Software Quality Journal

, Volume 15, Issue 1, pp 7–25 | Cite as

Specifying and checking method call sequences of Java programs

  • Yoonsik Cheon
  • Ashaveena Perumandla


In a pre and postcondition-style specification, it is difficult to specify the allowed sequences of method calls, referred to as protocols. The protocols are essential properties of reusable object-oriented classes and application frameworks, and the approaches based on the pre and postconditions, such as design by contracts (DBC) and formal behavioral interface specification languages (BISL), are being accepted as a practical and effective tool for describing precise interfaces of (reusable) program modules. We propose a simple extension to the Java Modeling Language (JML), a BISL for Java, to specify protocol properties in an intuitive and concise manner. The key idea of our approach is to separate protocol properties from functional properties written in pre and post-conditions and to specify them in a regular expression-like notation. The semantics of our extension is formally defined and provides a foundation for implementing runtime checks. Case studies have been performed to show the effectiveness our approach. We believe that our approach can be adopted by other BISLs.


Method call sequence specification Runtime checking Assertion Pre and postconditions Programming by contract JML language 



This work was supported in part by the National Science Foundation under grant CNS-0509299 and by the University of Texas at El Paso under URI grant 14-5078-6151. Thanks to Myoung Kim and anonymous referees for comments on earlier drafts of this paper.


  1. Agarwal, P., Rubio-Medrano, C.E., Cheon, Y., Teller, P.J. 2006. A formal specification in JML of the Java security package. Technical Report 06-13, Department of Computer Science, The University of Texas at El Paso.Google Scholar
  2. Barnes, J. 2003. High Integrity Software: The SPARK Approach to Safety and Security. Addison Wesley.Google Scholar
  3. Barnett, M., Leino, K. R.M., Schulte, W. 2005. The Spec# programming system: An overview. In: Construction and Analysis of Safe, Secure, and Interoperable Smart Devices: International Workshop, CASSIS 2004, Marseille, France, March 10–14, 2004, volume 3362 of Lecture Notes in Computer Science, Springer-Verlag, pp. 49–69.Google Scholar
  4. Bartetzko, D., Fischer, C., Moller, M., Wehrheim, H. 2001. Jass-Java with assertions. In: Havelund, K., Rosu, G. (eds.), Workshop on Runtime Verification Held in Conjunction with the 13th Conference on Computer Aided Verification, CAV'01. Published in Electronic Notes in Theoretical Computer Science, vol. 55, no. 2:2001.Google Scholar
  5. Bartussek, W., Parnas, D.L. 1978. Using assertions about traces to write abstract specifications for software modules. In: Bracchi, G., Lockemann, P.C. (eds.), Proceedings of the Second Conference of the European Cooperation on Informatics: Information Systems Methodology, October 10–12, 1978, London, UK, volume 65 of Lecture Notes in Computer Science, Springer-Verlag, pp. 211–236.Google Scholar
  6. Brörkens, M. and Möller, M. 2002a. Dynamic event generation for runtime checking using the JDI. In: Havelund, K., Rosu, G. (eds.), Proceedings of the Federated Logic Conference Satellite Workshops, Runtime Verification, Copenhagen, Denmark. Electronic Notes in Theoretical Computer Science, vol. 70 no. 4.Google Scholar
  7. Brörkens, M., Möller, M. 2002b. Jassda trace assertions, runtime checking the dynamic of java programs. In: Schieferdecker, I., König, H., Wolisz, A. (eds.), Trends in Testing Communicating Systems, International Conference on Testing of Communicating Systems, Berlin, Germany, pp. 39–48.Google Scholar
  8. Burdy, L., Cheon, Y., Cok, D., Ernst, M., Kiniry, J., Leavens, G.T., Leino, K. R.M., Poll, E. 2005. An overview of JML tools and applications. International Journal on Software Tools for Technology Transfer (STTT) 7(3):212–232.Google Scholar
  9. Cheon, Y. 2003. A runtime assertion checker for the Java Modeling Language. Technical Report 03-09, Department of Computer Science, Iowa State University, Ames, IA. The author's Ph.D. dissertation.Google Scholar
  10. Cheon, Y., Leavens, G.T. 2002. A runtime assertion checker for the Java Modeling Language (JML). In: Arabnia, H.R., Mun, Y. (eds.), Proceedings of the International Conference on Software Engineering Research and Practice (SERP'02), June 24–27, 2002, Las Vegas, Nevada, USA, CSREA Press, pp. 322–328.Google Scholar
  11. Cheon, Y., Leavens, G.T., Sitaraman, M., Edwards, S. 2005. Model variables: Cleanly supporting abstraction in design by contract. Software—Practice and Experience 35(6):583–599.CrossRefGoogle Scholar
  12. Cheon, Y., Perumendla, A. 2005. Specifying and checking method call sequences in JML. In: Arabnia, H.R., Reza, H. (eds.), Proceedings of the 2005 International Conference on Software Engineering Research and Practice (SERP'05). vol. II, June 27–29, 2005, Las Vegas, Nevada, CSREA Press, pp. 511–516.Google Scholar
  13. Duncan, A., Holzle, U. 1998. Adding contracts to Java with Handshake. Technical Report TRCS98-32, Department of Computer Science, University of California, Santa Barbara, CA.Google Scholar
  14. Findler, R.B., Felleisen, M. 2001. Contract soundness for object-oriented languages. In: OOPSLA'01 Conference Proceedings, Object-Oriented Programming, Systems, Languages, and Applications, October 14–18, 2001, Tampa Bay, Florida, USA, pp. 1–15.Google Scholar
  15. Karaorman, M., Holzle, U., Bruno, J. 1999. iContractor: A reflective Java library to support design by contract. In: Cointe, P. (ed.), Meta-Level Architectures and Reflection, Second International Conference on Reflection'99, Saint-Malo, France, July 19–21, 1999, Proceedings, volume 1616 of Lecture Notes in Computer Science, Springer-Verlag, pp. 175–196.Google Scholar
  16. Kramer, R. 1998. iContract—the Java design by contract tool. TOOLS 26: Technology of Object-Oriented Languages and Systems, Los Alamitos, California, pp. 295–307.Google Scholar
  17. Leavens, G.T., Baker, A.L. 1999. Enhancing the pre-and postcondition technique for more expressive specifications. In: Wing, J.M., Woodcock, J., Davies, J. (eds.), FM'99—Formal Methods: World Congress on Formal Methods in the Development of Computing Systems, Toulouse, France, September 1999 Proceedings, volume 1709 of Lecture Notes in Computer Science, Springer-Verlag, pp. 1087–1106.Google Scholar
  18. Leavens, G.T., Baker, A.L., Ruby, C. 1999. JML: A notation for detailed design. In: Kilov, H., Rumpe, B., Simmonds, I. (eds.), Behavioral Specifications of Businesses and Systems. Boston: Kluwer Academic Publishers, pp. 175–188.Google Scholar
  19. Leavens, G.T., Poll, E., Clifton, C., Cheon, Y., Ruby, C., Cok, D., Müller, P., Kiniry, J. 2005. The JML reference manual. Available from (Date retrieved: October 31, 2005).Google Scholar
  20. Luckham, D. 1990. Programming with Specifications: An Introduction to Anna, A Language for Specifying Ada Programs. Texts and Monographs in Computer Science. New York, NY: Springer-Verlag.Google Scholar
  21. Meyer, B. 1992a. Applying `design by contract'. Computer 25(10):40–51.CrossRefGoogle Scholar
  22. Meyer, B. 1992b. Eiffel: The Language. Object-Oriented Series. New York, NY: Prentice Hall.Google Scholar
  23. Meyer, B. 1997. Object-oriented Software Construction, second edition. New York, NY: Prentice Hall.Google Scholar
  24. Rodríguez, E., Dwyer, M.B., Flanagan, C., Hatcliff, J., Leavens, G.T., Robby 2005. Extending JML for modular specification and verification of multi-threaded programs. In: Black, A.P. (ed.), ECOOP 2005 — Object-Oriented Programming 19th European Conference, Glasgow, UK, volume 3586 of Lecture Notes in Computer Science, Berlin: Springer-Verlag, pp. 551–576.Google Scholar
  25. Rosenblum, D.S. 1995. A practical approach to programming with assertions. IEEE Transactions on Software Engineering 21(1):19–31.CrossRefGoogle Scholar
  26. Soundarajan, N., Fridella, S. 2000. Framework-based applications: From incremental development to incremental reasoning. In: Frakes, W.B. (ed.), Software Reuse: Advances in Software Reusability, 6th International Conference, ICSR-6, Vienna, Austria, June 27–29, 2000, Proceedings, volume 1844 of Lecture Notes in Computer Science, Springer-Verlag, pp. 100–116.Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2007

Authors and Affiliations

  1. 1.Department of Computer ScienceThe University of Texas at El PasoEl PasoUSA

Personalised recommendations