Reasoning with specifications containing method calls and model fields
نویسنده
چکیده
class AbstractList { //@ model public int size; //@ in isEmpty; //@ model public boolean isEmpty; //@ public represents isEmpty <(size == 0); //@ public invariant size >= 0; //@ assignable isEmpty; //@ ensures isEmpty; abstract public void clear(); //@ assignable size; // but isEmpty is not assignable //@ ensures size <= \old(size); //@ ensures \old(size) > 0 ==> size > 0; abstract public void shrink(); } class ListImpl extends AbstractList {
منابع مشابه
Reasoning with specifications containing method calls in JML and first-order provers
Allowing method invocations in program specifications increases modularity and comprehensibility and is as important in specifications as it is in the program itself. However, method invocations do not map neatly into the first-order logics that are often used for assuring the correctness of specifications. One problem is translating specifications in a way that acknowledges the potential for e...
متن کاملReasoning About Method Calls in JML Specifications
The Java Modeling Language, JML, is an interface specification language that uses side-effect free Java expressions to describe program behavior. In particular, JML specifications can contain calls to side-effect free methods. To verify programs w.r.t. JML specifications, JML expressions have to be encoded in a program logic. This encoding is non-trivial for method calls. In this paper, we illu...
متن کاملLazy Behavioral Subtyping
Inheritance combined with late binding allows flexible code reuse but complicates formal reasoning significantly, as a method call’s receiver class is not statically known. This is especially true when programs are incrementally developed by extending class hierarchies. This paper develops a novel method to reason about late bound method calls. In contrast to traditional behavioral subtyping, r...
متن کاملA sound and complete reasoning system for asynchronous communication with shared futures
Distributed and concurrent object-oriented systems are difficult to analyze due to the complexity of their concurrency, communication, and synchronization mechanisms. We consider the setting of concurrent objects communicating by asynchronous method calls. The future mechanism extends the traditional method call communication model by facilitating sharing of references to futures. By assigning ...
متن کاملReasoning About Method Calls in Interface Specifications
class Inconsistent { /*@ normal_behavior @ ensures \result == 0 && @ \result == 1; @*/ /*@ pure @*/ abstract int wrong(); /*@ normal_behavior @ assignable \nothing; @ ensures \result == 6 + wrong() && @ \result == 5 + wrong(); @*/ int bar() { return 6; } } Figure 6: The specification of wrong is not satisfiable. theory used to verify methods that use m in their specification. If this background...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Journal of Object Technology
دوره 4 شماره
صفحات -
تاریخ انتشار 2005