Specification and Verification with References

Modern object-oriented programming languages demand that component designers, specifiers, and clients deal with references. This is true despite the fact that some programming language and formal methods researchers have been announcing for decades, in effect, that pointers/references are harmful to the reasoning process. Their wise counsel to bury pointers/references as deeply as possible, or to eliminate them entirely, hasn’t been heeded. What can be done to reconcile the practical need to program in the languages provided to us by the commercial powers-that-be, with the need to reason soundly about the behavior of component-based software systems? By directly comparing specifications for value and reference types, it is possible to assess the impact of visible pointers/references. The issues involved are the added difficulty for clients in understanding component specifications, and in reasoning about client program behavior. The conclusion is that making pointers/references visible to component clients needlessly complicates specification and verification.

[1]  Gregory Kulczycki,et al.  Reasoning about Software-Component Behavior , 2000, ICSR.

[2]  Andy Bond,et al.  Software Component Engineering: Meta-Framework and Technologies , 2000 .

[3]  Liqing Wang,et al.  A formal approach to component-based software engineering: education and evaluation , 2001, Proceedings of the 23rd International Conference on Software Engineering. ICSE 2001.

[4]  B. Weide Modular Regression Testing " : Connections to Component-Based Software , 2001 .

[5]  Bruce W. Weide,et al.  Experience report: using RESOLVE/C++ for commercial software , 2000, SIGSOFT '00/FSE-8.

[6]  David M. Egle Evaluating Larch/C++ as a Specification Language = A Case Study Using the Microsoft Foundation Class Library , 1995 .

[7]  Manfred Broy Experiences with software specification and verification using LP, the Larch proof assistant , 1996, Formal Methods Syst. Des..

[8]  David R. Musser,et al.  STL tutorial and reference guide , 2001 .

[9]  David C. Luckham,et al.  Verification of Array, Record, and Pointer Operations in Pascal , 1979, TOPL.

[10]  Arnd Poetzsch-Heffter,et al.  Modular specification and verification techniques for object-oriented software components , 2000 .

[11]  Bruce W. Weide,et al.  Engineering 'unbounded' reusable ada generics , 1992 .

[12]  Charles Antony Richard Hoare,et al.  Hints on programming language design. , 1973 .

[13]  James A. Gosling,et al.  The java language environment: a white paper , 1995 .

[14]  Stephen H. Edwards,et al.  Design and Specification of Iterators Using the Swapping Paradigm , 1994, IEEE Trans. Software Eng..

[15]  David R. Musser,et al.  STL tutorial and reference guide, second edition: C++ programming with the standard template library , 2001 .

[16]  Bruce W. Weide,et al.  Copying and Swapping: Influences on the Design of Reusable Software Components , 1991, IEEE Trans. Software Eng..

[17]  K. Rustan M. Leino,et al.  Data abstraction and information hiding , 2002, TOPL.

[18]  Bruce Weide,et al.  Component-based software using RESOLVE , 1994, SOEN.

[19]  D. B. Davis,et al.  Sun Microsystems Inc. , 1993 .

[20]  Bjarne Stroustrup,et al.  The C++ programming language (3. ed.) , 1997 .

[21]  Gary T. Leavens,et al.  ACL -- Eliminating Parameter Aliasing with Dynamic Dispatch , 1998 .

[22]  Guy L. Steele,et al.  The Java Language Specification , 1996 .

[23]  Richard C. Holt,et al.  The Geneva convention on the treatment of object aliasing , 1992, OOPS.

[24]  Stephen H. Edwards,et al.  Providing intellectual focus to CS1/CS2 , 1998, SIGCSE '98.

[25]  簡聰富,et al.  物件導向軟體之架構(Object-Oriented Software Construction)探討 , 1989 .

[26]  Albert L. Baker,et al.  JML: A Notation for Detailed Design , 1999, Behavioral Specifications of Businesses and Systems.

[27]  Stephen A. Cook,et al.  Soundness and Completeness of an Axiom System for Program Verification , 1978, SIAM J. Comput..

[28]  William F. Ogden,et al.  Specification of Abstract Data Types in Modula , 1980, TOPL.

[29]  Richard B. Kieburtz,et al.  Programming without pointer variables , 1976, Conference on Data: Abstraction, Definition and Structure.

[30]  William F. Ogden,et al.  Modular Verification of Data Abstractions with Shared Realizations , 1994, IEEE Trans. Software Eng..

[31]  James Noble,et al.  Ownership types for flexible alias protection , 1998, OOPSLA '98.