Acta Informatica

, Volume 32, Issue 8, pp 705–778 | Cite as

Specification and verification of object-oriented programs using supertype abstraction

  • Gary T. Leavens
  • William E. Weihl
Article

Abstract

We present a formal specification language and a formal verification logic for a simple object-oriented programming language. The language is applicative and statically typed, and supports subtyping and message-passing. The verification logic relies on a behavioral notion of subtyping that captures the intuition that a subtype behaves like its supertypes. We give a formal definition for legal subtype relations, based on the specified behavior of objects, and show that this definition is sufficient to ensure the soundness of the verification logic. The verification logic reflects the way programmers reason informally about object-oriented programs, in that it allows them to use static type information, which avoids the need to consider all possible run-time subtypes.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    America, P.: Inheritance and subtyping in a parallel object-oriented language. In: Bezivin, J. et al. (eds) ECOOP '87, European Conference on Object-Oriented Programming, Paris, France, pages 234–242, New York, N.Y., 1987. Springer, Lecture Notes in Computer Science, Vol. 276Google Scholar
  2. 2.
    America, P.: Designing an object-oriented programming language with behavioural subtyping. In: de Bakker, J. W., de Roever, W. P., Rozenberg, G. (eds) Foundations of Object-Oriented Languages, REX School/Workshop, Noordwijkerhout, The Netherlands, May/June 1990, volume 489 of Lecture Notes in Computer Science, pages 60–90. Springer, New York, N.Y., 1991Google Scholar
  3. 3.
    America, P., de Boer, F.: A sound and complete proof theory for SPOOL. Technical Report 505, Philips Research Laboratories, Nederlandse Philips Bedrijven B. V., 1990Google Scholar
  4. 4.
    Broy, M.: A theory for nondeterminism, parallelism, communication, and concurrency. Theoretical Computer Science 45(1):1–61, 1986Google Scholar
  5. 5.
    Bruce, K. B., Longo, G.: A modest model of records, inheritance, and bounded quantification. In Gurevich, Y. (ed.) Third Annual Symposium on Logic in Computer Science, pages 38–51. IEEE, 1988Google Scholar
  6. 6.
    Bruce, K. B., Wegner, P.: An algebraic model of subtype and inheritance. In: Bancilhon, F., Buneman, P. (eds) Advances in Database Programming Languages, pages 75–96. Addison-Wesley, Reading, Mass., 1990Google Scholar
  7. 7.
    Burstall, R. M., Goguen, J. A.: Algebras, theories and freeness: An introduction for computer scientists. In: Broy, M., Schmidt, G. (eds) Theoretical Foundations of Programming Methodology: Lecture Notes of an International Summer School directed by F. L. Bauer, E. W. Dijkstra, C. A. R. Hoare, volume 91 of series C, pages 329–348. D. Reidel, Dordrecht, Holland, 1982Google Scholar
  8. 8.
    Cardelli, L.: A semantics of multiple inheritance. In: G. Kahn, D. B. M., Plotkin, G. (eds) Semantics of Data Types: International Symposium, Sophia-Antipolis, France, volume 173 of Lecture Notes in Computer Science, pages 51–66. Springer, New York, N.Y., 1984 A revised version of this paper appears in: Information and Computation,76, 138–164, 1988Google Scholar
  9. 9.
    Cardelli, L.: Structural subtyping and the notion of power type. In: Conference Record of the Fifteenth Annual ACM Symposium on Principles of Programming Languages, San Diego, Calif., pages 70–79. ACM, 1988Google Scholar
  10. 10.
    Cardelli, L., Wegner, P.: On understanding types, data abstraction and polymorphism. ACM Computing Surveys17(4):471–522, 1985Google Scholar
  11. 11.
    Chen, J.: The Larch/Generic interface language. Technical report, Massachusetts Institute of Technology, EECS department, 1989. The author's Bachelor's thesis. Available from John Guttag at MIT (guttag@lcs.mit.edu)Google Scholar
  12. 12.
    Cheon, Y. Larch/Smalltalk: A specification language for Smalltalk. Technical Report 91-15, Department of Computer Science, Iowa State University, Ames, IA, 1991. Available by anonymous ftp from ftp.cs.iastate.edu, and by e-mail from almanac@cs.iastate.eduGoogle Scholar
  13. 13.
    Cook, S. A.: Soundness and completeness of an axiom system for program verification. SIAM Journal on Computing7:70–90, 1978Google Scholar
  14. 14.
    Cook, W. R.: Object-oriented programming versus abstract data types. In: de Bakker, J. W., de Roever, W. P., Rozenberg, G. (eds) Foundations of Object-Oriented Languages, REX School/Workshop, Noordwijkerhout, The Netherlands, May/June 1990, volume 489 of Lecture Notes in Computer Science, pages 151–178. Springer, New York, N.Y., 1991Google Scholar
  15. 15.
    Cook, W. R., Hill, W. L., Canning, P. S.: Inheritance is not subtyping. In: Conference Record of the Seventeenth Annual ACM Symposium on Principles of Programming Languages, San Francisco, California, pages 125–135, 1990. Also STL-89-17, Software Technology Laboratory, Hewlett-Packard Laboratories, Palo Alto, Calif., July 1989Google Scholar
  16. 16.
    Dhara, K. K.: Subtyping among mutable types in object-oriented programming languages. Master's thesis, Iowa State University, Department of Computer Science, Ames, Iowa, 1992Google Scholar
  17. 17.
    Dhara, K. K., Leavens, G. T.: Subtyping for mutable types in object-oriented programming languages Technical Report 92-36, Deparement of Computer Science, Iowa State University, Ames, Iowa, 50011, 1992. Available by anonymous ftp from ftp.cs.iastate.edu, and by e-mail from almanac@cs.iastate.eduGoogle Scholar
  18. 18.
    Ehrig, H., Mahr, B.: Fundamentals of Algebraic Specification 1: Equations and Initial Semantics. EATCS Monographs on Theoretical Computer Science. Springer, New York, N.Y., 1985Google Scholar
  19. 19.
    Enderton, H. B.: A Mathematical Introduction to Logic. Academic Press, Inc., Orlando, Florida, 1972.Google Scholar
  20. 20.
    Goguen, J. A.: Parameterized programming. IEEE Transactions on Software Engineering, SE10(5):528–543, 1984Google Scholar
  21. 21.
    Goguen, J. A., Meseguer, J.: Order-sorted algebra solves the constructor-selector, multiple representation and coercion problems. Technical Report CSLI-87-92, Center for the Study of Language and Information, March 1987. Appears in Second Annual Symposium on Logic in Computer Science, Ithaca, NY, 1987, pages 18-29Google Scholar
  22. 22.
    Goldberg, A., Robson, D.: Smalltalk-80, The Language and its Implementation. Addison-Wesley Publishing Co., Reading, Mass., 1983Google Scholar
  23. 23.
    Gratzer, G.: Universal Algebra. Springer, New York, N.Y., second edition, 1979Google Scholar
  24. 24.
    Guttag, J. V., Horning, J. J., Wing, J. M.: Larch in five easy pieces. Technical Report 5, Digital Equipment Corporation, Systems Research Center, 130 Lytton Avenue, Palo Alto, CA 94301, July 1985. Order from src-report@src.dec.comGoogle Scholar
  25. 25.
    Guttag, J.: Notes on type abstractions (version 2). IEEE Transactions of Software Engineering, SE6(1):13–23, 1980. Version 1 in Proceedings Specifications of Reliable Software, Cambridge, Mass., IEEE, April, 1979Google Scholar
  26. 26.
    Guttag, J. V., Horning, J. J., Garland, S., Jones, K., Modet, A., Wing, J.: Larch: Languages and Tools for Formal Specification. Springer, New York, N.Y., 1993Google Scholar
  27. 27.
    Guttag, J. V., Horning, J. J., Modet, A.: Report on the Larch Shared Language: Version 2.3. Technical Report 58, Digital Equipment Corporation, Systems Research Center, 130 Lytton Avenue, Palo Alto, CA 94301, 1990. Order from src-report@src.dec.comGoogle Scholar
  28. 28.
    Guttag, J. V., Horning, J. J., Wing, J. M.: The Larch family of specification languages. IEEE Software,2(4), 1985Google Scholar
  29. 29.
    Hoare, C. A. R.: Notes on data structuring. In: Ole-J. Dahl, E. D., Hoare, C. A. R. (eds) Structured Programming, pages 83–174. Academic Press, Inc., New York, N.Y., 1972Google Scholar
  30. 30.
    LaLonde, W. R.: Designing families of data types using exemplars. ACM Transactions on Programming Languages and Systems11(2):212–248, 1989Google Scholar
  31. 31.
    LaLonde, W. R., Thomas, D. A., Pugh, J. R.: An exemplar based Smalltalk. ACM SIGPLAN Notices,21(11):322–330, 1986. OOPSLA '86 Conference Proceedings, Norman Meyrowitz (ed), 1986, Portland, OregonGoogle Scholar
  32. 32.
    Lamping, J.: Typing the specialization interface. ACM SIGPLAN Notices28(10):201–214, 1993. OOPSLA '93 Proceedings, Andreas Paepcke (ed)Google Scholar
  33. 33.
    Lamport, L.: A simple approach to specifying concurrent systems. Communications of the ACM32(1):32–45, 1989Google Scholar
  34. 34.
    Leavens, G. T.: Modular verification of object-oriented programs with subtypes. Technical Report 90-09, Department of Computer Science, Iowa State University, Ames, Iowa, 50011, 1990. Available by anonymous ftp from ftp.cs.iastate.edu, and by e-mail from almanac@cs.iastate.eduGoogle Scholar
  35. 35.
    Leavens, G. T.: Modular specification and verification of object-oriented programs. IEEE Software8(4):72–80, 1991Google Scholar
  36. 36.
    Leavens, G. T., Pigozzi, D.: Typed homomorphic relations extended with subtypes. Technical Report 91-14, Department of Computer Science, Iowa State University, Ames, Iowa, 50011, 1991 Appears in the proceedings of Mathematical Foundations of Programming Semantics '91, Springer, Lecture Notes in Computer Science, volume 598, pages 144–167, 1992Google Scholar
  37. 37.
    Leavens, G. T., Pigozzi, D.: Typed homomorphic relations extended with subtypes. In: Brookes, S. (ed.) Mathematical Foundations of Programming Semantics '91, volume 598 of Lecture Notes in Computer Science, pages 144–167. Springer, New York, N.Y., 1992Google Scholar
  38. 38.
    Leavens, G. T., Weihl, W. E.: Reasoning about object-oriented programs that use subtypes (extended abstract). ACM SIGPLAN Notices,25(10):212–223, 1990. OOPSLA ECOOP '90 Proceedings, N. Meyrowitz (ed)Google Scholar
  39. 39.
    Leavens, G. T., Weihl, W. E.: Subtyping, modular specification, and modular verification for applicative object-oriented programs. Technical Report 92-28d, Department of Computer Science, Iowa State University, Ames, Iowa, 50011, 1994. Available by anonymous ftp from ftp.cs.iastate.edu, and by e-mail from almanac@cs.iastate.eduGoogle Scholar
  40. 40.
    Leavens, G. T.: Verifying object-oriented programs that use subtypes. Technical Report 439, Massachusetts Institute of Technology, Laboratory for Computer Science, February 1989. The author's Ph.D. thesisGoogle Scholar
  41. 41.
    Lieberman, H.: Using prototypical objects to implement shared behavior in object oriented systems. ACM SIGPLAN Notices21(11):214–223, 1986. OOPSLA '86 Conference Proceedings, Norman Meyrowitz (ed), 1986, Portland, OregonGoogle Scholar
  42. 42.
    Liskov, B.: Data abstraction and hierarchy. ACM SIGPLAN Notices23(5):17–34, 1988. Revised version of the keynote address given at OOPSLA '87Google Scholar
  43. 43.
    Liskov, B., Guttag, J.: Abstraction and Specification in Program Development. The MIT Press, Cambridge, Mass., 1986Google Scholar
  44. 44.
    Liskov, B., Wing, J. M.: A new definition of the subtype relation. In Nierstrasz, O. M. (ed.) ECOOP '93-Object-Oriented Programming, 7th European Conference, Kaiserslautern, Germany, volume 707 of Lecture Notes in Computer Science, pages 118–141. Springer, New York, N.Y., 1993Google Scholar
  45. 45.
    Liskov, B., Wing, J. M.: Specifications and their use in defining subtypes. ACM SIGPLAN Notices28(10):16–28, 1993. OOPSLA '93 Proceedings, Andreas Paepcke (ed)Google Scholar
  46. 46.
    Loeckx, J., Sieber, K.: The Foundations of Program Verification (Second edition). John Wiley and Sons, New York, N.Y., 1987Google Scholar
  47. 47.
    Meyer, B.: Object-oriented Software Construction. Prentice Hall, New York, N.Y., 1988Google Scholar
  48. 48.
    Meyer, B.: Eiffel: The Language. Object-Oriented Series. Prentice Hall, New York, N.Y., 1992Google Scholar
  49. 49.
    Mitchell, J. C.: Representation independence and data abstraction (preliminary version). In: Conference Record of the Thirteenth Annual ACM Symposium on Principles of Programming Languages, St. Petersburg Beach, Florida, pages 263–276. ACM, January 1986Google Scholar
  50. 50.
    Mitchell, J. C.: Lambda Calculus Models of Typed Programming Languages. PhD thesis, Massachusetts Institute of Technology, August 1984Google Scholar
  51. 51.
    Nipkow, T.: Non-deterministic data types: Models and implementations. Acta Informatica22(16):629–661, 1986Google Scholar
  52. 52.
    Nipkow, T.: Behavioural Implementation Concepts for Nondeterministic Data Types. PhD thesis, University of Manchester, May 1987Google Scholar
  53. 53.
    Reynolds, J. C.: Using category theory to design implicit conversions and generic operators. In: Jones, N. D. (ed) Semantics-Directed Compiler Generation, Proceedings of a Workshop, Aarhus, Denmark, volume 94 of Lecture Notes in Computer Science, pages 211–258. Springer, 1980Google Scholar
  54. 54.
    Reynolds, J. C.: Three approaches to type structure. In: Ehrig, H., Floyd, C., Nivat, M., Thatcher, J. (eds) Mathematical Foundations of Software Development, Proceedings of the International Joint Conference on Theory and Practice of Software Development (TAPSOFT), Berlin. Volume 1: Colloquium on Trees in Algebra and Programming (CAAP '85), Volume 185 of Lecture Notes in Computer Science, pages 97–138. Springer, New York, N.Y., 1985Google Scholar
  55. 55.
    Schaffert, C., Cooper, T., Bullis, B., Kilian, M., Wilpolt, C.: An introduction to Trellis/Owl. ACM SIGPLAN Notices21(11):9–16, 1986. OOPSLA '86 Conference Proceedings, Norma Meyrowitz (ed), 1986, Portland, OregonGoogle Scholar
  56. 56.
    Schmidt, D. A.: Denotational Semantics: A Methodology for Language Development. Allyn and Bacon, Inc., Boston, Mass., 1986Google Scholar
  57. 57.
    Schoett, O.: Behavioural correctness of data representations. Science of Computer Programming14(1):43–57, 1990Google Scholar
  58. 58.
    Snyder, A.: Encapsulation and inheritance in object-oriented programming languages. ACM SIGPLAN Notices21(11):38–45, 1986. OOPSLA '86 Conference Proceedings, Norman Meyrowitz (ed), September 1986, Portland, OregonGoogle Scholar
  59. 59.
    Statman, R.: Logical relations and the typed λ-calculus. Information and Control65(2/3):85–97, 1985Google Scholar
  60. 60.
    Stein, L. A., Lieberman, H., Ungar, D.: A shared view of sharing: The treaty of Orlando. In: Kim, W., Lochovsky, F. H. (eds) Object-Oriented Concepts, Databases, and Applications, chapter 3, pages 32–48. Addison-Wesley Publishing Co., Reading, Mass., 1989Google Scholar
  61. 61.
    Utting, M.: An Object-Oriented Refinement Calculus with Modular Reasoning. PhD thesis, University of New South Wales, Kensington, Australia, 1992. Draft of February 1992 obtained from the AuthorGoogle Scholar
  62. 62.
    Utting, M., Robinson, K.: Modular reasoning in an object-oriented refinement calculus. In: Bird, R. S., Morgan, C. C., Woodcock, J. C. P. (eds) Mathematics of Program Construction, Second International Conference, Oxford, U.K., volume 669 of Lecture Notes in Computer Science, pages 344–367. Springer, New York, N.Y., 1992Google Scholar
  63. 63.
    Wing, J. M.: Writing Larch interface language specifications. ACM Transactions on Programming Languages and Systems9(1):1–24, 1987Google Scholar
  64. 64.
    Wing, J. M.: A two-tiered approach to specifying programs. Technical Report TR-299, Massachusetts Institute of Technology, Laboratory for Computer Science, 1983Google Scholar

Copyright information

© Springer-Verlag 1995

Authors and Affiliations

  • Gary T. Leavens
    • 1
  • William E. Weihl
    • 2
  1. 1.Department of Computer ScienceIowa State UniversityAmesUSA
  2. 2.Laboratory for Computer ScienceMassachusetts Institute of TechnologyCambridgeUSA

Personalised recommendations