Modular Verification of Static Class Invariants

  • K. Rustan M. Leino
  • Peter Müller
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3582)


Object invariants describe the consistency of object-oriented data structures and are central to reasoning about the correctness of object-oriented software. But object invariants are not the only consistency conditions on which a program may depend. The data in object-oriented programs consists not just of object fields, but also of static fields, which hold data that is shared among objects. The consistency of static fields is described by static class invariants, which are enforced at the class level. Static class invariants can also mention instance fields, describing the consistency of dynamic data structures rooted in static fields. Sometimes there are even consistency conditions that relate the instance fields of many or all objects of a class; static class invariants describe these relations, too, since they cannot be enforced by any one object in isolation.

This paper presents a systematic way (a methodology) for specifying and verifying static class invariants in object-oriented programs. The methodology supports the three major uses of static fields and invariants in the Java library. The methodology is amenable to static, modular verification and is sound.


Static class invariant verification object-oriented programming static field 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Barnett, M., DeLine, R., Fähndrich, M., Leino, K.R.M., Schulte, W.: Verification of object-oriented programs with invariants. Journal of Object Technology 3(6) (2004),
  2. 2.
    Barnett, M., Leino, K.R.M., Schulte, W.: The Spec# programming system: An overview. In: Barthe, G., Burdy, L., Huisman, M., Lanet, J.-L., Muntean, T. (eds.) CASSIS 2004. LNCS, vol. 3362, pp. 49–69. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  3. 3.
    Barnett, M., Naumann, D.A.: Friends need a bit more: Maintaining invariants over shared state. In: Kozen, D. (ed.) MPC 2004. LNCS, vol. 3125, pp. 54–84. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  4. 4.
    Burdy, L., Cheon, Y., Cok, D.R., Ernst, M.D., Kiniry, J.R., Leavens, G.T., Leino, K.R.M., Poll, E.: An overview of JML tools and applications. Software Tools for Technology Transfer, STTT (2004)Google Scholar
  5. 5.
    Clarke, D.G., Potter, J.M., Noble, J.: Ownership types for flexible alias protection. In: OOPSLA 1998, October 1998, pp. 48–64. ACM, New York (1998)CrossRefGoogle Scholar
  6. 6.
    Detlefs, D.L., Leino, K.R.M., Nelson, G., Saxe, J.B.: Extended static checking. Research Report 159, Compaq SRC (December 1998)Google Scholar
  7. 7.
    Flanagan, C., Leino, K.R.M., Lillibridge, M., Nelson, G., Saxe, J.B., Stata, R.: Extended static checking for Java. In: PLDI 2002, pp. 234–245. ACM, New York (2002)CrossRefGoogle Scholar
  8. 8.
    Leavens, G.T., Baker, A.L., Ruby, C.: Preliminary design of JML: A behavioral interface specification language for Java. Technical Report 98-06-rev27, Iowa State University (2003)Google Scholar
  9. 9.
    Leino, K.R.M., Müller, P.: Modular verification of global module invariants in object-oriented programs. Technical Report 459, ETH Zürich (2004)Google Scholar
  10. 10.
    Leino, K.R.M., Müller, P.: Object invariants in dynamic contexts. In: Odersky, M. (ed.) ECOOP 2004. LNCS, vol. 3086, pp. 491–516. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  11. 11.
    Leino, K.R.M., Nelson, G.: Data abstraction and information hiding. TOPLAS 24(5), 491–553 (2002)CrossRefGoogle Scholar
  12. 12.
    Liskov, B., Guttag, J.: Abstraction and Specification in Program Development. MIT Electrical Engineering and Computer Science Series. MIT Press, Cambridge (1986)zbMATHGoogle Scholar
  13. 13.
    Liskov, B., Wing, J.M.: A behavioral notion of subtyping. TOPLAS 16(6), 1811–1841 (1994)CrossRefGoogle Scholar
  14. 14.
    Meyer, B.: Eiffel: The Language. Prentice Hall, Englewood Cliffs (1995)Google Scholar
  15. 15.
    Meyer, B.: Object-Oriented Software Construction. Prentice Hall, Englewood Cliffs (1997)zbMATHGoogle Scholar
  16. 16.
    Müller, P. (ed.): Modular Specification and Verification of Object-Oriented Programs. LNCS, vol. 2262. Springer, Heidelberg (2002)zbMATHGoogle Scholar
  17. 17.
    Pierik, C., Clarke, D., de Boer, F.S.: Controlling object allocation using creation guards. In: Fitzgerald, J.S., Hayes, I.J., Tarlecki, A. (eds.) FM 2005. LNCS, vol. 3582, pp. 59–74. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  18. 18.
    Poetzsch-Heffter, A., Müller, P.: A programming logic for sequential Java. In: Swierstra, S.D. (ed.) ESOP 1999. LNCS, vol. 1576, pp. 162–176. Springer, Heidelberg (1999)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • K. Rustan M. Leino
    • 1
  • Peter Müller
    • 2
  1. 1.Microsoft ResearchRedmondUSA
  2. 2.ETH ZürichSwitzerland

Personalised recommendations