ESC/Java2: Uniting ESC/Java and JML Progress and Issues in Building and Using ESC/Java2, Including a Case Study Involving the Use of the Tool to Verify Portions of an Internet Voting Tally System

The ESC/Java tool was a lauded advance in effective static checking of realistic Java programs, but has become out-of-date with respect to Java and the Java Modeling Language (JML). The ESC/Java2 project, whose progress is described in this paper, builds on the final release of ESC/Java from DEC/SRC in several ways. It parses all of JML, thus can be used with the growing body of JML-annotated Java code; it has additional static checking capabilities; and it has been designed, constructed, and documented in such a way as to improve the tool's usability to both users and researchers. It is intended that ESC/Java2 be used for further research in, and larger-scale case studies of, annotation and verification, and for studies in programmer productivity that may result from its integration with other tools that work with JML and Java. The initial results of the first major use of ESC/Java2, that of the verification of parts of the tally subsystem of the Dutch Internet voting system are presented as well.

[1]  Bart Jacobs,et al.  The LOOP Compiler for Java and JML , 2001, TACAS.

[2]  Erik Poll,et al.  Implementing a Formally Verifiable Security Protocol in Java Card , 2003, SPC.

[3]  Lilian Burdy,et al.  Jack: Java applet correctness kit , 2002 .

[4]  Alex Groce,et al.  What Went Wrong: Explaining Counterexamples , 2003, SPIN.

[5]  Claude Marché,et al.  The KRAKATOA tool for certificationof JAVA/JAVACARD programs annotated in JML , 2004, J. Log. Algebraic Methods Program..

[6]  Patrice Chalin,et al.  JML Support for Primitive Arbitrary Precision Numeric Types: Definition and Semantics , 2004, J. Object Technol..

[7]  Stephen H. Edwards,et al.  Model variables: cleanly supporting abstraction in design by contract , 2005, Softw. Pract. Exp..

[8]  Bart Jacobs,et al.  Specifying and Verifying a Decimal Representation in Java for Smart Cards , 2002, AMAST.

[9]  Néstor Cataño,et al.  Formal Specification and Static Checking of Gemplus' Electronic Purse Using ESC/Java , 2002, FME.

[10]  Gary T. Leavens,et al.  How the design of JML accommodates both runtime assertion checking and formal verification , 2003, Sci. Comput. Program..

[11]  Matthew B. Dwyer,et al.  Checking Strong Specifications Using an Extensible Software Model Checking Framework , 2004, TACAS.

[12]  Engelbert Hubbers Integrating Tools for Automatic Program Verification , 2003, Ershov Memorial Conference.

[13]  Michael D. Ernst,et al.  Static verification of dynamically detected program invariants: Integrating Daikon and ESC/Java , 2001, RV@CAV.

[14]  Erik Poll,et al.  Towards a Full Formal Specification of the JavaCard API , 2001, E-smart.

[15]  K. Rustan M. Leino,et al.  Houdini, an Annotation Assistant for ESC/Java , 2001, FME.

[16]  Michael D. Ernst,et al.  An overview of JML tools and applications , 2003, Electron. Notes Theor. Comput. Sci..

[17]  Mark Lillibridge,et al.  Extended static checking for Java , 2002, PLDI '02.

[18]  Gary T. Leavens,et al.  JML: notations and tools supporting detailed design in Java , 2000 .

[19]  K. Rustan M. Leino,et al.  Using data groups to specify and check side effects , 2002, PLDI '02.