论文信息 - Extensions of the theory of observational purity and a practical design for JML

Extensions of the theory of observational purity and a practical design for JML

To prevent erratic behavior during runtime checking, JML only allows assertions to call pure, i.e., side-effect free, methods. However, JML’s notion of purity checking is too conservative. For example, Object’s equals method needs to be used in assertions, but some classes use side effects in their equals method to maintain hidden caches or to trigger lazy evaluation, and so these methods cannot be pure in JML’s sense. To handle such cases JML and similar interface specification languages need a less conservative notion of pure methods. In this paper we apply and slightly extend the existing theory of “observationally pure” methods to JML, and explain our language design. This design is practical and accommodates common uses. Our extension of current theory provides appropriate encapsulation combined with inheritance, invariants, method specifications, frame conditions, secret helper methods, and multiple sets of secret state locations. We also introduce a semantics for static analysis that preserves correctness without imposing non-interference.

Gary T. Leavens | David R. Cok

[1] Peter Müller,et al. Reasoning About Method Calls in Interface Specifications , 2006, J. Object Technol..

[2] Frank D. Valencia,et al. Formal Methods for Components and Objects , 2002, Lecture Notes in Computer Science.

[3] K. Rustan M. Leino,et al. The Spec# Programming System: An Overview , 2004, CASSIS.

[4] Patrice Chalin,et al. A Sound Assertion Semantics for the Dependable Systems Evolution Verifying Compiler , 2007, 29th International Conference on Software Engineering (ICSE'07).

[5] 簡聰富,et al. 物件導向軟體之架構(Object-Oriented Software Construction)探討 , 1989 .

[6] David A. Naumann,et al. Observational purity and encapsulation , 2005, Theor. Comput. Sci..

[7] Gary T. Leavens,et al. JML's Rich, Inherited Specifications for Behavioral Subtypes , 2006, ICFEM.

[8] Gary T. Leavens,et al. How the design of JML accommodates both runtime assertion checking and formal verification , 2003, Sci. Comput. Program..

[9] Qi Sun,et al. Allowing State Changes in Specifications , 2006, ETRICS.

[10] Albert L. Baker,et al. Preliminary design of JML: a behavioral interface specification language for java , 2006, SOEN.

[11] K. Rustan M. Leino,et al. Data groups: specifying the modification of extended state , 1998, OOPSLA '98.

[12] David R. Cok,et al. Reasoning with specifications containing method calls and model fields , 2005, J. Object Technol..