We present an original approach for the automated computation of model-based test cases from specifications written in java modeling language (JML). We aim at activating all the behaviors from the JML method specifica...
详细信息
ISBN:
(纸本)3540372156
We present an original approach for the automated computation of model-based test cases from specifications written in java modeling language (JML). We aim at activating all the behaviors from the JML method specifications. Therefore, we extract each behavior and we compute the pertinent test data for the input parameters;we select the boundary values of the ordered domains, and we consider specific features for the objects, involving inheritance and aliasing. Finally, a preamble for each test case is computed by symbolic animation of the JML specification using constraint logic programming techniques. Thus, we are able to automatically generate executable java test sequences to be run on the system under test. Moreover, this process requires the less possible intervention from a validation engineer.
We present an initial link between Z and JML that has enabled us to use Z/Eves to prove theorems about JML classes. We have applied this to the JML type system and the java HashMap class from the java Collections Fram...
详细信息
ISBN:
(纸本)9783540752202
We present an initial link between Z and JML that has enabled us to use Z/Eves to prove theorems about JML classes. We have applied this to the JML type system and the java HashMap class from the java Collections Framework. We present and discuss the issues behind a more general strategy for translation in both directions between Z and JML. This work is a contribution to the Verified Software Repository, part of the Grand Challenge in Verified Software.
Design by Contract (DbC) is widely acknowledged to be a powerful technique for creating reliable software. DbC allows developers to specify the behavior of an operation precisely by pre- and post-conditions. Existing ...
详细信息
ISBN:
(纸本)0769524435
Design by Contract (DbC) is widely acknowledged to be a powerful technique for creating reliable software. DbC allows developers to specify the behavior of an operation precisely by pre- and post-conditions. Existing DbC approaches predominantly use textual representations of contracts to annotate the actual program code with assertions. In the Unified modelinglanguage (UML), the textual Object Constraint language (OCL) supports the specification of pre- and post-conditions by constraining the model elements that occur in UML diagrams. However textual specifications in OCL can become complex and cumbersome, especially for software developers who art, typically not used to OCL. In this paper we propose to specify the preand post-conditions of an operation visually by a pair of UML object diagrams (visual contract). We define a mapping of visual contracts into java classes that are annotated with behavioral interface specifications in the java modeling language (JML). The mapping supports testing the correctness of the implementation against the specification using JML tools, which include a runtime assertion checker Thus we make the visual contracts executable.
As the javalanguage evolves, the java modeling language (JML) and the OpenJML deductive verification tool must evolve with it. Changes in java since java 8 bring language and organizational changes which affect the s...
详细信息
ISBN:
(纸本)9781450385435
As the javalanguage evolves, the java modeling language (JML) and the OpenJML deductive verification tool must evolve with it. Changes in java since java 8 bring language and organizational changes which affect the semantics of JML and the implementation of OpenJML. They also raise questions about language definition, joint efforts, and community engagement, some enumerated in this paper, for the java formal reasoning community to address.
Defensive programming is considered as a software design approach that promotes the reliable software development via the considerations of different cases for the software modules. Design-by-Contract (DbC) applies de...
详细信息
ISBN:
(纸本)9789897583797
Defensive programming is considered as a software design approach that promotes the reliable software development via the considerations of different cases for the software modules. Design-by-Contract (DbC) applies defensive programming systematically in terms of contracts that are a pair of pre-conditions on the module input and post-conditions on the module output. In this paper, a DbC-based teaching methodology is proposed, which aims to teach undergraduate students how to use contracts for the modeling and implementation of software systems. The teaching methodology consists of three consecutive steps. Firstly, the students will learn how to model software architectures in terms of components and their communication links. The component behaviours are specified as contracts, which are attached to the messages that the components exchange. In the second step, the students will learn how to implement the contractual software architectures in java using java's assertion mechanisms in a way that the contractual design decisions are all preserved in the code. Lastly, the students will learn the java modeling language for combining the contractual modeling and java implementation in a single model to avoid any inconsistencies between the model and implementation and automatically verify the correctness of the implementation against the modeled behaviours.
This paper describes the automated generation of test sequences derived from a JML specification and a safety property written in an ad hoc language, named JTPL. The functional JML model is animated to build the test ...
详细信息
ISBN:
(纸本)9783540496991
This paper describes the automated generation of test sequences derived from a JML specification and a safety property written in an ad hoc language, named JTPL. The functional JML model is animated to build the test sequences w.r.t. the safety properties, which represent the test targets. From these properties, we derive strategies that are used to guide the symbolic animation. Moreover, additional JML annotations reinforce the oracle in order to guarantee that the safety properties are not violated during the execution of the test suite. Finally, we illustrate this approach on an industrial javaCard case study.
An unusually high number of published JML specifications are invalid or inconsistent, including cases from the security critical area of smart card applications. We claim that these specification errors are due to a m...
详细信息
ISBN:
(纸本)3540408282
An unusually high number of published JML specifications are invalid or inconsistent, including cases from the security critical area of smart card applications. We claim that these specification errors are due to a mismatch between user expectations and the current JML semantics of expressions over numeric types. At the heart of the problem is JML's language design decision to assign to arithmetic operators the same semantics as in java. Consequently, JML arithmetic is bounded in precision and more importantly loss of precision occurs stealthily. After a short discussion of JML language design goals and objectives, we introduce JMLa, an adaptation of JML supporting primitive arbitrary precision numeric types. To support our claim that the identified specification errors are due to JML's divergence from user expectations, we demonstrate that the invalidities and inconsistencies disappear under JMLa semantics with either no, or minor syntactic changes to the specifications. Other advantages of JMLa are illustrated including safety-how it allows an automated static checker like ESC/java to detect more specification and implementation errors. We also briefly illustrate how these issues are applicable to other assertion-based languages like Eiffel.
Hash maps are a common and important data structure in efficient algorithm implementations. Despite their wide-spread use, real-world implementations are not regularly verified. In this article, we present the first c...
详细信息
Hash maps are a common and important data structure in efficient algorithm implementations. Despite their wide-spread use, real-world implementations are not regularly verified. In this article, we present the first case study of the IdentityHashMap class in the java JDK. We specified its behavior using the java modeling language (JML) and proved correctness for the main insertion and lookup methods with KeY, a semi-interactive theorem prover for JML-annotated java programs. Furthermore, we report how unit testing and bounded model checking can be leveraged to find a suitable specification more quickly. We also investigated where the bottlenecks in the verification of hash maps lie for KeY by comparing required automatic proof effort for different hash map implementations and draw conclusions for the choice of hash map implementations regarding their verifiability.
暂无评论