Abstract
An unusually high number of published JML specifications are invalid or inconsistent, including cases from the security critical area of smart card applications. We claim that these specification errors are due to a mismatch between user expectations and the current JML semantics of expressions over numeric types. At the heart of the problem is JML’s language design decision to assign to arithmetic operators the same semantics as in Java. Consequently, JML arithmetic is bounded in precision and more importantly loss of precision occurs stealthily. After a short discussion of JML language design goals and objectives, we introduce JMLa, an adaptation of JML supporting primitive arbitrary precision numeric types. To support our claim that the identified specification errors are due to JML’s divergence from user expectations, we demonstrate that the invalidities and inconsistencies disappear under JMLa semantics with either no, or minor syntactic changes to the specifications. Other advantages of JMLa are illustrated including safety – how it allows an automated static checker like ESC/Java to detect more specification and implementation errors. We also briefly illustrate how these issues are applicable to other assertion-based languages like Eiffel.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Bowen, J.: WWW Virtual Library: Formal Methods (February 2003), http://www.afm.sbu.ac.uk
Breunesse, C.-B., van den Berg, J., Jacobs, B.: Specifying and verifying a decimal representation in Java for smart cards. In: Kirchner, H., Ringeissen, C. (eds.) AMAST 2002. LNCS, vol. 2422, pp. 304–318. Springer, Heidelberg (2002), www.cs.kun.nl/indexes/~ceesb/decimal/Decimal.java
Chalin, P., Grogono, P., Radhakrishnan, T.: Identification of and solutions to shortcomings of LCL, a Larch/C interface specification language. In: Gaudel, M.-C., Woodcock, J.C.P. (eds.) FME 1996. LNCS, vol. 1051, pp. 385–404. Springer, Heidelberg (1996)
Cataño, N., Huisman, M.: Formal specification of Gemplus’ electronic purse case study. In: Eriksson, L.-H., Lindsay, P.A. (eds.) FME 2002. LNCS, vol. 2391, pp. 272–289. Springer, Heidelberg (2002)
Chalin, P.: Back to Basics: Language Support and Semantics of Basic Infinite Integer Types in JML and Larch. Technical Report 2002-003.3, Computer Science Department, Concordia University (April 2003) (Previous revisions: March 2003, October 2002)
Evans, D., Larochelle, D.: Improving Security Using Extensible Lightweight Static Analysis. IEEE Software (January/ February 2002)
Finkel, R.A.: Advanced Programming Language Design. Addison-Wesley, Reading (1996)
Flanagan, C., Leino, R.K.M., Lillibridge, M., Nelson, G., Saxe, J.B., Stata, R.: Extended static checking for Java. In: Norris, C., Fenwick, J.B. (eds.) Proceedings of Conference on Programming Language Design and Implementation (PLDI 2002), June 17–19. ACM SIGPLAN, vol. 37(5), pp. 234–245 (2002)
Gemplus Purse applet, http://www.gemplus.com/smart/r_d/publications/casestudy
Guttag, J.V., Horning, J.J. (eds.): Larch: Languages and Tools for Formal Specification. Texts and Monographs in Computer Science. Springer, Heidelberg (1993); With Garland, S.J., Jones, K.D., Modet, A., Wing, J.M.
Gosling, J., Joy, B., Steele, G., Bracha, G.: The JavaTM Language Specification, 2nd edn. Addison-Wesley, Reading (2000), Also java.sun.com/docs/books/jls/second_edition/html
Hubbers, E., Poll, E.: jml.javacard.framework.Util.jml . University of Nijmegen (2002), http://www.cs.kun.nl/indexes/~erikpoll/publications/jc211_specs/jml/javacard/framework/Util.jml
Jacobs, B., Poll, E.: A Logic for the Java Modeling Language JML. In: Hussmann, H. (ed.) FASE 2001. LNCS, vol. 2029, pp. 284–299. Springer, Heidelberg (2001)
Kiniry, J., Poll, E.: Opportunities and challenges for formal specification of Java programs. In: Trusted Components Workshop, Prato, Italy (January 2003)
Kahrs, S., Sannella, D., Tarlecki, A.: The definition of Extended ML: A gentle introduction. Theoretical Computer Science 173(2), 445–484 (1997)
Leavens, G.T., Baker, A.L., Ruby, C.: Preliminary Design of JML: A Behavioral Interface Specification Language for Java. Department of Computer Science, Iowa State University, TR #98-06t (December 2002)
Leavens, G.T., Baker, A.L., Ruby, C.: JML: A Notation for Detailed Design. In: Kilov, H., Rumpe, B., Simmonds, I. (eds.) Behavioral Specifications of Businesses and Systems. Ch. 12, pp. 175–188. Kluwer, Dordrecht (1999)
Larch/C++ web page, www.cs.iastate.edu/~leavens/larchc++.html and www.cs.iastate.edu/~leavens/LarchC++.gif
Leavens, G.T., Rustan, K., Leino, M., Poll, E., Ruby, C., Jacobs, B.: JML: notations and tools supporting detailed design in Java. In: OOPSLA 2000 Companion, Minneapolis, Minnesota, pp. 105–106 (2000)
Leavens, G.T.: A Java Modeling Language, slides from presentation given at Clemson University, May 31 (2002)
Leavens, G.T.: Larch/C++ Reference Manual, Iowa State University, Version 5.41 (April 1999)
Rustan, K., Leino, M.: Toward Reliable Modular Programs. PhD thesis, California Institute of Technology, Available as Technical Report Caltech-CSTR-95-03 (1995)
McIver, L., Conway, D.: Seven Deadly Sins of Introductory Programming Language Design. In: Proceedings, Software Engineering: Education & Practice 1996, pp. 309–316 (1996)
Meyer, B.: Eiffel: The Language. Object-Oriented Series. Prentice Hall, New York (1992)
Owre, S., Rajan, S., Rushby, J.M., Shankar, N., Srivas, M.: PVS: Combining specification, proof checking, and model checking. In: Alur, R., Henzinger, T.A. (eds.) CAV 1996. LNCS, vol. 1102, pp. 411–414. Springer, Heidelberg (1996)
Parnas, D.L.: Description and Specification. In: Hoffman, D.M., Weiss, D.M. (eds.) Software Fundamentals: Collected Papers by David L. Parnas, pp. 1–6. Addison-Wesley, Reading (2001)
Poll, E., van den Berg, J., Jacobs, B.: Specification of the JavaCard API in JML. In: Fourth Smart Card Research and Advanced Application IFIP Conference, CARDIS 2000 (2000)
Poll, E., van den Berg, J., Jacobs, B.: Formal Specification of the JavaCard API in JML: the APDU class. Computer Networks 36(4), 407–421 (2001)
Ruby, C., Leavens, G.T.: Safely Creating Correct Subclasses without Seeing Superclass Code. In: OOPSLA 2000 Conference Proceedings, October 2000. ACM SIGPLAN Notices, vol. 35(10), pp. 208–228 (2000)
Java Card 2.2 Virtual Machine Specification. Sun Microsystems. May 13 (2002)
van den Berg, J., Jacobs, B.: The LOOP compiler for Java and JML. In: Margaria, T., Yi, W. (eds.) TACAS 2001. LNCS, vol. 2031, pp. 299–312. Springer, Heidelberg (2001)
Wing, J.M.: Writing Larch interface language specifications. ACM Transactions on Programming Languages and Systems 9(1), 1–24 (1987)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chalin, P. (2003). Improving JML: For a Safer and More Effective Language. In: Araki, K., Gnesi, S., Mandrioli, D. (eds) FME 2003: Formal Methods. FME 2003. Lecture Notes in Computer Science, vol 2805. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45236-2_25
Download citation
DOI: https://doi.org/10.1007/978-3-540-45236-2_25
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-40828-4
Online ISBN: 978-3-540-45236-2
eBook Packages: Springer Book Archive