11 research outputs found
A Notion of Dynamic Interface for Depth-Bounded Object-Oriented Packages
Programmers using software components have to follow protocols that specify
when it is legal to call particular methods with particular arguments. For
example, one cannot use an iterator over a set once the set has been changed
directly or through another iterator. We formalize the notion of dynamic
package interfaces (DPI), which generalize state-machine interfaces for single
objects, and give an algorithm to statically compute a sound abstraction of a
DPI. States of a DPI represent (unbounded) sets of heap configurations and
edges represent the effects of method calls on the heap. We introduce a novel
heap abstract domain based on depth-bounded systems to deal with potentially
unboundedly many objects and the references among them. We have implemented our
algorithm and show that it is effective in computing representations of common
patterns of package usage, such as relationships between viewer and label,
container and iterator, and JDBC statements and cursors
Dynamic Package Interfaces - Extended Version
A hallmark of object-oriented programming is the ability to perform
computation through a set of interacting objects. A common manifestation of
this style is the notion of a package, which groups a set of commonly used
classes together. A challenge in using a package is to ensure that a client
follows the implicit protocol of the package when calling its methods.
Violations of the protocol can cause a runtime error or latent invariant
violations. These protocols can extend across different, potentially
unboundedly many, objects, and are specified informally in the documentation.
As a result, ensuring that a client does not violate the protocol is hard.
We introduce dynamic package interfaces (DPI), a formalism to explicitly
capture the protocol of a package. The DPI of a package is a finite set of
rules that together specify how any set of interacting objects of the package
can evolve through method calls and under what conditions an error can happen.
We have developed a dynamic tool that automatically computes an approximation
of the DPI of a package, given a set of abstraction predicates. A key property
of DPI is that the unbounded number of configurations of objects of a package
are summarized finitely in an abstract domain. This uses the observation that
many packages behave monotonically: the semantics of a method call over a
configuration does not essentially change if more objects are added to the
configuration. We have exploited monotonicity and have devised heuristics to
obtain succinct yet general DPIs. We have used our tool to compute DPIs for
several commonly used Java packages with complex protocols, such as JDBC,
HashSet, and ArrayList.Comment: The only changes compared to v1 are improvements to the Abstract and
Introductio
Practical API Protocol Checking with Access Permissions
Reusable APIs often define usage protocols. We previously developed a sound modular type system that checks compliance with typestate-based protocols while affording a great deal of aliasing flexibility. We also developed Plural, a prototype tool that embodies our approach as an automated static analysis and includes several extensions we found useful in practice. This paper evaluates our approach along the following dimensions: (1) We report on experience in specifying relevant usage rules for a large Java standard API with our approach. We also specify several other Java APIs and identify recurring patterns. (2) We summarize two case studies in verifying third-party open-source code bases with few false positives using our tool. We discuss how tool shortcomings can be addressed either with code refactorings or extensions to the tool itself. These results indicate that our approach can be used to specify and enforce real API protocols in practice
Automatic extraction of heap reference properties in object-oriented programs
We present a new technique for helping developers understand heap referencing properties of object-oriented programs
and how the actions of the program affect these properties. Our dynamic analysis uses the aliasing properties of objects to synthesize
a set of roles; each role represents an abstract object state intended to be of interest to the developer. We allow the developer to
customize the analysis to explore the object states and behavior of the program at multiple different and potentially complementary
levels of abstraction. The analysis uses roles as the basis for three abstractions: role transition diagrams, which present the observed
transitions between roles and the methods responsible for the transitions; role relationship diagrams, which present the observed
referencing relationships between objects playing different roles; and enhanced method interfaces, which present the observed roles
of method parameters. Together, these abstractions provide useful information about important object and data structure properties
and how the actions of the program affect these properties. We have implemented the role analysis and have used this implementation
to explore the behavior of several Java programs. Our experience indicates that, when combined with a powerful graphical user
interface, roles are a useful abstraction for helping developers explore and understand the behavior of object-oriented programs
Method for Statically Checking an Object-oriented Computer Program Module
A method for statically checking an object-oriented computer program module includes the step of identifying objects within a computer program module, at least one of the objects having a plurality of references thereto, possibly from multiple clients. A discipline of permissions is imposed on the objects identified within the computer program module. The permissions enable tracking, from among a discrete set of changeable states, a subset of states each object might be in. A determination is made regarding whether the imposed permissions are violated by a potential reference to any of the identified objects. The results of the determination are output to a user