Enforcing Information Hiding in Interface Specifications: with The AspectJML specification language. A Client Aware checking Approach
|
|
- Cecilia Osborne
- 5 years ago
- Views:
Transcription
1 Enforcing Information Hiding in Interface Specifications: with The AspectJML specification language A Client Aware checking Approach Henrique Rebêlo Universidade Federal de Pernambuco Brazil Gary T. Leavens University of Central Florida USA
2 What is information hiding?
3 How to abstract away the details? Copyright 1994 Extracted from Booch s OOAD book
4 Copyright 1994 Extracted from Booch s OOAD book Black box abstraction
5 Parnas Whatever is likely to change! Hiding the secret of a module behind an interface
6 Abstraction is an important key Copyright 2004 Extracted from McConnell s Code Complete book
7 Encapsulation helps in the process Copyright 2004 Extracted from McConnell s Code Complete book
8 Is Encapsulation equivalent to Information Hiding?
9 Think about these examples class EncapsulationWithoutInformationHiding { private ArrayList list = new ArrayList(); public ArrayList getlist() { return this.list; class InformationHidingWithoutEncapsulation { public List list = new ArrayList();
10 Avoid exposure implementation details Copyright 1994 Extracted from Booch s OOAD book
11 Information hiding for other artifacts (Leavens and Muller. ICSE, 2007) Visibility modifiers on specifications Some specifications hidden from some clients Some specifications say more to privileged clients class Package { //@ public model JMLDouble pweight; private double weight; //@ private represents weight = pweight; /*@ public requires weight <= ensures this.pweight == private requires weight <= ensures this.weight == weight; public void setweight(double weight) { this.weight = weight; /* other methods omitted */
12 Design by Contract Specifications (contracts) in OO programming Language preconditions postconditions decrement is -- Decrease counter by one. require item > 0 ensure item = old item - 1
13 Running example (Package delivery system)
14 Delivery package classes Package, Gift Package Package * Courier Coupon Package Courier... setweight(double) setsize(double, double) resize(double, double) containssize(double, double) GiftPackage setweight(double) setsize(double, double) CouponPackage setweight(double) setsize(double, double)
15 Package contracts with a DbC language class Package { /* intentionally public */ public double weight; public void setweight(double weight <= this.weight == weight; { this.weight = weight; Package setweight( ) * Courier /* other methods omitted */ GiftPackage 2 CouponPackage setsize( ) setsize( ) containssize( ) setweight( ) setsize( ) resize( ) containssize( ) setweight( )
16 Consider the following Package s client Written by Cathy class ClientClass { public void clientmeth(package p) { p.setweight(5); RAC Written by Alice class Package { /* intentionally public */ public double weight; public void setweight(double weight <= this.weight == weight; { this.weight = weight + 1; /* other methods omitted */ PostconditionError: this.weight is 6.0 weight is 5.0
17 Consider now the following change by Alice class Package { private double weight; public void setweight(double weight <= this.weight == weight; { this.weight = weight; Package setweight( ) * Courier /* other methods omitted */ GiftPackage 2 CouponPackage setsize( ) resize( ) containssize( ) setweight( ) setsize( ) resize( ) containssize( ) setweight( )
18 But now RAC breaks information hiding! Written by Cathy class ClientClass { public void clientmeth(package p) { p.setweight(5); Written by Alice class Package { private double weight; public void setweight(double weight <= this.weight == weight; { this.weight = weight + 1; /* other methods omitted */ RAC PostconditionError: this.weight is 6.0 weight is 5.0
19 Kiczales: Beyond the black box
20 Do DbC languages present this information hiding problem?
21
22 In this scenario, we can say that
23 standard DbC/RAC tools are NOT Effective + Useful
24 But the DbC language JML starting fixing the problem
25 Java modeling language JML Formal specification language for Java behavioral specification of Java modules Adopts design by contract based on Hoarestyle with assertions pre, postconditions and invariants {P C {Q Main goal Improve functional software correctness of Java programs
26
27 Kinds of clients in Java and JML private client class C class F class A package clients public clients class D extends C class E extends C class B protected clients
28 Package contracts with JML class Package { //@ public model JMLDouble pweight; private double weight; //@ private represents weight = pweight; /*@ public requires weight <= ensures this.pweight == private requires weight <= ensures this.weight == weight; public void setweight(double weight) { this.weight = weight; Package setweight( ) GiftPackage 2 * Courier CouponPackage /* other methods omitted */ setsize( ) resize( ) containssize( ) setweight( ) setsize( ) resize( ) containssize( ) setweight( )
29 JML RAC still breaks information hiding! Written by Cathy class ClientClass { public void clientmeth(package p) { p.setweight(5); RAC Written by Alice class Package { //@ public model JMLDouble pweight; private double weight; //@ private represents weight = pweight; /*@ public requires weight <= ensures this.pweight == private requires weight <= ensures this.weight == weight; public void setweight(double weight) { this.weight = weight + 1; /* other methods omitted */ JMLPostconditionError: when this.weight is 6.0 weight is 5.0
30 The problem can become even worse
31 Package contracts for subtypes class Package { //@ public model JMLDouble pweight; protected double weight; //@ protected represents weight = pweight; /*@ public requires weight <= ensures this.pweight == protected requires weight <= ensures this.weight == weight; public void setweight(double weight) { this.weight = weight; /* other methods omitted */ Package setweight( ) GiftPackage setsize( ) resize( ) containssize( ) setweight( ) 2 * Courier CouponPackage setsize( ) resize( ) containssize( ) setweight( )
32 JML RAC misses a precondition violation! Written by Cathy class ClientClass { public void clientmeth(package p) { p.setweight(8); RAC Written by Alice class Package { //@ public model JMLDouble pweight; protected double weight; //@ protected represents weight = pweight; /*@ public requires weight <= ensures this.pweight == protected requires weight <= ensures this.weight == weight; public void setweight(double weight) { this.weight = weight; /* other methods omitted */ Returns successfully! class GiftPackage extends Package {
33 JML/RAC is NOT Effective + Useful
34 Unanswered questions can arise What happened with RAC? Did Alice specified correctly? Did I provide the right specifications? Alice Cathy Did Cathy associated the right specs during RAC?
35 This is caused by the
36 supplier side instrumentation of contracts in JML and any other RAC class Package { //@ public model JMLDouble pweight; protected double weight; //@ protected represents weight = pweight; /*@ public requires weight <= ensures this.pweight == protected requires weight <= ensures this.weight == weight; public void setweight(double weight) { this.weight = weight; class Package { public void setweight(double weight) { //@ assume w <= 5 w <= 8 ; this.weight = weight; //@ assert this.pweight == weight && this.weight == weight; /* other methods omitted */ /* other methods omitted */
37 Information hiding problem statement we say that a RAC compiler that checks specifications based at supplier side as overly dynamic
38 The AspectJML Language is one solution to the illustrated problem
39 Client aware checking approach class GiftPackage extends Package { public void setweight(double w){ class Courier public void deliver(double w){ class OtherClient{ void clientmeth(package p) { p.setweight(-1); p.sety(-1); void helper( ) { class Package { /*@ public requires w <= ensures this.pweight == protected requires w <= ensures this.weight == public void setweight(double w) { CAC cuts through clients with proper runtime checks Runtime checking itself is modular based on privacy kind of clients
40 Harrison & Harold Ossher on Subjectivity object plant nestable predator nectar plant insect plant maple cherry locust pine dandelion bird woodsman maple cherry pine dandelion bird woodsman hardwood softwood tree nontree object Copyright 1993 IBM Corporation
41 Grady Booch on Subjectivity
42 CAC implementation with AspectJML JML annotated Java source files Class.class Advice OOP AOP Classes Advice W e a v e r Class.class Advice Aspects with JML features
43 To hide or not to hide? class GiftPackage extends Package { public void setweight(double w){ class Courier public void deliver(double w){ class OtherClient{ void clientmeth(package p) { p.setweight(-1); p.sety(-1); void helper( ) { class Package { /*@ public requires w <= ensures this.pweight == protected requires w <= ensures this.weight == public void setweight(double w) { CAC cuts through clients with proper runtime checks Runtime checking itself is modular based on privacy kind of clients
44 Future work Find case studies More study on the problems caused by overly dynamic checking dynamic dispatch
45 AspectJML/CAC in action
46 Dedicated to the Memory of Robert France
AspectJML: Modular Specification and Runtime Checking for Crosscutting Contracts
AspectJML: Modular Specification and Runtime Checking for Crosscutting Contracts Henrique Rebêlo, Gary T. Leavens, Mehdi Bagherzadeh, Hridesh Rajan, Ricardo Lima, Daniel M. Zimmerman, Márcio Cornélio,
More informationAn Aspect-Oriented Approach. Henrique Rebêlo Informatics Center
An Aspect-Oriented Approach to implement JML Features Henrique Rebêlo Informatics Center Federal University of Pernambuco Summary jmlc problems bigger code, slower code, no suppport for Java ME, and bad
More informationJML and Aspects: The Benefits of
JML and Aspects: The Benefits of Instrumenting JML Features with AspectJ Henrique Rebêlo Sérgio Soares Ricardo Lima Paulo Borba Márcio Cornélio Java Modeling Language Formal specification language for
More informationJava Modeling Language (JML)
CIS 771: Software Specifications Introduction to JML Java Modeling Language (JML) A behavioral interface specification language for Java supporting design-by-contract (DBC)... invented by Gary T. Leavens
More informationJML. Java Modeling Language
JML Java Modeling Language Overview About the JML Project DBC Design By Contract JML concepts, examples, syntax and capabilities Basics Exceptions Invariants Assertions Quantifiers Other keywords JML hiding
More informationJava Modelling Language (JML) References
Java Modelling Language (JML) References G. T. Leavens and Y. Cheon. Design by Contract with JML, August 2005. L. Burdy, Y. Cheon, D. Cok, M. Ernst, J. Kiniry, G. T. Leavens, K. R. M. Leino, and E. Poll.
More informationJML tool-supported specification for Java Erik Poll Radboud University Nijmegen
JML tool-supported specification for Java Erik Poll Radboud University Nijmegen Erik Poll - JML p.1/41 Overview The specification language JML Tools for JML, in particular runtime assertion checking using
More informationInformation Hiding and Visibility in Interface Specifications
Information Hiding and Visibility in Interface Specifications Gary T. Leavens and Peter Müller TR #06-28 September 2006 Keywords: Information hiding, visibility, behavioral interface specification language,
More informationFormal Specification and Verification
Formal Specification and Verification Formal Specification, Part III Bernhard Beckert Adaptation of slides by Wolfgang Ahrendt Chalmers University, Gothenburg, Sweden Formal Specification and Verification:
More informationStatic program checking and verification
Chair of Software Engineering Software Engineering Prof. Dr. Bertrand Meyer March 2007 June 2007 Slides: Based on KSE06 With kind permission of Peter Müller Static program checking and verification Correctness
More informationIntroduction to JML David Cok, Joe Kiniry, and Erik Poll Eastman Kodak Company, University College Dublin, and Radboud University Nijmegen
Introduction to JML David Cok, Joe Kiniry, and Erik Poll Eastman Kodak Company, University College Dublin, and Radboud University Nijmegen David Cok, Joe Kiniry & Erik Poll - ESC/Java2 & JML Tutorial p.1/30
More informationCSC Advanced Object Oriented Programming, Spring Specification
CSC 520 - Advanced Object Oriented Programming, Spring 2018 Specification Specification A specification is an unambiguous description of the way the components of the software system should be used and
More informationAdvanced JML Erik Poll Radboud University Nijmegen
JML p.1/23 Advanced JML Erik Poll Radboud University Nijmegen JML p.2/23 Core JML Remember the core JML keywords were requires ensures signals invariant non null pure \old, \forall, \result JML p.3/23
More informationOO Technology: Properties and Limitations for Component-Based Design
TDDD05 Component-Based Software OO Technology: Properties and Limitations for Component-Based Design Interfaces Design by by Contract Syntactic Substitutability Inheritance Considered Harmful Fragile Base
More informationFormale Entwicklung objektorientierter Software
Formale Entwicklung objektorientierter Software Praktikum im Wintersemester 2008/2009 Prof. P. H. Schmitt Christian Engel, Benjamin Weiß Institut für Theoretische Informatik Universität Karlsruhe 5. November
More informationJava Modelling Language (JML) References
Java Modelling Language (JML) References www.jmlspecs.org G. T. Leavens and Y. Cheon, Design by Contract with JML, August 2005. C. Marché, C. Paulin-Mohring, and X. Urbain, The Krakatoa Tool for Cerification
More informationThe Java Modeling Language JML
The Java Modeling Language JML Néstor Cataño ncatano@puj.edu.co Faculty of Engineering Pontificia Universidad Javeriana The Java Modelling Language JML p.1/47 Lecture Plan 1. An Introduction to JML 2.
More informationAssertions & Design-by-Contract using JML Erik Poll University of Nijmegen
Assertions & Design-by-Contract using JML Erik Poll University of Nijmegen Erik Poll - JML p.1/39 Overview Assertions Design-by-Contract for Java using JML Contracts and Inheritance Tools for JML Demo
More informationJML Class Specifications The Java Modeling Language (Part 2) A Java Class
JML Class Specifications The Java Modeling Language (Part 2) Wolfgang Schreiner Wolfgang.Schreiner@risc.jku.at Research Institute for Symbolic Computation (RISC) Johannes Kepler University, Linz, Austria
More informationThe Java Modeling Language (Part 2)
The Java Modeling Language (Part 2) Wolfgang Schreiner Wolfgang.Schreiner@risc.jku.at Research Institute for Symbolic Computation (RISC) Johannes Kepler University, Linz, Austria http://www.risc.jku.at
More informationAssertions. Assertions - Example
References: internet notes; Bertrand Meyer, Object-Oriented Software Construction; 11/13/2003 1 Assertions Statements about input to a routine or state of a class Have two primary roles As documentation,
More informationMotivation. Correct and maintainable software Cost effective software production Implicit assumptions easily broken
Spec# Andreas Vida Motivation Correct and maintainable software Cost effective software production Implicit assumptions easily broken Need more formal f specification Integration into a popular language
More informationFormal methods What are they? Uses Tools Application to software development
FormalMethods Page 1 Formal methods introduction 9:26 PM Formal methods What are they? Uses Tools Application to software development FormalMethods Page 2 What are formal methods? 9:49 PM Do you have any
More informationOptimizing JML Features Compilation in Ajmlc Using Aspect-Oriented Refactorings
Optimizing JML Features Compilation in Ajmlc Using Aspect-Oriented Refactorings Henrique Rebêlo, Ricardo Lima, Márcio Cornélio, Gary T. Leavens, Alexandre Mota, César Oliveira CS-TR-09-05 April 2009 Keywords:
More informationFormal Methods for Java
Formal Methods for Java Lecture 1: Introduction Jochen Hoenicke Software Engineering Albert-Ludwigs-University Freiburg October 26, 2011 Jochen Hoenicke (Software Engineering) Formal Methods for Java October
More informationOverview The Java Modeling Language (Part 1) Related Work
Overview The Java Modeling Language (Part 1) Wolfgang Schreiner Wolfgang.Schreiner@risc.jku.at Research Institute for Symbolic Computation (RISC) Johannes Kepler University, Linz, Austria http://www.risc.jku.at
More informationSpecification and Verification of Garbage Collector by Java Modeling Language
Specification and Verification of Garbage Collector by Java Modeling Language Wenhui Sun, Yuting Sun, Zhifei Zhang Department of Computer Science and Technology Beijing Jiaotong University Beijing, China
More informationESC/Java2 Use and Features
ESC/Java2 Use and Features The ESC/Java2 tool David Cok, Joe Kiniry, Erik Poll Eastman Kodak Company, University College Dublin, and Radboud University Nijmegen David Cok, Joe Kiniry & Erik Poll - ESC/Java2
More informationOn the Interplay of Exception Handling and Design by Contract: An Aspect-Oriented Recovery Approach
On the Interplay of Exception Handling and Design by Contract: An Aspect-Oriented Recovery Approach Henrique Rebêlo 1 Roberta Coelho 2 Ricardo Lima 1 Gary T. Leavens 3 Marieke Huisman 4 Alexandre Mota
More informationChapter 1: Principles of Programming and Software Engineering
Chapter 1: Principles of Programming and Software Engineering Data Abstraction & Problem Solving with C++ Fifth Edition by Frank M. Carrano Software Engineering and Object-Oriented Design Coding without
More informationESC/Java2 Use and Features
ESC/Java2 Use and Features David Cok, Joe Kiniry, Erik Poll Eastman Kodak Company, University College Dublin, and Radboud University Nijmegen David Cok, Joe Kiniry & Erik Poll - ESC/Java2 & JML Tutorial
More informationOn the Interplay of Exception Handling and Design by Contract: An Aspect-Oriented Recovery Approach
On the Interplay of Exception Handling and Design by Contract: An Aspect-Oriented Recovery Approach Henrique Rebêlo, Roberta Coelho, Ricardo Lima, Gary T. Leavens, Marieke Huisman, Alexandre Mota, and
More informationChapter 4 Defining Classes I
Chapter 4 Defining Classes I This chapter introduces the idea that students can create their own classes and therefore their own objects. Introduced is the idea of methods and instance variables as the
More informationA Java Reference Model of Transacted Memory for Smart Cards
Erik Poll p.1/23 A Java Reference Model of Transacted Memory for Smart Cards Erik Poll University of Nijmegen Joint work with Pieter Hartel Eduard de Jong University of Twente Sun Microsystems Erik Poll
More informationJML. Outline. Métodos Formais em Engenharia de Software. MI, Braga these slides were prepared by adopting/adapting teaching material
Métodos Formais em Engenharia de Software JML José Carlos Bacelar Almeida Departamento de Informática Universidade do Minho MI, Braga 2008 Outline Design by Contract and JML Design by Contract Java Modeling
More informationCover Page. The handle holds various files of this Leiden University dissertation
Cover Page The handle http://hdl.handle.net/1887/22891 holds various files of this Leiden University dissertation Author: Gouw, Stijn de Title: Combining monitoring with run-time assertion checking Issue
More informationJML and Aspects: The Benefits of Instrumenting JML Features with AspectJ
JML and Aspects: The Benefits of Instrumenting JML Features with AspectJ Henrique Rebêlo Sérgio Soares Department of Computing and Systems University of Pernambuco Recife, Pernambuco, Brazil {hemr,sergio@dsc.upe.br
More informationModular specification of frame properties in JML
CONCURRENCY PRACTICE AND EXPERIENCE Concurrency: Pract. Exper. 2002; 1:1 [Version: 2001/03/05 v2.01] Modular specification of frame properties in JML Peter Müller 1, Arnd Poetzsch-Heffter 2, and Gary T.
More informationESC/Java2 extended static checking for Java Erik Poll Radboud University Nijmegen
ESC/Java2 extended static checking for Java Erik Poll Radboud University Nijmegen Erik Poll - JML p.1/19 Extended static checker for Java ESC/Java by Rustan Leino et.al. Extension ESC/Java2 by David Cok
More informationThe Java Modeling Language (Part 1)
The Java Modeling Language (Part 1) Wolfgang Schreiner Wolfgang.Schreiner@risc.jku.at Research Institute for Symbolic Computation (RISC) Johannes Kepler University, Linz, Austria http://www.risc.jku.at
More informationAssertions, pre/postconditions
Programming as a contract Assertions, pre/postconditions Assertions: Section 4.2 in Savitch (p. 239) Specifying what each method does q Specify it in a comment before method's header Precondition q What
More informationENCAPSULATION. private, public, scope and visibility rules. packages and package level access.
ENCAPSULATION private, public, scope and visibility rules. packages and package level access. Q. Explain the term Encapsulation with an example? Ans: The wrapping up to data and methods into a single units
More informationRegression testing. Whenever you find a bug. Why is this a good idea?
Regression testing Whenever you find a bug Reproduce it (before you fix it!) Store input that elicited that bug Store correct output Put into test suite Then, fix it and verify the fix Why is this a good
More informationThere are three basic elements in object oriented programming: encapsulation, inheritance and polymorphism.
More on Object Oriented Programming Concepts Functional, structured programming often results in programs that describe a hierarchy of tasks to be performed. Object oriented design, however, results in
More informationDepartment of Computer Science 226 Atanasoff Hall Iowa State University Ames, Iowa , USA
Modular Specification of Frame Properties in JML Peter Müller, Arnd Poetzsch-Heffter, and Gary T. Leavens TR #02-02a February 2002, Revised October 2002 Keywords: frame property, frame axiom, modifies
More information5.5 Behavioral Subtyping
5.5 Behavioral Subtyping Subtyping of programming languages enforces that - no type errors occur, and - there is a method implementation for each method invocation. It does not guarantee that subtype objects
More informationSpecification of a transacted memory for smart cards in Java and JML
Specification of a transacted memory for smart cards in Java and JML Erik Poll University of Nijmegen, NL Pieter Hartel Eduard de Jong Joint work with University of Twente Sun Microsystems Transacted Memory
More informationContracts. Dr. C. Constantinides. June 5, Department of Computer Science and Software Engineering Concordia University Montreal, Canada 1/71
Contracts Dr. C. Constantinides Department of Computer Science and Software Engineering Concordia University Montreal, Canada June 5, 2018 1/71 Contracts in human affairs In human affairs we form legally
More informationUC Santa Barbara. CS189A - Capstone. Christopher Kruegel Department of Computer Science UC Santa Barbara
CS189A - Capstone Christopher Kruegel Department of Computer Science http://www.cs.ucsb.edu/~chris/ Design by Contract Design by Contract and the language that implements the Design by Contract principles
More informationFormal Methods for Software Development
Formal Methods for Software Development Java Modeling Language, Part I Wolfgang Ahrendt 04 October 2018 FMSD: Java Modeling Language /GU 181004 1 / 36 Role of JML in the Course programming/modelling property/specification
More informationESC/Java 2. Checker for Java 2. Extended. Static. B y K ats man Andrey S oftware E ngineering S em inar
ESC/Java 2 Extended Static Checker for Java 2 B y K ats man Andrey S oftware E ngineering S em inar 2 0 0 8 Background ESC/Java - Original development by Compaq Systems Research Center (1997) as a successor
More informationData Abstraction: The Walls
Chapter 4 Data Abstraction: The Walls 2011 Pearson Addison-Wesley. All rights reserved 4-1 Abstract Data Types Modularity Keeps the complexity of a large program manageable by systematically controlling
More informationTesting Library Specifications by Verifying Conformance Tests
Testing Library Specifications by Verifying Conformance Tests Joseph R. Kiniry, Daniel M. Zimmerman, Ralph Hyland ITU Copenhagen, UW Tacoma, UCD Dublin 6th International Conference on Tests & Proofs Prague,
More informationSelf-checking software insert specifications about the intent of a system
Assertions Reading assignment A. J. Offutt, A Practical System for Mutation Testing: Help for the Common Programmer, Proceedings of the 12th International Conference on Testing Computer Software, Washington,
More informationImplementation of Refining Statements in OpenJML and Verification of Higher Order Methods with Model Program Specifications
University of Central Florida Electronic Theses and Dissertations Masters Thesis (Open Access) Implementation of Refining Statements in OpenJML and Verification of Higher Order Methods with Model Program
More informationAdvanced JML. and more tips and pitfalls. David Cok, Joe Kiniry, and Erik Poll
Advanced JML and more tips and pitfalls David Cok, Joe Kiniry, and Erik Poll Eastman Kodak Company, University College Dublin, and Radboud University Nijmegen David Cok, Joe Kiniry & Erik Poll - ESC/Java2
More informationChapter 1: Programming Principles
Chapter 1: Programming Principles Object Oriented Analysis and Design Abstraction and information hiding Object oriented programming principles Unified Modeling Language Software life-cycle models Key
More informationObject Ownership in Program Verification
Object Ownership in Program Verification Werner Dietl 1 and Peter Müller 2 1 University of Washington wmdietl@cs.washington.edu 2 ETH Zurich peter.mueller@inf.ethz.ch Abstract. Dealing with aliasing is
More informationProgram Verification (6EC version only)
Program Verification (6EC version only) Erik Poll Digital Security Radboud University Nijmegen Overview Program Verification using Verification Condition Generators JML a formal specification language
More informationSpecification tips and pitfalls
Specification tips and pitfalls David Cok, Joe Kiniry, and Erik Poll Eastman Kodak Company, University College Dublin, and Radboud University Nijmegen David Cok, Joe Kiniry & Erik Poll - ESC/Java2 & JML
More informationWhere are we going? EEC 521: Software Engineering. A Note on Quality. What is Design? Introduction to Design. Our focus
Where are we going? Many levels of design: EEC 521: Software Engineering Introduction to Our focus Method Class/Component Subsystem GUI Data Format Architectural 10/6/09 EEC 521: Software Engineering 1
More informationChecking Program Properties with ESC/Java
Checking Program Properties with ESC/Java 17-654/17-765 Analysis of Software Artifacts Jonathan Aldrich 1 ESC/Java A checker for Java programs Finds null pointers, array dereferences Checks Hoare logic
More informationESC/Java2 Use and Features David Cok, Joe Kiniry, Erik Poll Eastman Kodak Company, University College Dublin, and Radboud University Nijmegen
ESC/Java2 Use and Features David Cok, Joe Kiniry, Erik Poll Eastman Kodak Company, University College Dublin, and Radboud University Nijmegen David Cok, Joe Kiniry & Erik Poll - ESC/Java2 & JML Tutorial
More informationWhy Design by Contract! CS 619 Introduction to OO Design and Development. Design by Contract. Fall 2012
Why Design by Contract What s the difference with Testing? CS 619 Introduction to OO Design and Development Design by Contract Fall 2012 Testing tries to diagnose (and cure) defects after the facts. Design
More informationSteps for project success. git status. Milestones. Deliverables. Homework 1 submitted Homework 2 will be posted October 26.
git status Steps for project success Homework 1 submitted Homework 2 will be posted October 26 due November 16, 9AM Projects underway project status check-in meetings November 9 System-building project
More informationSpecifying Pointcuts in AspectJ
Specifying Pointcuts in AspectJ Yi Wang Department of Computer Science Shanghai Jiao Tong University 800 Dongchuan Rd, Shanghai, 200240, China yi_wang@sjtu.edu.cn Jianjun Zhao Department of Computer Science
More informationTop Down Design vs. Modularization
6.170 Quiz Review Topics: 1. Decoupling 2. 3. AF & RI 4. Iteration Abstraction & Iterators 5. OMs and Invariants 6. Equality, Copying, Views 7. 8. Design Patterns 9. Subtyping 10. Case Studies Decomposition
More informationAsserting Expectations. Your Submissions. Oral Exams
Asserting Expectations Andreas Zeller 1 Your Submissions Program must behave exactly as specified (i.e., input, output, flags, etc.) Program must use recent Python 2 version (i.e., Python 2.6 installed
More informationAn Aspect-Oriented Approach to Modular Behavioral Specification
Electronic Notes in Theoretical Computer Science 163 (2006) 45 56 www.elsevier.com/locate/entcs An Aspect-Oriented Approach to Modular Behavioral Specification Kiyoshi Yamada 1 Research Center for Information
More informationMaintaining Invariants Through Object Coupling Mechanisms
Maintaining Invariants Through Object Coupling Mechanisms Eric Kerfoot Steve McKeever Oxford University Computing Laboratory {eric.kerfoot, steve.mckeever}@comlab.ox.ac.uk Abstract Object invariants are
More informationThe JML and JUnit Way of Unit Testing and its Implementation
Computer Science Technical Reports Computer Science 2-2004 The JML and JUnit Way of Unit Testing and its Implementation Gary T. Leavens Iowa State University Yoonsik Cheon Iowa State University Follow
More informationFormal Methods for Java
Formal Methods for Java Lecture 5: JML and Abstract Data Types Jochen Hoenicke Software Engineering Albert-Ludwigs-University Freiburg November 9, 2011 Jochen Hoenicke (Software Engineering) Formal Methods
More informationECE 122. Engineering Problem Solving with Java
ECE 122 Engineering Problem Solving with Java Lecture 6 Problem Definition and Implementation Outline Problem: Create, read in and print out four sets of student grades Setting up the problem Breaking
More informationTranslucid Contracts: Expressive Specification and Modular Verification for Aspect-Oriented Interfaces
Translucid Contracts: Expressive Specification and Modular Verification for Aspect-Oriented Interfaces Mehdi Bagherzadeh β, Hridesh Rajan β, Gary T. Leavens θ and Sean Mooney β β Iowa State University,
More informationChapter 4.!Data Abstraction: The Walls! 2011 Pearson Addison-Wesley. All rights reserved 4-1
Chapter 4!Data Abstraction: The Walls! 2011 Pearson Addison-Wesley. All rights reserved 4-1 2015-09-29 11:44:25 1/45 Chapter-04.pdf (#4) bubblesort(int[] a) { int last = a.length - 1; while (last > 0)
More informationEXAMINATIONS 2009 MID-TERM TEST. COMP 202 / SWEN 202 Formal Methods of Computer Science / Formal Foundations of Software Engineering WITH ANSWERS
T E W H A R E W Ā N A N G A O T E Ū P O K O O T E I K A A M Ā U I VUW V I C T O R I A UNIVERSITY OF WELLINGTON Time Allowed: 90 minutes EXAMINATIONS 2009 MID-TERM TEST COMP 202 / SWEN 202 Formal Methods
More informationPRINCIPLES OF SOFTWARE BIM209DESIGN AND DEVELOPMENT 00. WELCOME TO OBJECTVILLE. Speaking the Language of OO
PRINCIPLES OF SOFTWARE BIM209DESIGN AND DEVELOPMENT 00. WELCOME TO OBJECTVILLE Speaking the Language of OO COURSE INFO Instructor : Alper Bilge TA : Gökhan Çıplak-Ahmet Alkılınç Time : Tuesdays 2-5pm Location
More informationType Hierarchy. Comp-303 : Programming Techniques Lecture 9. Alexandre Denault Computer Science McGill University Winter 2004
Type Hierarchy Comp-303 : Programming Techniques Lecture 9 Alexandre Denault Computer Science McGill University Winter 2004 February 16, 2004 Lecture 9 Comp 303 : Programming Techniques Page 1 Last lecture...
More informationWhere are we going? EEC 421/521: Software Engineering. What is Design? A Note on Quality. Introduction to Design. Many levels of design: Our focus
Where are we going? Many levels of design: EEC 421/521: Software Engineering Introduction to Our focus Method Class/Component Subsystem GUI Data Format Architectural 2/28/08 EEC 421/521: Software Engineering
More informationType Hierarchy. Lecture 6: OOP, autumn 2003
Type Hierarchy Lecture 6: OOP, autumn 2003 The idea Many types have common behavior => type families share common behavior organized into a hierarchy Most common on the top - supertypes Most specific at
More informationCMSC 433 Section 0101 Fall 2012 Midterm Exam #1
Name: CMSC 433 Section 0101 Fall 2012 Midterm Exam #1 Directions: Test is closed book, closed notes. Answer every question; write solutions in spaces provided. Use backs of pages for scratch work. Good
More informationVerifying JML specifications with model fields
Verifying JML specifications with model fields Cees-Bart Breunesse and Erik Poll Department of Computer Science, University of Nijmegen Abstract. The specification language JML (Java Modeling Language)
More informationOOP Design by Contract. Carsten Schuermann Kasper Østerbye IT University Copenhagen
OOP Design by Contract Carsten Schuermann Kasper Østerbye IT University Copenhagen 1 Today's schedule Design by Contract why the term contract what design issue is captured, and why bother what is a pre-condition
More informationReasoning about Object Structures Using Ownership
Reasoning about Object Structures Using Ownership Peter Müller ETH Zurich, Switzerland Peter.Mueller@inf.ethz.ch Abstract. Many well-established concepts of object-oriented programming work for individual
More informationA Simple and Practical Approach to Unit Testing: The JML and JUnit Way
Computer Science Technical Reports Computer Science 11-2001 A Simple and Practical Approach to Unit Testing: The JML and JUnit Way Yoonsik Cheon Iowa State University Gary T. Leavens Iowa State University
More informationCS 520 Theory and Practice of Software Engineering Fall 2018
CS 520 Theory and Practice of Software Engineering Fall 2018 Nediyana Daskalova Monday, 4PM CS 151 Debugging October 30, 2018 Personalized Behavior-Powered Systems for Guiding Self-Experiments Help me
More informationDesigning Robust Classes
Designing Robust Classes Learning Goals You must be able to:! specify a robust data abstraction! implement a robust class! design robust software! use Java exceptions Specifications and Implementations
More informationA Simple and Practical Approach to Unit Testing: The JML and JUnit Way
A Simple and Practical Approach to Unit Testing: The JML and JUnit Way Yoonsik Cheon and Gary T. Leavens TR #01-12a November 2001, revised March 2002 Keywords: Unit testing, automatic test oracle generation,
More informationLecture 7: Data Abstractions
Lecture 7: Data Abstractions Abstract Data Types Data Abstractions How to define them Implementation issues Abstraction functions and invariants Adequacy (and some requirements analysis) Towards Object
More informationModular Verification of Higher-Order Methods with Mandatory Calls Specified by Model Programs
Computer Science Technical Reports Computer Science 4-2007 Modular Verification of Higher-Order Methods with Mandatory Calls Specified by Model Programs Steve M. Shaner Iowa State University, smshaner@mac.com
More informationThe JML Tool. Faculty of Engineering Pontificia Universidad Javeriana. The JML Tool p.1/23
The JML Tool Néstor Cataño ncatano@puj.edu.co Faculty of Engineering Pontificia Universidad Javeriana The JML Tool p.1/23 Tools for JML 1. Parsing and type-checking 2. Checking assertions at runtime 3.
More informationDesign by Contract with JML
Design by Contract with JML Gary T. Leavens and Yoonsik Cheon August 16, 2006 Abstract This document gives a tutorial introduction to the Java Modeling Language (JML), and explains how JML can be used
More informationIntegrating verification in programming languages
Integrating verification in programming languages Thomas Jensen, INRIA Seminar INRIA Rennes, 04/11/2015 Collège de France Chaire Algorithmes, machines et langages x / y Types For division to make sense,
More informationReferences: internet notes; Bertrand Meyer, Object-Oriented Software Construction; 10/14/2004 1
References: internet notes; Bertrand Meyer, Object-Oriented Software Construction; 10/14/2004 1 Assertions Statements about input to a routine or state of a class Have two primary roles As documentation,
More informationCHAPTER 5 GENERAL OOP CONCEPTS
CHAPTER 5 GENERAL OOP CONCEPTS EVOLUTION OF SOFTWARE A PROGRAMMING LANGUAGE SHOULD SERVE 2 RELATED PURPOSES : 1. It should provide a vehicle for programmer to specify actions to be executed. 2. It should
More informationProof Carrying Code(PCC)
Discussion p./6 Proof Carrying Code(PCC Languaged based security policy instead of OS-based A mechanism to determine with certainity that it is safe execute a program or not Generic architecture for providing
More informationModular Verification of Higher-Order Methods with Mandatory Calls Specified by Model Programs
Modular Verification of Higher-Order Methods with Mandatory Calls Specified by Model Programs Steve M. Shaner, Gary T. Leavens, and David A. Naumann TR #07-04b March 2007, revised April, July 2007 Keywords:
More informationA Run-time Assertion Checker for Java using JML
Computer Science Technical Reports Computer Science 5-1-2000 A Run-time Assertion Checker for Java using JML Abhay Bhorkar Follow this and additional works at: http://lib.dr.iastate.edu/cs_techreports
More informationModular verification of higher-order methods with mandatory calls specified by model programs
Computer Science Technical Reports Computer Science 3-2009 Modular verification of higher-order methods with mandatory calls specified by model programs Steve M. Shaner Iowa State University, smshaner@mac.com
More informationFormal Methods for Java
Formal Methods for Java Lecture 6: Introduction to JML Jochen Hoenicke Software Engineering Albert-Ludwigs-University Freiburg May 15, 2017 Jochen Hoenicke (Software Engineering) Formal Methods for Java
More information