Object Invariants in Dynamic Contexts

  • K. Rustan M. Leino
  • Peter Müller
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3086)

Abstract

Object invariants describe the consistency of object-oriented data structures and are central to reasoning about the correctness of object-oriented software. Yet, reasoning about object invariants in the presence of object references, methods, and subclassing is difficult. This paper describes a methodology for specifying and verifying object-oriented programs, using object invariants to specify the consistency of data and using ownership to organize objects into contexts. The novelty is that contexts can be dynamic: there is no bound on the number of objects in a context and objects can be transferred between contexts. The invariant of an object is allowed to depend on the fields of the object, on the fields of all objects in transitively-owned contexts, and on fields of objects reachable via given sequences of fields. With these invariants, one can describe a large variety of properties, including properties of cyclic data structures. Object invariants can be declared in or near the classes whose fields they depend on, not necessarily in the class of an owning object. The methodology is designed to allow modular reasoning, even in the presence of subclasses, and is proved sound.

Keywords

Object Structure Proof Obligation Dynamic Context Class Node Object Invariant 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Banerjee, A., Naumann, D.A.: Ownership confinement ensures representation independence for object-oriented programs. Manuscript available on (December 2002), http://guinness.cs.stevens-tech.edu/~naumann/publications/
  2. 2.
    Barnett, M., DeLine, R., Fähndrich, M., Leino, K.R.M., Schulte, W.: Verification of object-oriented programs with invariants. Journal of Object Technology (2004) (to appear)Google Scholar
  3. 3.
    Barnett, M., Naumann, D.: Friends need a bit more: Maintaining invariants over shared state. In: Kozen, D. (ed.) MPC 2004. LNCS, vol. 3125, pp. 54–84. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  4. 4.
    Bokowski, B., Vitek, J.: Confined types. In: Proceedings of the 1999 ACM SIGPLAN Conference on Object-Oriented Programming Systems, Languages and Applications (OOPSLA 1999), October 1999. SIGPLAN Notices, vol. 34(10), pp. 82–96. ACM, New York (1999)Google Scholar
  5. 5.
    Boyapati, C., Lee, R., Rinard, M.: Ownership types for safe programming: Preventing data races and deadlocks. In: Proceedings of the 2002 ACM SIGPLAN Conference on Object-Oriented Programming Systems, Languages and Applications, OOPSLA 2002, November 2002. SIGPLAN Notices, vol. 37(11), pp. 211–230. ACM, New York (2002)CrossRefGoogle Scholar
  6. 6.
    Boyapati, C., Liskov, B., Shrira, L.: Ownership types for object encapsulation. In: Conference Record of POPL 2003: The 30th SIGPLAN-SIGACT Symposium on Principles of Programming Languages, January 2003. SIGPLAN Notices, vol. 38(1), pp. 213–223. ACM, New York (2003)CrossRefGoogle Scholar
  7. 7.
    Clarke, D.: Object Ownership and Containment. PhD thesis, University of New South Wales (2001)Google Scholar
  8. 8.
    Clarke, D.G., Drossopoulou, S.: Ownership, encapsulation and the disjointness of type and effect. In: Proceedings of the 2002 ACM SIGPLAN Conference on Object-Oriented Programming Systems, Languages and Applications, OOPSLA 2002, November 2002. SIGPLAN Notices, vol. 37(11), pp. 292–310. ACM, New York (2002)CrossRefGoogle Scholar
  9. 9.
    Clarke, D.G., Potter, J.M., Noble, J.: Ownership types for flexible alias protection. In: Proceedings of the 1998 ACM SIGPLAN Conference on Object-Oriented Programming Systems, Languages and Applications (OOPSLA 1998), October 1998. SIGPLAN Notices, vol. 33(10), pp. 48–64. ACM, New York (1998)CrossRefGoogle Scholar
  10. 10.
    Clarke, D.G., Wrigstad, T.: External uniqueness is unique enough. In: Cardelli, L. (ed.) ECOOP 2003. LNCS, vol. 2743, pp. 176–200. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  11. 11.
    Detlefs, D.L., Rustan, K., Leino, M., Nelson, G.: Wrestling with rep exposure. Research Report 156, Digital Equipment Corporation Systems Research Center (July 1998)Google Scholar
  12. 12.
    Detlefs, D.L., Rustan, K., Leino, M., Nelson, G., Saxe, J.B.: Extended static checking. Research Report 159, Compaq Systems Research Center (December 1998)Google Scholar
  13. 13.
    Dhara, K.K.: Behavioral subtyping in object-oriented languages. Technical Report 97-09, Iowa State University (May 1997)Google Scholar
  14. 14.
    Ernst, M.D., Cockrell, J., Griswold, W.G., Notkin, D.: Dynamically discovering likely program invariants to support program evolution. IEEE Transactions on Software Engineering 27(2), 1–25 (2001)CrossRefGoogle Scholar
  15. 15.
    Fähndrich, M., DeLine, R.: Adoption and focus: practical linear types for imperative programming. In: Proceedings of the 2002 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), May 2002. SIGPLAN Notices, vol. 37(5), pp. 13–24. ACM, New York (2002)CrossRefGoogle Scholar
  16. 16.
    Flanagan, C., Rustan, K., Leino, M., Lillibridge, M., Nelson, G., Saxe, J.B., Stata, R.: Extended static checking for Java. In: Proceedings of the 2002 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), May 2002. SIGPLAN Notices, vol. 37(5), pp. 234–245. ACM, New York (2002)CrossRefGoogle Scholar
  17. 17.
    Guttag, J.V., Horning, J.J. (eds.): Larch: Languages and Tools for Formal Specification. Texts and Monographs in Computer Science. Springer, Heidelberg (1993); With Stephen J. Garland, Kevin D. Jones, Andrés Modet, and Jeannette M.WingMATHGoogle Scholar
  18. 18.
    Huizing, K., Kuiper, R.: Verification of object-oriented programs using class invariants. In: Maibaum, T. (ed.) FASE 2000. LNCS, vol. 1783, pp. 208–221. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  19. 19.
    Joshi, R.: Extended static checking of programs with cyclic dependencies. In: Mason, J. (ed.) 1997 SRC Summer Intern Projects, Technical Note 1997-028. Digital Equipment Corporation Systems Research Center (1997)Google Scholar
  20. 20.
    Leavens, G.T., Baker, A.L., Ruby, C.: JML: A notation for detailed design. In: Kilov, H., Rumpe, B., Simmonds, I. (eds.) Behavioral Specifications of Businesses and Systems, pp. 175–188. Kluwer Academic Publishers, Dordrecht (1999)Google Scholar
  21. 21.
    Leavens, G.T., Baker, A.L., Ruby, C.: Preliminary design of JML:A behavioral interface specification language for Java. Technical Report 98-06v, Iowa State University, Department of Computer Science (May 2003), See http://www.jmlspecs.org
  22. 22.
    Leavens, G.T., Dhara, K.K.: Concepts of behavioral subtyping and a sketch of their extension to component-based systems. In: Leavens, G.T., Sitaraman, M. (eds.) Foundations of Component-Based Systems, Cambridge University Press, Cambridge (2000)Google Scholar
  23. 23.
    Rustan, K., Leino, M.: Toward Reliable Modular Programs. PhD thesis, California Institute of Technology (1995)Google Scholar
  24. 24.
    Rustan, K., Leino, M., Nelson, G.: Data abstraction and information hiding. ACM Transactions on Programming Languages and Systems 24(5), 491–553 (2002)CrossRefGoogle Scholar
  25. 25.
    Rustan, K., Leino, M., Nelson, G., Saxe, J.B.: ESC/Java user’s manual. Technical Note 2000-002, Compaq Systems Research Center (October 2000)Google Scholar
  26. 26.
    Liskov, B., Guttag, J.: Abstraction and Specification in Program Development. Electrical Engineering and Computer Science Series. MIT Press. MIT Press, Cambridge (1986)MATHGoogle Scholar
  27. 27.
    Liskov, B., Wing, J.M.: A behavioral notion of subtyping. ACM Transactions on Programming Languages and Systems 16(6) (1994)Google Scholar
  28. 28.
    Meyer, B.: Eiffel: The Language. Prentice-Hall, Englewood Cliffs (1992)MATHGoogle Scholar
  29. 29.
    Meyer, B.: Object-Oriented Software Construction, 2nd edn. Prentice Hall, Englewood Cliffs (1997)MATHGoogle Scholar
  30. 30.
    Müller, P.: Modular Specification and Verification of Object-Oriented Programs. LNCS, vol. 2262. Springer, Heidelberg (2002); PhD thesis, FernUniversität HagenMATHCrossRefGoogle Scholar
  31. 31.
    Müller, P., Poetzsch-Heffter, A.: Universes: A type system for alias and dependency control. Technical Report 279, FernUniversität Hagen (2001)Google Scholar
  32. 32.
    Müller, P., Poetzsch-Heffter, A., Leavens, G.T.: Modular invariants for layered object structures. Technical Report 424, Department of Computer Science, ETH Zurich (2003)Google Scholar
  33. 33.
    Müller, P., Poetzsch-Heffter, A., Leavens, G.T.: Modular specification of frame properties in JML. Concurrency and Computation: Practice and Experience 15, 117–154 (2003)MATHCrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • K. Rustan M. Leino
    • 1
  • Peter Müller
    • 2
  1. 1.Microsoft ResearchRedmondUSA
  2. 2.ETH ZurichSwitzerland

Personalised recommendations