Verifying Multi-object Invariants with Relationships

  • Stephanie Balzer
  • Thomas R. Gross
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6813)

Abstract

Relationships capture the interplay between classes in object-oriented programs, and various extensions of object-oriented programming languages allow the programmer to explicitly express relationships. This paper discusses how relationships facilitate the verification of multi-object invariants. We develop a visible states verification technique for Rumer, a relationship-based programming language, and demonstrate our technique on the Composite pattern. The verification technique leverages the “Matryoshka Principle” embodied in the Rumer language: relationships impose a stratification of classes and relationships (with corresponding restrictions on writes to fields, the expression of invariants, and method invocations). The Matryoshka Principle guarantees the absence of transitive call-backs and restores a visible states semantics for multi-object invariants. As a consequence, the modular verification of multi-object invariants is possible.

Keywords

Posite Tate Encapsulation Ghost Dispatch 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Hoare, C.: Proof of correctness of data representations. Acta Inf. 1(4), 271–281 (1972)CrossRefMATHGoogle Scholar
  2. 2.
    Meyer, B.: Object-Oriented Software Construction. Prentice-Hall, Englewood Cliffs (1997)MATHGoogle Scholar
  3. 3.
    Barnett, M., Leino, K.R.M., Schulte, W.: The spec# programming system: An overview. In: Barthe, G., Burdy, L., Huisman, M., Lanet, J.-L., Muntean, T. (eds.) CASSIS 2004. LNCS, vol. 3362, pp. 49–69. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Leavens, G.T., Baker, A.L., Ruby, C.: Preliminary design of JML: A behavioral interface specification language for Java. Technical Report 98-06-rev29, Iowa State University (2006)Google Scholar
  5. 5.
    Müller, P.: Modular Specification and Verification of Object-Oriented Programs. LNCS, vol. 2262. Springer, Heidelberg (2002)MATHGoogle Scholar
  6. 6.
    Barnett, M., DeLine, R., Fähndrich, M., Leino, K.R.M., Schulte, W.: Verification of object-oriented programs with invariants. Leino, K 3(6), 27–56 (2004)Google Scholar
  7. 7.
    Leino, K.R.M., Müller, P.: Object invariants in dynamic contexts. In: Odersky, M. (ed.) ECOOP 2004. LNCS, vol. 3086, pp. 491–515. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  8. 8.
    Barnett, M., Naumann, J.D.A.: Friends need a bit more: Maintaining invariants over shared state. In: Kozen, D. (ed.) MPC 2004. LNCS, vol. 3125, pp. 54–84. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  9. 9.
    Müller, P., Poetzsch-Heffter, A., Leavens, G.T.: Modular invariants for layered object structures. Sci. Comput. Program 62(3), 253–286 (2006)CrossRefMATHMathSciNetGoogle Scholar
  10. 10.
    Leino, K.R.M., Schulte, W.: Using history invariants to verify observers. In: De Nicola, R. (ed.) ESOP 2007. LNCS, vol. 4421, pp. 80–94. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  11. 11.
    Middelkoop, R., Huizing, C., Kuiper, R., Luit, E.J.: Invariants for non-hierarchical object structures. Electr. Notes Theor. Comput. Sci. 195, 211–229 (2008)CrossRefMATHGoogle Scholar
  12. 12.
    Summers, A.J., Drossopoulou, S.: Considerate Reasoning and the Composite Design Pattern. In: Barthe, G., Hermenegildo, M. (eds.) VMCAI 2010. LNCS, vol. 5944, pp. 328–344. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  13. 13.
    Spitzen, J.M., Wegbreit, B.: The verification and synthesis of data structures. Acta Inf. 4(2), 27–144 (1975)CrossRefMATHGoogle Scholar
  14. 14.
    Guttag, J.V.: Notes on type abstraction (version 2). IEEE Trans. Software Eng. 6(1), 13–23 (1980)CrossRefGoogle Scholar
  15. 15.
    Parkinson, M.J.: Class invariants: The end of the road? In: IWACO (2007)Google Scholar
  16. 16.
    Rumbaugh, J.: Relations as semantic constructs in an object-oriented language. In: OOPSLA, vol. 481, pp. 466–481. ACM, New York (1987)Google Scholar
  17. 17.
    Albano, A., Ghelli, G., Orsini, R.: A relationship mechanism for a strongly typed object-oriented database programming language. In: VLDB, pp. 565–575. Morgan Kaufmann, San Francisco (1991)Google Scholar
  18. 18.
    Bierman, G., Wren, A.: First-class relationships in an object-oriented language. In: Black, A.P. (ed.) ECOOP 2005. LNCS, vol. 3586, pp. 262–286. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  19. 19.
    Pearce, D.J., Noble, J.: Relationship aspects. In: AOSD, pp. 75–86. ACM, New York (2006)CrossRefGoogle Scholar
  20. 20.
    Balzer, S., Gross, T.R., Eugster, P.T.: A relational model of object collaborations and its use in reasoning about relationships. In: Ernst, E. (ed.) ECOOP 2007. LNCS, vol. 4609, pp. 323–346. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  21. 21.
    Wren, A.: Relationships for Object-oriented Programming Languages. PhD thesis, University of Cambridge (November 2007)Google Scholar
  22. 22.
    Østerbye, K.: Design of a class library for association relationships. In: LCSD (2007)Google Scholar
  23. 23.
    Bodden, E., Shaikh, R., Hendren, L.: Relational aspects as tracematches. In: AOSD, pp. 84–95. ACM, New York (2008)CrossRefGoogle Scholar
  24. 24.
    Nelson, S., Pearce, D.J., Noble, J.: First class relationships for OO languages. In: MPOOL (2008)Google Scholar
  25. 25.
    Balzer, S., Gross, T.R.: Modular reasoning about invariants over shared state with interposed data members. In: PLPV, pp. 49–56. ACM, New York (2010)Google Scholar
  26. 26.
    Leavens, G.T., Leino, K.R.M., Müller, P.: Specification and verification challenges for sequential object-oriented programs. Formal Asp. Comput. 19(2), 159–189 (2007)CrossRefMATHGoogle Scholar
  27. 27.
    Gamma, E., Helm, R., Johnson, R., Vlissides, J.: Design Patterns: Elements of Reusable Object-Oriented Software. Addison-Wesley, Reading (1995)MATHGoogle Scholar
  28. 28.
    Bierhoff, K., Aldrich, J.: Permissions to specify the Composite design patterns. In: SAVCBS, pp. 89–94 (2008)Google Scholar
  29. 29.
    Jacobs, B., Smans, J., Piessens, F.: Verifying the Composite pattern using separation logic. In: SAVCBS, pp. 83–88 (2008)Google Scholar
  30. 30.
    Noble, J., Vitek, J., Potter, J.: Flexible alias protection. In: Jul, E. (ed.) ECOOP 1998. LNCS, vol. 1445, pp. 158–185. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  31. 31.
    Clarke, D.G., Potter, J.M., Noble, J.: Ownership types for exible alias protection. In: OOPSLA, pp. 48–64. ACM, New York (1998)Google Scholar
  32. 32.
    Dietl, W.: Universe Types Topology, Encapsulation, Genericity, and Tools. PhD thesis, ETH Zurich, 18522 (2009)Google Scholar
  33. 33.
    Bierman, G.M., Meijer, E., Torgersen, M.: Lost in translation: Formalizing proposed extensions to C#. In: OOPSLA, pp. 479–498. ACM, New York (2007)Google Scholar
  34. 34.
    Drossopoulou, S., Francalanza, A., Müller, P., Summers, A.: A Unified Framework for Verification Techniques for Object Invariants. In: Vitek, J. (ed.) ECOOP 2008. LNCS, vol. 5142, pp. 412–437. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  35. 35.
    Balzer, S.: A relationship-based programming language and its value for program verification. Technical report, ETH Zurich (2011)Google Scholar
  36. 36.
    Summers, A.J., Drossopoulou, S., Müller, P.: Universe-type-based verification techniques for mutable static fields and methods. JOT 8(4), 85–125 (2009)CrossRefGoogle Scholar
  37. 37.
    Parkinson, M.J.: Local Reasoning for Java. PhD thesis, University of Cambridge (2005)Google Scholar
  38. 38.
    Parkinson, M.J., Bierman, G.M.: Separation logic and abstraction. In: POPL, pp. 247–258. ACM, New York (2005)Google Scholar
  39. 39.
    O’Hearn, P.W., Reynolds, J.C., Yang, H.: Local reasoning about programs that alter data structures. In: Fribourg, L. (ed.) CSL 2001 and EACSL 2001. LNCS, vol. 2142, pp. 1–19. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  40. 40.
    Kassios, I.T.: Dynamic frames: Support for framing, dependencies and sharing without restrictions. In: Misra, J., Nipkow, T., Karakostas, G. (eds.) FM 2006. LNCS, vol. 4085, pp. 268–283. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  41. 41.
    Banerjee, A., Naumann, D.A., Rosenberg, S.: Regional logic for local reasoning about global invariants. In: Vitek, J. (ed.) ECOOP 2008. LNCS, vol. 5142, pp. 387–411. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  42. 42.
    Smans, J., Jacobs, B., Piessens, F.: Implicit dynamic frames: Combining dynamic frames and separation logic. In: Drossopoulou, S. (ed.) ECOOP 2009. LNCS, vol. 5653, pp. 148–172. Springer, Heidelberg (2009)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Stephanie Balzer
    • 1
  • Thomas R. Gross
    • 1
  1. 1.ETH ZurichSwitzerland

Personalised recommendations