Many teachers of programming advocate the use of comments, but comments do not necessarily reflect what the code actually does, particularly after updating. The use of assertions (executable comments) is better, since their failure will raise an exception and halt the program, but assertions are expensive to evaluate. Invariants, on the other hand, are related to the program code and require no runtime calculation, and a program is correct if its final invariant conforms to its specification.

Program evolution reflects a desire to make some change in performance or functionality. Depending on the change (an update or a correction), invariants of the old version of the program will either be invariants of the new version or be changed in accordance with the update. The key purpose of the work reported here is to ensure that desired changes do not accidentally cause undesirable changes elsewhere in the code. Thus, this paper is an important contribution to proper, scientifically based software engineering.

This work generates approximations to invariants derived from test runs of a program. More diverse runs improve the approximation. Experiments have shown that it is possible to derive a specification from an implementation, and even detect omissions from a specification. The paper, derived from a presentation at ICSE ’99, can be understood by experienced programmers. More details of the technical workings of Daikon, the authors’ invariant detection program, would have been nice. Perhaps this will be forthcoming in another, more formal paper.