Download
1 / 4
50 likes | 207 Vues
This document discusses critical design issues for the ESC/Java tool, focusing on aspects like private variables in specifications, modifies clauses, interface specifications, and vector-bounds checking. It highlights an iterative design process where navigation through design space should be guided by trial-and-error and field feedback. The emphasis is on building adaptable tools rather than fixating on the specifics of the first iteration. Recommendations include anticipating changes, understanding Java syntax, and limiting the time spent on annotation design to facilitate effective user engagement.
E N D
ESCJ 15:Design issues for ESC/JavaApril 2nd, 1997 • Private variables in spec’s? • Modifies clauses? • Specifications for interfaces? • Vector-bounds checking? • Monitor invariants? • Module-initialization checking? • Abstract state?
Iterative design process • Claim: We should navigate this design space by trial-and-error, getting feedback from the field. • Implication: We should be less concerned with the particulars of the first version of the tool and very concerned that what we build can be easily modified
Look at design-space breadth first • Identify what’s likely to be stable • Java syntax • Translation to guarded commands [?] • Anticipate what’s likely to change • Desugaring of specifications • “Additional” annotations (e.g., invariants, LL)
Implications for user manual • Limit time spent designing annotations • Don’t use as primary basis for building checker
