Using History Invariants to Verify Observers

  • K. Rustan M. Leino
  • Wolfram Schulte
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4421)


This paper contributes a technique that expands the set of object invariants that one can reason about in modular verification. The technique uses history invariants, two-state invariants that describe the evolution of data values. The technique enables a flexible new way to specify and verify variations of the observer pattern, including iterators. The paper details history invariants and the new kind of object invariants, and proves a soundness theorem.


Visible State Representation Object Proof Obligation Java Modeling Language Separation Logic 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Abrams, B.: NET Framework Standard Library Annotated Reference, vol. 1. Addison-Wesley Longman, Amsterdam (2004)Google Scholar
  2. 2.
    Barnett, M., et al.: Verification of object-oriented programs with invariants. JOT 3(6), 27–56 (2004)Google Scholar
  3. 3.
    Barnett, M., et al.: Boogie: A modular reusable verifier for object-oriented programs. In: de Boer, F.S., et al. (eds.) FMCO 2005. LNCS, vol. 4111, pp. 364–387. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  4. 4.
    Barnett, M., Leino, K.R.M., Schulte, W.: The Spec# programming system: An overview. In: Barthe, G., et al. (eds.) CASSIS 2004. LNCS, vol. 3362, pp. 49–69. Springer, Heidelberg (2005)Google Scholar
  5. 5.
    Barnett, M., Naumann, D.A.: Friends need a bit more: Maintaining invariants over shared state. In: Kozen, D. (ed.) MPC 2004. LNCS, vol. 3125, pp. 54–84. Springer, Heidelberg (2004)Google Scholar
  6. 6.
    Boyapati, C., Lee, R., Rinard, M.C.: Ownership types for safe programming: Preventing data races and deadlocks. SIGPLAN Notices (OOPSLA 2002) 37(11), 211–230 (2002)CrossRefGoogle Scholar
  7. 7.
    Clarke, D.G., Drossopoulou, S.: Ownership, encapsulation and the disjointness of type and effect. SIGPLAN Notices (OOPSLA 2002) 37(11), 292–310 (2002)CrossRefGoogle Scholar
  8. 8.
    Clarke, D.G., Potter, J.M., Noble, J.: Ownership types for flexible alias protection. SIGPLAN Notices (OOPSLA ’98) 33(10), 48–64 (1998)CrossRefGoogle Scholar
  9. 9.
    Detlefs, D., Nelson, G., Saxe, J.B.: Simplify: A theorem prover for program checking. Technical Report HPL-2003-148, HP Labs (July 2003)Google Scholar
  10. 10.
    Dietl, W., Drossopoulou, S., Müller, P.: Generic universe types. In: FOOL/WOOD ’07, ACM SIGPLAN (January 2007)Google Scholar
  11. 11.
    Fähndrich, M., Leino, K.R.M.: Heap monotonic typestates. In: Proceedings of International Workshop on Aliasing, Confinement and Ownership in object-oriented programming (IWACO) (July 2003)Google Scholar
  12. 12.
    Flanagan, C., Saxe, J.B.: Avoiding exponential explosion: Generating compact verification conditions. In: POPL 2001, January 2001, pp. 193–205. ACM Press, New York (2001)CrossRefGoogle Scholar
  13. 13.
    Gamma, E., et al.: Design Patterns. Addison-Wesley Professional, Reading (Jan. 1995)Google Scholar
  14. 14.
    Gosling, J., Joy, B., Steele, G.: The JavaTM Language Specification. Addison-Wesley, Reading (1996)zbMATHGoogle Scholar
  15. 15.
    Jacobs, B., Piessens, F.: Verification of programs with inspector methods. In: FTfJP 2006 (July 2006)Google Scholar
  16. 16.
    Jones, C.B.: Development methods for computer programs including a notion of interference. Technical report, Oxford University, PhD thesis (1981)Google Scholar
  17. 17.
    Kassios, I.T.: Dynamic frames: Support for framing, dependencies and sharing without restrictions. In: Misra, J., Nipkow, T., Sekerinski, E. (eds.) FM 2006. LNCS, vol. 4085, pp. 268–283. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  18. 18.
    Leavens, G.T., Baker, A.L., Ruby, C.: JML: A notation for detailed design. In: Behavioral Specifications of Businesses and Systems, pp. 175–188. Kluwer Academic Publishers, Dordrecht (1999)Google Scholar
  19. 19.
    Leino, K.R.M., Müller, P.: Object Invariants in Dynamic Contexts. In: Odersky, M. (ed.) ECOOP 2004. LNCS, vol. 3086, pp. 491–515. Springer, Heidelberg (2004)Google Scholar
  20. 20.
    Leino, K.R.M., Müller, P.: Modular verification of static class invariants. In: Fitzgerald, J.S., Hayes, I.J., Tarlecki, A. (eds.) FM 2005. LNCS, vol. 3582, pp. 26–42. Springer, Heidelberg (2005)Google Scholar
  21. 21.
    Lev-Ami, T., Sagiv, S.: TVLA: A system for implementing static analyses. In: Palsberg, J. (ed.) SAS 2000. LNCS, vol. 1824, pp. 280–301. Springer, Heidelberg (2000)Google Scholar
  22. 22.
    Liskov, B.H., Wing, J.M.: A behavioral notion of subtyping. ACM Transactions on Programming Languages and Systems 16(6), 1811–1841 (1994)CrossRefGoogle Scholar
  23. 23.
    Luckham, D.C., et al.: Stanford Pascal Verifier user manual. Technical Report STAN-CS-79-731, Stanford University (1979)Google Scholar
  24. 24.
    Middelkoop, R., et al.: Invariants for non-hierarchical object structures. In: Brazilian Symposium on Formal Methods, SBMF 2006, September 2006, pp. 233–248. SBC (2006)Google Scholar
  25. 25.
    Müller, P.: Modular Specification and Verification of Object-Oriented Programs. LNCS, vol. 2262. Springer, Heidelberg (2002)zbMATHGoogle Scholar
  26. 26.
    Müller, P., Poetzsch-Heffter, A., Leavens, G.T.: Modular invariants for layered object structures. Science of Computer Programming, To appear (2006)Google Scholar
  27. 27.
    Parkinson, M.J., Bierman, G.M.: Separation logic and abstraction. In: POPL 2005, January 2005, pp. 247–258. ACM Press, New York (2005)CrossRefGoogle Scholar

Copyright information

© Springer Berlin Heidelberg 2007

Authors and Affiliations

  • K. Rustan M. Leino
    • 1
  • Wolfram Schulte
    • 1
  1. 1.Microsoft Research, Redmond, WAUSA

Personalised recommendations