Abstract
Inheritance is a fundamental concept in object-oriented programming, allowing new classes to be defined in terms of old classes. When used with care, inheritance is an essential tool for object-oriented programmers. Thus, for those interested in developing formal verification techniques, the treatment of inheritance is of paramount importance. Unfortunately, inheritance comes in a number of guises, all requiring subtle techniques.
To address these subtleties, most existing verification methodologies typically adopt one of two restrictions to handle inheritance: either (1) they prevent a derived class from restricting the behaviour of its base class (typically by syntactic means) to trivialize the proof obligations; or (2) they allow a derived class to restrict the behaviour of its base class, but require that every inherited method must be reverified. Unfortunately, this means that typical inheritance-rich code either cannot be verified or results in an unreasonable number of proof obligations.
In this paper, we develop a separation logic for a core object-oriented language. It allows derived classes which override the behaviour of their base class, yet supports the inheritance of methods without reverification where this is safe. For each method, we require two specifications: a static specification that is used to verify the implementation and direct method calls (in Java this would be with a super call); and a dynamic specification that is used for calls that are dynamically dispatched; along with a simple relationship between the two specifications. Only the dynamic specification is involved with behavioural subtyping. This simple separation of concerns leads to a powerful system that supports all forms of inheritance with low proof-obligation overheads. We both formalize our methodology and demonstrate its power with a series of inheritance examples.
- M. Barnett, R. DeLine, M. Fähndrich, K. R. M. Leino, and W. Schulte. Verification of object-oriented programs with invariants. Journal of Object Technology, 3(6):27--56, 2004.Google Scholar
Cross Ref
- M. Barnett, K. R. M. Leino, and W. Schulte. The Spec# programming system: An overview. In Proceedings of CASSIS, pages 49--69, 2005. Google Scholar
Digital Library
- B. Biering, L. Birkedal, and N. Torp-Smith. Bi-hyperdoctrines, higher-order separation logic, and abstraction. ACM TOPLAS, 2007. To appear. Google Scholar
Digital Library
- G. M. Bierman, M. J. Parkinson, and A. M. Pitts. MJ: An imperative core calculus for Java and Java with effects. Technical Report 563, University of Cambridge Computer Laboratory, 2004.Google Scholar
- W.-N. Chin, C. David, H. Nguyen, and S. Qin. Enhancing modular OO verification with separation logic. In Proceedings of POPL, 2008. Google Scholar
Digital Library
- W. R. Cook, W. Hill, and P. Canning. Inheritance is not subtyping. In Proceedings of POPL, 1990. Google Scholar
Digital Library
- K. K. Dhara and G. Leavens. Forcing behavioral subtyping through specification inheritance. In Proceedings of ICSE, 1996. Google Scholar
Digital Library
- C. Flanagan, A. Sabry, B.F. Duba, and M. Felleisen. The essence of compiling with continuations. In Proceedings of PLDI, 1993. Google Scholar
Digital Library
- M. Flatt, S. Krishnamurthi, and M. Felleisen. A programmer's reduction semantics for classes and mixins. Technical Report TR-97-293, Rice University, 1997. Corrected June, 1999.Google Scholar
- E. Gamma, R. Helm, R. Johnson, and J. Vlissides. Design Patterns: Elements of Reusable Object-Oriented Software. Addison Wesley, 1994. Google Scholar
Digital Library
- A. Igarashi, B. Pierce, and P. Wadler. Featherweight Java: A minimal core calculus for Java and GJ. ACM TOPLAS, 23(3):396--450, 2001. Google Scholar
Digital Library
- S. Ishtiaq and P. W. O'Hearn. BI as an assertion language for mutable data structures. In Proceedings of POPL, pages 14--26, 2001. Google Scholar
Digital Library
- N. Krishnaswami, J. Aldrich, and L. Birkedal. Modular verification of the subject-observer pattern via higher-order separation logic. In Proceedings of FTfJP, 2007.Google Scholar
- G.T. Leavens and D.A. Naumann. Behavioral subtyping is equivalent to modular reasoning for object-oriented programs. Technical Report TR-06-36, Iowa State University, 2006.Google Scholar
- G.T. Leavens, A.L. Baker, and C. Ruby. Preliminary design of JML: a behavioral interface specification language for Java. SIGSOFT Software Engineering Notes, 31(3): 1--38, 2006. Google Scholar
Digital Library
- K. R. M. Leino. Data groups: Specifying the modification of extended state. In Proceedings of OOPSLA, pages 144--153, 1998. Google Scholar
Digital Library
- K. R. M. Leino and P. Müller. A verification methodology for model fields. In Proceedings of ESOP, 2006. Google Scholar
Digital Library
- K. R. M. Leino and W. Schulte. Using history invariants to verify observers. In Proceedings of ESOP, 2007. Google Scholar
Digital Library
- B. H. Liskov and J. M. Wing. A behavioral notion of subtyping. ACM TOPLAS, 16(6):1811--1841, 1994. Google Scholar
Digital Library
- P. Müller. Modular Specification and Verification of Object--Oriented Programs, volume 2262 of LNCS. Springer-Verlag, 2002. PhD thesis, FernUniversität Hagen.Google Scholar
- P. Müller, A. Poetzsch-Heffter, and G.T. Leavens. Modular invariants for layered object structures. Science of Computer Programming, 62:253--286, 2006. Google Scholar
Digital Library
- A. Nanevski, A. Ahmed, G. Morrisett, and L. Birkedal. Abstract predicates and mutable ADTs in Hoare Type Theory. In Proceedings of ESOP, 2007. Google Scholar
Digital Library
- P. W. O'Hearn, J. C. Reynolds, and H. Yang. Local reasoning about programs that alter data structures. In Proceedings of CSL, pages 1--19, 2001. Google Scholar
Digital Library
- M. Parkinson, G. Bierman, J. Noble, and W. Schulte. Contracts for patterns. Unpublished note, 2007.Google Scholar
- M. J. Parkinson. Local Reasoning for Java. PhD thesis, Computer Laboratory, University of Cambridge, 2005. UCAM-CL-TR-654.Google Scholar
- M. J. Parkinson and G.M. Bierman. Separation logic and abstraction. In Proceedings of POPL, pages 247--258, 2005. Google Scholar
Digital Library
- A. Poetzsch-Heffter and P. Müller. A programming logic for sequential Java. In Proceedings of ESOP, volume 1576 of LNCS, 1999. Google Scholar
Digital Library
- J. C. Reynolds. Separation logic: A logic for shared mutable data structures. In Proceedings of LICS, pages 55--74, 2002. Google Scholar
Digital Library
- C. Ruby and G. T. Leavens. Safely creating correct subclasses without seeing superclass code. SIGPLAN Not., 35(10):208--228, 2000. Google Scholar
Digital Library
- H. Yang. Local reasoning for stateful programs. PhD thesis, University of Illinois, July 2001. Google Scholar
Digital Library
Index Terms
Separation logic, abstraction and inheritance
Recommendations
Separation logic and abstraction
POPL '05: Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languagesIn this paper we address the problem of writing specifications for programs that use various forms of modularity, including procedures and Java-like classes. We build on the formalism of separation logic and introduce the new notion of an abstract ...
Separation logic and abstraction
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languagesIn this paper we address the problem of writing specifications for programs that use various forms of modularity, including procedures and Java-like classes. We build on the formalism of separation logic and introduce the new notion of an abstract ...
Separation logic, abstraction and inheritance
POPL '08: Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languagesInheritance is a fundamental concept in object-oriented programming, allowing new classes to be defined in terms of old classes. When used with care, inheritance is an essential tool for object-oriented programmers. Thus, for those interested in ...







Comments