kevin bierhoff

My thesis entitled API Protocol Compliance in Object-Oriented Software has been approved and is available as technical report CMU-ISR-09-108.  Printed copies are also be available through ProQuest.

Abstract.  Modern software development is highly reliant on reusable APIs.  APIs often define usage protocols that API clients must follow in order for code implementing the API to work correctly.  Loosely speaking, API protocols define legal sequences of method calls on objects.  In this work, protocols are defined based on typestates.  Typestates leverage the familiar intuition of abstract state machines to define usage protocols.
The goal of this work is to give developers comprehensive help in defining and following API protocols in object-oriented software. Two key technical contributions enable the proposed approach: (1) Object state spaces are defined with hierarchical state refinements. Hierarchical state spaces make specifications more succinct, elegantly deal with subtyping, express uncertainty, and enable more precise reasoning about aliasing. (2) A novel abstraction, called access permissions, combines typestate and aliasing information. Access permissions capture developers' design intent regarding API protocols and enable sound modular verification of API protocol compliance while allowing a great deal of flexibility in aliasing objects.
This dissertation demonstrates that typestate-based protocols with state refinement and access permissions can be used for automated, static, modular enforcement of API protocols in practical object-oriented software. Formal and empirical results show that the presented approach captures common API protocols succinctly, allows sound modular checking of protocol compliance in object-oriented code, can be automated in tools for mainstream programming languages that impose low annotation burden on developers, and can check API protocols in off-the-shelf software with higher precision than previous approaches.
This work puts automatic API protocol compliance checking within reach of being used in practice. It will enable rapid and correct use of APIs during initial construction and ensure that API clients and implementations remain consistent with the specified protocol during maintenance tasks.

My thesis defense is scheduled for 23 April 2009, 12 noon, in Wean Hall 5324! I am very excited and hope that many of you can make it.

My thesis research is on API Protocol Compliance in Object-Oriented Software. It is based on papers on empirical observations about APIs and a sound modular type system for enforcing protocols in the presence of aliasing using the idea of fractional permissions. These appeared at ESEC/FSE'05 and OOPSLA'07, respectively. My thesis includes the development of Plural, a typestate protocol checking tool for Java. An upcoming ECOOP'09 paper summarizes empirical results in using my thesis work to specify Java standard library APIs and check compliance to these API protocols in open-source software. Recently, I have also submitted a paper on how Plural automatically infers permissions in a modular way.