Java Modeling Language (JML) - PowerPoint PPT Presentation

About This Presentation
Title:

Java Modeling Language (JML)

Description:

Java Modeling Language (JML) EECE 310: Software Engineering (NOT Tested for Midterm/Final exams) Learning Objectives Identify uses and syntax of JML Write ... – PowerPoint PPT presentation

Number of Views:512
Avg rating:3.0/5.0
Slides: 16
Provided by: Karthi8
Category:
Tags: jml | java | language | modeling

less

Transcript and Presenter's Notes

Title: Java Modeling Language (JML)


1
Java Modeling Language (JML)
  • EECE 310 Software Engineering
  • (NOT Tested for Midterm/Final exams)

2
Learning Objectives
  • Identify uses and syntax of JML
  • Write specifications of simple methods in JML

3
Java Modeling Language (JML)
  • JML is a behavioral interface specification
    language
  • JML is a specification language that allows
    specification of the behavior of an API
  • not just its syntax, but its semantics
  • JML specifications are written as annotations
  • As far as Java compiler is concerned they are
    comments but a JML compiler can interpret them

4
JML
  • Goal Make writing specifications easily
    understandable and usable by Java programmers,
  • so it stays close to the Java syntax and
    semantics
  • JML supports design by contract style
    specifications with
  • Pre-conditions
  • Post-conditions
  • (Class) invariants

5
JMLAnnotations
  • JML annotations are added as comments to the Java
    source code
  • either between /_at_ . . . _at_/
  • or after //_at_
  • These are annotations and they are ignored by the
    Java compiler
  • JML properties are specified as Java boolean
    expressions
  • JML provides operators to support design by
    contract style specifications such as \old and
    \result
  • JML also provides quantification operators
    (\forall, \exists)
  • JML also has additional keywords such as
  • requires, ensures, signals, assignable, pure,
    invariant, non null, . . .

6
JML contracts
  • Preconditions (REQUIRES) are written as a
    requires clauses
  • Postconditions(EFFECTS) are written as ensures
    clauses
  • MODIFIES are written as modifiable clauses
  • Rep invariants are written as invariants clauses

7
Simple Example
  • Consider the spec. of a swap routine in Java
  • public static void swap(int a)
  • / _at_ requires a.length 2
  • _at_ modifiable a
  • _at_ ensures ( (a0\old(a1)
  • _at_ (a1\old(a0)
    )
  • /

8
Simple Example Exception
  • Consider the spec. of a swap routine in Java
  • But assume that it throws an exception when
    given an array of length ! 2.
  • public static void swap(int a)
  • / _at_ modifiable a
  • _at_ ensures ( (a0\old(a1)
  • _at_ (a1\old(a0)
    )
  • _at_ signals NullPtrException (a NULL)
  • _at_ signals LengthException (a.length !
    2)
  • /

9
JML Quantifiers
  • JML supports several forms of quantifiers
  • Universal and existential (\forall and \exists)
  • General quantifiers (\sum, \product, \min, \max)
  • Numeric quantifier (\num_of)
  • (\forall Student s class272.contains(s)
    s.getProject() ! null)
  • (\forall Student s class272.contains(s) gt
    s.getProject() ! null)
  • Without quantifiers, we would need to write loops
    to specify these types of constraints

10
JML Quantifiers (cont)
  • Quantifier expressions
  • Start with a declaration that is local to the
    quantifier expression
  • (\forall Student s ...
  • Followed by an optional range predicate
  • ... class272.contains(s) ...
  • Followed by the body of the quantifier
  • ... s.getProject() ! null)

11
JML quantifiers (cont)
  • \sum, \product, \min, \max return the sum,
    product, min and max of the values of their body
    expression when the quantified variables satisfy
    the given range expression
  • For example,
  • (\sum int x 1 lt x x lt 5 x) denotes the sum
    of values between 1 and 5 inclusive
  • The numerical quantifier, \num_of, returns the
    number of values for quantified variables for
    which the range and the body predicate are true

12
Group Activity
  • Write the specification in JML for the search
    routine you identified earlier (See below)
  • public static int search(int a, int x) throws
    NullPointerException, ElementNotFound
  • // EFFECTS if a is NULL, throw NPException.
  • // else if x is not found in a, throw
    ENFException
  • // else return the index of element x in the
    array
  • // i.e., return i such that aix, 0 lti lt
    a.length

13
JML Libraries
  • JML has an extensive library that supports
    concepts such as sets, sequences, and relations.
  • These can be used in JML assertions directly
    without needing to re-specify these mathematical
    concepts

14
JML Tools
  • tools for parsing and typechecking Java programs
    and their JML annotations
  • JML compiler (jmlc)
  • tools for supporting documentation with JML
  • HTML generator (jmldoc)
  • tools for runtime assertion checking
  • Test for violations of assertions (pre,
    postconditions, invariants) during execution
  • Tool jmlrac
  • testing tools based on JML
  • JML/JUnit unit test tool jmlunit
  • Extended static checking
  • Automatically prove that contracts are never
    violated at any execution
  • Automatic verification is done statically (i.e.,
    at compile time).
  • Tool ESC/Java

15
Summary
  • JML is a formal mathematical languages for
    writing specifications in Java
  • Can use most Java features such as objects,
    fields
  • Loops and side-effects not allowed however
  • Use quantifiers (\forall, \exists) in place of
    loops
  • You will NOT need to use JML for the exams. But,
    you will need it for the assignments.
Write a Comment
User Comments (0)
About PowerShow.com