ABSTRACT
The earlier errors are found, the less costly they are to fix. This also holds true of errors in specifications. While research into Static Program Verification (SPV) in general, and Extended Static Checking (ESC) in particular, has made great strides in recent years, there is little support for detecting errors in specifications beyond ordinary type checking. This paper reports on recent enhancements that we have made to ESC/Java2, enabling it to report errors in JML specifications due to (method or Java operator) precondition violations and this, at a level of diagnostics that is on par with its ability to report such errors in program code. The enhancements also now make it possible for ESC/Java2 to report errors in specifications for which no corresponding source is available. Applying this new feature to, e.g., the JML specifications of classes in java.*, reveals over 50 errors, including inconsistencies. We describe the adjustment to the assertion semantics necessary to make this possible, and we provide an account of the (rather small) design changes needed to realize the enhancements.
- J. Barnes, High Integrity Software: The Spark Approach to Safety and Security. Addison-Wesley, 2003. Google ScholarDigital Library
- L. Burdy, A. Requet, and J.-L. Lanet, "Java Applet Correctness: A Developer-Oriented Approach". Proceedings of the International Symposium of Formal Methods Europe, vol. 2805 of LNCS. Springer, 2003.Google Scholar
- P. Chalin, "Logical Foundations of Program Assertions: What do Practitioners Want?" Proceedings of the Third International Conference on Software Engineering and Formal Methods (SEFM'05), Koblenz, Germany, September 5--9. IEEE Computer Society Press, 2005. Google ScholarDigital Library
- P. Chalin, "Reassessing JML's Logical Foundation". Proceedings of the 7th Workshop on Formal Techniques for Java-like Programs (FTfJP'05), Glasgow, Scotland, July, 2005.Google Scholar
- P. Chalin, "De-risking the Verifying Compiler Project: Recovering Soundness", Dependable Software Research Group, Department of Computer Science and Software Engineering, Concordia University, ENCS-CSE-TR 2005--009, 2006.Google Scholar
- P. Chalin, J. Kiniry, G. T. Leavens, and E. Poll, "Beyond Assertions: Advanced Specification and Verification with JML and ESC/Java2". Fourth International Symposium on Formal Methods for Components and Objects (FMCO'05), 2005. Google ScholarDigital Library
- D. R. Cok and J. R. Kiniry, "ESC/Java2: Uniting ESC/Java and JML". In G. Barthe, L. Burdy, M. Huisman, J.-L. Lanet, and T. Muntean editors, Proceedings of the International Workshop on the Construction and Analysis of Safe, Secure, and Interoperable Smart Devices (CASSIS'04), Marseille, France, March 10--14, vol. 3362 of LNCS, pp. 108--128. Springer, 2004. Google ScholarDigital Library
- R. DeLine and K. R. M. Leino, "BoogiePL: A Typed Procedural Language for Checking Object-Oriented Programs", Microsoft Research, Technical Report, 2005.Google Scholar
- D. L. Detlefs, G. Nelson, and J. B. Saxe, "A Theorem Prover For Program Checking", Compaq SRC, Research Report 159, 2002.Google Scholar
- R. B. Findler and M. Felleisen, "Contract Soundness for Object-Oriented Languages". 16th ACM SIGPLAN Conference on Object Oriented Programming, Systems, Languages, and Applications (OOPSLA '01), Tampa Bay, FL, USA, October 14--18. ACM Press, 2001. Google ScholarDigital Library
- C. Flanagan, K. R. M. Leino, M. Lillibridge, G. Nelson, J. B. Saxe, and R. Stata, "Extended static checking for Java". Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'02), June, vol. 37(5), pp. 234--245. ACM Press, 2002. Google ScholarDigital Library
- D. Gries and F. B. Schneider, "Avoiding the Undefined by Underspecification", in Computer Science Today: Recent Trends and Developments, vol. 1000, J. v. Leeuwen, Ed.: Springer-Verlag, 1995, pp. 366--373.Google ScholarDigital Library
- J. Grundy, "Predicative programming--A survey". International Conference Formal Methods in Programming and Their Applications, Novosibirsk, Russia, June 28 - July 2. Springer, 1993. Google ScholarDigital Library
- C. A. R. Hoare and J. He, Unifying Theories of Programming. Prentice Hall, 1998.Google Scholar
- C. B. Jones, Systematic Software Development using VDM, 2nd ed. PHI, 1990. Google ScholarDigital Library
- C. B. Jones and C. A. Middelburg, "A Typed Logic of Partial Functions Reconstructed Classically", Acta Informatica, 31(5):399--430, 1994.Google ScholarDigital Library
- J. R. Kiniry, P. Chalin, and C. Hurlin, "Integrating Static Checking and Interactive Verification: Supporting Multiple Theories and Provers in Verification". Proceedings of the International Conference on Verified Software: Theories, Tools, Experiments (VSTTE), Zürich, Switzerland, October 10--13, 2005.Google Scholar
- B. Konikowska, "Two Over Three: A Two-Valued Logic for Software Specification and Validation Over a Three-Valued Predicate Calculus", Journal of Applied Non-Classical Logics, 3:39--71, 1993.Google ScholarCross Ref
- B. Konikowska, A. Tarlecki, and A. Blikle, "A Three-valued Logic for Software Specification and Validation". Second VDM Europe Symposium. VDM - The Way Ahead (VDM'88), Dublin, Ireland, September. Springer, 1988. Google ScholarDigital Library
- P. G. Larsen and N. Plat, "Introduction to Overture". First Overture Workshop, Newcastle upon Tyne, UK, July, 18, 2005.Google Scholar
- G. T. Leavens, "JML's Rich, Inherited Specifications for Behavioral Subtypes", Department of Computer Science, Iowa State University, Ames, Iowa. USA, TR #06--22, 2006.Google Scholar
- G. T. Leavens and Y. Cheon, "Design by Contract with JML", www.jmlspecs.org, 2006.Google Scholar
- G. T. Leavens, Y. Cheon, C. Clifton, C. Ruby, and D. R. Cok, "How the design of JML accommodates both runtime assertion checking and formal verification", Science of Computer Programming, 55(1--3):185--208, 2005. Google ScholarDigital Library
- G. T. Leavens, E. Poll, C. Clifton, Y. Cheon, C. Ruby, D. Cok, P. Müller, J. Kiniry, and P. Chalin, "JML Reference Manual", http://www.jmlspecs.org, 2006.Google Scholar
- K. R. M. Leino, "Ecstatic: An object-oriented programming language with an axiomatic semantics". Fourth International Workshop on Foundations of Object-Oriented Languages, January, 1997.Google Scholar
- K. R. M. Leino, J. B. Saxe, and R. Stata, "Checking Java programs via guarded commands", COMPAQ SRC, Palo Alto, CA, SRC Technical Note 1999--002. 21 May 1999, 1999. Google ScholarDigital Library
- C. Marché, C. Paulin-Mohring, and X. Urbain, "The Krakatoa tool for certification of Java/JavaCard programs annotated in JML", Journal of Logic and Algebraic Programming, 58(1--2):89--106, 2004.Google ScholarCross Ref
- B. Meyer, "Applying Design by Contract", Computer, 25(10):40--51, 1992. Google ScholarDigital Library
- B. Meyer, Object-Oriented Software Construction, 2nd ed. Prentice-Hall, 1997. Google ScholarDigital Library
- J. M. Morris, "Non-deterministic expressions and predicate transformers", Information Processing Letters, 61(5):241--246, 1997. Google ScholarDigital Library
- M. Shaw and D. Garlan, Software Architecture: Perspectives on an Emerging Discipline. Prentice-Hall, 1996. Google ScholarDigital Library
- J. M. Spivey, The Z Notation: A Reference Manual. Prentice-Hall, 1989. Google ScholarDigital Library
- SRI International, "The PVS Specification and Verification System", http://pvs.csl.sri.com.Google Scholar
- J. van den Berg and B. Jacobs, "The LOOP compiler for Java and JML". In T. Margaria and W. Yi editors, Proceedings of the Tools and Algorithms for the Construction and Analysis of Software (TACAS), vol. 2031 of LNCS, pp. 299--312. Springer, 2001. Google ScholarDigital Library
Index Terms
- Early detection of JML specification errors using ESC/Java2
Recommendations
Specifying java iterators with JML and Esc/Java2
SAVCBS '06: Proceedings of the 2006 conference on Specification and verification of component-based systemsThe 2006 SAVCBS Workshop has posed a Challenge Problem on the topic of specifying iterators. This note provides a specification in the Java Modeling Language (JML) [1, 2] for the Java interfaces Iterator and Iterable that captures the interactions ...
Soundness and completeness warnings in ESC/Java2
SAVCBS '06: Proceedings of the 2006 conference on Specification and verification of component-based systemsUsability is a key concern in the development of verification tools. In this paper, we present an usability extension for the verification tool ESC/Java2. This enhancement is not achieved through extensions to the underlying logic or calculi of ESC/...
ESC/Java2: uniting ESC/Java and JML
CASSIS'04: Proceedings of the 2004 international conference on Construction and Analysis of Safe, Secure, and Interoperable Smart DevicesThe ESC/Java tool was a lauded advance in effective static checking of realistic Java programs, but has become out-of-date with respect to Java and the Java Modeling Language (JML). The ESC/Java2 project, whose progress is described in this paper, ...
Comments