Towards an industrial grade IVE for Java and next generation research platform for JML

  • Patrice Chalin
  • Robby
  • Perry R. James
  • Jooyong Lee
  • George Karabotsos
VSTTE 2008


Tool support for the Java Modeling Language (JML) is a very pressing problem. A main issue with current tools is their architecture; the cost of keeping up with the evolution of Java is prohibitively high, e.g., Java 5 has yet to be fully supported. This paper presents JmlEclipse, an Integrated Verification Environment (IVE) for JML that builds upon Eclipse’s support for Java, enhancing it with preliminary versions of Runtime Assertion Checking (RAC), Extended Static Checking (ESC), Full Static Program Verification (FSPV), and symbolic execution. To our knowledge, JmlEclipse is the first IVE to support such a full range of verification techniques for a mainstream language. We present the original tool architecture as well as an improved design based on use of the JML Intermediate Representation (JIR), which helps decouple JmlEclipse from the internals of its base compiler. As a result, we believe that JmlEclipse is easier to maintain and extend. Use of JIR as a tool exchange format is also described.


Program verification Java Integrated verification environment 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ahrendt W., Baar T., Beckert B., Bubel R., Giese M., Hähnle R., Menzel W., Mostowski W., Roth A., Schlager S., Schmitt P.H.: The KeY tool. Softw. Syst. Model. 4, 32–54 (2005)CrossRefGoogle Scholar
  2. 2.
    Aspinall, D.: Proof General. (2008)
  3. 3.
    Aspinall, D., Winterstein, D., Luth, C., Fayyaz, A.: Proof general in Eclipse: system and architecture overview. In: Proceedings of the OOPSLA Workshop on Eclipse Technology eXchange (ETX) (2006)Google Scholar
  4. 4.
    Baresi, L., Ghezzi, C., Mottola, L.: On accurate automatic verification of publish-subscribe architectures. In: Proceedings of the International Conference on Software Engineering (ICSE), pp. 199–208 (2007)Google Scholar
  5. 5.
    Barnes J.: High integrity software: the Spark approach to safety and security. Addison-Wesley, Reading (2003)Google Scholar
  6. 6.
    Barnett, M., Leino, K.R.M.: Weakest-precondition of unstructured programs. In: Workshop on Program Analysis for Software Tools and Engineering (PASTE), Lisbon, Portugal. ACM Press (2005)Google Scholar
  7. 7.
    Barthe, G., Burdy, L., Charles, J., Grégoire, B., Huisman, M., Lanet, J.-L., Pavlova, M., Requet, A.: JACK: a tool for validation of security and behaviour of Java applications. In: Proceedings of the 5th International Symposium on Formal Methods for Components and Objects (FMCO), (2007)Google Scholar
  8. 8.
    Bianculli, D., Ghezzi, C., Spoletini, P.: A model checking approach to verity BPEL4WS Workflows. In: Proceedings of the IEEE Conference on Serice-Oriented Computing and Applications (SOCA), pp. 13–20 (2007)Google Scholar
  9. 9.
    Brat, G., Havelund, K., Park, S., Visser, W.: Java PathFinder—a second generation of a Java model-checker. In: Proceedings of the Workshop on Advances in Verification (2000)Google Scholar
  10. 10.
    Burdy L., Cheon Y., Cok D.R., Ernst M.D., Kiniry J.R., Leavens G.T., Leino K.R.M., Poll E.: An overview of JML tools and applications. Int. J. Softw. Tools Technol. Transfer 7(3), 212–232 (2005)CrossRefGoogle Scholar
  11. 11.
    Burdy, L., Huisman, M., Pavlova, M.: Preliminary design of BML: a behavioral interface specification language for Java bytecode. In: Proceedings of the Fundamental Approaches to Software Engineering (FASE). LNCS, vol. 4422, pp. 215–229 (2007)Google Scholar
  12. 12.
    Burdy, L., Requet, A., Lanet, J.-L.: Java Applet correctness: a developer-oriented approach. In: Proceedings of the International Symposium of Formal Methods Europe. LNCS, vol. 2805, pp. 422–439. Springer, Berlin (2003)Google Scholar
  13. 13.
    Catano, N., Wahls, T.: Executing JML specifications of Java card applications: a case study. In: Proceedings of the ACM Symposium on Applied Computing, Software Engineering Track (SAC-SE), Hawaii, March 2009Google Scholar
  14. 14.
    Chalin, P.: Are practitioners writing contracts? In: Butler, M., Jones, C.B., Romanovsky, A., Troubitsyna, E. (eds.) Rigorous Development of Complex Fault-Tolerant Systems. LNCS, vol. 4157, pp. 100–113. Springer (2006)Google Scholar
  15. 15.
    Chalin, P., James, P.R.: Non-null references by default in Java: alleviating the nullity annotation burden. In: Proceedings of the 21st European Conference on Object-Oriented Programming (ECOOP), Berlin, Germany, July–August. LNCS, vol. 4609, pp. 227–247. Springer, New York (2007)Google Scholar
  16. 16.
    Chalin, P., James, P.R., Karabotsos, G.: JML4: towards an industrial grade IVE for Java and next generation research platform for JML. In: Proceedings of the International Conference on Verified Software: Theories, Tools, Experiments (VSTTE), Toronto, Canada. October 6–9, 2008Google Scholar
  17. 17.
    Chalin P., James P.R., Rioux F.: Reducing the use of nullable types through non-null by default and monotonic non-null. IET Softw. J. 2(6), 515–531 (2008)CrossRefGoogle Scholar
  18. 18.
    Chalin, P., Kiniry, J., Leavens, G.T., Poll, E.: Beyond assertions: advanced specification and verification with JML and ESC/Java2. In: Fourth International Symposium on Formal Methods for Components and Objects (FMCO’05). LNCS, vol. 4111, pp. 342–363 (2006)Google Scholar
  19. 19.
    Cheon, Y.: A runtime assertion checker for the Java Modeling Language. Iowa State University, Ph.D. Thesis. TR #03-09, April 2003Google Scholar
  20. 20.
    Chrzaszcz, J., Huisman, M., Schubert, A., Kiniry, J., Pavlova, M., Poll, E.: BML Reference Manual. (2008)
  21. 21.
    Cok, D.: Adapting JML to generic types and Java 1.6. In: Proceedings of the International Workshop on Specification and Verification of Component-Based Systems (SAVCBS), Atlanta, Georgia (USA). November 2008Google Scholar
  22. 22.
  23. 23.
  24. 24.
    Cok, D.R., Kiniry, J.R.: ESC/Java2: uniting ESC/Java and JML. In: Barthe, G., Burdy, L., Huisman, M., Lanet, J.-L., Muntean, T. (eds.) Proceedings of the International Workshop on the Construction and Analysis of Safe, Secure, and Interoperable Smart Devices (CASSIS’04), Marseille, France, March 10–14, 2004. LNCS, vol. 3362, pp. 108–128. Springer (2004)Google Scholar
  25. 25.
    Corbett J.C., Dwyer M.B., Hatcliff J., Hatcliff J.: Expressing checkable properties of dynamic systems: the Bandera specification language. Int. J. Softw. Tools Technol. Transfer 4(1), 34–56 (2002)CrossRefGoogle Scholar
  26. 26.
    Deng, X., Lee, J., Robby: Bogor/Kiasan: a k-bounded symbolic execution for checking strong heap properties of open systems. In: Proceedings of the IEEE/ACM Conference on Automated Software Engineering (ASE), pp. 157–166 (2006)Google Scholar
  27. 27.
    Deng X., Robby , Hatcliff J.: Kiasan/KUnit: Automatic Test Case Generation and Analysis Feedback for Open Object-Oriented Systems. Kansas State University, Kansas (2007)Google Scholar
  28. 28.
    Dwyer, M.B., Robby, Tkachuk, O., Visser, W.: Analyzing interaction orderings with model checking. In: Proceedings of the IEEE Conference on Automated Software Engineering, Linz, Austria, pp. 154–163 (2004)Google Scholar
  29. 29.
    Stephen H.E., Wayne D.H., Timothy J.L., Murali S., Bruce W.W.: Part II: specifying components in RESOLVE. SIGSOFT Softw. Eng. Notes 19(4), 29–39 (1994)zbMATHCrossRefGoogle Scholar
  30. 30.
    Ernst, M., Coward, D.: Annotations on Java Types., JSR 308. October 17, 2006Google Scholar
  31. 31.
    Filliâtre, J.-C., Marché, C.: The Why/Krakatoa/Caduceus platform for deductive program verification. In: Proceedings of the Conference on Computer Aided Verification (CAV). LNCS, vol. 4590 (2007)Google Scholar
  32. 32.
    Filman R.E., Elrad T., Clarke S., Aksit M.: Aspect-Oriented Software Development. Addison-Wesley, Reading (2005)Google Scholar
  33. 33.
    Flanagan C., Leino K.R.M., Lillibridge M., Nelson G., Saxe J.B., Stata R.: Extended static checking for Java. Proc. ACM SIGPLAN Conf. Program. Lang. Des. Implement. 37(5), 234–245 (2002)Google Scholar
  34. 34.
    Haddad, G., Leavens, G.T.: Extensible Dynamic Analysis for JML: A Case Study with Loop Annotations. University of Central Florida CS-TR-08-05. April, 2008Google Scholar
  35. 35.
    James, P.R., Chalin, P.: Extended static checking in JML4: benefits of multiple-prover support. In: Proceedings of the ACM Symposium on Applied Computing, Software Verification and Testing Track (SAC-SVT), Hawaii. March 2009Google Scholar
  36. 36.
    James P.R., Chalin P.: Faster and more complete extended static checking for the Java Modeling Language. J. Autom. Reason. 44, 145–174 (2010)zbMATHCrossRefGoogle Scholar
  37. 37.
    James, P.R., Chalin, P., Giannas, L., Karabotsos, G.: Distributed, multi-threaded verification of Java Programs. In: Proceedings of the International Workshop on Specification and Verification of Component-Based Systems (SAVCBS), Atlanta, Georgia (USA). November 2008Google Scholar
  38. 38.
    Krause, B., Wahls, T.: jmle: a tool for executing JML specifications via constraint programming. In: Proceedings of the Formal Methods for Industrial Critical Systems (FMICS). LNCS, vol. 4346. March, 2009Google Scholar
  39. 39.
    Kulczycki, G.: Resolve-style components in Java. In: Proceedings of the RESOLVE Workshop, Virginia, USA (2009)Google Scholar
  40. 40.
    Leavens, G.T.: The Java Modeling Language (JML). (2007)
  41. 41.
    Leavens, G.T., Cheon, Y.: Design by contract with JML. (2006)
  42. 42.
    Leavens G.T., Leino K.R.M., Mueller P.: Specification and verification challenges for sequential object-oriented programs. Form. Asp. Comput. J. 19(2), 159–189 (2007)zbMATHCrossRefGoogle Scholar
  43. 43.
    Leavens, G.T., Poll, E., Clifton, C., Cheon, Y., Ruby, C., Cok, D., Müller, P., Kiniry, J., Chalin, P.: JML Reference Manual. (2008)
  44. 44.
    Meyer B.: Applying design by contract. Computer 25(10), 40–51 (1992)CrossRefGoogle Scholar
  45. 45.
    Rieken J. (2007) Design by contract for Java—revised. Master’s thesis: Universität OldenburgGoogle Scholar
  46. 46.
    Rieken, J.: Modern Jass. (2007)
  47. 47.
    Robby: Sireum. (2009)
  48. 48.
    Robby, Chalin, P.: Preliminary Design of a unified JML representation and software infrastructure. In: Proceedings of the 11th Workshop on Formal Techniques for Java-like Programs (FTfJP’09), Genova, Italy. July 2009Google Scholar
  49. 49.
    Robby, Dwyer, M.B., Hatcliff, J.: Bogor: An extensible and highly-modular model checking framework. In: Proceedings of the ACM SIGSOFT Symposium on the Foundations of Software Engineering, pp. 267–276 (2003)Google Scholar
  50. 50.
    Schirmer N.: A sequential imperative programming language syntax, semantics, Hoare logics and verification environment. In: Isabelle Archive of Formal Proofs (2008)Google Scholar
  51. 51.
    Smith, H., Harton, H., Frazier, D., Mohan, R., Sitaraman, M.: Generating verified Java components through RESOLVE. In: Proceedings of the International Conference on Software Reuse (ICSR), Virginia, USA. LNCS, vol. 5791, pp. 11–20 (2009)Google Scholar
  52. 52.
    Sun Developer Network.: Annotation Processing Tool. (2004)
  53. 53.
    Taylor, K.B.: A specification language design for the Java Modeling Language (JML) using Java 5 annotations. Masters thesis, Iowa State University (2008)Google Scholar
  54. 54.
    Taylor, K.B., Rieken, J., Leavens, G.T.: Adapting the Java Modeling Language (JML) for Java 5 Annotations. Department of Computer Science, Iowa State University, TR 08-06 (2008)Google Scholar
  55. 55.
    van den Berg J., Jacobs B.: The LOOP compiler for Java and JML. In: Margaria, T., Yi, W. (eds) Proceedings of the Tools and Algorithms for the Construction and Analysis of Software (TACAS). LNCS, vol. 2031, pp. 299–312. Springer, Berlin (2001)CrossRefGoogle Scholar
  56. 56.
    Wilson, T., Maharaj, S., Clark, R.G.: Omnibus: A clean language and supporting tool for integrating different assertion-based verification techniques. In: Proceedings of the Proceedings of REFT 2005, Newcastle, UK. July 2005Google Scholar
  57. 57.
    Wing J.M.: Writing Larch interface language specifications. ACM Trans. Program. Lang. Syst. 9(1), 1–24 (1987)zbMATHCrossRefMathSciNetGoogle Scholar
  58. 58.
    Zee, K., Kuncak, V., Rinard, M.C.: Full functional verification of linked data structures. In: Proceedings of the ACM Conference on Programming Language Design and Implementation (PLDI) (2008)Google Scholar
  59. 59.
    Zee, K., Kuncak, V., Rinard, M.C.: An integrated proof language for imperative programs. In: Proceedings of the ACM Conference on Programming Language Design and Implementation (PLDI) (2009)Google Scholar

Copyright information

© Springer-Verlag 2010

Authors and Affiliations

  • Patrice Chalin
    • 1
  • Robby
    • 2
  • Perry R. James
    • 1
  • Jooyong Lee
    • 2
  • George Karabotsos
    • 1
  1. 1.Dependable Software Research Group (DSRG), Department of Computer Science and Software EngineeringConcordia UniversityMontrealCanada
  2. 2.SAnToS Laboratory, Department of Computing and Information SciencesKansas State UniversityManhattanUSA

Personalised recommendations