Frankfurt University of Applied Sciences 23rd January 2023

High Integrity Systems

Prof. Dr. Ruth Schorr

Advanced Formal Modeling

Winter Term 2022/23
Exercise Sheet 9

Question 1:

Consider the following Java class definition:

class RemoveDuplicates {
public static int[] removeDuplicates(int[] a) {
...
}
}
The removeDuplicates method removes duplicates from a list of integers. It takes an int
array a as an argument and returns a newly created array containing values like a, but each
value at most once. It is certain that the method does not change the array entries.

a) Provide a JML postcondition for the removeDuplicates method stating that the
result array is at most as long as the input array a.

b) Provide a JML postcondition for the removeDuplicates method that states that
no value is duplicated in the result array.

c) Provide a JML postcondition for the removeDuplicates method, stating that any
value that appears in array a also appears in the result array.

Question 2:

State the meaning of the following JML method contract in English language.
public class A {
/*@ public normal_behavior
@ requires 0 < q && q <= p;
@ assignable \nothing;
@ ensures \result.length == q;
@ ensures (\forall int i; 0 <= i && i < q; 0 <= \result[i]);
@ ensures (\sum int i; 0 <= i && i < q; \result[i]) <= p;
@ ensures (\forall int i; 0 <= i && i < q;
@ (\sum int j; 0 <= j && j < q; \result[j]) <= \result[i] * q);
@*/
public int[] m(int p, int q) { ... }
}

1
Question 3:

A queue is an ordered group of elements. Queues have two ends. Elements are added at one
end and are removed from the other end. The element added first is also removed first (FIFO
principle). Enqueue is a function that adds a new element to the rear of the queue. Dequeue
is a function to remove the front element from the queue and the function returns the front
element.
Consider the following code fragment of a Queue:
public class Queue {
Object[] arr;
int size;
int first;
int next;

Queue( int max ) {

// ...
}

public int size() {

// ...
}

public void enqueue( Object x ) {

// ...
}

public Object dequeue() {

// ...
}
}
Provide a JML specification of the Queue. The specification should consist of class
invariant(s), and pre- and post-conditions for each method.
Question 4:

We consider an array a with n elements of type integer. Let j and k be two indices with
0 <= j < k < n.

In below subquestions 'a[j..k]' we mean a segment of the array a (but we cannot just
write 'a[j..k]' in JML).
Write JML expressions for the following:

a) All elements in a[j..k] are zero.

b) All zeros of a[0..n-1] are in a[j..k].

c) It is not the case that all zeros of a[0..n-1] are in a[j..k] .

d) a[0..n-1] contains at least two zeros.

e) a[0..n-1] contains at most two zeros.

f) Specify a method public static void reverse( int[] b ) which

reverses the order of elements in a.