How the design of JML accommodates both runtime assertion checking and formal verification

Science of Computer Programming

Volumn 55, Issue 1-3 SPEC. ISS., 2005, Pages 185-208

  Leavens, Gary T ^a   Cheon, Yoonsik ^b   Clifton, Curtis ^a   Ruby, Clyde ^a   Cok, David R ^c  

^a Iowa State University   (United States)

^b University of Texas at El Paso   (United States)

^c EASTMAN KODAK COMPANY   (United States)

Author keywords

Formal methods; Java language; JML language; Program verification; Programming by contract; Runtime assertion checking; Specification languages

Indexed keywords

ABSTRACTING; C (PROGRAMMING LANGUAGE); COMPUTER HARDWARE DESCRIPTION LANGUAGES; COMPUTER PROGRAMMING; COMPUTER PROGRAMMING LANGUAGES; INTERFACES (COMPUTER); JAVA PROGRAMMING LANGUAGE;

FORMAL METHODS; JML LANGUAGE; PROGRAM VERIFICATION; PROGRAMMING BY CONTACT; RUNTIME ASSERTION CHECKING;

ENCODING (SYMBOLS);

EID: 13144252258     PISSN: 01676423     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.scico.2004.05.015     Document Type: Conference Paper

References (92)

1. E. Abraham-Mumm, F. de Boer, W. de Roever, and M. Steffen A tool-supported proof system for multithreaded Java F. de Boer M. Bonsangue S. Graf W.-P. de Roever FMCO 2002: Formal Methods for Component Objects, Proceedings, Lecture Notes in Computer Science 2003 Springer-Verlag
2. P. America Inheritance and subtyping in a parallel object-oriented language J. Bezivin European Conference on Object-Oriented Programming, ECOOP'87 Paris, France Lecture Notes in Computer Science vol. 276 1987 Springer-Verlag New York, NY 234-242
3. P. America Designing an object-oriented programming language with behavioural subtyping J.W. de Bakker W.P. de Roever G. Rozenberg Foundations of Object-Oriented Languages, REX School/Workshop May-June 1990, Noordwijkerhout, The Netherlands Lecture Notes in Computer Science vol. 489 1991 Springer-Verlag New York, NY 60-90
4. K. Arnold, J. Gosling, and D. Holmes The Java Programming Language Third Edition 3rd edition 2000 Addison-Wesley Reading, MA
5. H. Barringer, J.H. Cheng, and C.B. Jones A logic covering undefinedness in program proofs Acta Informatica 21 3 1984 251 269
6. D. Bartetzko, C. Fischer, M. Moller, and H. Wehrheim Jass - Java with assertions K. Havelund G. Rosu Workshop on Runtime Verification held in conjunction with the 13th Conference on Computer Aided Verification, CAV'01, 2001 Electronic Notes in Theoretical Computer Science 55 2 2001 Available from http://www.elsevier.nl
7. J. Bicarregui, J.S. Fitgerald, P.A. Lindsay, R. Moore, and B. Ritchie Proof in VDM: A Practitioner's Guide 1994 Springer-Verlag New York, NY
8. G. Booch, J. Rumbaugh, and I. Jacobson The Unified Modeling Language User Guide, Object Technology Series 1999 Addison Wesley Longman Reading, MA
9. C. Boyapati, S. Khurshid, and D. Marinov Korat: automated testing based on Java predicates Proceedings International Symposium on Software Testing and Analysis, ISSTA 2002 ACM 123 133
10. P. Chalin, Back to basics: language support and semantics of basic infinite integer types in JML and Larch, Technical Report CU-CS 2002-003.1, Computer Science Department, Concordia University, October 2002. URL http://www.cs.concordia.ca/~faculty/chalin/papers/TR-CU-CS-2002-003.1.pdf
11. P. Chalin, Improving JML: for a safer and more effective language, Technical Report 2003-001.1, Computer Science Department, Concordia University, March 2003
12. Y. Cheon, and G.T. Leavens The Larch/Smalltalk interface specification language ACM Transactions on Software Engineering and Methodology 3 3 1994 221 253
13. Y. Cheon, and G.T. Leavens A quick overview of Larch/C++ Journal of Object-Oriented Programming 7 6 1994 39 49
14. Y. Cheon, and G.T. Leavens A runtime assertion checker for the Java Modeling Language (JML) H.R. Arabnia Y. Mun Proceedings of the International Conference on Software Engineering Research and Practice, SERP'02 24-27 June, 2002, Las Vegas, NV, USA 2002 CSREA Press 322 328 URL ftp://ftp.cs.iastate.edu/ pub/techreports/TR02-05/TR.pdf
15. Y. Cheon, and G.T. Leavens A simple and practical approach to unit testing: the JML and JUnit way B. Magnusson ECOOP 2002 - Object-Oriented Programming, 16th European Conference Máalaga, Spain, Proceedings Lecture Notes in Computer Science vol. 2374 2002 Springer-Verlag Berlin 231-255
16. C. Clifton, MultiJava: design, implementation, and evaluation of a Java-compatible language supporting modular open classes and symmetric multiple dispatch, Technical Report 01-10, Department of Computer Science, Iowa State University, Ames, Iowa, 50011, available from http://www.multijava.org, November 2001. URL ftp://ftp.cs.iastate.edu/pub/techreprts/TR01-10/TR.pdf
17. C. Clifton, G.T. Leavens, C. Chambers, and T. Millstein MultiJava: modular open classes and symmetric multiple dispatch for Java OOPSLA 2000 Conference on Object-Oriented Programming, Systems, Languages, and Applications ACM SIGPLAN Notices vol. 35(10) 2000 ACM New York 130 145
18. E. Cohen Programming in the 1990s: An Introduction to the Calculation of Programs 1990 Springer-Verlag New York, NY
19. D.R. Cok, J. Kiniry, ESC/Java2: Uniting ESC/Java and JML, Technical Report, University of Nijmegen, NIII Technical Report NIII-R0413, 2004. URL http://www.cs.kun.nl/research/reports
20. D.L. Detlefs, K.R.M. Leino, G. Nelson, J.B. Saxe, Extended static checking, SRC Research Report 159, Compaq Systems Research Center, 130 Lytton Ave., Palo Alto, December 1998
21. K.K. Dhara, and G.T. Leavens Forcing behavioral subtyping through specification inheritance Proceedings of the 18th International Conference on Software Engineering Berlin, Germany 1996 IEEE Computer Society Press 258 267 A corrected version is Iowa State University, Department of Computer Science TR #95-20c
22. E.W. Dijkstra, and C.S. Scholten Predicate Calculus and program semantics 1990 Springer-Verlag NY
23. A. Duncan, U. Holzle, Adding contracts to Java with Handshake, Technical Report TRCS98-32, Department of Computer Science, University of California, Santa Barbara, CA, December 1998
24. S.H. Edwards, W.D. Heym, T.J. Long, M. Sitaraman, and B.W. Weide Part II: specifying components in RESOLVE ACM SIGSOFT Software Engineering Notes 19 4 1994 29 39
25. M. Ernst, J. Cockrell, W.G. Griswold, and D. Notkin Dynamically discovering likely program invariants to support program evolution IEEE Transactions on Software Engineering 27 2 2001 1 25
26. R.B. Findler, and M. Felleisen Contract soundness for object-oriented languages OOPSLA'01 Conference Proceedings, Object-Oriented Programming, Systems, Languages, and Applications 14-18 October 2001, Tampa Bay, Florida, USA 2001 1 15
27. R.B. Findler, M. Latendresse, and M. Felleisen Behavioral contracts and behavioral subtyping Proceedings of Joint 8th European Software Engineering Conference, ESEC and 9th ACM SIGSOFT International Symposium on the Foundations of Software Engineering, FSE 10-14 September, 2001, Vienna, Austria 2001
28. K. Finney Mathematical notation in formal specification: too difficult for the masses? IEEE Transactions on Software Engineering 22 2 1996 158 159
29. J. Fitzgerald, and P.G. Larsen Modelling Systems: Practical Tools in Software Development 1998 Cambridge Cambridge, UK
30. C. Flanagan, K.R.M. Leino, M. Lillibridge, G. Nelson, J.B. Saxe, and R. Stata Extended static checking for Java Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation, PLDI'02 SIGPLAN vol. 37(5) 2002 ACM Press New York 234 245
31. L. Friendly The design of distributed hyperlinked programming documentation S. Fraïssè F. Garzotto T. Isakowitz J. Nanard M. Nanard Proceedings of the International Workshop on Hypermedia Design, IWHD'95 1-2 June 1995, Montpellier, France 1995 Springer 151 173 URL http://citeseer.nj.nec.com/friendly95design.html
32. D.K. Gifford, and J.M. Lucassen Integrating functional and imperative programming ACM Conference on LISP and Functional Programming 1986 ACM 28 38
33. D. Gries, and F.B. Schneider A Logical Approach to Discrete Math, Texts and Monographs in Computer Science 1994 Springer-Verlag New York, NY
34. D. Gries, and F.B. Schneider Avoiding the undefined by underspecification J. van Leeuwen Computer Science Today: Recent Trends and Developments Lecture Notes in Computer Science vol. 1000 1995 Springer-Verlag New York, NY 366 373
35. J.V Guttag, J.J. Horning, S. Garland, K. Jones, A. Modet, and J. Wing Larch: Languages and Tools for Formal Specification 1993 Springer-Verlag New York, NY
36. C.A.R. Hoare An axiomatic basis for computer programming Communications of the ACM 12 10 1969 576 583
37. C.A.R. Hoare Notes on data structuring O.-J. Dahl E. Dijkstra C.A.R. Hoare Structured Programming 1972 Academic Press, Inc. New York, NY 83 174
38. C.A.R. Hoare Proof of correctness of data representations Acta Informatica 1 4 1972 271 281
39. M. Huisman, Reasoning about Java programs in higher order logic with PVS and Isabelle, Ipa dissertation series, 2001-03, University of Nijmegen, Holland, February 2001
40. M. Huisman, and B. Jacobs Java program verification via a Hoare logic with abrupt termination T. Maibaum Fundamental Approaches to Software Engineering, FASE 2000 LNCS vol. 1783 2000 Springer-Verlag 284 303 (An earlier version is technical report CSI-R9912)
41. I. S. Organization, Information technology - programming languages, their environments and system software interfaces - Vienna Development Method - specification language - part 1: Base language, ISO/IEC 13817-1, December 1996
42. D. Jackson Alloy: a lightweight object modeling notation ACM Transactions on Software Engineering and Methodology 11 2 2002 256 290
43. B. Jacobs, and E. Poll A logic for the Java modeling language JML Fundamental Approaches to Software Engineering, FASE'2001 Genova, Italy, 2001 Lecture Notes in Computer Science vol. 2029 2001 Springer-Verlag 284-299
44. B. Jacobs, J. Kiniry, and M. Warnier Java program verification challenges F.S. de Boer M.M. Bonsangue S. Graf W.-P. de Roever FMCO 2002: Formal Methods for Component Objects, Proceedings Lecture Notes in Computer Science vol. 2852 2003 Springer-Verlag Berlin 202 219
45. B. Jacobs, J. van den Berg, M. Huisman, M. van Berkum, U. Hensel, and H. Tews Reasoning about Java classes (preliminary report) OOPSLA'98 Conference Proceedings ACM SIGPLAN Notices vol. 33(10) 1998 ACM 329 340
46. C.B. Jones Systematic Software Development Using VDM 2nd edition International Series in Computer Science 1990 Prentice Hall Englewood Cliffs, NJ
47. H.B.M. Jonkers Upgrading the pre- and postcondition technique S. Prehn W.J. Toetenel VDM'91 Formal Software Development Methods 4th International Symposium of VDM Europe Noordwijkerhout, The Netherlands, Volume 1: Conference Contributions Lecture Notes in Computer Science vol. 551 1991 Springer-Verlag New York, NY 428 456
48. H.B.M. Jonkers Ispec: towards practical and sound interface specifications W. Grieskamp T. Santen B. Stoddart Integrated Formal Methods, Second International Conference, IFM 2000 Dagstuhl Castle, Germany, 1-3 November 2000 Lecture Notes in Computer Science vol. 1945 2000 Springer-Verlag 116-135
49. M. Karaorman, U. Holzle, and J. Bruno jContractor: a reflective Java library to support design by contract P. Cointe Meta-Level Architectures and Reflection, Second International Conference on Reflection'99 19-21 July, 1999, Saint-Malo, France Lecture Notes in Computer Science vol. 1616 1999 Springer-Verlag 175 196
50. S. Khurshid, D. Marinov, and D. Jackson An analyzable annotation language Proceedings of OOPSLA'02 Conference on Object-Oriented Programming, Languages, Systems, and Applications SIGPLAN Notices vol. 37(11) 2002 ACM New York, NY 231 245
51. R. Kramer, iContract- the Java design by contract tool, TOOLS 26: Technology of Object-Oriented Languages and Systems, Los Alamitos, CA, 1998 pp. 295-307
52. L. Lamport A simple approach to specifying concurrent systems Communications of the ACM 32 1 1989 32 45
53. C. Larman Applying UML and Patterns: An Introduction to Object-Oriented Analysis and Design and the Unified Process 2nd edition 2002 Prentice Hall PTR Upper Saddle River, NJ
54. G.T. Leavens An overview of Larch/C++: behavioral specifications for C++ modules H. Kilov W. Harvey Specification of Behavioral Semantics in Object-Oriented Information Modeling 1996 Kluwer Academic Publishers Boston 121 142 (Chapter 8), An extended version is TR #96-01d, Department of Computer Science, Iowa State University, Ames, Iowa, 50011
55. G.T. Leavens, Larch/C++ Reference Manual, version 5.41. Available in ftp://ftp.cs.iastate.edu/pub/larchc++/lcpp.ps.gz or on the World Wide Web at the URL http://www.cs.iastate.edu/~leavens/larchc++.html, April 1999
56. G.T. Leavens, Larch frequently asked questions, Version 1.110. Available in http://www.cs.iastate.edu/~leavens/larch-faq.html, May 2000
57. G.T. Leavens, Verifying object-oriented programs that use subtypes, Technical Report 439, Massachusetts Institute of Technology, Laboratory for Computer Science, The author's Ph.D. Thesis, February 1989
58. G.T. Leavens, and A.L. Baker Enhancing the pre- and postcondition technique for more expressive specifications J.M. Wing J. Woodcock J. Davies FM'99- Formal Methods: World Congress on Formal Methods in the Development of Computing Systems September 1999, Toulouse, France, Proceedings Lecture Notes in Computer Science vol. 1709 1999 Springer-Verlag 1087 1106
59. G.T. Leavens, and Y. Cheon Preliminary design of Larch/C++ U. Martin J. Wing Proceedings of the First International Workshop on Larch, July 1992, Workshops in Computing 1993 Springer-Verlag New York, NY 159 184
60. G.T. Leavens, and K.K. Dhara Concepts of behavioral subtyping and a sketch of their extension to component-based systems G.T. Leavens M. Sitaraman Foundations of Component-Based Systems 2000 Cambridge University Press 113 135 (Chapter 6)
61. G.T. Leavens, and D. Pigozzi A complete algebraic characterization of behavioral subtyping Acta Informatica 36 2000 617 663
62. G.T. Leavens, and W.E. Weihl Reasoning about object-oriented programs that use subtypes (extended abstract) N. Meyrowitz OOPSLA ECOOP'90 Proceedings ACM SIGPLAN Notices vol. 25(10) 1990 ACM 212 223
63. G.T. Leavens, and W.E. Weihl Specification and verification of object-oriented programs using supertype abstraction Acta Informatica 32 8 1995 705 778
64. G.T. Leavens, and J.M. Wing Protective interface specifications Formal Aspects of Computing 10 1998 59 75
65. G.T. Leavens, A.L. Baker, and C. Ruby JML: a notation for detailed design H. Kilov B. Rumpe I. Simmonds Behavioral Specifications of Businesses and Systems 1999 Kluwer Academic Publishers Boston 175 188
66. G.T. Leavens, A.L. Baker, C. Ruby, Preliminary design of JML: a behavioral interface specification language for Java, Technical Report 98-06v, Department of Computer Science, Iowa State University, see http://www.jmlspecs. org, May 2003. URL ftp://ftp.cs.iastate.edu/pub/techreports/TR98-06/TR.ps.gz
67. G.T. Leavens, K.R.M. Leino, E. Poll, C. Ruby, and B. Jacobs JML: notations and tools supporting detailed design in Java OOPSLA 2000 Companion 2000 ACM Minneapolis, MN 105 106 URL ftp://ftp.cs.iastate.edu/pub/techreports/ TR00-15/TR.ps.gz
68. K.R.M. Leino, A myth in the modular specification of programs, Technical Report KRML 63, Digital Equipment Corporation, Systems Research Center, 130 Lytton Avenue Palo Alto, CA 94301, Obtain from the author, at URL leino@microsoft.com, November 1995
69. K.R.M. Leino, G. Nelson, J.B. Saxe, ESC/Java user's manual, Technical Note, Compaq Systems Research Center, October 2000
70. K.R.M. Leino, J.B. Saxe, R. Stata, Checking Java programs via guarded commands, Technical Note 1999-002, Compaq Systems Research Center, Palo Alto, CA, May 1999. URL http://gatekeeper.dec.com/pub/DEC/SRC/technical-notes/ abstracts/src-tn-1999-002.html
71. K. Lieberherr, D. Orleans, and J. Ovlinger Aspect-oriented programming with adaptive methods Communications of the ACM 44 10 2001 39 41
72. B. Liskov, and J. Guttag Abstraction and Specification in Program Development 1986 The MIT Press Cambridge, MA
73. B. Liskov, and J. Wing A behavioral notion of subtyping ACM Transactions on Programming Languages and Systems 16 6 1994 1811 1841
74. B. Meyer Eiffel: The Language, Object-Oriented Series 1992 Prentice-Hall New York, NY
75. B. Meyer Object-Oriented Software Construction 2nd edition 1997 Prentice-Hall New York, NY
76. P. Müller, Modular specification and verification of object-oriented programs, Lecture Notes in Computer Science, vol. 2262, Springer-Verlag, 2002, The author's Ph.D. Thesis. Available from http://www.informatik.fernuni-hagen. de/import/pi5/publications.html
77. P. Müller, A. Poetzsch-Heffter, and G.T. Leavens Modular specification of frame properties in JML Concurrency, Computation Practice and Experience 15 2003 117 154
78. J.W. Nimmer, M.D. Ernst, Static verification of dynamically detected program invariants: integrating Daikon and ESC/Java, in: Proceedings of RV'01, First Workshop on Runtime Verification, Elsevier, Electronic Notes in Theoretical Computer Science (July 2001). URL http://people.csail.mit.edu/ people/mernst/pubs/invariants-verify-rv2001.pdf
79. W.F. Ogden, M. Sitaraman, B.W. Weide, and S.H. Zweben Part I: the RESOLVE framework and discipline - a research synopsis ACM SIGSOFT Software Engineering Notes 19 4 1994 23 28
80. Parasoft Corporation, Using design by contract™ to automate Java™ software and component testing, available from http://www.parasoft. com/jsp/products/tech˙papers.jsp?product=Jcontract, as of February 2003
81. A.D. Raghavan, G.T. Leavens, Desugaring JML method specifications, Technical Report 00-03c, Iowa State University, Department of Computer Science, August 2001. URL ftp://ftp.cs.iastate.edu/pub/techreports/TR00-03/TR.ps.gz
82. D.S. Rosenblum Towards a method of programming with assertions Proceedings of the 14th International Conference on Software Engineering 1992 92 104
83. C. Ruby, and G.T. Leavens Safely creating correct subclasses without seeing superclass code Conference on Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA 2000, Minneapolis, MN ACM SIGPLAN Notices 35 10 2000 208 228
84. J.M. Spivey The Z Notation: A Reference Manual, International Series in Computer Science 1989 Prentice-Hall New York, NY 013983768X
85. J. Spivey An introduction to Z and formal specifications Software Engineering Journal 4 1 1989 40 50
86. J.-P. Talpin, and P. Jouvelot The type and effect discipline Information and Computation 111 2 1994 245 296
87. J. Warmer, and A. Kleppe The Object Constraint Language: Precise Modeling with UML 1999 Addison Wesley Longman Reading, MA
88. J. Warmer, and A. Kleppe OCL: the constraint language of the UML Journal of Object-Oriented Programming 12 1 1999 10 13, 28
89. A. Wills Capsules and types in Fresco: program validation in Smalltalk P. America ECOOP'91: European Conference on Object Oriented Programming Lecture Notes in Computer Science vol. 512 1991 Springer-Verlag New York, NY 59 76
90. J.M. Wing, A two-tiered approach to specifying programs, Technical Report TR-299, Massachusetts Institute of Technology, Laboratory for Computer Science, 1983
91. J.M. Wing Writing Larch interface language specifications ACM Transactions on Programming Languages and Systems 9 1 1987 1 24
92. J. Woodcock, and J. Davies Using Z: Specification, Refinement, and Proof 1996 Prentice Hall International Series in Computer Science URL http://www.comlab.ox.ac.uk/usingz.html