Un programme annoté en vaut deux

National audienceFormal verification methods could be of much help to increase software safety. But how to transfer these methods in the real world of critical software development? This paper proposes a tooled solution for source code verification, by automated reduction of safety properties into formal assertions. This approach is applied to JML annotated Java programs. It is illustrated by the automated generation of assertions for a class from the Java Card API. Two complementary formalisms are proposed for expressing properties. Their reduction in JML annotations is implanted in the JAG tool, described with details. The output language (JML) being standard, this tool interfaces easily with many standard tools for verification of JML/Java code by proof ou model-checking.La sécurité du logiciel passe par les méthodes formelles, mais comment faire passer les méthodes formelles dans le monde réel du développement des logiciels critiques ? Cet article propose un mécanisme et un outil d'aide à la vérification de code, par réduction automatique de propriétés de sécurité en annotations formelles. Ce dispositif s'applique aux programmes Java annotés en JML. Il est illustré ici par l'annotation automatique d'une classe de l'API Java Card. Deux formalismes complémentaires pour l'expression de propriétés sont proposés. L'outil JAG, qui implante leur réduction en annotations JML, est décrit en détail. Le langage d'annotations retenu (JML) étant standard, cet outil s'interface naturellement avec de nombreux outils existants pour la vérification par preuve, test ou model-checking de Java annoté en JML

{JML}-based Verification of Liveness Properties on a Class in isolation

International audienceThis paper proposes a way to verify temporal properties of a Java class in an extension of JML (Java Modeling Language) called JTPL (Java Temporal Pattern Language). We particularly address the verification of liveness properties by automatically translating the temporal properties into JML annotations for this class. This automatic translation is implemented in a tool called JAG (JML Annotation Generator). Correctness of the generated annotations ensures that the temporal property is established for the executions of the class in isolation

Verification of class liveness properties with Java modeling language

International audienceStatic checking is key for the security of software components. As a component model, this paper considers a Java class enriched with annotations from the Java Modeling Language (JML). It defines a formal execution semantics for repetitive method invocations from this annotated class, called the class in isolation semantics. Afterwards, a pattern of liveness properties is defined, together with its formal semantics, providing a foundation for both static and runtime checking. This pattern is then inscribed in a complete language of temporal properties, called JTPL (Java Temporal Pattern Language), extending JML. We particularly address the verification of liveness properties by auto- matically translating the temporal properties into JML annotations for this class. This automatic translation is implemented in a tool called JAG (JML Annotation Generator). Correctness of the generated annotations ensures that the temporal property is established for the executions of the class in isolation

Safety Property Driven Test Generation from {JML} Specifications

International audienceThis paper describes the automated generation of test sequences derived from a JML specification and a safety property written in an ad hoc language, named JTPL. The functional JML model is animated to build the test sequences w.r.t. the safety properties, which represent the test targets. From these properties, we derive strategies that are used to guide the symbolic animation. Moreover, additional JML annotations reinforce the oracle in order to guarantee that the safety properties are not violated during the execution of the test suite. Finally, we illustrate this approach on an industrial JavaCard case study

Vérification de propriétés LTL sur des programmes C par génération d'annotations

Ce travail propose une méthode de vérification de propriétés temporelles basée sur la génération automatique d'annotations de programmes. Les annotations générées sont ensuite vérifiées par des prouveurs automatiques via un calcul de plus faible précondition. Notre contribution vise à optimiser une technique existante de génération d'annotations, afin d'améliorer l'automatisation de la vérification des obligations de preuve produites. Cette approche a été outillée sous la forme d'un plugin au sein de l'outil Frama-C pour la vérification de programmes~

Verification of Liveness Properties with JML

This paper proposes a way to verify liveness properties in an extension of JML. The verification is divided into two subtasks: (1) generation of appropriate JML annotations that allow to verify that the class under consideration respects the liveness property, and (2) showing that the environment preserves the liveness properties by proving a refinement. For the generation of appropriate JML annotations, we require that the liveness properties are extended with a variant and invariant (conform variants and invariants to show termination of loops). We then show that under certain assumptions on the environment, we can prove the satisfaction of the liveness property. The second subtask then boils down to showing that the environment in fact respects these assumptions. The method is illustrated by an example

Vérification de propriétés LTL sur des programmes C par génération d'annotations

National audienc

JAG: JML Annotation Generation for Verifying Temporal Properties

We present a tool for verifying temporal properties on Java/ JML classes by generating automatically JML annotations that ensure the verification of the temporal properties

JAG : Génération d'annotations JML pour vérifier des propriétés temporelles

Session outilsNational audienc

JML-based Verification of Liveness Properties on a Class in Isolation

This paper proposes a way to verify temporal properties of a Java class in an extension of JML (Java Modeling Language) called JTPL (Java Temporal Pattern Language). We particularly address the verification of liveness properties by automatically translating the temporal properties into JML annotations for this class. This automatic translation is implemented in a tool called JAG (JML Annotation Generator). Correctness of the generated annotations ensures that the temporal property is established for the executions of the class in isolation