User loginNavigation |
archivesMetaobject protocols: Why we want them and what else they can do
Metaobject protocols: Why we want them and what else they can do
Validity Invariants and EffectsValidity Invariants and Effects, Yi Lu, John Potter and Jingling Xue. ECOOP 2007.
I really liked this paper, but I think it might need a few preliminary explanations. There's a style of verification of OO programs based on "object invariants", which is the idea that you ensure that each object has an invariant, which every method maintains. Then verification is local, in the sense that you can verify each class's invariants independently. (This is used in the Boogie methodology used by Spec#, for instance.) However, there are a couple of wrinkles. First, aliasing: every object's invariant depends on some of the objects in its fields, and you don't want random aliases letting strangers modify your representation objects underneath your feet. So you introduce a notion of ownership to help track who has permission to mess with each object. Second, reentrancy: suppose the middle of a method body has temporarily broken the object's invariant, and you call another method on the object? You don't a priori know the call is safe. The type system the authors have introduced here tracks ownership and possibly-dangerous reentrant calls. The really clever part is that instead of just rejecting programs that fail these checks, they log all of the places where things break. So instead of saying "yes" or "no", the type system says "yes" or "manually verify the following things". So it's a labor-saving device for a verification methodology. |
Browse archivesActive forum topics |
Recent comments
27 weeks 3 days ago
27 weeks 3 days ago
27 weeks 3 days ago
49 weeks 4 days ago
1 year 1 week ago
1 year 3 weeks ago
1 year 3 weeks ago
1 year 6 weeks ago
1 year 10 weeks ago
1 year 10 weeks ago