A formal bridge between runtime assertion checking and static verification of inheritance (P. 147 - 162)

In object-oriented programming languages, the relationship that should hold between the specifications of a class and its superclass is called behavioural subtyping. In this paper we analyse the conditions that a behavioural subtype should meet during runtime assertion checking, that is, during dynamic verification. Our exploration relates such conditions for runtime assertion checking to the conditions that should be met in static verification of correctness under the principles of modular reasoning. As a result, we state and prove a theorem that connects dynamic and static verification of method calls in the presence of inheritance. The novelty of this theorem lies on the fact that the connection is an equivalence, where the implication from static to dynamic verification has been explored before but not the opposite one. This new exploration then poses that a hypothetical exhaustive testing through runtime assertion checking would be equivalent to the corresponding static verification of definite correctness, which adds solidity to runtime assertion checking. None but one of the runtime assertion checking tools that we know of can effectively detect all possible problems in class inheritance; the one exception is the tool used for Spec#, but their strategy relies on both specification inheritance and a rather substantial restriction on preconditions, requirements we could dispose of when taking our the-oretical results to a practical implementation.

[1]  Matthias Felleisen,et al.  Contract Soundness for object-oriented languages , 2001, OOPSLA '01.

[2]  Heike Wehrheim,et al.  Jass - Java with Assertions , 2001, RV@CAV.

[3]  Gary T. Leavens,et al.  Behavioral Subtyping, Specification Inheritance, and Modular Reasoning , 2015, ACM Trans. Program. Lang. Syst..

[4]  Edsger W. Dijkstra,et al.  Predicate Calculus and Program Semantics , 1989, Texts and Monographs in Computer Science.

[5]  Matthias Felleisen,et al.  Behavioral contracts and behavioral subtyping , 2001, ESEC/FSE-9.

[6]  Leonid Mikhajlov,et al.  Formal Semantics of Inheritance and Object Substitutability , 2000 .

[7]  Gary T. Leavens,et al.  Forcing behavioral subtyping through specification inheritance , 1996, Proceedings of IEEE 18th International Conference on Software Engineering.

[8]  Emil Sekerinski,et al.  Class Refinement and Interface Refinement in Object-Oriented Programs , 1997, FME.

[9]  Jeannette M. Wing,et al.  A behavioral notion of subtyping , 1994, TOPL.

[10]  John L. Bruno,et al.  jContractor: A Reflective Java Library to Support Design by Contract , 1999, Reflection.

[11]  K. Rustan M. Leino,et al.  The Spec# Programming System: An Overview , 2004, CASSIS.

[12]  Simon Thompson,et al.  Haskell: The Craft of Functional Programming , 1996 .

[13]  Yoonsik Cheon,et al.  A Runtime Assertion Checker for the Java Modeling Language (JML) , 2003, ICSE 2003.

[14]  Ralph-Johan Back,et al.  Class Refinement as Semantics of Correct Object Substitutability , 2000, Formal Aspects of Computing.

[15]  Richard S. Bird,et al.  Introduction to functional programming using haskeu , 1998 .

[16]  Carroll Morgan,et al.  Programming from specifications , 1990, Prentice Hall International Series in computer science.

[17]  Ken Arnold,et al.  The Java Programming Language , 1996 .

[18]  Gary T. Leavens,et al.  Design by Contract with JML , 2006 .

[19]  Barbara Liskov,et al.  Program Development in Java - Abstraction, Specification, and Object-Oriented Design , 1986 .

[20]  簡聰富,et al.  物件導向軟體之架構(Object-Oriented Software Construction)探討 , 1989 .

[21]  Gary T. Leavens,et al.  Behavioral Subtyping is Equivalent to Modular Reasoning for Object-oriented Programs , 2006 .