Skip to main content
Springer Nature Link
Log in

ESC/Java2: Uniting ESC/Java and JML

Progress and Issues in Building and Using ESC/Java2, Including a Case Study Involving the Use of the Tool to Verify Portions of an Internet Voting Tally System

  • Conference paper
Construction and Analysis of Safe, Secure, and Interoperable Smart Devices (CASSIS 2004)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3362))

Abstract

The ESC/Java tool was a lauded advance in effective static checking of realistic Java programs, but has become out-of-date with respect to Java and the Java Modeling Language (JML). The ESC/Java2 project, whose progress is described in this paper, builds on the final release of ESC/Java from DEC/SRC in several ways. It parses all of JML, thus can be used with the growing body of JML-annotated Java code; it has additional static checking capabilities; and it has been designed, constructed, and documented in such a way as to improve the tool’s usability to both users and researchers. It is intended that ESC/Java2 be used for further research in, and larger-scale case studies of, annotation and verification, and for studies in programmer productivity that may result from its integration with other tools that work with JML and Java. The initial results of the first major use of ESC/Java2, that of the verification of parts of the tally subsystem of the Dutch Internet voting system are presented as well.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Many references to papers on JML can be found on the JML project website, http://www.cs.iastate.edu/~leavens/JML/papers.shtml

  2. Berg, J.v.d., Jacobs, B.: The LOOP Compiler for Java and JML. In: Margaria, T., Yi, W. (eds.) TACAS 2001. LNCS, vol. 2031, pp. 299–312. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  3. Burdy, L., Cheon, Y., Cok, D.R., Ernst, M., Kiniry, J., Leavens, G.T., Leino, K.R.M., Poll, E.: An overview of JML tools and applications. In: Arts, T., Fokkink, W. (eds.) Eighth International Workshop on Formal Methods for Industrial Critical Systems (FMICS 2003). Electronic Notes in Theoretical Computer Science (ENTCS), vol. 80, pp. 73–89. Elsevier, Amsterdam (2003)

    Google Scholar 

  4. Burdy, L., Requet, A.: JACK: Java applet correctness kit. In: Proceedings, 4th Gemplus Developer Conference, Singapore (November 2002)

    Google Scholar 

  5. Breunesse, J.v.C.-B., Jacobs, B.: Specifying and verifying a decimal representation in Java for smart cards. In: Kirchner, H., Ringeissen, C. (eds.) AMAST 2002. LNCS, vol. 2422, pp. 304–318. Springer, Heidelberg (2002)

    Google Scholar 

  6. Cataño, N., Huisman, M.: Formal specification of Gemplus’ electronic purse case study using ESC/Java. In: Eriksson, L.-H., Lindsay, P.A. (eds.) FME 2002. LNCS, vol. 2391, pp. 272–289. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  7. Chalin, P.: JML support for primitive arbitrary precision numeric types: Definition and semantics. In: Proceedings, ECOOP 2003 Workshop on Formal Techniques for Java-like Programs (FTfJP), Darmstadt, Germany (July 2003)

    Google Scholar 

  8. Cheon, Y., Leavens, G.T., Sitaraman, M., Edwards, S.: Model variables: Cleanly supporting abstraction in design by contract. Technical Report 03-10a, Department of Computer Science, Iowa State University (September 2003), Available from http://archives.cs.iastate.edu/

  9. Clarke, E., Wing, J.: Strategic directions in computing research: Tools and partial analysis. ACM Computing Surveys 28A(4) (December 1996)

    Google Scholar 

  10. Cok, D.R.: Esc/java2 implementation notes. Included with all ESC/Java2 releases (2004)

    Google Scholar 

  11. Csallner, C., Smaragdakis, Y.: Check ’n Crash: Combining static checking and testing. Submitted for publication (2005)

    Google Scholar 

  12. Flanagan, C., Leino, K.R.M.: Houdini, an annotation assistant for ESC/Java. In: Oliveira, J.N., Zave, P. (eds.) FME 2001. LNCS, vol. 2021, p. 500. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  13. Flanagan, C., Leino, K.R.M., Lillibridge, M., Nelson, G., Saxe, J.B., Stata, R.: Extended static checking for Java. In: Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation (PLDI 2002), New York. SIGPLAN, vol. 37(5), pp. 234–245. ACM Press, New York (2002)

    Chapter  Google Scholar 

  14. Groce, A., Visser, W.: What went wrong: Explaining counterexamples. In: Ball, T., Rajamani, S.K. (eds.) SPIN 2003. LNCS, vol. 2648, pp. 121–135. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  15. Hubbers, E., Oostdijk, M., Poll, E.: From finite state machines to provably correct java card applets. In: Gritzalis, D., di Vimercati, S.D.C., Samarati, P., Katsikas, S.K. (eds.) Proceedings of the 18th IFIP Information Security Conference, pp. 465–470. Kluwer Academic Publishers, Dordrecht (2003)

    Google Scholar 

  16. Hubbers, E.-M.: Integrating Tools for Automatic Program Verification. In: Broy, M., Zamulin, A.V. (eds.) PSI 2003. LNCS, vol. 2890, pp. 214–221. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  17. Hubbers, E.-M., Oostdijk, M., Poll, E.: Implementing a Formally Verifiable Security Protocol in Java Card. In: Hutter, D., et al. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 213–226. Springer, Heidelberg (2004), http://www.dfki.de/SPC2003/

    Chapter  Google Scholar 

  18. Leavens, G.T., Cheon, Y., Clifton, C., Ruby, C., Cok, D.R.: How the design of JML accommodates both runtime assertion checking and formal verification. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.-P. (eds.) FMCO 2002. LNCS, vol. 2852, pp. 262–284. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  19. Leavens, G.T., Leino, K.R.M., Poll, E., Ruby, C., Jacobs, B.: JML: notations and tools supporting detailed design in Java. In: OOPSLA 2000 Companion, Minneapolis, Minnesota, pp. 105–106. ACM, New York (2000)

    Google Scholar 

  20. Leavens, G.T., Poll, E., Clifton, C., Cheon, Y., Ruby, C., Cok, D.R., Kiniry, J.: JML reference manual. Department of Computer Science. Iowa State University (April 2003), Available from, http://www.jmlspecs.org

  21. Leino, K.R.M., Millstein, T., Saxe, J.B.: Generating error traces from verification-condition counterexamples. Science of Computer Programming (2004) (to appear)

    Google Scholar 

  22. Leino, K.R.M., Nelson, G.: An extended static checker for Modula-3. In: Koskimies, K. (ed.) CC 1998. LNCS, vol. 1383, pp. 302–305. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  23. Leino, K.R.M., Nelson, G., Saxe, J.B.: ESC/Java user’s manual. Technical note, Compaq Systems Research Center (October 2000)

    Google Scholar 

  24. Leino, K.R.M., Poetzsch-Heffter, A., Zhou, Y.: Using data groups to specify and check side effects. In: Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation (PLDI 2002), New York. SIGPLAN, vol. 37(5), pp. 246–257. ACM Press, New York (2002)

    Chapter  Google Scholar 

  25. Marché, C., Paulin-Mohring, C., Urbain, X.: The Krakatoa tool for certification of Java/JavaCard programs annotated in JML. Journal of Logic and Algebraic Programming 58(1-2), 89–106 (2004)

    Article  MATH  Google Scholar 

  26. Meijer, H., Poll, E.: Towards a full formal specification of the Java Card. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 165–178. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  27. Nimmer, J.W., Ernst, M.D.: Static verification of dynamically detected program invariants: Integrating Daikon and ESC/Java. In: Proceedings, First Workshop on Runtime Verification (RV 2001), Paris, France (July 2001)

    Google Scholar 

  28. Robby, E., Rodríguez, M.B.: Dwyer, and J. Hatcliff. Checking strong specifications using an extensible software model checking framework. Technical Report SAnToSTR2003- 10. Department of Computing and Information Sciences, Kansas State University (October 2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. B65 MC01816, Eastman Kodak R & D Laboratories, Rochester, NY, 14650-1816, USA

    David R. Cok

  2. Department of Computer Science, University College Dublin, Belfield, Dublin 4, Ireland

    Joseph R. Kiniry

Authors
  1. David R. Cok
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Joseph R. Kiniry
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. IMDEA Software, Madrid, Spain

    Gilles Barthe

  2. INRIA Sophia Antipolis, France

    Lilian Burdy  & Marieke Huisman  & 

  3. Gemalto, France

    Jean-Louis Lanet

  4. Ecole Supérieure D’Ingénieurs de Luminy - Case 925 - ESIL Parc Scientifique, Université de la Méditerranée, 13288, Marseille, France

    Traian Muntean

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Cok, D.R., Kiniry, J.R. (2005). ESC/Java2: Uniting ESC/Java and JML. In: Barthe, G., Burdy, L., Huisman, M., Lanet, JL., Muntean, T. (eds) Construction and Analysis of Safe, Secure, and Interoperable Smart Devices. CASSIS 2004. Lecture Notes in Computer Science, vol 3362. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30569-9_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-30569-9_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-24287-1

  • Online ISBN: 978-3-540-30569-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics