Institute for Software Research
School of Computer Science, Carnegie Mellon University


Practical API Protocol Checking
with Access Permissions

Kevin Bierhoff, Nels E. Beckman, Jonathan Aldrich

January 2009


Keywords: Typestate, aliasing, Plural, case study

Reusable APIs often define usage protocols. We previously developed a sound modular type system that checks compliance with typestate-based protocols while affording a great deal of aliasing flexibility. We also developed Plural, a prototype tool that embodies our approach as an automated static analysis and includes several extensions we found useful in practice. This paper evaluates our approach along the following dimensions: (1) We report on experience in specifying relevant usage rules for a large Java standard API with our approach. We also specify several other Java APIs and identify recurring patterns. (2) We summarize two case studies in verifying third-party open-source code bases with few false positives using our tool. We discuss how tool shortcomings can be addressed either with code refactorings or extensions to the tool itself. These results indicate that our approach can be used to specify and enforce real API protocols in practice.

24 pages

Return to: SCS Technical Report Collection
School of Computer Science homepage

This page maintained by