. de Boer

  2. Leiden Institute of Advanced Computer Science, Leiden University, P.O. Box 9512, 2300, Leiden, RA, The Netherlands

    Marcello M. Bonsangue

  3. Centre Equitation, VERIMAG, 2 Avenue de Vignate, 38610, Grenoble-Gières, France

    Susanne Graf

  4. Institute of Computer Science and Applied Mathematics, Christian-Albrechts University, Kiel,Hermann-Rodewald-Straße 3, 24118, Kiel, Germany

    Willem-Paul de Roever

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Chalin, P., Kiniry, J.R., Leavens, G.T., Poll, E. (2006). Beyond Assertions: Advanced Specification and Verification with JML and ESC/Java2. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, WP. (eds) Formal Methods for Components and Objects. FMCO 2005. Lecture Notes in Computer Science, vol 4111. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11804192_16

Download citation

  • DOI: https://doi.org/10.1007/11804192_16

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-36749-9

  • Online ISBN: 978-3-540-36750-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation