Abstract
The ESC/Java tool was a lauded advance in effective static checking of realistic Java programs, but has become out-of-date with respect to Java and the Java Modeling Language (JML). The ESC/Java2 project, whose progress is described in this paper, builds on the final release of ESC/Java from DEC/SRC in several ways. It parses all of JML, thus can be used with the growing body of JML-annotated Java code; it has additional static checking capabilities; and it has been designed, constructed, and documented in such a way as to improve the tool’s usability to both users and researchers. It is intended that ESC/Java2 be used for further research in, and larger-scale case studies of, annotation and verification, and for studies in programmer productivity that may result from its integration with other tools that work with JML and Java. The initial results of the first major use of ESC/Java2, that of the verification of parts of the tally subsystem of the Dutch Internet voting system are presented as well.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Many references to papers on JML can be found on the JML project website, http://www.cs.iastate.edu/~leavens/JML/papers.shtml
Berg, J.v.d., Jacobs, B.: The LOOP Compiler for Java and JML. In: Margaria, T., Yi, W. (eds.) TACAS 2001. LNCS, vol. 2031, pp. 299–312. Springer, Heidelberg (2001)
Burdy, L., Cheon, Y., Cok, D.R., Ernst, M., Kiniry, J., Leavens, G.T., Leino, K.R.M., Poll, E.: An overview of JML tools and applications. In: Arts, T., Fokkink, W. (eds.) Eighth International Workshop on Formal Methods for Industrial Critical Systems (FMICS 2003). Electronic Notes in Theoretical Computer Science (ENTCS), vol. 80, pp. 73–89. Elsevier, Amsterdam (2003)
Burdy, L., Requet, A.: JACK: Java applet correctness kit. In: Proceedings, 4th Gemplus Developer Conference, Singapore (November 2002)
Breunesse, J.v.C.-B., Jacobs, B.: Specifying and verifying a decimal representation in Java for smart cards. In: Kirchner, H., Ringeissen, C. (eds.) AMAST 2002. LNCS, vol. 2422, pp. 304–318. Springer, Heidelberg (2002)
Cataño, N., Huisman, M.: Formal specification of Gemplus’ electronic purse case study using ESC/Java. In: Eriksson, L.-H., Lindsay, P.A. (eds.) FME 2002. LNCS, vol. 2391, pp. 272–289. Springer, Heidelberg (2002)
Chalin, P.: JML support for primitive arbitrary precision numeric types: Definition and semantics. In: Proceedings, ECOOP 2003 Workshop on Formal Techniques for Java-like Programs (FTfJP), Darmstadt, Germany (July 2003)
Cheon, Y., Leavens, G.T., Sitaraman, M., Edwards, S.: Model variables: Cleanly supporting abstraction in design by contract. Technical Report 03-10a, Department of Computer Science, Iowa State University (September 2003), Available from http://archives.cs.iastate.edu/
Clarke, E., Wing, J.: Strategic directions in computing research: Tools and partial analysis. ACM Computing Surveys 28A(4) (December 1996)
Cok, D.R.: Esc/java2 implementation notes. Included with all ESC/Java2 releases (2004)
Csallner, C., Smaragdakis, Y.: Check ’n Crash: Combining static checking and testing. Submitted for publication (2005)
Flanagan, C., Leino, K.R.M.: Houdini, an annotation assistant for ESC/Java. In: Oliveira, J.N., Zave, P. (eds.) FME 2001. LNCS, vol. 2021, p. 500. Springer, Heidelberg (2001)
Flanagan, C., Leino, K.R.M., Lillibridge, M., Nelson, G., Saxe, J.B., Stata, R.: Extended static checking for Java. In: Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation (PLDI 2002), New York. SIGPLAN, vol. 37(5), pp. 234–245. ACM Press, New York (2002)
Groce, A., Visser, W.: What went wrong: Explaining counterexamples. In: Ball, T., Rajamani, S.K. (eds.) SPIN 2003. LNCS, vol. 2648, pp. 121–135. Springer, Heidelberg (2003)
Hubbers, E., Oostdijk, M., Poll, E.: From finite state machines to provably correct java card applets. In: Gritzalis, D., di Vimercati, S.D.C., Samarati, P., Katsikas, S.K. (eds.) Proceedings of the 18th IFIP Information Security Conference, pp. 465–470. Kluwer Academic Publishers, Dordrecht (2003)
Hubbers, E.-M.: Integrating Tools for Automatic Program Verification. In: Broy, M., Zamulin, A.V. (eds.) PSI 2003. LNCS, vol. 2890, pp. 214–221. Springer, Heidelberg (2004)
Hubbers, E.-M., Oostdijk, M., Poll, E.: Implementing a Formally Verifiable Security Protocol in Java Card. In: Hutter, D., et al. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 213–226. Springer, Heidelberg (2004), http://www.dfki.de/SPC2003/
Leavens, G.T., Cheon, Y., Clifton, C., Ruby, C., Cok, D.R.: How the design of JML accommodates both runtime assertion checking and formal verification. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.-P. (eds.) FMCO 2002. LNCS, vol. 2852, pp. 262–284. Springer, Heidelberg (2003)
Leavens, G.T., Leino, K.R.M., Poll, E., Ruby, C., Jacobs, B.: JML: notations and tools supporting detailed design in Java. In: OOPSLA 2000 Companion, Minneapolis, Minnesota, pp. 105–106. ACM, New York (2000)
Leavens, G.T., Poll, E., Clifton, C., Cheon, Y., Ruby, C., Cok, D.R., Kiniry, J.: JML reference manual. Department of Computer Science. Iowa State University (April 2003), Available from, http://www.jmlspecs.org
Leino, K.R.M., Millstein, T., Saxe, J.B.: Generating error traces from verification-condition counterexamples. Science of Computer Programming (2004) (to appear)
Leino, K.R.M., Nelson, G.: An extended static checker for Modula-3. In: Koskimies, K. (ed.) CC 1998. LNCS, vol. 1383, pp. 302–305. Springer, Heidelberg (1998)
Leino, K.R.M., Nelson, G., Saxe, J.B.: ESC/Java user’s manual. Technical note, Compaq Systems Research Center (October 2000)
Leino, K.R.M., Poetzsch-Heffter, A., Zhou, Y.: Using data groups to specify and check side effects. In: Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation (PLDI 2002), New York. SIGPLAN, vol. 37(5), pp. 246–257. ACM Press, New York (2002)
Marché, C., Paulin-Mohring, C., Urbain, X.: The Krakatoa tool for certification of Java/JavaCard programs annotated in JML. Journal of Logic and Algebraic Programming 58(1-2), 89–106 (2004)
Meijer, H., Poll, E.: Towards a full formal specification of the Java Card. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 165–178. Springer, Heidelberg (2001)
Nimmer, J.W., Ernst, M.D.: Static verification of dynamically detected program invariants: Integrating Daikon and ESC/Java. In: Proceedings, First Workshop on Runtime Verification (RV 2001), Paris, France (July 2001)
Robby, E., RodrÃguez, M.B.: Dwyer, and J. Hatcliff. Checking strong specifications using an extensible software model checking framework. Technical Report SAnToSTR2003- 10. Department of Computing and Information Sciences, Kansas State University (October 2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Cok, D.R., Kiniry, J.R. (2005). ESC/Java2: Uniting ESC/Java and JML. In: Barthe, G., Burdy, L., Huisman, M., Lanet, JL., Muntean, T. (eds) Construction and Analysis of Safe, Secure, and Interoperable Smart Devices. CASSIS 2004. Lecture Notes in Computer Science, vol 3362. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30569-9_6
Download citation
DOI: https://doi.org/10.1007/978-3-540-30569-9_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-24287-1
Online ISBN: 978-3-540-30569-9
eBook Packages: Computer ScienceComputer Science (R0)