ABSTRACT
In this paper, we consider object protocols that constrain interactions between objects in a program. Several such protocols have been proposed in the literature. For many APIs (such as JDOM, JDBC), API designers constrain how API clients interact with API objects. In practice, API clients violate such constraints, as evidenced by postings in discussion forums for these APIs. Thus, it is important that API designers specify constraints using appropriate object protocols and enforce them. The goal of an object protocol is expressed as a protocol invariant. Fundamental properties such as ownership can be expressed as protocol invariants. We present a language, PROLANG, to specify object protocols along with their protocol invariants, and a tool, INVCOP++, to check if a program satisfies a protocol invariant. INVCOP++ separates the problem of checking if a protocol satisfies its protocol invariant (called protocol correctness), from the problem of checking if a program conforms to a protocol (called program conformance). The former is solved using static analysis, and the latter using runtime analysis. Due to this separation (1) errors made in protocol design are detected at a higher level of abstraction, independent of the program's source code, and (2) performance of conformance checking is improved as protocol correctness has been verified statically. We present theoretical guarantees about the way we combine static and runtime analysis, and empirical evidence that our tool INVCOP++ finds usage errors in widely used APIs. We also show that statically checking protocol correctness greatly optimizes the overhead of checking program conformance, thus enabling API clients to test whether their programs use the API as intended by the API designer.
- AspectJ -- http://www.eclipse.org/aspectj/.Google Scholar
- T. Ball and S. K. Rajamani. The SLAM project: Debugging system software via static analysis. In POPL 02: Principles of Programming Languages, pages 1--3. ACM, January 2002. Google ScholarDigital Library
- M. Barnett, R. DeLine, M. Fähndrich, K. R. M. Leino, and W. Schulte. Verification of object-oriented programs with invariants. JOT, 3(6):27--56, 2004.Google ScholarCross Ref
- M. Barnett, K. R. M. Leino, and W. Schulte. The Spec# programming system: An overview. In CASSIS 04: Construction and Analysis of Safe, Secure and Interoperable Smart devices, LNCS 3362. Springer Verlag, 2004. Google ScholarDigital Library
- M. Barnett and D. A. Naumann. Friends need a bit more: Maintaining invariants over shared state. In MPC, pages 54--84. Springer-Verlag, 2004.Google Scholar
- C. Boyapati, B. Liskov, and L. Shrira. Ownership types for object encapsulation. In POPL, pages 213--223. ACM, 2003. Google ScholarDigital Library
- F. Chen and G. Rosu. Mop: an efficient and generic runtime verification framework. In OOPSLA, pages 569--588, 2007. Google ScholarDigital Library
- B. Chin, S. Markstrum, and T. Millstein. Semantic type qualifiers. In PLDI 05: Programming Language Design and Implementation, pages 85--95. ACM, 2005. Google ScholarDigital Library
- D. G. Clarke, J. Potter, and J. Noble. Ownership types for flexible alias protection. In OOPSLA, pages 48--64, 1998. Google ScholarDigital Library
- http://www.servlets.com/archive/servlet/ReadMsg?msgId=539019&listName=jdom-interest.Google Scholar
- http://bugs.mysql.com/bug.php?id=2054.Google Scholar
- T. H. Cormen, C. E. Leiserson, and R. L. Rivest. Introduction to Algorithms. The MIT Press, 1992. Google ScholarDigital Library
- R. DeLine and M. Fähndrich. Enforcing high-level protocols in low-level software. In PLDI 01: Programming Language Design and Implementation. ACM, 2001. Google ScholarDigital Library
- D. Detlefs, G. Nelson, and J. B. Saxe. Simplify: a theorem prover for program checking. J. ACM, 52(3):365--473, 2005. Google ScholarDigital Library
- S. Fink, E. Yahav, N. Dor, G. Ramalingam, and E. Geay. Effective typestate verification in the presence of aliasing. In ISSTA 06: Software Testing and Analysis. ACM, 2006. Google ScholarDigital Library
- J. S. Foster, T. Terauchi, and A. Aiken. Flow-sensitive type qualifiers. In PLDI 02: Programming Language Design and Implementation, pages 1--12. ACM, 2002. Google ScholarDigital Library
- M. Fowler. Analysis Patterns: Reusable Object Models. Addison-Wesley, 1997. Google ScholarDigital Library
- M. Gopinathan and S. Rajamani. Runtime monitoring of object invariants with guarantee. In RV '08: Runtime Verification, LNCS 5289. Springer, 2008. Google ScholarDigital Library
- R. Helm, I. M. Holland, and D. Gangopadhyay. Contracts: Specifying behavioural compositions in object-oriented systems. In OOPSLA/ECOOP, pages 169--180, 1990. Google ScholarDigital Library
- C. Jaspan and J. Aldrich. Checking framework plugins. In OOPSLA Companion, pages 795--796, 2007. Google ScholarDigital Library
- http://archives.postgresql.org/pgsql-jdbc/2003--10/msg00062.php.Google Scholar
- http://java.sun.com/products/jdbc/download.html#corespec40.Google Scholar
- JDOM -- http://www.jdom.org.Google Scholar
- JDOM FAQ -- http://www.jdom.org/docs/faq.html#a0390.Google Scholar
- G. Kiczales, J. Lamping, A. Mendhekar, C. Maeda, C. V. Lopes, J.-M. Loingtier, and J. Irwin. Aspect-oriented programming. In ECOOP, pages 220--242, 1997.Google ScholarCross Ref
- G. Leavens and Y. Cheon. Design by contract with jml, 2003.Google Scholar
- http://people.csa.iisc.ernet.in/gmadhu/oopsla.Google Scholar
- MySQL -- http://www.mysql.com.Google Scholar
- http://java.sun.com/javase/6/docs/platform/serialization/spec/security.html#4271.Google Scholar
- R. E. Strom and S. Yemini. Typestate: A programming language concept for enhancing software reliability. IEEE Trans. Softw. Eng., 12(1):157--171, 1986. Google ScholarDigital Library
Index Terms
- Enforcing object protocols by combining static and runtime analysis
Recommendations
Enforcing object protocols by combining static and runtime analysis
In this paper, we consider object protocols that constrain interactions between objects in a program. Several such protocols have been proposed in the literature. For many APIs (such as JDOM, JDBC), API designers constrain how API clients interact with ...
Logical analysis of programs
Most present systems for verification of computer programs are incomplete in that intermediate inductive assertions must be provided manually by the user, termination is not proven, and incorrect programs are not treated. As a unified solution to these ...
Verifying data- and control-oriented properties combining static and runtime verification: theory and tools
Static verification techniques are used to analyse and prove properties about programs before they are executed. Many of these techniques work directly on the source code and are used to verify data-oriented properties over all possible executions. The ...
Comments