Midlet Navigation Graphs in JML

  • Wojciech Mostowski
  • Erik Poll
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6527)


In the context of the EU project Mobius on Proof Carrying Code for Java programs (midlets) on mobile devices, we present a way to express midlet navigation graphs in JML. Such navigation graphs express certain security policies for a midlet. The resulting JML specifications can be automatically checked with the static checker ESC/Java2. Our work was guided by a realistically sized case study developed as demonstrator in the project. We discuss practical difficulties with creating efficient and meaningful JML specifications for automatic verification with a lightweight verification tool such as ESC/Java2, and the potential use of these specifications for PCC.


Java Modelling Language Phone Book Public Class Displayable Object Public Void 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Barnett, M., Leino, K., Schulte, W.: The Spec# programming system: An overview. In: Barthe, G., Burdy, L., Huisman, M., Lanet, J.-L., Muntean, T. (eds.) CASSIS 2004. LNCS, vol. 3362, pp. 151–171. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  2. 2.
    Barthe, G., Crégut, P., Grégoire, B., Jensen, T., Pichardie, D.: The MOBIUS proof carrying code infrastructure. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.-P. (eds.) FMCO 2007. LNCS, vol. 5382, pp. 1–24. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  3. 3.
    Beckert, B., Hähnle, R., Schmitt, P.H. (eds.): Verification of Object-Oriented Software: The KeY Approach. LNCS (LNAI), vol. 4334. Springer, Heidelberg (2007)Google Scholar
  4. 4.
    Chalin, P., Kiniry, J.R., Leavens, G.T., Poll, E.: Beyond assertions: Advanced specification and verification with JML and ESC/Java2. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.-P. (eds.) FMCO 2005. LNCS, vol. 4111, pp. 342–363. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  5. 5.
    Crégut, P.: Extracting control from data: User interfaces of MIDP applications. In: Barthe, G., Fournet, C. (eds.) TGC 2007 and FODO 2008. LNCS, vol. 4912, pp. 41–56. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  6. 6.
    Drossopoulou, S., Francalanza, A., Müller, P., Summers, A.: A unified framework for verification techniques for object invariants. In: Ryan, M. (ed.) ECOOP 2008. LNCS, vol. 5142, pp. 412–437. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  7. 7.
    Flanagan, C., Leino, K., Lillibridge, M., Nelson, G., Saxe, J., Stata, R.: Extended static checking for Java. In: PLDI 2002, pp. 234–245. ACM, New York (2002)Google Scholar
  8. 8.
    Gamma, E., Helm, R., Johnson, R., Vlissides, J.: Design Patterns. Addison-Wesley, Reading (1999)zbMATHGoogle Scholar
  9. 9.
    Hubbers, E., Oostdijk, M.: Generating JML specifications from UML state diagrams. In: Forum on Specification & Design Languages FDL 2003, pp. 263–273. ECSI (2003)Google Scholar
  10. 10.
    Janota, M., Grigore, R., Moskal, M.: Reachability analysis for annotated code. In: SAVCBS, pp. 23–30. ACM, New York (2007)CrossRefGoogle Scholar
  11. 11.
    Kiniry, J., Cok, D.: ESC/Java2: Uniting ESC/Java and JML. In: Barthe, G., Burdy, L., Huisman, M., Lanet, J.-L., Muntean, T. (eds.) CASSIS 2004. LNCS, vol. 3362, pp. 108–128. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  12. 12.
    Kiniry, J., Morkan, A.E., Denby, B.: Soundness and completeness warnings in ESC/Java2. In: SAVCBS 2006, pp. 19–24. ACM, New York (2006)Google Scholar
  13. 13.
    Leavens, G., Poll, E., Clifton, C., Cheon, Y., Ruby, C., Cok, D., Müller, P., Kiniry, J., Chalin, P.: JML reference manual (2003-2007),
  14. 14.
    Leavens, G.T., Baker, A.L., Ruby, C.: JML: A Notation for Detailed Design. Kluwer Academic Publishers, Dordrecht (1999)Google Scholar
  15. 15.
    Mobius. Deliverable D5.1 – Selection of case studies. Mobius (2005),
  16. 16.
    Möller, M., Olderog, E., Rasch, H., Wehrheim, H.: Linking CSP-OZ with UML and Java: A case study. In: Boiten, E.A., Derrick, J., Smith, G.P. (eds.) IFM 2004. LNCS, vol. 2999, pp. 267–286. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  17. 17.
    Necula, G.C.: Proof-carrying code. In: POPL, pp. 106–119. ACM, New York (1997)CrossRefGoogle Scholar
  18. 18.
    Pichardie, D.: Bicolano: a Java bytecode semantics in Coq. (2006),
  19. 19.
    Pierik, C., Clarke, D., de Boer, F.S.: Creational invariants. In: ECOOP Workshop on Formal Techniques for Java-like Programs, FTfJP 2004 (2004)Google Scholar
  20. 20.
    The Java Verified Program. Unified Testing Criteria for Java technology-based applications for mobile devices, version 3.0 (2009)Google Scholar
  21. 21.
    Trentelman, K., Huisman, M.: Extending JML specifications with temporal logic. In: Kirchner, H., Ringeissen, C. (eds.) AMAST 2002. LNCS, vol. 2422, pp. 334–348. Springer, Heidelberg (2002)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Wojciech Mostowski
    • 1
  • Erik Poll
    • 1
  1. 1.Digital Security GroupRadboud University NijmegenNetherlands

Personalised recommendations