Welcome!

Java IoT Authors: Elizabeth White, Liz McMillan, Zakia Bouachraoui, Yeshim Deniz, Pat Romanski

Related Topics: Java IoT

Java IoT: Article

Implementing Assertions in Java

Implementing Assertions in Java

Any software system, whether object-oriented or not, relies on the state of the system being "correct" at certain stages of its execution. To take a very simple example, when a numerical division operation is performed, the divisor must be non-zero. If this is not the case, the system may crash in an unpredictable and uncontrolled manner.

One way of indicating such requirements is to state that the system must be in some state either before or after an operation. Such a statement about the state of a software system is called an assertion.

Assertions often form the basis for software specification. In some systems, the assertions are embedded in the software as annotations or formal comments. However, it can be useful to make the assertions executable so that the correctness of the system is checked at runtime.

A simple technique is to make the code do its own self-testing using a method call and a programming languages exception mechanism. The code checks that the statement passed to it is true, thus allowing it to test that the code is behaving as expected. If the statement is false, the method uses an exception to stop processing, thereby enabling debugging.

This article looks at how assertions can be implemented within the Java programming language [1]. In the remainder of this article, we introduce the concept of assertions, how they can be used and how they can be implemented. In particular, we introduce two types of assertions: one which generates a runtime exception if it fails and one which generates a checked exception (which must be handled by the programmer) if it fails. We then provide a brief analysis of the facilities provided by this approach.

Assertions and Their Uses
An assertion is a logical statement about the state of a software system. In formal methods, such as VDM [10], software is specified by making assertions about the pre- and post-conditions of functions and operations. These assertions may be used to formally prove properties of the system, such as consistency. During the development process, the abstract specification is refined into code. The problem with this approach is that the assertions used in the specification are often lost during the refinement process and indeed, it may not be possible to express the assertions in the final implementation language.

Programming languages have been developed which enable assertions to be embedded into the code itself, for example Gypsy [5] or SPARK [3, 2]. Tools available with these language systems enable the assertions to be checked and, in some cases, proved.

Another approach is to introduce assertions into existing programming languages by using formal comments, called annotations, or by pre-processing. The C programming language has been extended with annotations[7] and Ada has been similarly extended into Anna [11]. An annotation pre-processor for C is described in Rosenblum's "A Practical Approach to Programing with Assertions" [13]. In these systems, tool support enables the assertions to be checked against the program code. However, extra-language syntax is required and, in the case of annotations, the assertions are lost when the program is compiled.

It may be better to have assertions as part of the code so that they provide a permanent defensive programming mechanism for detecting faults at runtime [12]. The exception mechanism of a programming language can be used for this [8]. In the following sections we show how this can be done for Java.

Using Assertions in Java
Assertions can be implemented in Java as part of an assertion package (available at http://www.aber.ac.uk/~jjh/Java/assertion). This package can provide assertion classes which take an assertion and throw an exception if the assertion is false. The package could also define its own exceptions, thereby allowing a programmer to catch assertion exceptions. The assertion package we have defined provides two separate assertion classes and two different types of exception:

  • Assertion - The class Assertion allows programmers to use assertions within their code.
  • CheckedAssertion - The class CheckedAssertion allows programmers to use assertions within their code but forces them to explicitly catch a CheckedAssertionException.
  • AssertionException - The AssertionException class extends the RuntimeException class so that programmers do not have to handle the exception raised.
  • CheckedAssertionException - The CheckedAssertionException class extends the Exception class so that programmers are forced to handle the exception raised.

    The difference between the checked and the non-checked assertions for the developer is that they must explicitly handle any exceptions raised by the CheckedAssertion class, whereas they can choose to ignore the fact that an exception may be raised by the Assertion class.

    In Java, a package is an associated group of classes and interfaces [1]. We have defined a new package assertion which holds the four classes listed above. Other classes can then use these four by importing the assertion package. An example of how these classes are used is presented in Listing 1.

    This example creates a simple class Example which uses the Assertion class to handle the result of checking the relationship between a and b. The result of running this application is presented in Listing 2.

    We could have caught the AssertionException within a try{} catch{} block. This construct allows a piece of code to be wrapped up within a try block. The try block indicates the code which is to be monitored for the exceptions listed in the catch expressions. The catch expressions can then be used to indicate what to do when certain classes of exception occur; for example, "resolve the problem" or "generate a warning message", etc. If no catch expressions are included the throws clause must be handled by the method definition. For example:

    try { e.test(1, 2);
    e.test(2, 1);
    }
    catch (AssertionException e) {
    System.out.println("First parameter larger than second");
    }

    This would have allowed us to respond in an appropriate manner. Below we examine the implementation of the Assertion and AssertionException classes and their checked counterparts.

    Exceptions in Java
    In Java, (almost) everything is an object; therefore, exceptions are objects as well. All exceptions must extend the class Throwable or one of its subclasses [4].

    The class Throwable has two subclasses, Error and Exception. Errors are unchecked exceptions. These are exceptions which your methods are not expected to deal with. The compiler therefore does not check that the methods can deal with them. In contrast, most exceptions (but not RuntimeException and its subclasses) below the class Exception are checked exceptions. These exceptions must be dealt with by your methods. The compiler thus checks to see that methods throw only exceptions which they can deal with (or are passed up to other methods to handle). For example, if we wished to raise an ArithmeticException, for a divide by zero error then we would write:

    throw new ArithmeticException("Division By Zero");

    In Java, you are not limited to system-provided exceptions; it is also possible to provide user-defined exceptions. This can be very useful as such an approach can allow the developer to have more control over what happens in particular circumstances. To do so, a developer must subclass the Exception class or one of its subclasses.

    Assertions in Java
    The Assertion class
    The Assertion class (a direct subclass of Object) makes two methods publicly available for handling boolean expressions. These are:

  • assert(boolean bool) - Determines the effect of the boolean result passed to it.
  • assert(boolean bools[]) - Determines the effect of the array of expressions passed to it.

    The second method is really a convenience method which repeatedly calls the first method on each element in the array.

    The implementation of the assert(boolean bool) method is relatively straightforward. The method checks whether the boolean value is false or not. If it is false an exception is raised. The assert(boolean bools []) method simply calls the previous method iteratively (see Listing 3).

    Switching Assertion Checking Off
    In the released version of the system, the assertion checks may waste processing time. they could therefore be replaced by a null version of the method:

    public static void assert (boolean bool) throws AssertionException {
    return true;
    }

    As Java dynamically loads the appropriate .class file at runtime, we could distribute the final version of the system with an Assertion.class file based on the above implementation of assert. We would therefore not even need to recompile the system being released.

    The overhead of the extra method dispatch is relatively small; of course, if it is still significant we could write a utility to find the senders of the assert method and to comment out the assertion statements.

    The AssertionException class
    The AssertionException class is a subclass of the RuntimeException class as illustrated in Figure 1. The definition of the AssertionException class is provided in LIsting 4. Note that it provides two constructors which are used to initialize the string displayed to the user.

    CheckedAssertion and CheckedAssertionException
    These classes are essentially the same as the Assertion and AssertionException classes except that the CheckedAssertion class throws the CheckedAssertionException and the CheckedAssertionException extends the Exception class (as shown in Figure 1). For the developer, the difference between the two types of assertion checking is that any exceptions raised by the CheckedAssertion class must be handled explicitly; they can not simply be propagated out of the program.

    The advantage is that the developer using the assertions can decide how much control to give to the user of a component. If they wish, they can force that user to handle the exception and thereby allow them to take charge of any problems which occur. This can result in code which is more resilient to erroneous situations.

    For completeness, the two classes are presented in Listings 5 and 6.

    Analysis
    Design methods Using Assertions
    Assertions are particularly useful for testing pre-conditions, post-conditions and class invariants. The Syntropy design method makes extensive use of such assertions [6]. It would therefore be possible to use the assertions identified during the design as the basis of the assertions to place in the Java code.

    JavaBeansª
    The use of assertions could be extremely useful when working with JavaBeans (the Java component model). In such situations developers produce reusable components which will be used by developers in many different ways. By using assertions, developers can ensure that the state of the Bean at any time is correct. If the state is not correct then they can take appropriate action. The assertions can therefore be used as guards against inappropriate states, parameters, etc.

    Shortcomings
    The simple approach to inserting assertions into Java code described here cannot provide the following, more sophisticated types of assertions:

  • Assertions that relate output values of methods to their input values: For example, suppose one defined a method which swapped the values of its two parameters.

    void swap (SomeType x, SomeType y) {
    SomeType z;
    z = x;
    x = y;
    y = z;
    }

    One might want to assert, just before the method returns, that the new value of x is equal to the old value of y and the new value of y is equal to the old value of x. This is not possible with our assertion mechanism. Assertion mechanisms for which this is possible have additional syntax which allows the "before and after" values of variables to be distinguished.

  • Assertions which involve quantified expressions: Formal methods, and the annotations of Anna and SPARK, allow expressions to be quantified by "for all", "exists", or "not exists". So, the fact that a natural number N was prime could be asserted by saying that there did not exist numbers P and Q with 1 Conclusions
    Recent commentators have suggested that assertions provide a valuable defensive programming technique. One of the nine ways advocated for making code more reliable is to "use assertions liberally" [9].

    We have demonstrated a simple mechanism for introducing assertions into Java programs. Two classes have been defined: Assertion and CheckedAssertion. The former allows assertions to be used very simply. Any exceptions thrown as a result of the assertions failing may be caught or propagated out of the program. The CheckedAssertion class requires the exceptions to be caught or explicitly listed in a throw clause for the methods involved. This provides greater control and "self documentation" of the assertion mechanism.

    Our assertion mechanism is particularly valuable when Java is used in larger, critical applications, where developers are implementing classes for general use and for Java Beans components.

    References
    1. K. Arnold and J. Gosling, The Java Programming Language, Addison Wesley, ISBN 0-201-63455-4, 1996.
    2. J.G.P. Barnes, High Integrity Ada: The SPARK Approach, Addison-Wesley, ISBN 0-201-17517-7, 1997.
    3. B.A. Carré, J.R. Garnsworthy and D.W.R Marsh, "SPARK: A Safety-Related Ada Subset", in W.J. Taylor (ed.), Ada in Transition, IOS Press, Amsterdam, 1992, pp. 31-45.
    4. P. Chan and R. Lee, The Java Class Libraries: An Annotated Reference, Addison-Wesley, 0-201-69581-2, 1996.
    5. R.M. Cohen, Proving Gypsy Programs, Ph.D. Thesis, The University of Texas at Austin, 1986.
    6. S. Cook and J. Daniels, Designing Object Oriented Systems: Object-oriented modeling with Syntropy, New York: Prentice Hall, 0-13-203860-9, 1994.
    7. D.W. Flater, Y. Yesha and E.K. Park, Extensions to the C Programming Language for Enhanced Fault Detection, Software - Practice and Experience, vol. 23, no. 6, pp. 617-628, June, 1993.
    8. P. Gaution, An Assertion Mechanism Based on Exceptions, in Proc. 4th C++ Tech. Conf., USENIX Association, pp. 245-262, August, 1992.
    9. A. Joch, How Software Doesn't Work, Byte, pp. 49-60, December, 1995.
    10. C.B. Jones, Systematic Software Development using VDM, Prentice Hall, ISBN 0-13-880733-7, 1990.
    11. D.C. Luckham, F.W. von Henke, B. Krieg-Brkner, and O.Owe, Anna - A Language for Annotating Ada Programs, Lecture Notes in Computer Science, vol. 260, Springer-Verlag, 1987.
    12. B. Meyer, Applying Design by Contract, IEEE Computing, vol. 25, pp. 40-51, October, 1992.
    13. D.S. Rosenblum, A Practical Approach to Programming with Assertions, IEEE Transactions on Software Engineering, vol. 21, no. 1, pp. 19-31, 1995.

  • More Stories By John Hunt

    Dr. John Hunt has been working in the object-orientation field since the mid-1980s in both industry and academia. He became interested in Java early in 1995 and has worked with a number of companies (including Sun) with Java. He is particularly interested in developing real world applications using Java and in issues associated with Java performance, integrity and architecture.

    More Stories By Fred Long

    Dr. Fred Long lectures on software engineering and formal methods. He is a visiting scientist at the Software Engineering Institute in Pittsburgh. Recently, he has been researching Java's suitability for the development of critical applications.

    Comments (0)

    Share your thoughts on this story.

    Add your comment
    You must be signed in to add a comment. Sign-in | Register

    In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


    IoT & Smart Cities Stories
    Early Bird Registration Discount Expires on August 31, 2018 Conference Registration Link ▸ HERE. Pick from all 200 sessions in all 10 tracks, plus 22 Keynotes & General Sessions! Lunch is served two days. EXPIRES AUGUST 31, 2018. Ticket prices: ($1,295-Aug 31) ($1,495-Oct 31) ($1,995-Nov 12) ($2,500-Walk-in)
    Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereal. Andrew's role at ConsenSys Enterprise is a mul...
    Nicolas Fierro is CEO of MIMIR Blockchain Solutions. He is a programmer, technologist, and operations dev who has worked with Ethereum and blockchain since 2014. His knowledge in blockchain dates to when he performed dev ops services to the Ethereum Foundation as one the privileged few developers to work with the original core team in Switzerland.
    René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
    Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to ...
    The challenges of aggregating data from consumer-oriented devices, such as wearable technologies and smart thermostats, are fairly well-understood. However, there are a new set of challenges for IoT devices that generate megabytes or gigabytes of data per second. Certainly, the infrastructure will have to change, as those volumes of data will likely overwhelm the available bandwidth for aggregating the data into a central repository. Ochandarena discusses a whole new way to think about your next...
    CloudEXPO | DevOpsSUMMIT | DXWorldEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
    Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence. Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more busine...
    All in Mobile is a place where we continually maximize their impact by fostering understanding, empathy, insights, creativity and joy. They believe that a truly useful and desirable mobile app doesn't need the brightest idea or the most advanced technology. A great product begins with understanding people. It's easy to think that customers will love your app, but can you justify it? They make sure your final app is something that users truly want and need. The only way to do this is by ...
    DXWorldEXPO LLC announced today that Big Data Federation to Exhibit at the 22nd International CloudEXPO, colocated with DevOpsSUMMIT and DXWorldEXPO, November 12-13, 2018 in New York City. Big Data Federation, Inc. develops and applies artificial intelligence to predict financial and economic events that matter. The company uncovers patterns and precise drivers of performance and outcomes with the aid of machine-learning algorithms, big data, and fundamental analysis. Their products are deployed...