Making Specifications Complete Through Models

  • Bernd Schoeller
  • Tobias Widmer
  • Bertrand Meyer
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3938)


Good components need precise contracts. In the practice of Design by ContractTM, applications and libraries typically express, in their postconditions and class invariants, only a subset of the relevant properties. We present:

An approach to making these contract elements complete without extending the assertion language, by relying on “model classes” directly deduced from mathematical concepts.

An actual “Mathematical Model Library” (MML) built for that purpose

A method for using MML to express complete contracts through abstraction functions, and an associated theory of specification soundness.

As a direct application of these ideas, a new version of a widely used data structure and algorithms library equipped with complete contracts through MML.

All the software is available for download. The approach retains the pragmatism of the Design by Contract method, suitable for ordinary applications and understandable to ordinary programmers, while potentially achieving the benefits of much heavier formal specifications.

The article concludes with a discussion of applications to testing and program proving, and of remaining issues.


Mathematical Object Model Library Model Contract Complete Contract Cursor Position 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abrial, J.-R.: The B-Book – assigning programs to meanings. Cambridge University Press, Cambridge (1996)CrossRefzbMATHGoogle Scholar
  2. 2.
    Barnett, M., Rustan, K., Leino, M., Schulte, W.: The spec# programming system: An overview. In: Barthe, G., Burdy, L., Huisman, M., Lanet, J.-L., Muntean, T. (eds.) CASSIS 2004. LNCS, vol. 3362, pp. 49–69. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  3. 3.
    Barnett, M., Schulte, W.: The ABCs of specifications: AsmL, behavior, and components. Informatica 25(4), 517–526 (2001)zbMATHGoogle Scholar
  4. 4.
    Blass, A., Gurevich, Y.: Background, reserve, and gandy machines. In: Clote, P.G., Schwichtenberg, H. (eds.) CSL 2000. LNCS, vol. 1862, pp. 1–17. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  5. 5.
    Burdy, L., Cheon, Y., Cok, D., Ernst, M., Kiniry, J.R., Leavens, G.T., Leino, K.R.M., Poll, E.: An overview of JML tools and applications. Technical Report R0309, NIII (2003)Google Scholar
  6. 6.
    Cheon, Y., Leavens, G.T.: The larch/smalltalk interface specification language. In: ACM Transactions on Software Engineering and Methodology, vol. 3, pp. 221–253. ACM Press, New York (1994)Google Scholar
  7. 7.
    Cheon, Y., Leavons, G.T., Sitaraman, M., Edwards, S.: Model variables: Cleanly supporting abstraction in design by contract. Technical Report 03-10, Iowa State University (April 2003)Google Scholar
  8. 8.
    Ciupa, I., Leitner, A.: Automatic testing based on design by contract. In: Proceedings of Net.ObjectDays 2005. tranSIT Thüringer Anwendungszentrum für Software, Informations- und Kommunikationstechnologien GmbH (to be published, 2005)Google Scholar
  9. 9.
    Dubois, P., Howard, M., Meyer, B., Schweitzer, M., Stapf, E.: From calls to agents. Journal of Object-Oriented Programming 12(6) (1999)Google Scholar
  10. 10.
    Eiffel Software. EiffelBase (August 2005),
  11. 11.
    Gurevich, Y.: Sequential abstract state machines capture sequential algorithms. ACM Transactions on Computational Logic 1(1), 77–111 (2000)MathSciNetCrossRefGoogle Scholar
  12. 12.
    Guttag, J.V., Jorning, J.J., Garland, S.J., Jones, K.D., Modet, A., Wing, J.M.: Larch: Languages and Tools for Formal Specifications. Springer, New York (1993)CrossRefGoogle Scholar
  13. 13.
    Hoare, C.A.R.: Proof of correctness of data representations. Acta Informatica 1(4), 271–281 (1972)CrossRefzbMATHGoogle Scholar
  14. 14.
    Kramer, R.: iContract - the Java(tm) Design by Contract(tm) tool. In: TOOLS 1998: Proceedings of the Technology of Object-Oriented Languages and Systems, p. 295. IEEE Computer Society, Washington (1998)Google Scholar
  15. 15.
    Leavens, G.T.: Larch/C++, an interface specification language for C++. Technical report, Iowa State University, Ames, Iowa 50011 USA (August 1997)Google Scholar
  16. 16.
    Leavens, G.T., Baker, A.L., Ruby, C.: Preliminary design of JML: A behavioral interface specification language for Java. Technical Report 98-06t, Department of Computer Science, Iowa State University (June 1998)Google Scholar
  17. 17.
    M. Leino, K.R., Müller, P.: A verification methodology for model fields. In: Sestoft, P. (ed.) ESOP 2006. LNCS, vol. 3924, pp. 115–130. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  18. 18.
    Meyer, B.: Tools for the new culture: Lessons from the design of the eiffel libraries. Communications of the ACM 33(9), 40–60 (1990)CrossRefGoogle Scholar
  19. 19.
    Meyer, B.: Eiffel: the language. Object-Oriented Series. Prentice Hall, New York (1992)zbMATHGoogle Scholar
  20. 20.
    Meyer, B.: Reusable software: the Base object-oriented component libraries. Prentice-Hall, Englewood Cliffs (1994)Google Scholar
  21. 21.
    Meyer, B.: Object-Oriented Software Construction, 2nd edn. Prentice Hall, Englewood Cliffs (1997)zbMATHGoogle Scholar
  22. 22.
    Meyer, B.: A framework for proving contract-equipped classes. In: Börger, E., Gargantini, A., Riccobene, E. (eds.) ASM 2003. LNCS, vol. 2589, pp. 108–125. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  23. 23.
    Meyer, B.: Attached types and their application to three open problems of object-oriented programming. In: Black, A.P. (ed.) ECOOP 2005. LNCS, vol. 3586, pp. 1–32. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  24. 24.
    Meyer, B. (ed.): Eiffel Analysis, Design and Programming Language. ECMA International; As approved as International Standard 367 (June 2005)Google Scholar
  25. 25.
    Meyer, B.: Eiffel: The language, 3rd edn. (August 2005),
  26. 26.
    Mitchell, R., McKim, J.: Design by Contract, by example. Addison-Wesley, Reading (2002)Google Scholar
  27. 27.
    Müller, P., Poetzsch-Heffter, A., Leavens, G.T.: Modular specification of frame properties in JML. Concurrency and Computation: Practice and Experience 15, 117–154 (2003)CrossRefzbMATHGoogle Scholar
  28. 28.
    Nipkow, T., Paulson, L.C., Wenzel, M.: Isabelle/HOL - A Proof Assistant for Higher-Order Logic. Springer, Heidelberg (2004)zbMATHGoogle Scholar
  29. 29.
    Nonprofit International Consortium for Eiffel (NICE). The Eiffel Library Standard, TR-EI-48/KL (June 1995)Google Scholar
  30. 30.
    Object Management Group. UML 2.0 OCL Specification, adopted specification, ptc/13-10-14 (November 2003)Google Scholar
  31. 31.
    Schoeller, B.: Strengthening eiffel contracts using models. In: Van, H.D., Liu, Z. (eds.) Proceeding of the Workshop on Formal Aspects of Component Software FACS 2003, number 284 in UNU/IIST Report, pp. 143–158 (September 2003)Google Scholar
  32. 32.
    Spivey, J.M.: An introduction to Z and formal specifications. Software Engineering Journal (January 1989)Google Scholar
  33. 33.
    Spivey, J.M.: The Z Notation: A Reference Manual, 2nd edn. International Series in Computer Science. Prentice-Hall, Englewood Cliffs (1992)zbMATHGoogle Scholar
  34. 34.
    Steria, Aix-en-Provence, France. Atelier B Interactive Prover User ManualGoogle Scholar
  35. 35.
    Widmer, T.: Reusable mathematical models. Master’s thesis, ETH Zürich (July 2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Bernd Schoeller
    • 1
  • Tobias Widmer
    • 2
  • Bertrand Meyer
    • 1
  1. 1.ETH ZurichSwitzerland
  2. 2.IBM ResearchZurichSwitzerland

Personalised recommendations