January 2024
·
1 Read
This page lists works of an author who doesn't have a ResearchGate profile or hasn't added the works to their profile yet. It is automatically generated from public (personal) data to further our legitimate goal of comprehensive and accurate scientific recordkeeping. If you are this author and want this page removed, please let us know.
January 2024
·
1 Read
July 2022
·
2 Reads
·
1 Citation
Lecture Notes in Computer Science
An assertion is a Boolean expression embedded in a program that must hold during the execution. Executable assertions are a simple but practical way to check assumptions and code logic at runtime. Assertions are written by referring to concrete program states. In this paper, we recognize a variety of assertions that we call design assertions. These are assertions written to ensure design constraints and properties, not detailed implementation decisions, and thus can detect major problems in the implementation such as design drift or corrosion. However, they are written by referring to concrete program states, thus causing readability and maintenance problems. To address these problems, we propose to write design constraints at a higher abstraction level by referring to abstract program states. We explain our approach using the Dart/Flutter platform, but it should work in other languages and platforms with similar assertion facilities.
November 2015
·
10 Reads
·
1 Citation
Lecture Notes in Electrical Engineering
A formal correctness proof of code containing loops such as while statements typically uses the technique of proof-by-induction, and often the most difficult part of carrying out an inductive proof is formulating a correct induction hypothesis, a specification for a loop statement. An incorrect induction hypothesis will surely lead to a proof failure. In this paper we propose a systematic way for identifying specifications of while statements. The key idea of our approach is to categorize and document common patterns of while statements along with their specifications. This is based on our observation that similarly-structured while statements frequently have similarly-structured specifications. Thus, a catalog of code and specification patterns can be used as a good reference for finding and formulating a specification of a while statement. We explain our approach using functional program verification in which a program is viewed as a mathematical function from one program state to another, and a correctness proof is done by comparing two functions, the implemented and the specified. However, we believe our approach is applicable to other verification techniques such as Hoare logic using pre- and post-conditions.
January 2013
·
6 Reads
Lecture Notes in Electrical Engineering
In Cleanroom-style functional program verification, a program is viewed as a mathematical function from one program state to another, and the program is verified by comparing two functions, the implemented and the expected behaviors. The technique requires a minimal mathematical background and supports forward reasoning, but it does not support assertions such as class invariants. However, class invariants are not only a practical programming tool but also play a key role in the correctness proof of a program by specifying conditions and constraints that an object has to satisfy and thus defining valid states of the object. We suggest a way to integrate the notion of class invariants in functional program verification by using CleanJava as a specification notation and a verification framework as well; CleanJava is a formal annotation language for Java to support Cleanroom-style functional program verification. We propose a small extension to CleanJava to specify class invariants and to its proof logic to verify the class invariants. Our extension closely reflects the way programmers specify and reason about the correctness of a program informally. It allows one to use class invariants in the framework of Cleanroom-style functional specification and verification.
October 2012
·
13 Reads
The CleanJava language is a formal annotation language for Java to support functional program verification. In functional verification, a program is viewed as a mathematical function that maps one program state to another, and thus proving the correctness of a program is essentially comparing two mathematical functions, the function implemented by the program and its specification. Since the CleanJava notation is based on Java expressions with extensions such as mathematical structures like sets and sequences, its vocabulary is limited that of Java. In this paper, we propose to make the CleanJava language more expressive by enhancing its extension mechanism. Our approach is to support user-defined mathematical functions, functions introduced by the user for the purpose of writing annotations. They not only enrich the vocabulary of CleanJava but also allow one to tune the abstraction level of CleanJava annotations. The user-defined mathematical functions are polymorphic---meaning that they may be applied to values of different types---and the signatures of the functions need not be declared. Both the signatures of user-defined functions and the types of CleanJava expressions are inferred statically. Polymorphic functions allow one to write generic and reusable functions, and resulting annotations become more concise and writable. One contribution of our work is bringing polymorphic functions and type inference, found in functional programming languages like SML and Haskell, to object-oriented programming languages like Java in the context of writing annotations, thus blending the benefits of two programming paradigms.
May 2011
·
36 Reads
·
1 Citation
Unlike a Hoare-style program verification, a functional program verification supports forward reasoning by viewing a program as a mathematical function from one program state to another and proving its correctness by essentially comparing two mathematical functions, the function computed by the program and its specification. Since it requires a minimal mathematical background and reflects the way programmers reason about the correctness of a program informally, it can be taught and practiced effectively. However, there is no formal notation supporting the functional program verification. In this paper, we propose a formal notation for writing functional program specifications for Java programs. The notation, called Clean Java, is based on the Java expression syntax and is extended with a mathematical toolkit consisting of sets and sequences. The vocabulary of Clean Java can also be enriched by introducing user-specified definitions such as user-defined mathematical functions and specification-only methods. We believe that Clean Java is a good notation for writing functional specifications and expect it to promote the use of functional program verifications by being able to specify a wide range of Java programs.
January 2011
·
208 Reads
·
35 Citations
Pairwise testing is a combinatorial testing technique that tests all possible pairs of input values. Although, finding a smallest set of test cases for pairwise testing is NP-complete, pairwise testing is regarded as a reasonable cost-benefit compromise among combinatorial testing methods. In this paper we formulate the problem of finding a pairwise test set as a search problem and apply a genetic algorithm to solve it. We also describe an open-source tool called PWiseGen for generating pairwise test sets. PWiseGen produces competitive results compared with existing pairwise testing tools. Besides, it provides a framework and a research platform for generating pairwise test sets using genetic algorithms; it is configurable, extensible, and reusable.
December 2010
·
45 Reads
·
8 Citations
The Java Modeling Language (JML) is a formal interface specification language to document the behavior of Java program modules and has been used in many research and industrial projects. However, its inability to support Java 5 features such as generics is reducing its user base significantly. Besides, the JML compiler is on average 8.5 times slower than the javac Java compiler. In this paper, we present a new JML compiler built on the Eclipse Java compiler to support Java 5 features. We used a technique called AST merging to implement coarse-grained incremental compilation. In our experiments we observed a significant improvement in compilation speed; the new compiler is 3 to 4.5 times faster than the current one.
January 2010
·
26 Reads
This document gives a quick tutorial introduction to a functional program verification. In the functional program verification, a program is viewed as a mathematical function from one program state to another, and proving its correctness is essentially comparing two mathematical functions, the function computed by the program and the specification of the program, called an intended function. The reader is assumed to have some programming experience and to be familiar with such mathematical concepts as sets and functions. I.
January 2010
·
58 Reads
·
14 Citations
Random testing can eliminate subjectiveness in construct- ing test data and increase the diversity of test data. How- ever, one difficult problem is to construct test oracles that de- cide test results—test failures or successes. Assertions can be used as test oracles and are most effective when derived from formal specifications such as OCL constraints. If fully auto- mated, random testing can reduce the cost of testing dramat- ically. In this paper we propose an approach for automating Java program testing by combining random testing and OCL. The key idea of our approach is to use OCL constraints as test oracles by translating them to runtime checks written in AspectJ. We realize our approach by adapting existing frame- works for translating OCL to AspectJ and assertion-based random testing. We evaluate the effectiveness of our approach through case studies and experiments. Our approach can de- tect errors in implementations and OCL constraints, as well, and provide a practical means for using OCL in design and programming.
... JML (or an extension of JML) and its runtime assertion checker(s) are notably employed for testing in different context, such as testing conformance of safety-critical systems [74], specifying metamorphic relations [56], testing services in the Home Automation System [64], testing concurrent object-oriented software [2]. Cheon and Leavens [16,17] propose to use a specification language's runtime assertion checker (e.g., JML) to decide whether methods work correctly, and hence automating the test oracles. Pastore et al. [60] introduce CrowdOracles, exploiting CrowdSourcing idea in the context of test oracle problem, and demonstrate that CrowdOracles are a viable solution to automate the oracle problem, yet taming the crowd to get useful results is a difficult task. ...
January 2006
... Here, t-way has the same strength interaction for all parameters values and to test all interacting parameters, the test suite must cover all the t-way interaction at least once [2], [21] For instance, if t=2, then it will involve combination of values for every two parameters. Example of t-way strategies that support uniform interaction strength are PWiseGen [22], OPAT-HS [2], GS [23], GTHS [3], TACO [17], and so on. ...
January 2011
... However, since automata have a fixed and finite set of states, we can overcome this limitation by representing the input automata as an |S| × |S| adjacency matrix. This does not impose serious restrictions: other automata encodings can be transformed at the specification level to an adjacency matrix, e.g., via model fields in the style of JML [11,29]. The suitability of adjacency matrices for deductive verification is confirmed by [24]. ...
January 2005
... Методы мониторинга формальных свойств ПО -это методы, использующие описание свойств с помощью обычных и временных логик [31,32], описание свойств в виде систем переходов или автоматов [33,34] и использующие программные контракты [35,36,37]. Также в настоящее время активно развивается направление синтетических методов генерации структурных тестов. ...
January 2002
... The primary group in this area includes Gary Leavens, K. Rustan M. Leino, Peter Müller, and Arnd Poetzsch-Heffter, who have worked on similar issues both separately and in combination. They have tackled the problem of specifying behaviors of components involving pointers and references, and have dealt with potential aliasing both from copying of references and from parameter passing anomalies [4,16,17,18,19,23]. Others (e.g., [2]) also have proposed ways to limit yet not eliminate aliasing through clever linguistic mechanisms. ...
January 1995
... Les programmes et les annotations sont traités par des outils qui génèrent des conditions de vérification qu'il faut prouver pour se convaincre de la correction du programme. Dans ce cadre, plusieurs outils ontété développés, comme le système d'annotation JML (Java Modeling Language) [78] pour les programmes Java. ...
August 2003
Electronic Notes in Theoretical Computer Science
... In our architecture, in addition to the compiled code for assertions, internal declarative representation integrated with class and method type signatures is also generated so that it is accessible by JCR. This feature is called specification reflection in [17]. In addition, our architecture allows other possibilities discussed in [17] such as reflective specification execution, i.e., execution of assertions discovered at run-time. ...
January 2004
... The Extended Static Checker for Java (ESC/Java) [68] and its later successor (ESC/Java2) is perhaps one of the most influential tools in the area of verifying compilers [38,48]. The tool essentially provides a verifying compiler for Java programs whose specifications are given as annotations in a subset of the Java Modelling Language (JML) [38,39,99]. JML provides a standard notation for expressing contracts in Java, and the following illustrates a simple method in JML which ESC/Java verifies as correct: § ¤ / * @ requires n >= 0; @ ensures \result >= 0; @ * / public static int method(int n) { int i = 0; / * @ maintaining i >= \old(i); * / while(i < n) { i = i + 1; } return i; } ¦ ¥ ...
Reference:
Verifying Whiley Programs with Boogie
January 2003
Science of Computer Programming
... JML tools are listed on the JML home page [37], including different jmlc compilers. Previously [46,52], the jml4c compiler has been used because some of the classes in the SCJ specification are generic, and jml4c supports Java 1.5 which includes generics [47]. However, this compiler presupposes that the JML annotations are placed in the source code directly. ...
December 2010
... Several works [13,14,56,64,67] use a RAC to decide if tests pass, but require users to generate their own test data or only provide a small amount of test data. These works do not attempt to achieve branch coverage. ...
March 2004