formale entwicklung objektorientierter software
play

Formale Entwicklung objektorientierter Software Prof. P.H. Schmitt, - PowerPoint PPT Presentation

Apr 03, 2023 •315 likes •1.38k views

JML Formale Entwicklung objektorientierter Software Prof. P.H. Schmitt, C. Engel, F. Werner Fakult at f ur Informatik Universit at Karlsruhe (TH) Winter 2006/2007 Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung

  1. JML Pure Methods Pure methods terminate and have no side effects. Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 10 / 40

  2. JML Pure Methods Pure methods terminate and have no side effects. After declaring public /*@ pure @*/ boolean cardIsInserted() { return insertedCard!=null; } Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 10 / 40

  3. JML Pure Methods Pure methods terminate and have no side effects. After declaring public /*@ pure @*/ boolean cardIsInserted() { return insertedCard!=null; } cardIsInserted() could replace insertedCard != null in the above JML annotations. Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 10 / 40

  4. JML A Static Invariant public class BankCard { / ∗ @ p u b l i c s t a t i c i n v a r i a n t @ ( \ f o r a l l BankCard p1 , p2 ; @ p1!=p2 ; @ p1 . cardNumber !=p2 . cardNumber ) @ ∗ / private / ∗ @ s p e c p u b l i c @ ∗ / int cardNumber ; // r e s t of c l a s s f o l l o w s } Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 11 / 40

  5. JML A Static Invariant public class BankCard { / ∗ @ p u b l i c s t a t i c i n v a r i a n t @ ( \ f o r a l l BankCard p1 , p2 ; @ p1!=p2 ; @ p1 . cardNumber !=p2 . cardNumber ) @ ∗ / private / ∗ @ s p e c p u b l i c @ ∗ / int cardNumber ; // r e s t of c l a s s f o l l o w s } Compare to OCL version: Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 11 / 40

  6. JML A Static Invariant public class BankCard { / ∗ @ p u b l i c s t a t i c i n v a r i a n t @ ( \ f o r a l l BankCard p1 , p2 ; @ p1!=p2 ; @ p1 . cardNumber !=p2 . cardNumber ) @ ∗ / private / ∗ @ s p e c p u b l i c @ ∗ / int cardNumber ; // r e s t of c l a s s f o l l o w s } Compare to OCL version: context BankCard inv: BankCard::allInstances() -> forall(p1,p2| p1<>p2 implies p1.cardNumber<>p2.cardNumber) Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 11 / 40

  7. JML An Instance Invariant BankCard { public class / ∗ @ p u b l i c i n s t a n ce i n v a r i a n t @ ( \ f o r a l l BankCard p ; t h i s !=p == > t h i s . cardNumber !=p . cardNumber ) @ ∗ / private / ∗ @ s p e c p u b l i c @ ∗ / int cardNumber ; // r e s t of c l a s s f o l l o w s } Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 12 / 40

  8. JML An Instance Invariant BankCard { public class / ∗ @ p u b l i c i n s t a n ce i n v a r i a n t @ ( \ f o r a l l BankCard p ; t h i s !=p == > t h i s . cardNumber !=p . cardNumber ) @ ∗ / private / ∗ @ s p e c p u b l i c @ ∗ / int cardNumber ; // r e s t of c l a s s f o l l o w s } Instance invariants must evaluate to true for all created objects of their class. Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 12 / 40

  9. JML Variation on the Static Invariant public class BankCard { / ∗ @ p u b l i c s t a t i c i n v a r i a n t @ ( \ f o r a l l BankCard p1 , p2 ; @ p1!=p2 ; @ p1 . cardNumber !=p2 . cardNumber ) @ ∗ / private / ∗ @ s p e c p u b l i c @ ∗ / int cardNumber ; // r e s t of c l a s s f o l l o w s } Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 13 / 40

  10. JML Variation on the Static Invariant public class BankCard { / ∗ @ p u b l i c s t a t i c i n v a r i a n t @ ( \ f o r a l l BankCard p1 , p2 ; @ p1!=p2 ; @ p1 . cardNumber !=p2 . cardNumber ) @ ∗ / private / ∗ @ s p e c p u b l i c @ ∗ / int cardNumber ; // r e s t of c l a s s f o l l o w s } public class BankCard { / ∗ @ p u b l i c i n s t a n ce i n v a r i a n t @ ( \ f o r a l l BankCard p ; t h i s !=p == > t h i s . cardNumber !=p . cardNumber ) @ ∗ / / ∗ @ s p e c p u b l i c @ ∗ / cardNumber ; private int // r e s t of c l a s s f o l l o w s } Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 13 / 40

  11. JML Another Example OCL constraint: context CentralHost inv: validCardsCount = BankCard::allInstances() -> select(not invalid) -> size() Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 14 / 40

  12. JML Another Example OCL constraint: context CentralHost inv: validCardsCount = BankCard::allInstances() -> select(not invalid) -> size() JML annotation: public class CentralHost { /*@ public instance invariant this.validCardsCount @ ==(\num_of BankCard p; !p.invalid) @*/} Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 14 / 40

  13. JML JML Expressions Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 15 / 40

  14. JML Definition Every Java expression according to the language specification which does not include Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 16 / 40

  15. JML Definition Every Java expression according to the language specification which does not include 1 operators with side-effect like e++ , e-- , ++e , or --e , Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 16 / 40

  16. JML Definition Every Java expression according to the language specification which does not include 1 operators with side-effect like e++ , e-- , ++e , or --e , 2 non-pure method invocation expressions, Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 16 / 40

  17. JML Definition Every Java expression according to the language specification which does not include 1 operators with side-effect like e++ , e-- , ++e , or --e , 2 non-pure method invocation expressions, 3 assignment operators Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 16 / 40

  18. JML Definition Every Java expression according to the language specification which does not include 1 operators with side-effect like e++ , e-- , ++e , or --e , 2 non-pure method invocation expressions, 3 assignment operators Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 16 / 40

  19. JML Definition Every Java expression according to the language specification which does not include 1 operators with side-effect like e++ , e-- , ++e , or --e , 2 non-pure method invocation expressions, 3 assignment operators is a JML expression. Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 16 / 40

  20. JML Definition Every Java expression according to the language specification which does not include 1 operators with side-effect like e++ , e-- , ++e , or --e , 2 non-pure method invocation expressions, 3 assignment operators is a JML expression. Any such expression e has a natural representation in KeY’s first-order logic, which we will denote by [ e ]. Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 16 / 40

  21. JML Mapping from JML plus Java to FOL Selected Items JML Expression first-order logic formula ![ e 0 ] !e 0 e 0 && e 1 [ e 0 ] & [ e 1 ] [ e 0 ] | [ e 1 ] e 0 || e 1 e 0 ? e 1 : e 2 if[ e 0 ] then[ e 1 ] else[ e 2 ] !([ e 0 ] = [ e 1 ]) e 0 != e 1 e 0 >= e 1 [ e 0 ] > = [ e 1 ] e 0 ==> e 1 [ e 0 ] − > [ e 1 ] [ e 0 ] < − > [ e 1 ] e 0 <==> e 1 ( \ forall T e; e 0; e 1) \ forall T e (![ e ] = null & [ e 0 ] − > [ e 1 ]) ( \ exists T e; e 0; e 1) \ exists T e (![ e ] = null & [ e 0 ] & [ e 1 ]) Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 17 / 40

  22. JML Quantification in JML Note that quantifiers bind two expressions, the range predicate and the body expression. Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 18 / 40

  23. JML Quantification in JML Note that quantifiers bind two expressions, the range predicate and the body expression. A missing range predicate is by default true . Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 18 / 40

  24. JML Quantification in JML Note that quantifiers bind two expressions, the range predicate and the body expression. A missing range predicate is by default true . JML excludes null from the range of quantification. Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 18 / 40

  25. JML Generalised and Numerical Quantifiers number of elements of class C with property e \num_of C c; e Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 19 / 40

  26. JML Generalised and Numerical Quantifiers number of elements of class C with property e \num_of C c; e \sum Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 19 / 40

  27. JML Generalised and Numerical Quantifiers number of elements of class C with property e \num_of C c; e \sum \product Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 19 / 40

  28. JML Generalised and Numerical Quantifiers number of elements of class C with property e \num_of C c; e \sum \product \min Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 19 / 40

  29. JML Generalised and Numerical Quantifiers number of elements of class C with property e \num_of C c; e \sum \product \min \max Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 19 / 40

  30. JML Generalised and Numerical Quantifiers number of elements of class C with property e \num_of C c; e \sum \product \min \max Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 19 / 40

  31. JML JML Operation Contracts Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 20 / 40

  32. JML Clauses in Operation Contracts Clause Lightweight default Heavyweight default requires \not_specified true assignable \not_specified \everything ensures \not_specified true diverges false false signals \not_specified (Exception)true signals_only All exception types declared in the Ja- va method declaration Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 21 / 40

  33. JML Signals Clauses JML ensures E ; s i g n a l s ( ET 1 ) S 1 ; . . . s i g n a l s ( ET n ) S n ; s i g n a l s o n l y OT 1 , . . . , OT m ; Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 22 / 40

  34. JML Signals Clauses JML ensures E ; s i g n a l s ( ET 1 ) S 1 ; . . . s i g n a l s ( ET n ) S n ; s i g n a l s o n l y OT 1 , . . . , OT m ; FOL Translation ( e = null − > [ E ]) & ( [ET 1 ]::instance( e ) = TRUE − > [ S 1 ]) . . . & ( [ET n ]::instance( e ) = TRUE − > [ S n ]) & ( [OT 1 ]::instance( e ) = TRUE | . . . | [OT m ]::instance( e ) = TRUE) Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 22 / 40

  35. JML Signals Clauses JML ensures E ; s i g n a l s ( ET 1 ) S 1 ; . . . s i g n a l s ( ET n ) S n ; s i g n a l s o n l y OT 1 , . . . , OT m ; FOL Translation ( e = null − > [ E ]) & ( [ET 1 ]::instance( e ) = TRUE − > [ S 1 ]) . . . & ( [ET n ]::instance( e ) = TRUE − > [ S n ]) & ( [OT 1 ]::instance( e ) = TRUE | . . . | [OT m ]::instance( e ) = TRUE) The variable e stores a thrown exception. If the operation terminates normally then e equals null . Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 22 / 40

  36. JML The diverges Clause diverges e with a boolean JML expression e specifies that the methode may not terminate only when e is true in the pre-state. Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 23 / 40

  37. JML The diverges Clause diverges e with a boolean JML expression e specifies that the methode may not terminate only when e is true in the pre-state. If diverges false is part of the operation contract for m then m must always terminate. Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 23 / 40

  38. JML The diverges Clause diverges e with a boolean JML expression e specifies that the methode may not terminate only when e is true in the pre-state. If diverges false is part of the operation contract for m then m must always terminate. If diverges true is part of the operation contract for m then m may terminate or not. Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 23 / 40

  39. JML The diverges Clause diverges e with a boolean JML expression e specifies that the methode may not terminate only when e is true in the pre-state. If diverges false is part of the operation contract for m then m must always terminate. If diverges true is part of the operation contract for m then m may terminate or not. If diverges n == 0 is part of the operation contract for m then m must terminate, when called in a state with n != 0 . Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 23 / 40

  40. JML De-Sugaring normal behavior behavior r e q u i r e s R ; r e q u i r e s R ; a s s i g n a b l e A ; a s s i g n a b l e A ; = ⇒ ensures E ; ensures E ; d i v e r g e s D ; d i v e r g e s D ; s i g n a l s ( Exception ) f a l s e ; Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 24 / 40

  41. JML De-Sugaring normal behavior behavior r e q u i r e s R ; r e q u i r e s R ; a s s i g n a b l e A ; a s s i g n a b l e A ; = ⇒ ensures E ; ensures E ; d i v e r g e s D ; d i v e r g e s D ; s i g n a l s ( Exception ) f a l s e ; e x c e p t i o n a l b e h a v i o r behavior r e q u i r e s R ; r e q u i r e s R ; a s s i g n a b l e A ; a s s i g n a b l e A ; d i v e r g e s D ; = ⇒ ensures f a l s e ; s i g n a l s ( ET ) S ; d i v e r g e s D ; s i g n a l s o n l y ( OT ) ; s i g n a l s ( ET ) S ; s i g n a l s o n l y ( OT ) ; Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 24 / 40

  42. JML Inheritance of Specifications in JML An invariant to a class is inherited by all its subclasses. Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 25 / 40

  43. JML Inheritance of Specifications in JML An invariant to a class is inherited by all its subclasses. An operation contract is inherited by all overridden methods. Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 25 / 40

  44. JML JML Invariants Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 26 / 40

  45. JML An Instance Invariant JML p u b l i c c l a s s BankCard { / ∗ @ p u b l i c i n s t a n ce i n v a r i a n t @ ( \ f o r a l l BankCard p ; t h i s !=p == > t h i s . cardNumber !=p . cardNumber ) @ ∗ / p r i v a t e / ∗ @ s p e c p u b l i c @ ∗ / i n t cardNumber ; // r e s t of c l a s s f o l l o w s } Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 27 / 40

  46. JML An Instance Invariant JML p u b l i c c l a s s BankCard { / ∗ @ p u b l i c i n s t a n ce i n v a r i a n t @ ( \ f o r a l l BankCard p ; t h i s !=p == > t h i s . cardNumber !=p . cardNumber ) @ ∗ / p r i v a t e / ∗ @ s p e c p u b l i c @ ∗ / i n t cardNumber ; // r e s t of c l a s s f o l l o w s } FOL \forall BankCard o; o.<created> = TRUE -> \forall BankCard p; p.<created> = TRUE -> !o = p -> !o.cardNumber = p.cardNumber Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 27 / 40

  47. JML Visible State Semantics According to the JML reference manual instance invariants defined in a class C must hold at any visible state for any object o of C . Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 28 / 40

  48. JML Visible State Semantics According to the JML reference manual instance invariants defined in a class C must hold at any visible state for any object o of C . A state is visible for an object o if it is reached at one of the following moments during the execution of a program; we leave out finalizers and JML’s helper methods for simplicity: at the end of a constructor invocation which is initialising o , Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 28 / 40

  49. JML Visible State Semantics According to the JML reference manual instance invariants defined in a class C must hold at any visible state for any object o of C . A state is visible for an object o if it is reached at one of the following moments during the execution of a program; we leave out finalizers and JML’s helper methods for simplicity: at the end of a constructor invocation which is initialising o , at the beginning and end of a non-static method invocation with o as receiver, Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 28 / 40

  50. JML Visible State Semantics According to the JML reference manual instance invariants defined in a class C must hold at any visible state for any object o of C . A state is visible for an object o if it is reached at one of the following moments during the execution of a program; we leave out finalizers and JML’s helper methods for simplicity: at the end of a constructor invocation which is initialising o , at the beginning and end of a non-static method invocation with o as receiver, at the beginning and end of a static method which is declared in the class of o or a superclass. Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 28 / 40

  51. JML Visible State Semantics According to the JML reference manual instance invariants defined in a class C must hold at any visible state for any object o of C . A state is visible for an object o if it is reached at one of the following moments during the execution of a program; we leave out finalizers and JML’s helper methods for simplicity: at the end of a constructor invocation which is initialising o , at the beginning and end of a non-static method invocation with o as receiver, at the beginning and end of a static method which is declared in the class of o or a superclass. when no constructor, non-static method invocation with o as receiver, or static method invocation for a method in o ’s class or a superclass is in progress. Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 28 / 40

  52. JML Observed State Semantics A program P is observed-state correct w.r.t. a specification S , if 1 all operations op fulfil all operation contracts of S for op , Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 29 / 40

  53. JML Observed State Semantics A program P is observed-state correct w.r.t. a specification S , if 1 all operations op fulfil all operation contracts of S for op , 2 all invariants Inv S of S are preserved by all operations of P , and Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 29 / 40

  54. JML Observed State Semantics A program P is observed-state correct w.r.t. a specification S , if 1 all operations op fulfil all operation contracts of S for op , 2 all invariants Inv S of S are preserved by all operations of P , and 3 all invariants are valid in the initial state of P . Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 29 / 40

  55. JML Example Program class A { public private int i = 1; / ∗ @ i n s t a n ce i n v a r i a n t i > 0 ∗ / public int g e t I () { return i ; } / ∗ @ r e q u i r e s p > 0; @ ensures i==p ; @ ∗ / public void s e t I ( int p ) { i=p ; } void m1() { s e t I ( 0 ) ; i =1; } public public void m2() { i =0; s e t I ( 1 ) ; } int m3() { i =0; i =( new B ( ) ) . m5( t h i s ) ; } public / ∗ @ ensures \ r e s u l t > 0 @ ∗ / int m4() { return 42/ i ; } } public public class B { / ∗ @ ensures \ r e s u l t > 0 @ ∗ / int m5(A a ) { i f ( a . g e t I () < =0) a . s e t I ( 1 ) ; public return a .m4( ) ; } } Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 30 / 40

  56. JML Visible vs Observable States public class A { i = 1; private int / ∗ @ i n s t a n ce i n v a r i a n t i > 0 ∗ / / ∗ @ r e q u i r e s p > 0; @ ensures i==p ; @ ∗ / public void s e t I ( int p ) { i=p ; } public void m1() { s e t I ( 0 ) ; visible, but not observable state i =1; } } Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 31 / 40

  57. JML Visible vs Observable States public class A { i = 1; private int / ∗ @ i n s t a n ce i n v a r i a n t i > 0 ∗ / / ∗ @ r e q u i r e s p > 0; @ ensures i==p ; @ ∗ / public void s e t I ( int p ) { i=p ; } public void m1() { s e t I ( 0 ) ; visible, but not observable state i =1; } } Invariant i > 0 not satisfied in visible state semantics. Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 31 / 40

  58. JML Visible vs Observable States public class A { i = 1; private int / ∗ @ i n s t a n ce i n v a r i a n t i > 0 ∗ / / ∗ @ r e q u i r e s p > 0; @ ensures i==p ; @ ∗ / public void s e t I ( int p ) { i=p ; } public void m1() { s e t I ( 0 ) ; visible, but not observable state i =1; } } Invariant i > 0 not satisfied in visible state semantics. Invariant i > 0 satisfied in observable state semantics. Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 31 / 40

  59. JML A Static Invariant CentralHost { public class / ∗ @ p u b l i c s t a t i c i n v a r i a n t maxAccountNumber > =0 @ ∗ / // . . . must hold already after the static initialisation of CentralHost is completed. Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 32 / 40

  60. JML JML Model Fields and Methods Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 33 / 40

  61. JML Java Interfaces public interface IBonusCard { public void addBonus ( int newBonusPoints ) ; } Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 34 / 40

  62. JML Java Interfaces public interface IBonusCard { public void addBonus ( int newBonusPoints ) ; } How to add contracts to abstract methods in interfaces? Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 34 / 40

  63. JML Java Interfaces public interface IBonusCard { public void addBonus ( int newBonusPoints ) ; } How to add contracts to abstract methods in interfaces? Remember: There are no attributes in interfaces. Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 34 / 40

  64. JML Java Interfaces public interface IBonusCard { public void addBonus ( int newBonusPoints ) ; } How to add contracts to abstract methods in interfaces? Remember: There are no attributes in interfaces. More precisely: Only static final fields. Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 34 / 40

  65. JML Java Interfaces Model Fields public interface IBonusCard { /*@ public instance model int bonusPoints; @*/ public void addBonus ( int newBonusPoints ) ; } How to add contracts to abstract methods in interfaces? Remember: There are no attributes in interfaces. More precisely: Only static final fields. Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 34 / 40

  66. JML Java Interfaces Model Fields public interface IBonusCard { /*@ public instance model int bonusPoints; @*/ /*@ ensures bonusPoints == \ old(bonusPoints)+newBonusPoints; public void addBonus ( int newBonusPoints ) ; } How to add contracts to abstract methods in interfaces? Remember: There are no attributes in interfaces. More precisely: Only static final fields. Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 34 / 40

  67. JML Java Interfaces Model Fields public interface IBonusCard { /*@ public instance model int bonusPoints; @*/ /*@ ensures bonusPoints == \ old(bonusPoints)+newBonusPoints; @ assignable bonusPoints; @ */ public void addBonus ( int newBonusPoints ) ; } How to add contracts to abstract methods in interfaces? Remember: There are no attributes in interfaces. More precisely: Only static final fields. Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 34 / 40

  68. JML Implementing Interfaces Interface p u b l i c i n t e r f a c e IBonusCard { / ∗ @ p u b l i c i n s t a n ce model i n t bonusPoints ; @ ∗ / p u b l i c void addBonus ( i n t newBonusPoints ) ; Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 35 / 40

  69. JML Implementing Interfaces Interface p u b l i c i n t e r f a c e IBonusCard { / ∗ @ p u b l i c i n s t a n ce model i n t bonusPoints ; @ ∗ / p u b l i c void addBonus ( i n t newBonusPoints ) ; Implementation BankCard implements IBonusCard { public class public int bankCardPoints ; / ∗ @ p u b l i c i n s t a n ce model i n t bonusPoints ; @ ∗ / public void addBonus ( int newBonusPoints ) { bankCardPoints+=newBonusPoints ; }} Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 35 / 40

  70. JML Implementing Interfaces Interface p u b l i c i n t e r f a c e IBonusCard { / ∗ @ p u b l i c i n s t a n ce model i n t bonusPoints ; @ ∗ / p u b l i c void addBonus ( i n t newBonusPoints ) ; Implementation BankCard implements IBonusCard { public class public int bankCardPoints ; / ∗ @ p u b l i c i n s t a n ce model i n t bonusPoints ; @ ∗ / /*@ private represents bonusPoints <-bankCardPoints; @*/ public void addBonus ( int newBonusPoints ) { bankCardPoints+=newBonusPoints ; }} Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 35 / 40

  71. JML Other Representations / ∗ @ p r i v a t e r e p r e s e n t s bonusPoints < − bankCardPoints ; @ ∗ / Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 36 / 40

  72. JML Other Representations / ∗ @ p r i v a t e r e p r e s e n t s bonusPoints < − bankCardPoints ; @ ∗ / / ∗ @ p r i v a t e r e p r e s e n t s bonusPoints < − bankCardPoints ∗ 100; @ ∗ / Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 36 / 40

  73. JML Other Representations / ∗ @ p r i v a t e r e p r e s e n t s bonusPoints < − bankCardPoints ; @ ∗ / / ∗ @ p r i v a t e r e p r e s e n t s bonusPoints < − bankCardPoints ∗ 100; @ ∗ / / ∗ @ r e p r e s e n t s x \ such that A( x ) ; @ ∗ / Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 36 / 40

  74. JML Problems with Specifications Using Integers / ∗ @ r e q u i r e s y > = 0; @ ensures @ \ r e s u l t ∗ \ r e s u l t < = y && @ y < ( abs ( \ r e s u l t )+1) ∗ ( abs ( \ r e s u l t )+1); @ ∗ / p u b l i c s t a t i c i n t i s q r t ( i n t y ) Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 37 / 40

  75. JML Problems with Specifications Using Integers / ∗ @ r e q u i r e s y > = 0; @ ensures @ \ r e s u l t ∗ \ r e s u l t < = y && @ y < ( abs ( \ r e s u l t )+1) ∗ ( abs ( \ r e s u l t )+1); @ ∗ / p u b l i c s t a t i c i n t i s q r t ( i n t y ) For y = 1 and \ result = 1073741821 = 1 2 ( max int − 5) the above postcondition is true, though we do not want 1073741821 to be a square root of 1. Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 37 / 40

  76. JML Problems with Specifications Using Integers / ∗ @ r e q u i r e s y > = 0; @ ensures @ \ r e s u l t ∗ \ r e s u l t < = y && @ y < ( abs ( \ r e s u l t )+1) ∗ ( abs ( \ r e s u l t )+1); @ ∗ / p u b l i c s t a t i c i n t i s q r t ( i n t y ) For y = 1 and \ result = 1073741821 = 1 2 ( max int − 5) the above postcondition is true, though we do not want 1073741821 to be a square root of 1. The problem arises since JML uses the Java semantics of integers which yields 1073741821 ∗ 1073741821 = − 2147483639 1073741822 ∗ 1073741822 = 4 Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 37 / 40

  77. JML Advantages of OCL over JML 1 It lives on a higher level of abstraction. A UML diagram can be annotated with OCL constraints before code is developed. Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 38 / 40

  78. JML Advantages of OCL over JML 1 It lives on a higher level of abstraction. A UML diagram can be annotated with OCL constraints before code is developed. 2 As a consequence of the previous item OCL is not committed to a particular programming language and better suited for model driven system development. Prof. P.H. Schmitt, C. Engel, F. Werner Formale Entwicklung objektorientierter Software Winter 2006/2007 38 / 40

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Theorie der Informatik 6. Formale Sprachen und Grammatiken Malte Helmert Gabriele R oger

Theorie der Informatik 6. Formale Sprachen und Grammatiken Malte Helmert Gabriele R oger

Theorie der Informatik 6. Formale Sprachen und Grammatiken Malte Helmert Gabriele R oger Universit at Basel 17. M arz 2014 Einf uhrung Alphabete und formale Sprachen Grammatiken Chomsky-Hierarchie Zusammenfassung Einf

708 views • 41 slides
Automaten und formale Sprachen Notizen zu den Folien Contents 1 Mathematical foundation and

Automaten und formale Sprachen Notizen zu den Folien Contents 1 Mathematical foundation and

Automaten und formale Sprachen Notizen zu den Folien Contents 1 Mathematical foundation and formal proofs 2 Venn diagrams (slide 29) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Examples to set operations (slide

701 views • 47 slides
Endlicher Automat (EA) ea Revision: 1.8 1 siehe auch Formale Grundlagen 3 Motivation: Automaten

Endlicher Automat (EA) ea Revision: 1.8 1 siehe auch Formale Grundlagen 3 Motivation: Automaten

Endlicher Automat (EA) ea Revision: 1.8 1 siehe auch Formale Grundlagen 3 Motivation: Automaten fr die Modellierung, Spezifikation und Verifikation verwenden! Definition Ein Endlicher Automat A = ( S , I , , T , F ) besteht aus Menge von

273 views • 12 slides
Die Entwicklung der Spielprogrammierung: Von John von Neumann bis zu den hochparallelen

Die Entwicklung der Spielprogrammierung: Von John von Neumann bis zu den hochparallelen

Die Entwicklung der Spielprogrammierung: Von John von Neumann bis zu den hochparallelen Schachmaschinen Alexander Reinefeld Zuse Institut Berlin Humboldt-Universitt zu Berlin Themen der Informatik im historischen Kontext Ringvorlesung

959 views • 70 slides
IBM Systems Cognitive Systems Dr. Wolfgang Maier Director HW Development IBM Research &amp;

IBM Systems Cognitive Systems Dr. Wolfgang Maier Director HW Development IBM Research &amp;

IBM Systems Cognitive Systems Dr. Wolfgang Maier Director HW Development IBM Research &amp; Development wmaier@de.ibm.com 9/2017 IBM Research &amp; Development Forschung Hardware-Entwicklung Software-Entwicklung Hardware- und

416 views • 23 slides
Praktikum Entwicklung von Mediensystemen mit Wintersemester 2013/2014 Christian Wei, Dr.

Praktikum Entwicklung von Mediensystemen mit Wintersemester 2013/2014 Christian Wei, Dr.

Praktikum Entwicklung von Mediensystemen mit Wintersemester 2013/2014 Christian Wei, Dr. Alexander De Luca Mittwoch, 23. Oktober 13 Today Table View Navigation Controller Passing Data Between Scenes Assignment 2 iOS PEM - WS

354 views • 16 slides
Praktikum Entwicklung von Mediensystemen mit Wintersemester 2013/2014 Christian Wei, Dr.

Praktikum Entwicklung von Mediensystemen mit Wintersemester 2013/2014 Christian Wei, Dr.

Praktikum Entwicklung von Mediensystemen mit Wintersemester 2013/2014 Christian Wei, Dr. Alexander De Luca Dienstag, 15. Oktober 13 Today Organization Introduction to iOS programming Hello World Assignment 1 iOS PEM - WS

463 views • 29 slides
Entwicklung neuer Services in Lehre und Praxis - ein Abgleich von personellem Angebot und

Entwicklung neuer Services in Lehre und Praxis - ein Abgleich von personellem Angebot und

Entwicklung neuer Services in Lehre und Praxis - ein Abgleich von personellem Angebot und Nachfrage 11. Internationale Tagung Wirtschaftsinformatik WI2013 Leipzig, 01.03.2013 Lehrstuhl fr BWL, insbes. Supply Chain Management von Peer

256 views • 11 slides
PROUT AG Unternehmensdarstellung 1 Inhalt I. Entwicklung der PROUT AG II. Geschftsansatz

PROUT AG Unternehmensdarstellung 1 Inhalt I. Entwicklung der PROUT AG II. Geschftsansatz

PROUT AG Unternehmensdarstellung 1 Inhalt I. Entwicklung der PROUT AG II. Geschftsansatz im berblick III. Suchprofil im berblick IV. Der Beteiligungsmarkt im deutschen Mittelstand V. Fakten und Zahlen VI. Kapitalsituation der

558 views • 20 slides
Praktikum Entwicklung von Mediensystemen mit iOS Sommersemester 2014 Fabius Steinberger, Dr.

Praktikum Entwicklung von Mediensystemen mit iOS Sommersemester 2014 Fabius Steinberger, Dr.

Praktikum Entwicklung von Mediensystemen mit iOS Sommersemester 2014 Fabius Steinberger, Dr. Alexander De Luca Today Organization Introduction to iOS programming Hello World Assignment 1 2 Organization 6 ECTS Bachelor:

500 views • 37 slides
Praktikum Entwicklung von Mediensystemen (Android) Wintersemester 2014/15 Daniel Buschek, Dr.

Praktikum Entwicklung von Mediensystemen (Android) Wintersemester 2014/15 Daniel Buschek, Dr.

Praktikum Entwicklung von Mediensystemen (Android) Wintersemester 2014/15 Daniel Buschek, Dr. Alexander De Luca, Raphael Ksters Today Organization Android 101 Hands-On Assignment 01 October 9, 2014 PEM (Android) - WS 2014 /15

481 views • 24 slides
Regression Verification: Project Proposal Presentation by Dennis Felsing within the

Regression Verification: Project Proposal Presentation by Dennis Felsing within the

Regression Verification: Project Proposal Presentation by Dennis Felsing within the Projektgruppe Formale Methoden der Softwareentwicklung SS 2013 1 / 18 Introduction How to prevent regressions in software development? 2 / 18 Introduction

439 views • 27 slides
Praktikum Entwicklung von Mediensystemen (Android) Sommersemester 2014 Simon Eumes, Dr. Alexander

Praktikum Entwicklung von Mediensystemen (Android) Sommersemester 2014 Simon Eumes, Dr. Alexander

Praktikum Entwicklung von Mediensystemen (Android) Sommersemester 2014 Simon Eumes, Dr. Alexander De Luca Today Organization Android 101 Hands-On Assignment 01 April 11, 2014 PEM (Android) - SS

529 views • 31 slides
Praktikum Entwicklung von Mediensystemen (Android) Sommersemester 2014 Simon Eumes, Dr. Alexander

Praktikum Entwicklung von Mediensystemen (Android) Sommersemester 2014 Simon Eumes, Dr. Alexander

Praktikum Entwicklung von Mediensystemen (Android) Sommersemester 2014 Simon Eumes, Dr. Alexander De Luca Today Recap Android 102 Hands-On Assignment 02 April 24, 2014 PEM (Android) - SS 2014

304 views • 19 slides
EBUKI Development of Earth Occupation Standards within the UK Die Entwicklung von Beru ichen

EBUKI Development of Earth Occupation Standards within the UK Die Entwicklung von Beru ichen

EBUKI Development of Earth Occupation Standards within the UK Die Entwicklung von Beru ichen Standards im Lehmbau imVereinigten Ko nigreich Dr Daniel Maskell, Rowland Keable D.Maskell@bath.ac.uk rowland@ebuki.co EBUKI Introduction EBUKI

799 views • 43 slides
NativeScript On Fire Cross-Platform Development Cross-Plattform Entwicklung MobiDev. Angular

NativeScript On Fire Cross-Platform Development Cross-Plattform Entwicklung MobiDev. Angular

NativeScript On Fire Cross-Platform Development Cross-Plattform Entwicklung MobiDev. Angular Native. https://mobidev.biz/blog/angular-native-nativescript-with-angular-2 NativeScript N JavaScript Engine App code Hooks Dispatcher System

231 views • 19 slides
CPL 2016, week 8 Erlang functional core and agents Oleg Batrashev Institute of Computer Science,

CPL 2016, week 8 Erlang functional core and agents Oleg Batrashev Institute of Computer Science,

CPL 2016, week 8 Erlang functional core and agents Oleg Batrashev Institute of Computer Science, Tartu, Estonia March 28, 2016 Overview Today Erlang: functional core and agents Next week Erlang fault tolerance and distributed

548 views • 26 slides
Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember

Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember

3BA31 Formal Methods 1 3BA31: Formal Methods Andrew Butterfield Foundations &amp; Methods Group, Software Systems Laboratory Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember This? A Stock

631 views • 33 slides
Trust in programming tools: the formal verification of compilers and static analysers Xavier

Trust in programming tools: the formal verification of compilers and static analysers Xavier

Trust in programming tools: the formal verification of compilers and static analysers Xavier Leroy Inria Paris Verified trustworthy software systems, April 2016 X. Leroy (Inria) Trust in tools 2016-04-05 1 / 35 Tool-assisted formal

731 views • 52 slides
Monads in Scala 1 / 13 Functors A functor is a container type that supports map ping over its

Monads in Scala 1 / 13 Functors A functor is a container type that supports map ping over its

Monads in Scala 1 / 13 Functors A functor is a container type that supports map ping over its contents. 1 List is functor: 1 List(1, 2, 3).map((x: Int) =&gt; x.toString) == List(&quot;1&quot;, &quot;2&quot;, &quot;3&quot;) As a conceptual

243 views • 13 slides
Developing language educators understanding of assessment reform discourse and practices:

Developing language educators understanding of assessment reform discourse and practices:

Developing language educators understanding of assessment reform discourse and practices: school- university collaborative action research as praxis Speaker: Cheri Chan (based on a paper-in-progress by Chan, C. &amp; Davison, C., presented

448 views • 27 slides
Good or bad timing? The effect of productivity shocks on education investment and on schooling

Good or bad timing? The effect of productivity shocks on education investment and on schooling

Good or bad timing? The effect of productivity shocks on education investment and on schooling performance. E. Delesalle 1 , 1 DIAL, University of Cergy-Pontoise 2018 Nordic Conference on Development Economics, June 2018 1/26 Motivations and

763 views • 26 slides
2016 HIV National Rankings Prevention and Health Promotion Administration Center for HIV

2016 HIV National Rankings Prevention and Health Promotion Administration Center for HIV

2016 HIV National Rankings Prevention and Health Promotion Administration Center for HIV Surveillance, Epidemiology and Evaluation November 28, 2017 MISSION AND VISION MISSION The mission of the Prevention and Health Promotion Administration

463 views • 9 slides
Global demands-Local needs Widening the scope of Forest-based Climate Mitigation Options in the

Global demands-Local needs Widening the scope of Forest-based Climate Mitigation Options in the

321 views • 31 slides

More recommend