Abstract
Based on our experiences and those of our peers, we hypothesized that in Java code, the majority of declarations that are of reference types are meant to be non-null. Unfortunately, the Java Modeling Language (JML), like most interface specification and object-oriented programming languages, assumes that such declarations are possibly-null by default. As a consequence, developers need to write specifications that are more verbose than necessary in order to accurately document their module interfaces. In practice, this results in module interfaces being left incompletely and inaccurately specified. In this paper we present the results of a study that confirms our hypothesis. Hence, we propose an adaptation to JML that preserves its language design goals and that allows developers to specify that declarations of reference types are to be interpreted as non-null by default. We explain how this default is safer and results in less writing on the part of specifiers than null-by-default. The paper also reports on an implementation of the proposal in some of the JML tools.
- M. Barnett, K. R. M. Leino, and W. Schulte, "The Spec# Programming System: An Overview." In Proceedings of the International Workshop on the Construction and Analysis of Safe, Secure, and Interoperable Smart Devices (CASSIS 2004), Marseille, France, LNCS, vol. 3362, 2004.]]Google Scholar
- D. Bonniot. The Nice programming language, http://nice.sourceforge.net/, June 2005.]]Google Scholar
- D. Bonniot. Type safety in Nice: Why programs written in Nice have less bugs, http://nice.sourceforge.net/safety.html, June 2005.]]Google Scholar
- L. Burdy, Y. Cheon, D. R. Cok, M. D. Ernst, J. R. Kiniry, G. T. Leavens, K. R. M. Leino, and E. Poll, "An overview of JML tools and applications," International Journal on Software Tools for Technology Transfer (STTT), 2004.]]Google Scholar
- P. Chalin and F. Rioux, Non-null References by Default in the Java Modeling Language, Dependable Software Research Group, Concordia University, ENCS-CSE TR 2005--004. June, 2005.]]Google Scholar
- D. Evans and D. Larochelle, "Improving security using extensible lightweight static analysis," IEEE Software, vol. 19, no. 1, pp. 42--51, Jan.-Feb., 2002.]] Google ScholarDigital Library
- M. Fähndrich and K. R. M. Leino, "Declaring and checking non-null types in an object-oriented language," in Proceedings of the 18th annual ACM SIGPLAN conference on Object-oriented programing, systems, languages, and applications. OOPSLA'03: ACM Press, 2003, pp. 302--312.]] Google ScholarDigital Library
- C. Flanagan and K. R. M. Leino, "Houdini, an Annotation Assistant for ESC/Java." In Proceedings of the International Symposium of Formal Methods Europe, Berlin, Germany, vol. 2021, pp. 500--517, 2001.]] Google ScholarDigital Library
- M. Fowler, Refactoring: Improving the Design of Existing Code. Object Technology Series. Addison-Wesley, 1999.]] Google ScholarDigital Library
- J. V. Guttag and J. J. Horning, Larch: Languages and Tools for Formal Specification. Texts and Monographs in Computer Science. Springer-Verlag, 1993.]] Google ScholarDigital Library
- G. T. Leavens, A. L. Baker, and C. Ruby, "JML: A Notation for Detailed Design," in Behavioral Specifications of Businesses and Systems, B. R. Haim Kilov, Ian Simmonds, Ed.: Kluwer, 1999, pp. 175--188.]]Google Scholar
- G. T. Leavens, K. R. M. Leino, E. Poll, C. Ruby, and B. Jacobs, "JML: notations and tools supporting detailed design in Java," in OOPSLA 2000 Companion, Minneapolis, Minnesota, 2000, pp. 105--106.]] Google ScholarDigital Library
- G. T. Leavens, A. L. Baker, and C. Ruby, Preliminary Design of JML: A Behavioral Interface Specification Language for Java, Department of Computer Science, Iowa State University TR #98-06-rev27. April, 2005.]]Google Scholar
- G. T. Leavens, Y. Cheon, C. Clifton, C. Ruby, and D. R. Cok, "How the design of JML accommodates both runtime assertion checking and formal verification," Science of Computer Programming, vol. 55, no. 1--3, pp. 185--208, 2005.]] Google ScholarDigital Library
- B. Meyer, Eiffel: The Language. Object-Oriented Series. New York. Prentice-Hall, 1991.]] Google ScholarDigital Library
- B. Meyer, Eiffel: The Language, Draft of future edition, revision 5.00 (June 2005) ed. Unpublished, 2005.]] Google ScholarDigital Library
- A. D. Raghavan and G. T. Leavens, Desugaring JML Method Specifications, Department of Computer Science, Iowa State University TR #00-03e. May, 2005.]]Google Scholar
- F. Rioux and P. Chalin, "Improving the Quality of Web-based Enterprise Applications with Extended Static Checking: A Case Study." In Proceedings of the 1st International Workshop on Automated Specification and Verification of Web Sites, Valencia, Spain, Electronic Notes in Theoretical Computer Science, March 14--15, 2005 (to appear).]]Google Scholar
Index Terms
- Non-null references by default in the Java modeling language
Recommendations
Non-null references by default in the Java modeling language
SAVCBS '05: Proceedings of the 2005 conference on Specification and verification of component-based systemsBased on our experiences and those of our peers, we hypothesized that in Java code, the majority of declarations that are of reference types are meant to be non-null. Unfortunately, the Java Modeling Language (JML), like most interface specification and ...
JML and OpenJML for Java 16
FTfJP '21: Proceedings of the 23rd ACM International Workshop on Formal Techniques for Java-like ProgramsAs the Java language evolves, the Java Modeling Language (JML) and the OpenJML deductive verification tool must evolve with it. Changes in Java since Java 8 bring language and organizational changes which affect the semantics of JML and the ...
Non-null references by default in java: alleviating the nullity annotation burden
ECOOP'07: Proceedings of the 21st European conference on Object-Oriented ProgrammingWith Java 5 annotations, we note a marked increase in tools that statically detect potential null dereferences. To be effective such tools require that developers annotate declarations with nullity modifiers and have annotated API libraries. ...
Comments