Cooperative Permissions for Reasoning About Aliased Objects

Maintaining object invariants is notoriously difficult when objects involved in invariants are aliased. Existing approaches achieve soundness in reasoning about object invariants by imposing structural constraints on object graphs, excluding many useful programs from being verified. This paper proposes a novel abstraction, cooperative permissions, for sound reasoning about aliased objects. Cooperative permissions describe not only what aliases are allowed to do, but also restrict possible effects to the referenced object through other aliases. Therefore, cooperative permissions are a local approach to keeping assumptions that aliases make about the referenced object globally consistent, allowing sound modular reasoning without imposing structural constraints. The paper illustrates with examples how cooperative permissions can be used to specify object behavior and gives an intuition of how such specifications could be verified.

[1]  Peter Müller,et al.  Universes: Lightweight Ownership for JML , 2005, J. Object Technol..

[2]  Albert L. Baker,et al.  JML: A Notation for Detailed Design , 1999, Behavioral Specifications of Businesses and Systems.

[3]  Michael Barnett,et al.  Friends Need a Bit More: Maintaining Invariants Over Shared State , 2004, MPC.

[4]  Jonathan Aldrich,et al.  Modular typestate checking of aliased objects , 2007, OOPSLA.

[5]  K. Rustan M. Leino,et al.  Using History Invariants to Verify Observers , 2007, ESOP.

[6]  K. Rustan M. Leino,et al.  Verification of Object-Oriented Programs with Invariants , 2003, J. Object Technol..

[7]  Eran Yahav,et al.  Effective typestate verification in the presence of aliasing , 2006, TSEM.

[8]  Kevin Bierhoff Iterator specification with typestates , 2006, SAVCBS '06.

[9]  Shengchao Qin,et al.  Verifying safety policies with size properties and alias controls , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..

[10]  John Tang Boyland,et al.  Connecting effects and uniqueness with adoption , 2005, POPL '05.

[11]  Craig Chambers,et al.  Alias annotations for program understanding , 2002, OOPSLA '02.

[12]  Sriram K. Rajamani,et al.  Automatically validating temporal safety properties of interfaces , 2001, SPIN '01.

[13]  Philip Wadler,et al.  Linear Types can Change the World! , 1990, Programming Concepts and Methods.

[14]  K. Rustan M. Leino,et al.  Data groups: specifying the modification of extended state , 1998, OOPSLA '98.

[15]  David Walker,et al.  Alias Types , 2000, ESOP.

[16]  Greg Nelson,et al.  Extended static checking for Java , 2002, PLDI '02.

[17]  Ralph Johnson,et al.  design patterns elements of reusable object oriented software , 2019 .

[18]  Robert DeLine,et al.  Enforcing high-level protocols in low-level software , 2001, PLDI '01.

[19]  John Tang Boyland,et al.  Checking Interference with Fractional Permissions , 2003, SAS.