Abstract

www.cs.concordia.ca/~chalin Abstract. Early in the design of the Java Modeling Language (JML) care was taken in the choice of its logical foundation to ensure that JML could accommodate run-time assertion checking, static analysis and formal verification. At the time, classical two-valued logic was adopted. Since then however, we note that the main JML tools have actually implemented differing semantics, by design. In this paper, we begin by reviewing the current logical semantics of JML and explore some of the ramifications of this choice. We then present the results of a survey of programmers from industry, i.e. JML's targeted end users. We asked them how they want assertions to be interpreted during run-time checking and static verification. Survey results indicate that developers are in favor of a semantics for assertions that is compatible with their current use in runtime checking, and hence consistent with a three-valued logic in which partial functions are modeled explicitly.

Citations