The Java Modeling Language (JML) can be used to specify the detailed design of Java classes and interfaces by adding annotations to Java source files. The aim of JML is to provide a specification language that is easy to use for Java programmers and that is supported by a wide range of tools for specification type-checking, runtime debugging, static analysis, and verification. This paper

This paper explores the interpretation of specifications in the context of an object-oriented programming language with subclassing and method overrides. In particular, the paper considers annotations for describing what variables a method may change and the interpretation of these annotations. The paper shows that there is a problem to be solved in the specification of methods whose overrides may modify additional state introduced in subclasses. As a solution to this problem, the paper introduces data groups, which enable modular checking and rather naturally capture a programmer's design decisions.

Abstract not found

Abstract not found

. A Hoare-style programming logic for the sequential kernel of Java is presented. It handles recursive methods, class and interface types, subtyping, inheritance, dynamic and static binding, aliasing via object references, and encapsulation. The logic is proved sound w.r.t. an SOS semantics by embedding both into higher-order logic. 1 Introduction Java is a practically important object-oriented programming language. This paper presents a logic to verify sequential Java programs. The motivations for investigating the logical foundations of Java are as follows: 1. Java plays an important role in the quickly developing software component industry and the smart card technology. Verification techniques can be used for static program analysis, e.g., to prove the absence of null-pointer exceptions. The Java subset used in this paper is similar to JavaCard, the Java dialect for implementing smart cards. 2. As pointed out in [MPH97], logical foundations of programming languages form a b...

The Alloy Annotation Language (AAL) is a language (under development) for annotating Java code based on the Alloy modeling language. It o#ers a syntax similar to the Java Modeling Language (JML), and the same opportunities for generation of run-time assertions. In addition, however, AAL o#ers the possibility of fully automatic compile-time analysis. Several kinds of analysis are supported, including: checking the code of a method against its specification; checking that the specification of a method in a subclass is compatible with the specification in the superclass; and checking properties relating method calls on di#erent objects, such as that the equals methods of a class (and its overridings) induce an equivalence. Using partial models in place of code, it is also possible to analyze object-oriented designs in the abstract: investigating, for example, a view relationship amongst objects. Tha paper gives

The state of the practice in object-oriented software development has moved beyond reuse of code to reuse of conceptual structures such as design patterns. This paper draws attention to some difficulties that need to be solved if this style of development is to be supported by formal methods. In particular, the centrality of object interactions in many designs mak es traditional reasoning less useful, since classes cannot be treated fruitfully in isolation from one another. We propose some ideas towards dealing with these issues: a relational model of heap structure capable of expressing sharing and mutual influence between objects; a declarative specification style that work in the presence of collaboration; and a tool-supported constraint analysis to expose problems in a diagram that captures, at a design level, a pattern of interaction. We illustrate these ideas with an example tak en from a program used in the formatting of this paper.

Abstract. Object invariants define the consistency of objects. They have subtle semantics, mainly because of call-backs, multi-object invariants, and subclassing. Several verification techniques for object invariants have been proposed. It is difficult to compare these techniques, and to ascertain their soundness, because of their differences in restrictions on programs and invariants, in the use of advanced type systems (e.g., ownership types), in the meaning of invariants, and in proof obligations. We develop a unified framework for such techniques. We distil seven parameters that characterise a verification technique, and identify sufficient conditions on these parameters which guarantee soundness. We instantiate our framework with three verification techniques from the literature, and use it to assess soundness and compare expressiveness. 1

A framework is developed in order to support the development of a family of applications. Many approaches to documenting frameworks have been tried, though with different aims and audiences in mind. Of greatest utility are those aimed at reducing the learning curve for application developers. We propose the concept of a reuse case as offering a perspective of the different approaches to documenting frameworks. The categories of reuse cases are defined, and we discuss other views of reuse cases that can help to classify them. 1. Introduction Many approaches to documenting frameworks have been tried, though with different aims and audiences in mind. We propose the concept of a reuse case as offering a perspective of the different approaches to documenting frameworks. The categories of reuse cases are defined, and we discuss other views of reuse cases that can help to classify them. The existing approaches to documenting frameworks are mapped into the perspective of reuse cases. A framew...

This report describes the programming and interface specification language of the Java Interactive Verification Environment Jive. The Jive system is a prototype implementation of a logic-based programming-environment for an object-oriented programming language. Logic-based programming-environments are language-dependent software development tools that support formal specification and verification. We summarize the properties of an ideal programming language for the prototype and argue that Java is a good candidate. The design of the supported Java subset is discussed and a formal definition of the abstract syntax is presented. Program specifications are denoted in an interface specification language. This report discusses the design of the Jive interface specification language and presents its abstract syntax. An example program illustrates the application of the programming and the interface specification language. Contents 1 Introduction 4 2 Programming Language 6 2.1 Design Conce...