1. Introduction

This work describes the design and implementation of runtime verification of OCL (Object Constraint Language) constraints in java programs. Therefore, the OCL compiler developed by Frank Finger [FF00] was extended into a java source code instrumentation tool.

1.1 Motivation

Many different approaches for increasing software quality have been developed in the past. Few of them have experienced wide spread usage in industry. One of them is Structural Programming, another one is the Object Oriented Paradigm. And there is just another one, which convinces through its simpleness: Check Statements (or assertions in C++).

Suppose a method for removing all objects from a collection:

void clear()

{

  // some complex handling of 

  // hash tables or trees ...

}

Now, how does one verify, that the (supposedly complex) implementation is correct? Starting up the debugger and check for a few cases? Is Russian Roulette. Building some automatic test cases? Getting better. But why not make sure, that the critical code works correctly for the rest of its life:

void clear()

{

  // some complex handling of 

  // hash tables or trees ...

  assert(size()==0)

}

The assert statement terminates the program, if the given expression evaluates to false. Otherwise it does nothing. Many bugs would be detected when showing up for the first time^1.1. Additionally it needs only a compiler switch to disable all assertions, thus removing any runtime penalty for release versions. As described in [SM93g], software quality can be improved dramatically by using assertions whenever possible. This meets with practical experiences of the author.

Unfortunately, there is no assert statement in Java. A similar functionality could be achieved using exceptions, but there would be no possibility to globally disable assertions.

Furthermore, assertions are just a special case of a much more powerful concept: Design by Contract (DbC). A good introduction is given in [TP98]. In DbC the example assertion above is transformed into a postcondition of the method:

/**

   @postcondition: size()==0

*/

void clear()

{

  // some complex handling of 

  // hash tables or trees ...

}

The tool developed with this paper aims to support verification of design constraints as shown above. It instruments java source code, so that the instrumented code checks its own constraints on runtime.

1.2 Task

This work aims to extend the OCL compiler developed by Frank Finger with a java source code instrumentation tool. [FF00] section 3.6 already provides a list of requirements for such a tool. Additional attention is paid to java programs, where no UML class diagrams are available. The tool should be implemented to a sufficient extent. This includes maintance of the existing OCL compiler. For the java code provided by the industrial partner, net-linx AG, a small set of typical OCL constraints will be developed and experimented with.

1.3 Organisation of This Work

Chapter lists work related to this paper, particularly software aiming for similar functionality. Chapters and present the design and implementation of the two major extensions of the OCL compiler developed in this paper: the java source code instrumentation and the completed model information for OCL. Chapter reports experiences made using the tool on an industrial strength project. Chapter summarizes the results of this work, while chapter points out directions for future work.

Appendix lists all modifications of the OCL compiler made during this work. Appendix contains a short manual of the software together with an illustrative example. Finally, some very detailed descriptions have been shifted into appendix to keep the main text clear.

This work comes with a CD, containing a current snapshot of the developed software, an electronic version of this paper and software and literature referred to in this work, where available.