research-article

Separation logic, abstraction and inheritance

Authors:

Matthew J. Parkinson,

Gavin M. BiermanAuthors Info & Claims

ACM SIGPLAN Notices, Volume 43, Issue 1

Pages 75 - 86

https://doi.org/10.1145/1328897.1328451

Published: 07 January 2008 Publication History

Abstract

Inheritance is a fundamental concept in object-oriented programming, allowing new classes to be defined in terms of old classes. When used with care, inheritance is an essential tool for object-oriented programmers. Thus, for those interested in developing formal verification techniques, the treatment of inheritance is of paramount importance. Unfortunately, inheritance comes in a number of guises, all requiring subtle techniques.

To address these subtleties, most existing verification methodologies typically adopt one of two restrictions to handle inheritance: either (1) they prevent a derived class from restricting the behaviour of its base class (typically by syntactic means) to trivialize the proof obligations; or (2) they allow a derived class to restrict the behaviour of its base class, but require that every inherited method must be reverified. Unfortunately, this means that typical inheritance-rich code either cannot be verified or results in an unreasonable number of proof obligations.

In this paper, we develop a separation logic for a core object-oriented language. It allows derived classes which override the behaviour of their base class, yet supports the inheritance of methods without reverification where this is safe. For each method, we require two specifications: a static specification that is used to verify the implementation and direct method calls (in Java this would be with a super call); and a dynamic specification that is used for calls that are dynamically dispatched; along with a simple relationship between the two specifications. Only the dynamic specification is involved with behavioural subtyping. This simple separation of concerns leads to a powerful system that supports all forms of inheritance with low proof-obligation overheads. We both formalize our methodology and demonstrate its power with a series of inheritance examples.

References

[1]

M. Barnett, R. DeLine, M. Fähndrich, K. R. M. Leino, and W. Schulte. Verification of object-oriented programs with invariants. Journal of Object Technology, 3(6):27--56, 2004.

[2]

M. Barnett, K. R. M. Leino, and W. Schulte. The Spec# programming system: An overview. In Proceedings of CASSIS, pages 49--69, 2005.

Digital Library

[3]

B. Biering, L. Birkedal, and N. Torp-Smith. Bi-hyperdoctrines, higher-order separation logic, and abstraction. ACM TOPLAS, 2007. To appear.

Digital Library

[4]

G. M. Bierman, M. J. Parkinson, and A. M. Pitts. MJ: An imperative core calculus for Java and Java with effects. Technical Report 563, University of Cambridge Computer Laboratory, 2004.

[5]

W.-N. Chin, C. David, H. Nguyen, and S. Qin. Enhancing modular OO verification with separation logic. In Proceedings of POPL, 2008.

Digital Library

[6]

W. R. Cook, W. Hill, and P. Canning. Inheritance is not subtyping. In Proceedings of POPL, 1990.

Digital Library

[7]

K. K. Dhara and G. Leavens. Forcing behavioral subtyping through specification inheritance. In Proceedings of ICSE, 1996.

Digital Library

[8]

C. Flanagan, A. Sabry, B.F. Duba, and M. Felleisen. The essence of compiling with continuations. In Proceedings of PLDI, 1993.

Digital Library

[9]

M. Flatt, S. Krishnamurthi, and M. Felleisen. A programmer's reduction semantics for classes and mixins. Technical Report TR-97-293, Rice University, 1997. Corrected June, 1999.

[10]

E. Gamma, R. Helm, R. Johnson, and J. Vlissides. Design Patterns: Elements of Reusable Object-Oriented Software. Addison Wesley, 1994.

Digital Library

[11]

A. Igarashi, B. Pierce, and P. Wadler. Featherweight Java: A minimal core calculus for Java and GJ. ACM TOPLAS, 23(3):396--450, 2001.

Digital Library

[12]

S. Ishtiaq and P. W. O'Hearn. BI as an assertion language for mutable data structures. In Proceedings of POPL, pages 14--26, 2001.

Digital Library

[13]

N. Krishnaswami, J. Aldrich, and L. Birkedal. Modular verification of the subject-observer pattern via higher-order separation logic. In Proceedings of FTfJP, 2007.

[14]

G.T. Leavens and D.A. Naumann. Behavioral subtyping is equivalent to modular reasoning for object-oriented programs. Technical Report TR-06-36, Iowa State University, 2006.

[15]

G.T. Leavens, A.L. Baker, and C. Ruby. Preliminary design of JML: a behavioral interface specification language for Java. SIGSOFT Software Engineering Notes, 31(3): 1--38, 2006.

Digital Library

[16]

K. R. M. Leino. Data groups: Specifying the modification of extended state. In Proceedings of OOPSLA, pages 144--153, 1998.

Digital Library

[17]

K. R. M. Leino and P. Müller. A verification methodology for model fields. In Proceedings of ESOP, 2006.

Digital Library

[18]

K. R. M. Leino and W. Schulte. Using history invariants to verify observers. In Proceedings of ESOP, 2007.

Digital Library

[19]

B. H. Liskov and J. M. Wing. A behavioral notion of subtyping. ACM TOPLAS, 16(6):1811--1841, 1994.

Digital Library

[20]

P. Müller. Modular Specification and Verification of Object--Oriented Programs, volume 2262 of LNCS. Springer-Verlag, 2002. PhD thesis, FernUniversität Hagen.

[21]

P. Müller, A. Poetzsch-Heffter, and G.T. Leavens. Modular invariants for layered object structures. Science of Computer Programming, 62:253--286, 2006.

Digital Library

[22]

A. Nanevski, A. Ahmed, G. Morrisett, and L. Birkedal. Abstract predicates and mutable ADTs in Hoare Type Theory. In Proceedings of ESOP, 2007.

Digital Library

[23]

P. W. O'Hearn, J. C. Reynolds, and H. Yang. Local reasoning about programs that alter data structures. In Proceedings of CSL, pages 1--19, 2001.

Digital Library

[24]

M. Parkinson, G. Bierman, J. Noble, and W. Schulte. Contracts for patterns. Unpublished note, 2007.

[25]

M. J. Parkinson. Local Reasoning for Java. PhD thesis, Computer Laboratory, University of Cambridge, 2005. UCAM-CL-TR-654.

[26]

M. J. Parkinson and G.M. Bierman. Separation logic and abstraction. In Proceedings of POPL, pages 247--258, 2005.

Digital Library

[27]

A. Poetzsch-Heffter and P. Müller. A programming logic for sequential Java. In Proceedings of ESOP, volume 1576 of LNCS, 1999.

Digital Library

[28]

J. C. Reynolds. Separation logic: A logic for shared mutable data structures. In Proceedings of LICS, pages 55--74, 2002.

Digital Library

[29]

C. Ruby and G. T. Leavens. Safely creating correct subclasses without seeing superclass code. SIGPLAN Not., 35(10):208--228, 2000.

Digital Library

[30]

H. Yang. Local reasoning for stateful programs. PhD thesis, University of Illinois, July 2001.

Digital Library

Cited By

Li WLe QSong YChin W(2023)Incorrectness Proofs for Object-Oriented Programs via Subclass ReflectionProgramming Languages and Systems10.1007/978-981-99-8311-7_13(269-289)Online publication date: 26-Nov-2023
https://dl.acm.org/doi/10.1007/978-981-99-8311-7_13
Sabané AGuéhéneuc YArnaoudova VAntoniol G(2017)Fragile base-class problem, problem?Empirical Software Engineering10.1007/s10664-016-9448-222:5(2612-2657)Online publication date: 1-Oct-2017
https://dl.acm.org/doi/10.1007/s10664-016-9448-2
(2016)BibliographyFrom Action Systems to Distributed Systems10.1201/b20053-23(247-271)Online publication date: 20-Apr-2016
https://doi.org/10.1201/b20053-23
Show More Cited By

Index Terms

Separation logic, abstraction and inheritance
1. Software and its engineering

Recommendations

Separation logic and abstraction
POPL '05: Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages

In this paper we address the problem of writing specifications for programs that use various forms of modularity, including procedures and Java-like classes. We build on the formalism of separation logic and introduce the new notion of an abstract ...
Enhancing modular OO verification with separation logic
POPL '08

Conventional specifications for object-oriented (OO) programs must adhere to behavioral subtyping in support of class inheritance and method overriding. However, this requirement inherently weakens the specifications of overridden methods in ...
Separation logic and abstraction
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages

In this paper we address the problem of writing specifications for programs that use various forms of modularity, including procedures and Java-like classes. We build on the formalism of separation logic and introduce the new notion of an abstract ...

Comments

Information & Contributors

Information

Published In

cover image ACM SIGPLAN Notices

ACM SIGPLAN Notices Volume 43, Issue 1

POPL '08

January 2008

420 pages

ISSN:0362-1340

EISSN:1558-1160

DOI:10.1145/1328897

Issue’s Table of Contents

POPL '08: Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
January 2008
448 pages
ISBN:9781595936899
DOI:10.1145/1328438
General Chair:
George Necula
University of California, Berkeley
,
Program Chair:
Philip Wadler
University of Edinburgh

Copyright © 2008 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 January 2008

Published in SIGPLAN Volume 43, Issue 1

Check for updates

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

112
Total Citations
View Citations
855
Total Downloads

Downloads (Last 12 months)14
Downloads (Last 6 weeks)1

Reflects downloads up to 23 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Li WLe QSong YChin W(2023)Incorrectness Proofs for Object-Oriented Programs via Subclass ReflectionProgramming Languages and Systems10.1007/978-981-99-8311-7_13(269-289)Online publication date: 26-Nov-2023
https://dl.acm.org/doi/10.1007/978-981-99-8311-7_13
Sabané AGuéhéneuc YArnaoudova VAntoniol G(2017)Fragile base-class problem, problem?Empirical Software Engineering10.1007/s10664-016-9448-222:5(2612-2657)Online publication date: 1-Oct-2017
https://dl.acm.org/doi/10.1007/s10664-016-9448-2
(2016)BibliographyFrom Action Systems to Distributed Systems10.1201/b20053-23(247-271)Online publication date: 20-Apr-2016
https://doi.org/10.1201/b20053-23
Zaharieva-Stojanovski MHuisman M(2014)Verifying Class Invariants in Concurrent ProgramsProceedings of the 17th International Conference on Fundamental Approaches to Software Engineering - Volume 841110.1007/978-3-642-54804-8_16(230-245)Online publication date: 5-Apr-2014
https://dl.acm.org/doi/10.1007/978-3-642-54804-8_16
Amighi ABlom SHuisman M(2014)Resource Protection Using AtomicsProgramming Languages and Systems10.1007/978-3-319-12736-1_14(255-274)Online publication date: 2014
https://doi.org/10.1007/978-3-319-12736-1_14
Calvanese DKotek TŠimkus MVeith HZuleger F(2014)Shape and ContentIntegrated Formal Methods10.1007/978-3-319-10181-1_1(3-17)Online publication date: 2014
https://doi.org/10.1007/978-3-319-10181-1_1
Nordio MCalcagno CMeyer B(2014)Certificates and Separation LogicTrustworthy Global Computing10.1007/978-3-319-05119-2_16(273-293)Online publication date: 8-Mar-2014
https://doi.org/10.1007/978-3-319-05119-2_16
Kobayashi NIgarashi A(2013)Model-Checking higher-order programs with recursive typesProceedings of the 22nd European conference on Programming Languages and Systems10.1007/978-3-642-37036-6_24(431-450)Online publication date: 16-Mar-2013
https://dl.acm.org/doi/10.1007/978-3-642-37036-6_24
Parkinson MBierman G(2013)Separation Logic for Object-Oriented ProgrammingAliasing in Object-Oriented Programming. Types, Analysis and Verification10.1007/978-3-642-36946-9_13(366-406)Online publication date: 2013
https://doi.org/10.1007/978-3-642-36946-9_13
Hong ALiu YQiu Z(2013)Axioms and Abstract Predicates on Interfaces in Specifying/Verifying OO ComponentsFormal Aspects of Component Software10.1007/978-3-319-07602-7_12(174-195)Online publication date: 27-Oct-2013
https://dl.acm.org/doi/10.1007/978-3-319-07602-7_12
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents