Ghaith Haddad
Gary T. Leavens
ABSTRACT
Safety-Critical Java (SCJ) is a dialect of Java that allows programmers to implement safety-critical systems, such as software to control airplanes, medical devices, and nuclear power plants. SafeJML extends the Java Modeling Language (JML) to allow specification and checking of both functional and timing constraints for SCJ programs. When our design of the SafeJML is implemented, it will help check the correctness of detailed designs, including timing for real-time systems written in SCJ.
- G. Bernat, A. Colin, and S. Petters. pwcet: A tool for probabilistic worst-case execution time analysis of real-time systems. In Proc. 3rd Int. Workshop on WCET Analysis, Satellite Workshop of the Euromicro Conference on Real-Time Systems, Porto, Portugal, July 2003.Google Scholar
- L. Burdy, Y. Cheon, D. R. Cok, M. D. Ernst, J. R. Kiniry, G. T. Leavens, K. R. M. Leino, and E. Poll. An overview of JML tools and applications. International Journal on Software Tools for Technology Transfer, 7(3):212--232, June 2005. Google ScholarDigital Library
- A. Burns and A. Wellings. Real-Time Systems and Programming Languages. Addison Wesley Longmain, 3 edition, 2001. Google ScholarDigital Library
- L. Cardelli and P. Wegner. On understanding types, data abstraction and polymorphism. ACM Comput. Surv., 17(4):471--522, Dec. 1985. Google ScholarDigital Library
- P. Chalin, J. R. Kiniry, G. T. Leavens, and E. Poll. Beyond assertions: Advanced specification and verification with JML and ESC/Java2. In Formal Methods for Components and Objects (FMCO) 2005, Revised Lectures, volume 4111 of Lecture Notes in Computer Science, pages 342--363. Springer-Verlag, 2006. Google ScholarDigital Library
- W.-N. Chin, C. David, H. H. Nguyen, and S. Qin. Enhancing modular oo verification with separation logic. In P. Wadler, editor, ACM Symposium on Principles of Programming Languages, pages 87--99, New York, NY, Jan. 2008. ACM. Google ScholarDigital Library
- Computer-Science Department Annual Report, Purdue University. oSCJ: Open Safety-Critical Java Project, White Paper, January 2010.Google Scholar
- T. Ekman and G. Hedin. The JastAdd system --- modular extensible compiler construction. Sci. Comput. Programming, 69(1--3):14--26, 2007. Google ScholarDigital Library
- C. Ferdinand, R. Heckmann, M. Langenbach, F. Martin, M. Schmidt, H. Theiling, S. Thesing, and R. Wilhelm. Reliable and precise WCET determination for a real-life processor. In Proc. First International Workshop on Embedded Software (EMSOFT 2001), volume 2211 of Lecture Notes in Computer Science, pages 469--485. Springer-Verlag, 2001. Google ScholarDigital Library
- J. Gustafsson. Worst case execution time analysis of object-oriented programs. Object-Oriented Real-Time Dependable Systems, IEEE International Workshop on, 0:0071, 2002. Google ScholarDigital Library
- J. Gustafsson and A. Ermedahl. Automatic derivation of path and loop annotations in object-oriented real-time programs. Parallel and Distributed Real-Time Systems, Workshop, 0:257, 1997. Google ScholarDigital Library
- J. Gustafsson, A. Ermedahl, C. Sandberg, and B. Lisper. Automatic derivation of loop bounds and infeasible paths for wcet analysis using abstract execution. Real-Time Systems Symposium, IEEE International, 0:57--66, 2006. Google ScholarDigital Library
- G. Haddad and G. T. Leavens. Extensible dynamic analysis for jml: A case study with loop annotations. Technical Report CS-TR-08-05, School of Electrical Engineering and Computer Science, University of Central Florida, Orlando, Florida, April 2008.Google Scholar
- R. Heckmann and C. Ferdinand. Worst-case execution time prediction by static program analysis. http://www.absint.com/aiT_WCET.pdf, 2006.Google Scholar
- R. Heckmann, M. Langenbach, S. Thesing, and R. Wilhelm. The influence of processor architecture on the design and the results of WCET tools. Proceedings of the IEEE, 91(7):1038--1054, July 2003.Google ScholarCross Ref
- E. C. R. Hehner. Formalization of time and space. Formal Aspects of Computing, 10:290--306, 1998.Google ScholarCross Ref
- T. Henties, J. J. Hunt, D. Locke, K. Nilsen, M. Schoeberl, and J. Vitek. Java for safety-critical applications. 2nd International Workshop on the Certification of Safety-Critical Software Controlled Systems (SafeCert 2009), Mar. 2009.Google Scholar
- T. Kalibera, J. Hagelberg, F. Pizlo, A. Plsek, B. Titzer, and J. Vitek. Cdx: a family of real-time java benchmarks. In JTRES '09: Proceedings of the 7th International Workshop on Java Technologies for Real-Time and Embedded Systems, pages 41--50, New York, NY, USA, 2009. ACM. Google ScholarDigital Library
- R. Kirner, P. Puschner, and I. Wenzel. Measurement-based worst-case execution time analysis using automatic test-data generation. In Proc. 4th Euromicro International Workshop on WCET Analysis, pages 67--70, June 2004.Google Scholar
- J. Krone, W. F. Ogden, and M. Sitaraman. Modular verification of performance correctness. In ACM OOPSLA Workshop on Specification and Verification of Component-Based Systems (SAVCBS), pages 60--67, 2001.Google Scholar
- J. Krone, W. F. Ogden, and M. Sitaraman. Profiles: A compositional mechanism for performance specification. Technical Report RSRG-04-03, Department of Computer Science, Clemson University, Clemson, SC 29634-0974, June 2004. Invited as one of the best papers from the SAVCBS Workshop series and under consideration for Formal Aspects of Computing, Springer-Verlag.Google Scholar
- G. T. Leavens. JML's rich, inherited specifications for behavioral subtypes. In Z. Liu and H. Jifeng, editors, Formal Methods and Software Engineering: 8th International Conference on Formal Engineering Methods (ICFEM), volume 4260 of Lecture Notes in Computer Science, pages 2--34, New York, NY, Nov. 2006. Springer-Verlag. Google ScholarDigital Library
- G. T. Leavens, A. L. Baker, and C. Ruby. Preliminary design of JML: A behavioral interface specification language for Java. ACM SIGSOFT Software Engineering Notes, 31(3):1--38, Mar. 2006. Google ScholarDigital Library
- G. T. Leavens and D. A. Naumann. Behavioral subtyping, specification inheritance, and modular reasoning. Technical Report 06-20b, Department of Computer Science, Iowa State University, Ames, Iowa, 50011, Sept. 2006.Google Scholar
- G. T. Leavens, E. Poll, C. Clifton, Y. Cheon, C. Ruby, D. R. Cok, and J. Kiniry. Jml reference manual. Department of Computer Science, Iowa State University. Available from http://www.jmlspecs.org, Apr. 2003.Google Scholar
- G. T. Leavens, E. Poll, C. Clifton, Y. Cheon, C. Ruby, D. R. Cok, P. Müller, J. Kiniry, P. Chalin, and D. M. Zimmerman. JML Reference Manual. Available from http://www.jmlspecs.org, Sept. 2009.Google Scholar
- G. T. Leavens and W. E. Weihl. Specification and verification of object-oriented programs using supertype abstraction. Acta Informatica, 32(8):705--778, Nov. 1995.Google ScholarDigital Library
- N. Leveson. Safeware: System Safety and Computers. Addison-Wesley Pub Co., Reading, Mass., 1995. Google Scholar
- P. G. Neumann. The risks digest. http://catless.ncl.ac.uk/Risks.Google Scholar
- M. Parkinson and G. Bierman. Separation logic, abstraction and inheritance. In P. Wadler, editor, ACM Symposium on Principles of Programming Languages, pages 75--86, New York, NY, Jan. 2008. ACM. Google ScholarDigital Library
- M. J. Parkinson. Local reasoning for Java. Technical Report 654, University of Cambridge Computer Laboratory, Nov. 2005. The author's Ph.D. dissertation.Google Scholar
- Purdue University - S3 Lab. The Ovm Virtual Machine homepage, http://www.ovmj.org/, 2005.Google Scholar
- Radio Technical Commission for Aeronautics (RTCA). DO-178B: Software Considerations in Airborne Systems and Equipment Certification, 1982.Google Scholar
- M. Schoeberl and R. Pedersen. WCET analysis for a java processor. In JTRES '06: Proceedings of the 4th international workshop on Java technologies for real-time and embedded systems, pages 202--211, New York, NY, USA, 2006. ACM. Google ScholarDigital Library
- S. M. Shaner, G. T. Leavens, and D. A. Naumann. Modular verification of higher-order methods with mandatory calls specified by model programs. In International Conference on Object-Oriented Programming, Systems, Languages and Applications (OOPSLA), Montreal, Canada, pages 351--367, New York, NY, Oct. 2007. ACM. Google ScholarDigital Library
- A. Shaw. Real-Time Systems and Software. John Wiley & Sons, New York, NY, 2001. Google ScholarDigital Library
- Sun Microsystems, Inc. JSR 302: Safety critical java technology. From http://jcp.org/en/jsr/detail?id=302 (Date retrieved: March 19, 2008), 2007.Google Scholar
- J. M. Wing. Writing Larch interface language specifications. ACM Trans. Prog. Lang. Syst., 9(1):1--24, Jan. 1987. Google ScholarDigital Library
Index Terms
- The design of SafeJML, a specification language for SCJ with support for WCET specification
Recommendations
Tutorial on JML, the java modeling language
ASE '07: Proceedings of the 22nd IEEE/ACM International Conference on Automated Software EngineeringThe Java Modeling Language (JML) is widely used in academic research as a common language for formal methods tools that work with Java. JML is a design by contract language that can be used to specify detailed designs of Java programs, frameworks, and ...
Specifying subtypes in SCJ programs
JTRES '11: Proceedings of the 9th International Workshop on Java Technologies for Real-Time and Embedded SystemsModular reasoning about programs that use subtypes requires that an overriding method in a subtype obeys the specifications of all methods that it overrides. For example, if method m is specified in a supertype T to take at most 42 nanoseconds to ...
Java bytecode specification and verification
SAC '06: Proceedings of the 2006 ACM symposium on Applied computingWe propose a framework for establishing the correctness of untrusted Java bytecode components w.r.t. to complex functional and/or security policies. To this end, we define a bytecode specification language (BCSL) and a weakest precondition calculus for ...
Comments