Abstract
In this paper, we consider object protocols that constrain interactions between objects in a program. Several such protocols have been proposed in the literature. For many APIs (such as JDOM, JDBC), API designers constrain how API clients interact with API objects. In practice, API clients violate such constraints, as evidenced by postings in discussion forums for these APIs. Thus, it is important that API designers specify constraints using appropriate object protocols and enforce them. The goal of an object protocol is expressed as a protocol invariant. Fundamental properties such as ownership can be expressed as protocol invariants. We present a language, PROLANG, to specify object protocols along with their protocol invariants, and a tool, INVCOP++, to check if a program satisfies a protocol invariant. INVCOP++ separates the problem of checking if a protocol satisfies its protocol invariant (called protocol correctness), from the problem of checking if a program conforms to a protocol (called program conformance). The former is solved using static analysis, and the latter using runtime analysis. Due to this separation (1) errors made in protocol design are detected at a higher level of abstraction, independent of the program's source code, and (2) performance of conformance checking is improved as protocol correctness has been verified statically. We present theoretical guarantees about the way we combine static and runtime analysis, and empirical evidence that our tool INVCOP++ finds usage errors in widely used APIs. We also show that statically checking protocol correctness greatly optimizes the overhead of checking program conformance, thus enabling API clients to test whether their programs use the API as intended by the API designer.
- AspectJ -- http://www.eclipse.org/aspectj/.Google Scholar
- T. Ball and S. K. Rajamani. The SLAM project: Debugging system software via static analysis. In POPL 02: Principles of Programming Languages, pages 1--3. ACM, January 2002. Google Scholar
Digital Library
- M. Barnett, R. DeLine, M. Fähndrich, K. R. M. Leino, and W. Schulte. Verification of object-oriented programs with invariants. JOT, 3(6):27--56, 2004.Google Scholar
Cross Ref
- M. Barnett, K. R. M. Leino, and W. Schulte. The Spec# programming system: An overview. In CASSIS 04: Construction and Analysis of Safe, Secure and Interoperable Smart devices, LNCS 3362. Springer Verlag, 2004. Google Scholar
Digital Library
- M. Barnett and D. A. Naumann. Friends need a bit more: Maintaining invariants over shared state. In MPC, pages 54--84. Springer-Verlag, 2004.Google Scholar
- C. Boyapati, B. Liskov, and L. Shrira. Ownership types for object encapsulation. In POPL, pages 213--223. ACM, 2003. Google Scholar
Digital Library
- F. Chen and G. Rosu. Mop: an efficient and generic runtime verification framework. In OOPSLA, pages 569--588, 2007. Google Scholar
Digital Library
- B. Chin, S. Markstrum, and T. Millstein. Semantic type qualifiers. In PLDI 05: Programming Language Design and Implementation, pages 85--95. ACM, 2005. Google Scholar
Digital Library
- D. G. Clarke, J. Potter, and J. Noble. Ownership types for flexible alias protection. In OOPSLA, pages 48--64, 1998. Google Scholar
Digital Library
- http://www.servlets.com/archive/servlet/ReadMsg?msgId=539019&listName=jdom-interest.Google Scholar
- http://bugs.mysql.com/bug.php?id=2054.Google Scholar
- T. H. Cormen, C. E. Leiserson, and R. L. Rivest. Introduction to Algorithms. The MIT Press, 1992. Google Scholar
Digital Library
- R. DeLine and M. Fähndrich. Enforcing high-level protocols in low-level software. In PLDI 01: Programming Language Design and Implementation. ACM, 2001. Google Scholar
Digital Library
- D. Detlefs, G. Nelson, and J. B. Saxe. Simplify: a theorem prover for program checking. J. ACM, 52(3):365--473, 2005. Google Scholar
Digital Library
- S. Fink, E. Yahav, N. Dor, G. Ramalingam, and E. Geay. Effective typestate verification in the presence of aliasing. In ISSTA 06: Software Testing and Analysis. ACM, 2006. Google Scholar
Digital Library
- J. S. Foster, T. Terauchi, and A. Aiken. Flow-sensitive type qualifiers. In PLDI 02: Programming Language Design and Implementation, pages 1--12. ACM, 2002. Google Scholar
Digital Library
- M. Fowler. Analysis Patterns: Reusable Object Models. Addison-Wesley, 1997. Google Scholar
Digital Library
- M. Gopinathan and S. Rajamani. Runtime monitoring of object invariants with guarantee. In RV '08: Runtime Verification, LNCS 5289. Springer, 2008. Google Scholar
Digital Library
- R. Helm, I. M. Holland, and D. Gangopadhyay. Contracts: Specifying behavioural compositions in object-oriented systems. In OOPSLA/ECOOP, pages 169--180, 1990. Google Scholar
Digital Library
- C. Jaspan and J. Aldrich. Checking framework plugins. In OOPSLA Companion, pages 795--796, 2007. Google Scholar
Digital Library
- http://archives.postgresql.org/pgsql-jdbc/2003--10/msg00062.php.Google Scholar
- http://java.sun.com/products/jdbc/download.html#corespec40.Google Scholar
- JDOM -- http://www.jdom.org.Google Scholar
- JDOM FAQ -- http://www.jdom.org/docs/faq.html#a0390.Google Scholar
- G. Kiczales, J. Lamping, A. Mendhekar, C. Maeda, C. V. Lopes, J.-M. Loingtier, and J. Irwin. Aspect-oriented programming. In ECOOP, pages 220--242, 1997.Google Scholar
Cross Ref
- G. Leavens and Y. Cheon. Design by contract with jml, 2003.Google Scholar
- http://people.csa.iisc.ernet.in/gmadhu/oopsla.Google Scholar
- MySQL -- http://www.mysql.com.Google Scholar
- http://java.sun.com/javase/6/docs/platform/serialization/spec/security.html#4271.Google Scholar
- R. E. Strom and S. Yemini. Typestate: A programming language concept for enhancing software reliability. IEEE Trans. Softw. Eng., 12(1):157--171, 1986. Google Scholar
Digital Library
Index Terms
Enforcing object protocols by combining static and runtime analysis
Recommendations
Enforcing object protocols by combining static and runtime analysis
OOPSLA '08: Proceedings of the 23rd ACM SIGPLAN conference on Object-oriented programming systems languages and applicationsIn this paper, we consider object protocols that constrain interactions between objects in a program. Several such protocols have been proposed in the literature. For many APIs (such as JDOM, JDBC), API designers constrain how API clients interact with ...
Runtime verification of cryptographic protocols
There has been a significant amount of work devoted to the static verification of security protocol designs. Virtually all of these results, when applied to an actual implementation of a security protocol, rely on certain implicit assumptions on the ...
Verifying data- and control-oriented properties combining static and runtime verification: theory and tools
Static verification techniques are used to analyse and prove properties about programs before they are executed. Many of these techniques work directly on the source code and are used to verify data-oriented properties over all possible executions. The ...







Comments