We describe the main features of JACK (Java Applet Correctness Kit), a tool for the validation of Java applications, annotated with JML specifications. JACK has been especially designed to improve the quality of trusted personal device applications. JACK is fully integrated with the IDE Eclipse, and provides an easily accessible user interface. In particular, it allows to inspect the generated proof obligations in a Java syntax, and to trace them back to the source code that gave rise to them. Further, JACK provides support for annotation generation, and for interactive verification. The whole platform works both for source code and for bytecode, which makes it particularly suitable for a proof carrying code scenario.
This work is partially funded by the IST programme of the European Commission, under the IST-2003-507894 Inspired and IST-2005-015905 Mobius projects.
Unable to display preview. Download preview PDF.
Similar content being viewed by others
Abrial, J.-R.: The B Book, Assigning Programs to Meanings. Cambridge University Press, Cambridge (1996)
Alagić, S., Royer, M.: Next generation of virtual platforms. Article in odbms.org (October 2005), http://odbms.org/about_contributors_alagic.html
Barnett, M., Leino, K.R.M., Schulte, W.: The Spec# programming system: An overview. In: Barthe, G., Burdy, L., Huisman, M., Lanet, J.-L., Muntean, T. (eds.) CASSIS 2004. LNCS, vol. 3362, pp. 151–171. Springer, Heidelberg (2005)
Bartetzko, D., Fischer, C., Möller, M., Wehrheim, H.: Jass – Java with Assertions. In: Havelund, K., Roşu, G. (eds.) ENTCS, vol. 55(2), Elsevier Publishing, Amsterdam (2001)
Barthe, G., Pavlova, M., Schneider, G.: Precise analysis of memory consumption using program logics. In: Software Engineering and Formal Methods, pp. 86–95. IEEE Press, Los Alamitos (2005)
Barthe, G., Rezk, T., Saabas, A.: Proof obligations preserving compilation. In: Dimitrakos, T., Martinelli, F., Ryan, P.Y.A., Schneider, S. (eds.) FAST 2005. LNCS, vol. 3866, pp. 112–126. Springer, Heidelberg (2006)
Beckert, B., Hähnle, R., Schmitt, P.H. (eds.): Verification of Object-Oriented Software: The KeY Approach. LNCS (LNAI), vol. 4334. Springer, Heidelberg (2007)
van den Berg, J., Jacobs, B.: The LOOP compiler for Java and JML. In: Margaria, T., Yi, W. (eds.) ETAPS 2001 and TACAS 2001. LNCS, vol. 2031, pp. 299–312. Springer, Heidelberg (2001)
Bieber, P., Cazin, J., Girard, P., Lanet, J.-L., Wiels, V., Zanon, G.: Checking secure interactions of smart card applets. Journal of Computer Security 10(4), 369–398 (2002)
Breunesse, C., Cataño, N., Huisman, M., Jacobs, B.: Formal methods for smart cards: an experience report. Science of Computer Programming 55(1-3), 53–80 (2005)
Burdy, L., Cheon, Y., Cok, D., Ernst, M., Kiniry, J.R., Leavens, G.T., Leino, K.R.M., Poll, E.: An overview of JML tools and applications. In: Arts, T., Fokkink, W. (eds.) Workshop on Formal Methods for Industrial Critical Systems. Electronic Notes in Theoretical Computer Science, vol. 80, pp. 73–89. Elsevier Science, Inc, Amsterdam (2003) Preprint University of Nijmegen (TR NIII-R0309)
Burdy, L., Huisman, M., Pavlova, M.: Preliminary design of BML: A behavioral interface specification language for Java bytecode. In: Fundamental Approaches to Software Engineering (FASE 2007). LNCS, vol. 4422, pp. 215–229. Springer, Heidelberg (2007)
Burdy, L., Pavlova, M.: Java bytecode specification and verification. In: Symposium on Applied Computing, pp. 1835–1839. Association of Computing Machinery Press (2006)
Burdy, L., Requet, A., Lanet, J.-L.: Java applet correctness: A developer-oriented approach. In: Araki, K., Gnesi, S., Mandrioli, D. (eds.) FME 2003. LNCS, vol. 2805, pp. 422–439. Springer, Heidelberg (2003)
Chander, A., Espinosa, D., Islam, N., Lee, P., Necula, G.: JVer: A Java Verifier. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, Springer, Heidelberg (2005)
Charles, J.: Adding native specifications to JML. In: Workshop on Formal Techniques for Java Programs (2006)
Cok, D., Kiniry, J.R.: ESC/Java2: Uniting ESC/Java and JML. In: Barthe, G., Burdy, L., Huisman, M., Lanet, J.-L., Muntean, T. (eds.) CASSIS 2004. LNCS, vol. 3362, pp. 108–128. Springer, Heidelberg (2005)
Colcombet, T., Fradet, P.: Enforcing trace properties by program transformation. In: Principles of Programming Languages, POPL’00, pp. 54–66. ACM Press, New York (2000)
Coq development team: The Coq proof assistant reference manual V8.0. Technical Report 255, INRIA, France (mars 2004), http://coq.inria.fr/doc/main.html
Courbot, A., Pavlova, M., Grimaud, G., Vandewalle, J.J.: A low-footprint Java-to-native compilation scheme using formal methods. In: Domingo-Ferrer, J., Posegga, J., Schreckling, D. (eds.) CARDIS 2006. LNCS, vol. 3928, pp. 329–344. Springer, Heidelberg (2006)
Delahaye, D.: A tactic language for the system Coq. In: Parigot, M., Voronkov, A. (eds.) LPAR 2000. LNCS (LNAI), vol. 1955, pp. 85–95. Springer, Heidelberg (2000)
Detlefs, D., Nelson, G., Saxe, J.B.: Simplify: a theorem prover for program checking. Journal of the Association of Computing Machinery 52(3), 365–473 (2005)
Dijkstra, E.W.: Guarded commands, nondeterminacy and formal derivation of programs. Communications of the ACM 18(8), 453–457 (1975)
Erlingsson, U.: The Inlined Reference Monitor Approach to Security Policy Enforcement. PhD thesis, Department of Computer Science, Cornell University. Available as Technical Report 2003-1916 (2003)
Ernst, M.D., Cockrell, J., Griswold, W.G., Notkin, D.: Dynamically discovering likely program invariants to support program evolution. IEEE Transactions on Software Engineering 27(2), 1–25 (2001)
Flanagan, C., Leino, K.R.M.: Houdini, an annotation assistant for ESC/Java. In: Oliveira, J.N., Zave, P. (eds.) FME 2001. LNCS, vol. 2021, pp. 500–517. Springer, Heidelberg (2001)
Flanagan, C., Saxe, J.B.: Avoiding exponential explosion: Generating compact verification conditions. In: Principles of Programming Languages, pp. 193–205. New York, USA. Association of Computing Machinery Press (2001)
Jacobs, B.: Weakest precondition reasoning for Java programs with JML annotations. Journal of Logic and Algebraic Programming 58, 61–88 (2004)
Leavens, G.T., Baker, A.L., Ruby, C.: Preliminary design of JML: A behavioral interface specification language for Java. ACM SIGSOFT Software Engineering Notes 31, 1–38 (2006)
Leavens, G.T., Leino, K.R.M., Müller, P.: Specification and verification challenges for sequential object-oriented programs. Formal Aspects of Computing (to appear, 2007)
Leavens, G.T., Poll, E., Clifton, C., Cheon, Y., Ruby, C., Cok, D., Kiniry, J.: JML Reference Manual. In: Progress. Department of Computer Science, Iowa State University (July 2005), Available from http://www.jmlspecs.org
Lindholm, T., Yellin, F.: The JavaTM Virtual Machine Specification, 2nd edn. Sun Microsystems, Inc. (1999), http://java.sun.com/docs/books/vmspec/
Marché, C., Paulin-Mohring, C., Urbain, X.: The Krakatoa tool for certification of Java/JavaCard programs annotated with JML annotations. Journal of Logic and Algebraic Programming 58, 89–106 (2004)
Meyer, J., Poetzsch-Heffter, A.: An architecture of interactive program provers. In: Graf, S., Schwartzbach, M. (eds.) ETAPS 2000 and TACAS 2000. LNCS, vol. 1785, pp. 63–77. Springer, Heidelberg (2000)
Necula, G.C.: Proof-carrying code. In: Principles of Programming Languages, pp. 106–119, New York, USA. Association of Computing Machinery Press (1997)
Pavlova, M.: Specification and verification of Java bytecode. PhD thesis, Université de Nice Sophia-Antipolis (2007)
Pavlova, M., Barthe, G., Burdy, L., Huisman, M., Lanet, J.-L.: Enforcing high-level security properties for applets. In: Paradinas, P., Quisquater, J.-J. (eds.) CARDIS 2004, Kluwer Academic Publishing, Dordrecht (2004)
Schneider, F.B.: Enforceable security policies. Technical Report TR99-1759, Cornell University (October 1999)
The Coq Development Team: The Coq Proof Assistant Reference Manual – Version V8.1 (July 2006), http://coq.inria.fr
Winterstein, D., Aspinall, D., Lüth, C.: Proof General/Eclipse: A generic interface for interactive proof. In: International Workshop on User Interfaces for Theorem Provers 2005 (UITP’05) (2005)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Barthe, G. et al. (2007). JACK — A Tool for Validation of Security and Behaviour of Java Applications. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, WP. (eds) Formal Methods for Components and Objects. FMCO 2006. Lecture Notes in Computer Science, vol 4709. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74792-5_7
Download citation
DOI: https://doi.org/10.1007/978-3-540-74792-5_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74791-8
Online ISBN: 978-3-540-74792-5
eBook Packages: Computer ScienceComputer Science (R0)