Add to collection(s) Add to saved
  1. Social Science
  2. Law
  3. Contract Law

Java Method Language (JML)

advertisement 
Java Modeling Language (JML)
EECE 310: Software Engineering
(NOT Tested for Midterm/Final
exams)
Learning Objectives
• Identify uses and syntax of JML
• Write specifications of simple methods in JML
Java Modeling Language (JML)
• JML is a behavioral interface specification
language
• JML is a specification language that allows
specification of the behavior of an API
– not just its syntax, but its semantics
• JML specifications are written as annotations
– As far as Java compiler is concerned they are
comments but a JML compiler can interpret them
JML
• Goal: Make writing specifications easily
understandable and usable by Java programmers,
– so it stays close to the Java syntax and semantics
• JML supports design by contract style
specifications with
– Pre-conditions
– Post-conditions
– (Class) invariants
JMLAnnotations
• JML annotations are added as comments to the Java source code
– either between
/*@ . . . @*/
– or after
//@
• These are annotations and they are ignored by the Java compiler
• JML properties are specified as Java boolean expressions
– JML provides operators to support design by contract style
specifications such as \old and \result
– JML also provides quantification operators (\forall, \exists)
• JML also has additional keywords such as
– requires, ensures, signals, assignable, pure,
invariant, non null, . . .
JML contracts
– Preconditions (REQUIRES) are written as a
requires clauses
– Postconditions(EFFECTS) are written as ensures
clauses
– MODIFIES are written as modifiable clauses
– Rep invariants are written as invariants clauses
Simple Example
• Consider the spec. of a swap routine in Java
public static void swap(int [] a) {
/* @ requires a.length == 2
@ modifiable a
@ ensures ( (a[0]==\old(a[1]) &&
@
(a[1]==\old(a[0]) )
*/
Simple Example: Exception
• Consider the spec. of a swap routine in Java
• But assume that it throws an exception when
given an array of length != 2.
public static void swap(int [] a) {
/* @ modifiable a
@ ensures ( (a[0]==\old(a[1]) &&
@
(a[1]==\old(a[0]) )
@ signals NullPtrException (a == NULL)
@ signals LengthException (a.length != 2)
*/
JML Quantifiers
• JML supports several forms of quantifiers
– Universal and existential (\forall and \exists)
– General quantifiers (\sum, \product, \min, \max)
– Numeric quantifier (\num_of)
(\forall Student s; class272.contains(s);
s.getProject() != null)
(\forall Student s; class272.contains(s)
==>
s.getProject() != null)
• Without quantifiers, we would need to write loops to
specify these types of constraints
JML Quantifiers (cont)
• Quantifier expressions
– Start with a declaration that is local to the
quantifier expression
(\forall Student s; ...
– Followed by an optional range predicate
... class272.contains(s); ...
– Followed by the body of the quantifier
... s.getProject() != null)
JML quantifiers (cont)
• \sum, \product, \min, \max return the sum,
product, min and max of the values of their body
expression when the quantified variables satisfy
the given range expression
• For example,
(\sum int x; 1 <= x && x <= 5; x) denotes
the sum of values between 1 and 5 inclusive
• The numerical quantifier, \num_of, returns the
number of values for quantified variables for which
the range and the body predicate are true
Group Activity
• Write the specification in JML for the search
routine you identified earlier (See below)
public static int search(int[] a, int x) throws
NullPointerException, ElementNotFound {
// EFFECTS: if a is NULL, throw NPException.
// else if x is not found in a, throw ENFException
// else return the index of element x in the array
// i.e., return i such that a[i]==x, 0 <=i < a.length
JML Libraries
• JML has an extensive library that supports
concepts such as sets, sequences, and
relations.
• These can be used in JML assertions directly
without needing to re-specify these
mathematical concepts
JML Tools
•
tools for parsing and typechecking Java programs and their JML annotations
– JML compiler (jmlc)
•
tools for supporting documentation with JML
– HTML generator (jmldoc)
•
tools for runtime assertion checking:
– Test for violations of assertions (pre, postconditions, invariants) during execution
– Tool: jmlrac
•
testing tools based on JML
– JML/JUnit unit test tool: jmlunit
•
Extended static checking:
– Automatically prove that contracts are never violated at any execution
– Automatic verification is done statically (i.e., at compile time).
– Tool: ESC/Java
Summary
• JML is a formal mathematical languages for
writing specifications in Java
– Can use most Java features such as objects, fields
– Loops and side-effects not allowed however
– Use quantifiers (\forall, \exists) in place of loops
• You will NOT need to use JML for the exams.
But, you will need it for the assignments.
Related documents
JML Tools: Review and Evaluation
JML Tools: Review and Evaluation
From the OCL to JML - Department of Computer Science
From the OCL to JML - Department of Computer Science
JML Order of Operations - Alaska 4-H
JML Order of Operations - Alaska 4-H
jml-akom
jml-akom
272: Software Engineering Fall 2012 Instructor: Tevfik Bultan
272: Software Engineering Fall 2012 Instructor: Tevfik Bultan
Design by Contract with JML
Design by Contract with JML
THE QUANTIFIERS
THE QUANTIFIERS
Course Introduction
Course Introduction
Risk Management
Risk Management
Big Enterprise Software – eMarkets Meetup
Big Enterprise Software – eMarkets Meetup
N
N
Lecture 1.1
Lecture 1.1
CSC 111 Course orientation
CSC 111 Course orientation
A Machine-Checked Proof for a Translation of Event
A Machine-Checked Proof for a Translation of Event
Download
advertisement