Towards imperative modules: Reasoning about invariants and sharing of mutable state

Imperative and object-oriented programs make ubiquitous use of shared mutable objects. Updating a shared object can and often does transgress a boundary that was supposed to be established using static constructs such as a class with private fields. This paper shows how auxiliary fields can be used to express two state-dependent encapsulation disciplines: ownership, a kind of separation, and friendship, a kind of sharing. A methodology is given for specification and modular verification of encapsulated object invariants and shown sound for a class-based language. As an example the methodology is used to specify iterators, which are problematic for previous ownership systems.

[1]  Liuba Shrira,et al.  Ownership types for object encapsulation , 2003, POPL '03.

[2]  Jean-Louis Lanet,et al.  Construction and Analysis of Safe, Secure, and Interoperable Smart Devices: International Workshop, CASSIS 2004, Marseille, France, March 10-14, 2004, ... Papers (Lecture Notes in Computer Science) , 2005 .

[3]  David A. Naumann Verifying a Secure Information Flow Analyzer , 2005, TPHOLs.

[4]  Albert R. Meyer,et al.  Towards fully abstract semantics for local variables , 1988, POPL '88.

[5]  Anindya Banerjee,et al.  State Based Ownership, Reentrance, and Encapsulation , 2005, ECOOP.

[6]  Gary T. Leavens,et al.  How the design of JML accommodates both runtime assertion checking and formal verification , 2003, Sci. Comput. Program..

[7]  K. Rustan M. Leino,et al.  Modular Verification of Static Class Invariants , 2005, FM.

[8]  David A. Naumann,et al.  On assertion-based encapsulation for object invariants and simulations , 2004, Formal Aspects of Computing.

[9]  Karl Crary,et al.  From system F to typed assembly language , 1999 .

[10]  Craig Chambers,et al.  Ownership Domains: Separating Aliasing Policy from Mechanism , 2004, ECOOP.

[11]  Anindya Banerjee,et al.  Representation independence, confinement and access control [extended abstract] , 2002, POPL '02.

[12]  Frank S. de Boer,et al.  A WP-calculus for OO , 1999, FoSSaCS.

[13]  Peter W. O'Hearn,et al.  Separation and information hiding , 2004, POPL.

[14]  Scott F. Smith,et al.  Static use-based object confinement , 2005, International Journal of Information Security.

[15]  Hongseok Yang,et al.  Semantics of Separation-Logic Typing and Higher-Order Frame Rules , 2005, LICS.

[16]  K. Rustan M. Leino,et al.  Verification of Object-Oriented Programs with Invariants , 2003, J. Object Technol..

[17]  Mike Barnett,et al.  Towards imperative modules: reasoning about invariants and sharing of mutable state , 2004, LICS 2004.

[18]  Peter Müller,et al.  Modular Specification and Verification of Object-Oriented Programs , 2002, Lecture Notes in Computer Science.

[19]  C. Pierik,et al.  Validation techniques for object-oriented proof outlines , 2006 .

[20]  Matthew J. Parkinson,et al.  Local reasoning for Java , 2005 .

[21]  Peter W. O'Hearn,et al.  Algol-Like Languages: v. 2 , 1996 .

[22]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[23]  Michael Barnett,et al.  Friends Need a Bit More: Maintaining Invariants Over Shared State , 2004, MPC.

[24]  Gavin M. Bierman,et al.  Separation logic and abstraction , 2005, POPL '05.

[25]  Andrew W. Appel,et al.  Foundational proof-carrying code , 2001, Proceedings 16th Annual IEEE Symposium on Logic in Computer Science.

[26]  簡聰富,et al.  物件導向軟體之架構(Object-Oriented Software Construction)探討 , 1989 .

[27]  David A. Naumann,et al.  Soundness of data refinement for a higher-order imperative language , 2002, Theor. Comput. Sci..

[28]  John C. Mitchell,et al.  Abstract types have existential type , 1988, TOPL.

[29]  Anindya Banerjee,et al.  Ownership confinement ensures representation independence for object-oriented programs , 2002, JACM.

[30]  Frank S. de Boer,et al.  A proof outline logic for object-oriented programming , 2005, Theor. Comput. Sci..

[31]  K. Rustan M. Leino,et al.  Object Invariants in Dynamic Contexts , 2004, ECOOP.

[32]  Ralph Johnson,et al.  design patterns elements of reusable object oriented software , 2019 .

[33]  James Noble,et al.  Simple Ownership Types for Object Containment , 2001, ECOOP.

[34]  K. Rustan M. Leino,et al.  The Spec# Programming System: An Overview , 2004, CASSIS.

[35]  David Gerard Clarke,et al.  Object ownership and containment , 2003 .

[36]  Frank S. de Boer,et al.  Controlling Object Allocation Using Creation Guards , 2005, FM.

[37]  Frank S. de Boer,et al.  Computer-aided Specification and Verification of Annotated Object-Oriented Programs , 2002, FMOODS.

[38]  Anish Arora,et al.  Book Review: Verification of Sequential and Concurrent Programs by Krzysztof R. Apt and Ernst-Riidiger Olderog (Springer-Verlag New York, 1997) , 1998, SIGA.

[39]  Lars Birkedal,et al.  BI-hyperdoctrines, higher-order separation logic, and abstraction , 2007, TOPL.

[40]  Barbara Liskov,et al.  Abstraction and Specification in Program Development , 1986 .

[41]  Frank Piessens,et al.  Safe concurrency for aggregate objects with invariants , 2005, Third IEEE International Conference on Software Engineering and Formal Methods (SEFM'05).

[42]  Anindya Banerjee,et al.  Stack-based access control and secure information flow , 2005, J. Funct. Program..

[43]  Bernhard Reus,et al.  Modular Semantics and Logics of Classes , 2003, CSL.

[44]  Bart Jacobs,et al.  Java Program Verification Challenges , 2002, FMCO.

[45]  Robert DeLine,et al.  Enforcing high-level protocols in low-level software , 2001, PLDI '01.

[46]  Martin C. Rinard,et al.  ACM Conference on Object-Oriented Programming, Systems, Languages and Applications (OOPSLA), November 2002 Ownership Types for Safe Programming: Preventing Data Races and Deadlocks , 2022 .

[47]  K. Rustan M. Leino,et al.  Data abstraction and information hiding , 2002, TOPL.