1 / 15

Java Modeling Language (JML)

Java Modeling Language (JML) . EECE 310: Software Engineering (NOT Tested for Midterm/Final exams). Learning Objectives. Identify uses and syntax of JML Write specifications of simple methods in JML. Java Modeling Language (JML). JML is a behavioral interface specification language

oceana
Download Presentation

Java Modeling Language (JML)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Java Modeling Language (JML) EECE 310: Software Engineering (NOT Tested for Midterm/Final exams)

  2. Learning Objectives • Identify uses and syntax of JML • Write specifications of simple methods in JML

  3. Java Modeling Language (JML) • JML is a behavioral interface specification language • JML is a specification language that allows specification of the behavior of an API • not just its syntax, but its semantics • JML specifications are written as annotations • As far as Java compiler is concerned they are comments but a JML compiler can interpret them

  4. JML • Goal: Make writing specifications easily understandable and usable by Java programmers, • so it stays close to the Java syntax and semantics • JML supports design by contract style specifications with • Pre-conditions • Post-conditions • (Class) invariants

  5. JMLAnnotations • JML annotations are added as comments to the Java source code • either between /*@ . . . @*/ • or after //@ • These are annotations and they are ignored by the Java compiler • JML properties are specified as Java boolean expressions • JML provides operators to support design by contract style specifications such as \old and \result • JML also provides quantification operators (\forall, \exists) • JML also has additional keywords such as • requires, ensures, signals, assignable, pure, invariant, non null, . . .

  6. JML contracts • Preconditions (REQUIRES) are written as a requires clauses • Postconditions(EFFECTS) are written as ensures clauses • MODIFIES are written as modifiable clauses • Rep invariants are written as invariants clauses

  7. Simple Example • Consider the spec. of a swap routine in Java public static void swap(int [] a) { /* @ requires a.length == 2 @ modifiable a @ ensures ( (a[0]==\old(a[1]) && @ (a[1]==\old(a[0]) ) */

  8. Simple Example: Exception • Consider the spec. of a swap routine in Java • But assume that it throws an exception when given an array of length != 2. public static void swap(int [] a) { /* @ modifiable a @ ensures ( (a[0]==\old(a[1]) && @ (a[1]==\old(a[0]) ) @ signals NullPtrException (a == NULL) @ signals LengthException (a.length != 2) */

  9. JML Quantifiers • JML supports several forms of quantifiers • Universal and existential (\forall and \exists) • General quantifiers (\sum, \product, \min, \max) • Numeric quantifier (\num_of) (\forall Student s; class272.contains(s); s.getProject() != null) (\forall Student s; class272.contains(s) ==> s.getProject() != null) • Without quantifiers, we would need to write loops to specify these types of constraints

  10. JML Quantifiers (cont) • Quantifier expressions • Start with a declaration that is local to the quantifier expression (\forall Student s; ... • Followed by an optional range predicate ... class272.contains(s); ... • Followed by the body of the quantifier ... s.getProject() != null)

  11. JML quantifiers (cont) • \sum, \product, \min, \max return the sum, product, min and max of the values of their body expression when the quantified variables satisfy the given range expression • For example, (\sum int x; 1 <= x && x <= 5; x) denotes the sum of values between 1 and 5 inclusive • The numerical quantifier, \num_of, returns the number of values for quantified variables for which the range and the body predicate are true

  12. Group Activity • Write the specification in JML for the search routine you identified earlier (See below) public static intsearch(int[] a, intx) throws NullPointerException, ElementNotFound { // EFFECTS: if a is NULL, throw NPException. // else if x is not found in a, throw ENFException // else return the index of element x in the array // i.e., return i such that a[i]==x, 0 <=i < a.length

  13. JML Libraries • JML has an extensive library that supports concepts such as sets, sequences, and relations. • These can be used in JML assertions directly without needing to re-specify these mathematical concepts

  14. JML Tools • tools for parsing and typechecking Java programs and their JML annotations • JML compiler (jmlc) • tools for supporting documentation with JML • HTML generator (jmldoc) • tools for runtime assertion checking: • Test for violations of assertions (pre, postconditions, invariants) during execution • Tool: jmlrac • testing tools based on JML • JML/JUnit unit test tool: jmlunit • Extended static checking: • Automatically prove that contracts are never violated at any execution • Automatic verification is done statically (i.e., at compile time). • Tool: ESC/Java

  15. Summary • JML is a formal mathematical languages for writing specifications in Java • Can use most Java features such as objects, fields • Loops and side-effects not allowed however • Use quantifiers (\forall, \exists) in place of loops • You will NOT need to use JML for the exams. But, you will need it for the assignments.

More Related