In order to claim conformance with a java Specification Request, a java implementation has to pass all tests in an associated Technology Compatibility Kit. This paper presents a model-based development of a Technology...
详细信息
In order to claim conformance with a java Specification Request, a java implementation has to pass all tests in an associated Technology Compatibility Kit. This paper presents a model-based development of a Technology Compatibility Kit test suite and a test execution tool for the draft safety-critical java profile specification. The java modeling language is used to model conformance constraints for the profile. java modeling language annotations define contracts for classes and interfaces. The annotations are translated by a tool into runtime assertion checks. Hereby, the design and elaboration of the concrete test cases are simplified, because the expected results are derived from contracts and thus do not need to be provided explicitly. Bottom-up testing is applied for testing methods of the safety-critical java classes, whereas top-down testing is applied for testing global properties, such as protocols, memory management, and real-time properties, including scheduling. The tests are executed using a simplified version of JUnit, which makes the test suite executable on resource-constrained platforms. Copyright (c) 2017 John Wiley & Sons, Ltd.
In order to claim conformance with a java Specification Request, a java implementation has to pass all tests in an associated Technology Compatibility Kit. This paper presents a model-based development of a Technology...
详细信息
In order to claim conformance with a java Specification Request, a java implementation has to pass all tests in an associated Technology Compatibility Kit. This paper presents a model-based development of a Technology Compatibility Kit test suite and a test execution tool for the draft safety-critical java profile specification. The java modeling language is used to model conformance constraints for the profile. java modeling language annotations define contracts for classes and interfaces. The annotations are translated by a tool into runtime assertion checks. Hereby, the design and elaboration of the concrete test cases are simplified, because the expected results are derived from contracts and thus do not need to be provided explicitly. Bottom-up testing is applied for testing methods of the safety-critical java classes, whereas top-down testing is applied for testing global properties, such as protocols, memory management, and real-time properties, including scheduling. The tests are executed using a simplified version of JUnit, which makes the test suite executable on resource-constrained platforms. Copyright (c) 2017 John Wiley & Sons, Ltd.
The KeY tool is a state-of-the-art deductive program verifier for the javalanguage. Its verification engine is based on a sequent calculus for dynamic logic, realizing forward symbolic execution of the target program...
详细信息
ISBN:
(纸本)9783031711763;9783031711770
The KeY tool is a state-of-the-art deductive program verifier for the javalanguage. Its verification engine is based on a sequent calculus for dynamic logic, realizing forward symbolic execution of the target program, whereby all symbolic paths through a program are explored. Method contracts make verification scalable. KeY combines auto-active and fine-grained proof interaction, which is possible both at the level of the verification target and its specification, as well as at the level of proof rules and program logic. This makes KeY well-suited for teaching program verification, but also permits proof debugging at the source code level. The latter made it possible to verify some of the most complex java code to date. The article provides a self-contained introduction to the working principles and the practical usage of KeY for anyone with basic knowledge in logic and formal methods.
As a particular case study of the formal verification of state-of-the-art, real software, we discuss the specification and verification of a corrected version of the implementation of a linked list as provided by the ...
详细信息
As a particular case study of the formal verification of state-of-the-art, real software, we discuss the specification and verification of a corrected version of the implementation of a linked list as provided by the java Collection Framework.
Software verification is essential to ensure dependability and that a system or component fulfils its specified requirements. Natural language is the most common way of specifying requirements, although many verificat...
详细信息
ISBN:
(纸本)9798350325430
Software verification is essential to ensure dependability and that a system or component fulfils its specified requirements. Natural language is the most common way of specifying requirements, although many verification techniques such as theorem proving depend upon requirements being written in formal specification languages. Automatically translating requirements into a formal specification language is a relevant and challenging research question, because developers often lack the necessary expertise. In our work we consider the application of natural language processing (NLP) to address that research question. This paper considers two distinct approaches to formalise natural language requirements: a symbolic method and a GPT-based method. The two methods are evaluated with respect to their ability to generate accurate java modeling language (JML) from textual requirements, and the results show good promise for automatic formalisation of requirements.
Hash maps are a common and important data structure in efficient algorithm implementations. Despite their wide-spread use, real-world implementations are not regularly verified. In this paper, we present the first cas...
详细信息
ISBN:
(纸本)9783031077272;9783031077265
Hash maps are a common and important data structure in efficient algorithm implementations. Despite their wide-spread use, real-world implementations are not regularly verified. In this paper, we present the first case study of the IdentityHashMap class in the java JDK. We specified its behavior using the java modeling language (JML) and proved correctness for the main insertion and lookup methods with KeY, a semi-interactive theorem prover for JML-annotated java programs. Furthermore, we report how unit testing and bounded model checking can be leveraged to find a suitable specification more quickly. We also investigated where the bottlenecks in the verification of hash maps lie for KeY by comparing required automatic proof effort for different hash map implementations and draw conclusions for the choice of hash map implementations regarding their verifiability.
This Experience report compares using model fields and model methods for specifying abstractions in abstract implementations. Our experience is connected to past discussions of alternatives in modeling heap state chan...
详细信息
ISBN:
(纸本)9783031198489;9783031198496
This Experience report compares using model fields and model methods for specifying abstractions in abstract implementations. Our experience is connected to past discussions of alternatives in modeling heap state changes and the axiomatic basis for deductive verification of programs with uninterpreted, underspecified or recursive methods.
Hash maps are a common and important data structure in efficient algorithm implementations. Despite their wide-spread use, real-world implementations are not regularly verified. In this article, we present the first c...
详细信息
Hash maps are a common and important data structure in efficient algorithm implementations. Despite their wide-spread use, real-world implementations are not regularly verified. In this article, we present the first case study of the IdentityHashMap class in the java JDK. We specified its behavior using the java modeling language (JML) and proved correctness for the main insertion and lookup methods with KeY, a semi-interactive theorem prover for JML-annotated java programs. Furthermore, we report how unit testing and bounded model checking can be leveraged to find a suitable specification more quickly. We also investigated where the bottlenecks in the verification of hash maps lie for KeY by comparing required automatic proof effort for different hash map implementations and draw conclusions for the choice of hash map implementations regarding their verifiability.
As the javalanguage evolves, the java modeling language (JML) and the OpenJML deductive verification tool must evolve with it. Changes in java since java 8 bring language and organizational changes which affect the s...
详细信息
ISBN:
(纸本)9781450385435
As the javalanguage evolves, the java modeling language (JML) and the OpenJML deductive verification tool must evolve with it. Changes in java since java 8 bring language and organizational changes which affect the semantics of JML and the implementation of OpenJML. They also raise questions about language definition, joint efforts, and community engagement, some enumerated in this paper, for the java formal reasoning community to address.
Defensive programming is considered as a software design approach that promotes the reliable software development via the considerations of different cases for the software modules. Design-by-Contract (DbC) applies de...
详细信息
ISBN:
(纸本)9789897583797
Defensive programming is considered as a software design approach that promotes the reliable software development via the considerations of different cases for the software modules. Design-by-Contract (DbC) applies defensive programming systematically in terms of contracts that are a pair of pre-conditions on the module input and post-conditions on the module output. In this paper, a DbC-based teaching methodology is proposed, which aims to teach undergraduate students how to use contracts for the modeling and implementation of software systems. The teaching methodology consists of three consecutive steps. Firstly, the students will learn how to model software architectures in terms of components and their communication links. The component behaviours are specified as contracts, which are attached to the messages that the components exchange. In the second step, the students will learn how to implement the contractual software architectures in java using java's assertion mechanisms in a way that the contractual design decisions are all preserved in the code. Lastly, the students will learn the java modeling language for combining the contractual modeling and java implementation in a single model to avoid any inconsistencies between the model and implementation and automatically verify the correctness of the implementation against the modeled behaviours.
暂无评论