Local Reasoning and Dynamic Framing for the Composite Pattern and Its Clients

The Composite design pattern is an exemplar of specification and verification challenges for sequential object-oriented programs. Region logic is a Hoare logic augmented with state dependent "modifies" specifications based on simple notations for object sets. Using ordinary first order logic assertions, it supports local reasoning and also the hiding of invariants on encapsulated state, in ways similar to separation logic but suited to off-the-shelf SMT solvers. This paper uses region logic to specify and verify a representative implementation of the Composite design pattern. To evaluate efficacy of the specification, it is used in verifications of several sample client programs including one with hiding. Verification is performed using a verifier for region logic built on top of an existing verification condition generator which serves as a front end to an SMT solver.

[1]  K. Rustan M. Leino,et al.  A Polymorphic Intermediate Verification Language: Design and Logical Encoding , 2010, TACAS.

[2]  Jan Vitek,et al.  ECOOP 2008 - Object-Oriented Programming, 22nd European Conference, Paphos, Cyprus, July 7-11, 2008, Proceedings , 2008, ECOOP.

[3]  Anindya Banerjee,et al.  Regional Logic for Local Reasoning about Global Invariants , 2008, ECOOP.

[4]  Mike Barnett,et al.  Towards imperative modules: reasoning about invariants and sharing of mutable state , 2004, LICS 2004.

[5]  Frank Piessens,et al.  An Automatic Verifier for Java-Like Programs Based on Dynamic Frames , 2008, FASE.

[6]  Perdita Stevens,et al.  Modelling Recursive Calls with UML State Diagrams , 2003, FASE.

[7]  Anindya Banerjee,et al.  Boogie Meets Regions: A Verification Experience Report , 2008, VSTTE.

[8]  Frank Piessens,et al.  Implicit Dynamic Frames: Combining Dynamic Frames and Separation Logic , 2009, ECOOP.

[9]  Brian Campbell,et al.  Amortised Memory Analysis Using the Depth of Data Structures , 2009, ESOP.

[10]  K. Rustan M. Leino,et al.  Verification of Equivalent-Results Methods , 2008, ESOP.

[11]  Alex K. Simpson,et al.  Computational Adequacy in an Elementary Topos , 1998, CSL.

[12]  Martin Odersky ECOOP 2004 – Object-Oriented Programming , 2004, Lecture Notes in Computer Science.

[13]  Gary T. Leavens,et al.  How the design of JML accommodates both runtime assertion checking and formal verification , 2003, Sci. Comput. Program..

[14]  Gavin M. Bierman,et al.  Separation logic and abstraction , 2005, POPL '05.

[15]  K. Rustan M. Leino,et al.  Reasoning about comprehensions with first-order SMT solvers , 2009, SAC '09.

[16]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[17]  Tobias Nipkow,et al.  FM 2006: Formal Methods, 14th International Symposium on Formal Methods, Hamilton, Canada, August 21-27, 2006, Proceedings , 2006, FM.

[18]  K. Rustan M. Leino,et al.  The Spec# Programming System: Challenges and Directions , 2005, VSTTE.

[19]  K. Rustan M. Leino,et al.  Data groups: specifying the modification of extended state , 1998, OOPSLA '98.

[20]  Gary T. Leavens,et al.  Specification and verification challenges for sequential object-oriented programs , 2007, Formal Aspects of Computing.

[21]  K. Rustan M. Leino,et al.  Dafny: An Automatic Program Verifier for Functional Correctness , 2010, LPAR.

[22]  C. A. R. Hoare,et al.  Proof of Correctness of Data Representations (Reprint) , 2002, Software Pioneers.

[23]  Peter W. O'Hearn,et al.  Separation and information hiding , 2004, POPL.

[24]  Anindya Banerjee,et al.  Dynamic Boundaries: Information Hiding by Second Order Framing with First Order Assertions , 2010, ESOP.

[25]  D. Naumann An Admissible Second Order Frame Rule in Region Logic , 2008 .

[26]  Gary T. Leavens,et al.  Modular invariants for layered object structures , 2006, Sci. Comput. Program..

[27]  C. A. R. Hoare,et al.  Proof of correctness of data representations , 1972, Acta Informatica.

[28]  K. Rustan M. Leino,et al.  Object Invariants in Dynamic Contexts , 2004, ECOOP.

[29]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[30]  Gary T. Leavens,et al.  Model Programs for Preserving Composite Invariants , 2008 .

[31]  Gary T. Leavens,et al.  Information Hiding and Visibility in Interface Specifications , 2007, 29th International Conference on Software Engineering (ICSE'07).

[32]  Ioannis T. Kassios Dynamic Frames: Support for Framing, Dependencies and Sharing Without Restrictions , 2006, FM.

[33]  Ralph Johnson,et al.  design patterns elements of reusable object oriented software , 2019 .

[34]  Jonathan Aldrich,et al.  Permissions to Specify the Composite Design Pattern , 2008 .

[35]  Sophia Drossopoulou,et al.  Considerate Reasoning and the Composite Design Pattern , 2010, VMCAI.

[36]  Peter W. O'Hearn,et al.  Local Reasoning about Programs that Alter Data Structures , 2001, CSL.

[37]  K. Rustan M. Leino,et al.  BoogiePL: A typed procedural language for checking object-oriented programs , 2005 .

[38]  Jens Palsberg,et al.  Encapsulating objects with confined types , 2001, TOPL.

[39]  Frank Piessens,et al.  Verifying the Composite pattern using separation logic , 2008 .