Engineering Commons^™

Access Control Contracts For Java Program Modules, Carlos E. Rubio-Medrano, Yoonsik Cheon

Departmental Technical Reports (CS)

Application-level security has become an issue in recent years; for example, errors, discrepancies and omissions in the specification of access control constraints of security-sensitive software components are recognized as an important source for security vulnerabilities. We propose to formally specify access control assumptions or constraints of a program module and enforce them at run-time. We call such specifications access control contracts. To realize access control contracts, we extended the JML language, a formal interface specification language for Java, and developed a prototype support tool that translates access control contracts to runtime checks. The access control contract reduces the vulnerability that …

Runtime Assertion Checking For Jml On The Eclipse Platform Using Ast Merging, Amritam Sarcar

Departmental Technical Reports (CS)

The Java Modeling Language (JML) is a formal behavioral interface specification language for Java. It is used for detailed design documentation of Java program modules such as classes and interfaces. JML has been used extensively by many researchers across various projects and has a large and varied spectrum of tool support. It extends from runtime assertion checking (RAC) to theorem proving.

Amongst these tools, RAC and ESC/Java has been used as a common tool for many research projects. RAC for JML is a tool that checks at runtime for possible violations of any specifications. However, lately there has been a …

Automating Java Program Testing Using Ocl And Aspectj, Yoonsik Cheon, Carmen Avila

Departmental Technical Reports (CS)

Random testing can eliminate subjectiveness in constructing test data and increase the diversity of test data. However, one difficult problem is to construct test oracles that decide test results---test failures or successes. Assertions can be used as test oracles and are most effective when derived from formal specifications such as OCL constraints. If fully automated, random testing can reduce the cost of testing dramatically. In this paper we propose an approach for automating Java program testing by combining random testing and OCL. The key idea of our approach is to use OCL constraints as test oracles by translating them to …

A Library-Based Approach To Translating Ocl Constraints To Jml Assertions For Runtime Checking, Carmen Avila, Guillermo Flores, Jr., Yoonsik Cheon

Departmental Technical Reports (CS)

OCL is a formal notation to specify constraints on UML models that cannot otherwise be expressed by diagrammatic notations such as class diagrams. Using OCL one can document detailed design decisions and choices along with the behavior, e.g., class invariants and method pre and postconditions. However, OCL constraints cannot be directly executed and checked at runtime by an implementation, thus constraint violations may not be detected or noticed, causing many potential development and maintenance problems. In this paper we propose an approach to checking OCL constraints at runtime by translating them to executable JML assertions. The key components of our …

A Quick Tutorial On Jet, Yoonsik Cheon

Departmental Technical Reports (CS)

JET is an automated unit testing tool for Java classes annotated with JML specifications; JML is a formal interface specification language for Java to document the behavior of Java classes and interfaces. JET tests each method of the class under test separately. For each method, it generates a collection of test data, executes them, and decides test results (i.e., pass/fail) by using JML specifications as test oracles, thereby fully automating unit testing of Java classes. This document gives a quick tutorial introduction to JET.

Abstraction In Assertion-Based Test Oracles, Yoonsik Cheon

Departmental Technical Reports (CS)

Assertions can be used as test oracles. However, writing effective assertions of right abstraction levels is difficult because on the one hand, detailed assertions are preferred for through testing (i.e., to detect as many errors as possible), but on the other hand abstract assertions are preferred for readability, maintainability, and reusability. As assertions become a practical tool for testing and debugging programs, this is an important and practical problem to solve for the effective use of assertions. We advocate the use of model variables---specification-only variables of which abstract values are given as mappings from concrete program states---to write abstract assertions …

Random Test Data Generation For Java Classes Annotated With Jml Specifications, Yoonsik Cheon, Carlos E. Rubio-Medrano

Departmental Technical Reports (CS)

The hidden states of objects create a barrier to designing and generating test data automatically. For example, the state of an object has to be established indirectly through a sequence of method invocations. For a non-trivial class, however, it is extremely unlikely that a randomly-chosen sequence of method invocations can construct an object successfully, as each invocation has to satisfy the state invariants. Nonetheless, automated random testing can reduce the cost of testing dramatically and has potential for finding errors that are difficult to find in other ways because it eliminates the subjectiveness in constructing test data. We propose a …

A Contextual Interpretation Of Undefinedness For Runtime Assertion Checking, Yoonsik Cheon, Gary T. Leavens

Departmental Technical Reports (CS)

Runtime assertion checkers and static checking and verification tools must all cope with the well-known undefinedness problem of logic. This problem is particularly severe for runtime assertion checkers, since, in addition to the possibility of exceptions and errors, runtime assertion checkers must cope with non-executable expressions (such as certain quantified expressions). This paper describes how the runtime assertion checker of the Java Modeling Language (JML) copes with undefinedness. JML is interesting because it attempts to satisfy the needs of a wide range of tools; besides runtime assertion checking, these include static checking tools (like ESC/Java) and static verification tools. These …

Specifying And Checking Method Call Sequences In Jml, Yoonsik Cheon, Ashaveena Perumandla

Departmental Technical Reports (CS)

In a pre- and post-conditions style specification, it is difficult to specify allowed sequences of method calls, often called protocols. However, the protocols are essential properties of reusable object-oriented classes and application frameworks, and the approaches based on the pre- and post-conditions, such as design by contracts (DBC) and formal behavioral interface specification languages (BISL), are being accepted as a practical and effective way of describing precise interfaces of (reusable) program modules. We propose a simple extension to JML, a BISL for Java, to specify protocol properties in an intuitive and concise manner. We also define a formal semantics of …

A Complete Automation Of Unit Testing For Java Programs, Yoonsik Cheon, Myoung Yee Kim, Ashaveena Perumandla

Departmental Technical Reports (CS)

Program testing is expensive and labor-intensive, often consuming more than half of the total development costs, and yet it is frequently not done well and the results are not always satisfactory. However, testing is the primary method to ensure that programs comply with requirements. We describe our on-going project that attempts to completely automate unit testing of object-oriented programs. Our project investigates the use of an evolutionary approach, called genetic algorithms, for the test data generation and the use of program specifications, written in JML, for the test result determination. A proof-of-concept tool has been implemented and shows that a …