Beyond assertions: advanced specification and verification with JML and ESC/Java2

  • Authors:
  • Patrice Chalin;Joseph R. Kiniry;Gary T. Leavens;Erik Poll

  • Affiliations:
  • Concordia University, Montréal, Québec, Canada;University College Dublin, Ireland;Iowa State University, Ames, Iowa;Radboud University Nijmegen, the Netherlands

  • Venue:
  • FMCO'05 Proceedings of the 4th international conference on Formal Methods for Components and Objects
  • Year:
  • 2005

Quantified Score

Hi-index 0.00

Visualization

Abstract

Many state-based specification languages, including the Java Modeling Language (JML), contain at their core specification constructs familiar to most undergraduates: e.g., assertions, pre- and postconditions, and invariants. Unfortunately, these constructs are not sufficiently expressive to permit formal modular verification of programs written in modern object-oriented languages like Java. The necessary extra constructs for specifying an object-oriented module include (perhaps the less familiar) frame properties, datagroups, and ghost and model fields. These constructs help specifiers deal with potential problems related to, for example, unexpected side effects, aliasing, class invariants, inheritance, and lack of information hiding. This tutorial paper focuses on JML's realization of these constructs, explaining their meaning while illustrating how they can be used to address the stated problems.