JML TOOLS REVIEW & EVALUATION Chris Grosshans Mark Lewis-Prazen.

Slides:

Advertisements

Similar presentations

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.

Advertisements

Writing specifications for object-oriented programs K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 21 Jan 2005 Invited talk, AIOOL 2005 Paris,

Program Verification Using the Spec# Programming System ETAPS Tutorial K. Rustan M. Leino, Microsoft Research, Redmond Rosemary Monahan, NUIM Maynooth.

Challenges in increasing tool support for programming K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 23 Sep 2004 ICTAC Guiyang, Guizhou, PRC joint.

Automata-Based Programming Technology Extension for Generation of JML Annotated Java Card Code Andrey Klebanov, CTD, SPb SU ITMO supervised by Anatoly.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Constraint Semantics for Abstract Read Permissions 28 th July 2014, FTfJP, Uppsala John Tang Boyland (UW-Milwaukee/ETH Zurich) Peter Müller, Malte Schwerhoff,

Verification of Multithreaded Object- Oriented Programs with Invariants Bart Jacobs, K. Rustan M. Leino, Wolfram Schulte.

Software Engineering & Automated Deduction Willem Visser Stellenbosch University With Nikolaj Bjorner (Microsoft Research, Redmond) Natarajan Shankar (SRI.

LIFE CYCLE MODELS FORMAL TRANSFORMATION

The Java Modeling Language JML Erik Poll Digital Security Radboud University Nijmegen.

JML and ESC/Java2: An Introduction Karl Meinke School of Computer Science and Communication, KTH.

Securing Java applets Erik Poll Security of Systems (SOS) group University of Nijmegen

1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.

Dept. of Computer Science A Runtime Assertion Checker for the Java Modeling Language (JML) Yoonsik Cheon and Gary T. Leavens SERP 2002, June 24-27, 2002.

Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.

Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt.

An overview of JML tools and applications Lilian Burdy Gemplus Yoonsik Cheon, Gary Leavens Iowa Univ. David Cok Kodak Michael Ernst MIT Rustan Leino Microsoft.

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.

Invariant Based Programming, March 20101/ Teaching the construction of correct programs using invariant based programming Ralph-Johan Back Johannes Eriksson.

Houdini: An Annotation Assistant for ESC/Java Cormac Flanagan and K. Rustan M. Leino Compaq Systems Research Center.

Software Reliability Methods Sorin Lerner. Software reliability methods: issues What are the issues?

OOP #10: Correctness Fritz Henglein. Wrap-up: Types A type is a collection of objects with common behavior (operations and properties). (Abstract) types.

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.

A Type System for Expressive Security Policies David Walker Cornell University.

From last time S1: l := new Cons p := l S2: t := new Cons *p := t p := t l p S1 l p tS2 l p S1 t S2 l t S1 p S2 l t S1 p S2 l t S1 p L2 l t S1 p S2 l t.

Software Quality: Testing and Verification II. 2 1.A failure is an unacceptable behaviour exhibited by a system — The frequency of failures measures software.

Chair of Software Engineering Automatic Verification of Computer Programs.

SEEFM 07, Thessaloniki, Nov 20071/ Teaching the construction of correct programs using invariant based programming Ralph-Johan Back Johannes Eriksson Linda.

Jonathan Kuhn Robin Mange EPFL-SSC Compaq Systems Research Center Flanagan, Leino, Lillibridge, Nelson, Saxe and Stata.

A Safety-Critical Java Technology Compatibility Kit Hans Søndergaard Stephan Korsholm VIA University College, Horsens, Denmark & Anders P. Ravn Aalborg.

Software Engineering Prof. Dr. Bertrand Meyer March 2007 – June 2007 Chair of Software Engineering Static program checking and verification Slides: Based.

Invariant Based Programming in Education Tutorial, FM’08 Linda Mannila

VERIFICATION OF ASPECT ORIENTED MODELS BY DON MARTIN JAYASHREE VENKIPURAM PATHANGI PIYUSH SRIVASTAVA REFERENCES F. Mostefaoui and J. Vachon,” Design level.

Proof Carrying Code Zhiwei Lin. Outline Proof-Carrying Code The Design and Implementation of a Certifying Compiler A Proof – Carrying Code Architecture.

1 Total Correctness of Recursive Functions Using JML4 FSPV George Karabotsos, Patrice Chalin, Perry R. James, Leveda Giannas Dependable Software Research.

A Novel Approach to Unit Test: The Aspect-Oriented Way Guoqing Xu and Zongyuan Yang Software Engineering Lab (SEL) East China Normal University

Extended Static Checking for Java  ESC/Java finds common errors in Java programs: null dereferences, array index bounds errors, type cast errors, race.

VERIFICATION OF ASPECT-ORIENTED MODELS Review of Aspect-Oriented Definitions aspect – crosscutting concern that may involve multiple classes pointcut –

A Model-Based Framework for Statically and Dynamically Checking Component Interactions (CALICO) Waignier, G., Sriplakich, P., Meur, A., and Duchien, L.

Abstract We present two Model Driven Engineering (MDE) tools, namely the Eclipse Modeling Framework (EMF) and Umple. We identify the structure and characteristic.

White-box Software Isolation with Fully Automated Black- box Proofs Jiaqi Tan Rajeev Gandhi, Priya Narasimhan PARALLEL DATA LABORATORY Carnegie Mellon.

P.R. James © P.Chalin et al.1 An Integrated Verification Environment for JML: Architecture and Early Results Patrice Chalin, Perry R. James, and George.

A Survey on Java Modeling Languages Gergely Kovásznai,Eszterházy Károly College Wolfgang Schreiner,Johannes Kepler University Gábor Kusper,Eszterházy Károly.

© Andrew IrelandDependable Systems Group Static Analysis and Program Proof Andrew Ireland School of Mathematical & Computer Sciences Heriot-Watt University.

Software Debugging, Testing, and Verification Presented by Chris Hundersmarck November 10, 2004 Dr. Bi’s SE516.

1 CSCD 326 Data Structures I Software Design. 2 The Software Life Cycle 1. Specification 2. Design 3. Risk Analysis 4. Verification 5. Coding 6. Testing.

Spec# Andreas Vida. Motivation Correct and maintainable software Correct and maintainable software Cost effective software production Cost effective software.

Extended Static Checking for Java Cormac Flanagan Joint work with: Rustan Leino, Mark Lillibridge, Greg Nelson, Jim Saxe, and Raymie Stata.

SAFE KERNEL EXTENSIONS WITHOUT RUN-TIME CHECKING George C. Necula Peter Lee Carnegie Mellon U.

PROGRAMMING PRE- AND POSTCONDITIONS, INVARIANTS AND METHOD CONTRACTS B MODULE 2: SOFTWARE SYSTEMS 13 NOVEMBER 2013.

Institute for Applied Information Processing and Communications (IAIK) – Secure & Correct Systems 1 Static Checking  note for.

1 Contractual Consistency Between BON Static and Dynamic Diagrams Ali Taleghani July 30, 2004.

Runtime Assertion Checking Support for JML on Eclipse Platform Amritam Sarcar Department of Computer Science University of Texas at El Paso, 500 W. University.

Extended Static Checking for Java Cormac Flanagan Joint work with: Rustan Leino, Mark Lillibridge, Greg Nelson, Jim Saxe, and Raymie Stata Compaq Systems.

Combining Static and Dynamic Reasoning for Bug Detection Yannis Smaragdakis and Christoph Csallner Elnatan Reisner – April 17, 2008.

Faithful mapping of model classes to mathematical structures Ádám Darvas ETH Zürich Switzerland Peter Müller Microsoft Research Redmond, WA, USA SAVCBS.

Project Proposal A JML compiler on Eclipse Platform Amritam Sarcar CS5381.

Introduction to Programming 1 1 2Introduction to Java.

Jeremy Nimmer, page 1 Automatic Generation of Program Specifications Jeremy Nimmer MIT Lab for Computer Science Joint work with.

Extended Static Checking for Java

Matching Logic An Alternative to Hoare/Floyd Logic

Accessible Formal Methods A Study of the Java Modeling Language

State your reasons or how to keep proofs while optimizing code

Programming Languages 2nd edition Tucker and Noonan

Hoare-style program verification

Java Modeling Language (JML)

RAC Support for JML on Eclipse Platform

Gradual Verification Seamlessly and flexibly combine static and dynamic verification by drawing on the general principles from abstract interpretation.

Programming Languages 2nd edition Tucker and Noonan

Presentation transcript:

JML TOOLS REVIEW & EVALUATION Chris Grosshans Mark Lewis-Prazen

What is Java Modeling Language (JML)? public class Counter { public final static int MAX = 100; invariant 0 <= count && count <= MAX; private int count; requires count < ensures count == \old(count) + requires count == ensures count == public void inc() { count = count < MAX ? count + 1 : 0; }

Project Motivation Find JML tool(s) that we can use at work ◦ Easy to use ◦ Robust and fully developed Project plan ◦ Survey all tools ◦ In depth analysis of most promising tools ◦ Introduce best of breed to work

Types of JML Tools Run time checking – Tests for violations of the JML assertions as Java code is executed Static checking - checking annotations prior to execution ◦ Automatic – little developer interaction ◦ Manual – Programmer provides proof for more sound and complete evaluation

Overview of JML tools Legend jml4c JML2 JML3JML5 ESC/javaLOOPJACK FSPV JML4 FSPV JMLEclipse ESC4jml4c Inactive Active Runtime ToolsStatic Tools Future ESC/java2

JML4

JML4

Evaluation of the JML4

Tool Conclusions Tools not commercially viable; currently they are research tools ◦ Tools have difficulty keeping up with changing language features ◦ Usability issues - difficult to install and use Bottom line the tools are not actively marketed commercially – Academically driven w/o corporate sponsorship

Is JML useful? Assuming a production ready JML tool: Would you use JML? ◦ Hard to identify invariant pre/post conditions ◦ Adding specifications as complex as coding ◦ No published work showing results of testing on industrial scale code But, probably only cost- effective for “mission critical” development

Questions

Significant References CHALIN, P., JAMES, P. R., AND KARABOTSOS, G. JML4: Towards an industrial grade IVE for Java and next generation research platform for JML. In VSTTE ’08: Proceedings of the 2008 Conference on Verified Systems: Theories, Tools, and Experiments (2008). COK, D. R., AND KINIRY, J. R. ESC/Java2: Uniting ESC/Java and JML. In Construction and Analysis of Safe, Secure, and Interoperable Devices (2005), vol. 3362/2005 of LNCS, pp LEAVENS, G. T., POLL, E., CLIFTON, C., CHEON, Y., RUBY, C., COK, D., MÜLLER, P., KINIRY, J., AND CHALIN, P. JML reference manual, Available at LEINO, K. R. M., AND MONAHAN, R. Automatic verification of textbook programs that use comprehensions. In FTfJP ’07: Formal Techniques for Java-like Programs (2007). PAULSON, L. C., AND SUSANTO, K. W. Source-level proof reconstruction for interactive theorem proving. In Theorem Proving in Higher Order Logics: TPHOLs 2007 (2007), K. Schneider and J. Brandt, Eds., LNCS 4732, Springer, pp. 232–245. TAYLOR, K.B.: A specification language design for the Java Modeling Language (JML) using Java 5 annotations. Masters thesis, Iowa State University (2008)