Object Invariants in Dynamic Contexts

Object invariants describe the consistency of object-oriented data structures and are central to reasoning about the correctness of object-oriented software. Yet, reasoning about object invariants in the presence of object references, methods, and subclassing is difficult. This paper describes a methodology for specifying and verifying object-oriented programs, using object invariants to specify the consistency of data and using ownership to organize objects into contexts. The novelty is that contexts can be dynamic: there is no bound on the number of objects in a context and objects can be transferred between contexts. The invariant of an object is allowed to depend on the fields of the object, on the fields of all objects in transitively-owned contexts, and on fields of objects reachable via given sequences of fields. With these invariants, one can describe a large variety of properties, including properties of cyclic data structures. Object invariants can be declared in or near the classes whose fields they depend on, not necessarily in the class of an owning object. The methodology is designed to allow modular reasoning, even in the presence of subclasses, and is proved sound.

[1]  Peter Müller,et al.  Modular Specification and Verification of Object-Oriented Programs , 2002, Lecture Notes in Computer Science.

[2]  Gary T. Leavens,et al.  Modular specification of frame properties in JML , 2003, Concurr. Comput. Pract. Exp..

[3]  簡聰富,et al.  物件導向軟體之架構(Object-Oriented Software Construction)探討 , 1989 .

[4]  Albert L. Baker,et al.  JML: A Notation for Detailed Design , 1999, Behavioral Specifications of Businesses and Systems.

[5]  Audris Mockus,et al.  Does Code Decay? Assessing the Evidence from Change Management Data , 2001, IEEE Trans. Software Eng..

[6]  K. Rustan M. Leino,et al.  ESC/Java User's Manual , 2000 .

[7]  K. Rustan M. Leino,et al.  Verification of Object-Oriented Programs with Invariants , 2003, J. Object Technol..

[8]  Mark Lillibridge,et al.  Extended static checking for Java , 2002, PLDI '02.

[9]  Gary T. Leavens,et al.  Concepts of behavioral subtyping and a sketch of their extension to component-based systems , 2000 .

[10]  Jeannette M. Wing,et al.  A behavioral notion of subtyping , 1994, TOPL.

[11]  Liuba Shrira,et al.  Ownership types for object encapsulation , 2003, POPL '03.

[12]  Bertrand Meyer,et al.  Object-Oriented Software Construction, 2nd Edition , 1997 .

[13]  Gary T. Leavens,et al.  Modular invariants for layered object structures , 2005 .

[14]  Ruurd Kuiper,et al.  Verification of Object Oriented Programs Using Class Invariants , 2000, FASE.

[15]  Greg Nelson,et al.  Wrestling with rep exposure , 1998 .

[16]  V. Stavridou,et al.  Abstraction and specification in program development , 1988 .

[17]  Anindya Banerjee,et al.  Ownership confinement ensures representation independence for object-oriented programs , 2002, JACM.

[18]  Michael Barnett,et al.  Friends Need a Bit More: Maintaining Invariants Over Shared State , 2004, MPC.

[19]  Martin C. Rinard,et al.  ACM Conference on Object-Oriented Programming, Systems, Languages and Applications (OOPSLA), November 2002 Ownership Types for Safe Programming: Preventing Data Races and Deadlocks , 2022 .

[20]  Robert DeLine,et al.  Adoption and focus: practical linear types for imperative programming , 2002, PLDI '02.

[21]  Sophia Drossopoulou,et al.  Ownership, encapsulation and the disjointness of type and effect , 2002, OOPSLA '02.

[22]  Albert L. Baker,et al.  Preliminary design of JML: a behavioral interface specification language for java , 2006, SOEN.

[23]  Gary T. Leavens Modular specification and verification of object-oriented programs , 1991, IEEE Software.

[24]  Krishna Kishore Dhara,et al.  Behavioral subtyping in object-oriented languages , 1997 .

[25]  K. Rustan M. Leino,et al.  Data abstraction and information hiding , 2002, TOPL.

[26]  Stephen J. Garland,et al.  Larch: Languages and Tools for Formal Specification , 1993, Texts and Monographs in Computer Science.

[27]  David Gerard Clarke,et al.  Object ownership and containment , 2003 .

[28]  Dave Clarke,et al.  External Uniqueness Is Unique Enough , 2003, ECOOP.

[29]  Jan Vitek,et al.  Confined types , 1999, OOPSLA '99.

[30]  K. Rustan M. Leino,et al.  Extended static checking , 1998, PROCOMET.

[31]  Bertrand Meyer,et al.  Eiffel: The Language , 1991 .

[32]  K. R Leino,et al.  Towards Reliable Modular Programs , 1995 .

[33]  Gary T. Leavens,et al.  Modular invariants for layered object structures , 2006, Sci. Comput. Program..

[34]  James Noble,et al.  Ownership types for flexible alias protection , 1998, OOPSLA '98.

[35]  William G. Griswold,et al.  Dynamically discovering likely program invariants to support program evolution , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).