Formal relationships in sequential object systems

Formal specifications describe the behaviour of object-oriented systems precisely, with the intent to capture all properties necessary for correctness. Relationships between objects, and in a broader sense the relationship between whole components, may not be adequately captured by specifications. One critical component of specifications having a role in relationships are invariants which define a constraint between multiple objects. If an object's invariant relies on external objects for its conditions, correct operations which abide by their specifications modifying these external objects may violate the constraint. Such an invariant defines a relationship between multiple objects which is unsound since it does not adequately describe the responsibilities which the objects in the relationship have to each other. The root cause of this correctness loophole is the failure of specifications to capture such relationships adequately as well as their correctness requirements. This thesis addresses this shortcoming in a number of ways, both for individual objects in a sequential environment, and between concurrent components which are defined as specialized object types. The proposed Colleague Technique [29] defines sound invariants between two object types using classical Design-by-Contract [35] methodologies. Additional invariant conditions introduced through the technique ensure that no correct operation may produce a post-state which does not satisfy all invariants satisfied by the pre-state. Relationships between objects, as well as their correct specification and management, are the subjects of this thesis. Those relationships between objects which can be described by invariants are made sound with the Colleague Technique, or the lightweight ownership type system that accompanies it. Behavioural correctness beyond these can be addressed with specifications in a similar manner to sequential systems without concurrency, in particular with the use of runtime assertion checking [11].

[1]  Simon L. Peyton Jones,et al.  Report on the programming language Haskell: a non-strict, purely functional language version 1.2 , 1992, SIGP.

[2]  M PaulHudakEt,et al.  Report on the programming language haskell: a non-strict , 1992 .

[3]  Craig Chambers,et al.  Alias annotations for program understanding , 2002, OOPSLA '02.

[4]  Gary A. Kildall,et al.  A unified approach to global program optimization , 1973, POPL.

[5]  簡聰富,et al.  物件導向軟體之架構(Object-Oriented Software Construction)探討 , 1989 .

[6]  Sarfraz Khurshid,et al.  Is the Java Type System Sound? , 1999, Theory Pract. Object Syst..

[7]  Guy L. Steele,et al.  The Java Language Specification , 1996 .

[8]  Christopher Strachey,et al.  Toward a mathematical semantics for computer languages , 1971 .

[9]  Gilles Kahn,et al.  Natural Semantics , 1987, STACS.

[10]  Albert L. Baker,et al.  JML: A Notation for Detailed Design , 1999, Behavioral Specifications of Businesses and Systems.

[11]  C. A. R. HOARE,et al.  An axiomatic basis for computer programming , 1969, CACM.

[12]  Chris Okasaki,et al.  Purely functional data structures , 1998 .

[13]  Jeannette M. Wing,et al.  Family Values: A Behavioral Notion of Subtyping , 1993 .

[14]  Yoonsik Cheon,et al.  A Runtime Assertion Checker for the Java Modeling Language (JML) , 2003, ICSE 2003.

[15]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[16]  Stephen N. Zilles,et al.  Programming with abstract data types , 1974 .

[17]  Dean Wampler,et al.  Contract4J for Design by Contract in Java: Design Pattern-Like Protocols and Aspect Interfaces , 2006 .

[18]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[19]  William G. Griswold,et al.  An Overview of AspectJ , 2001, ECOOP.

[20]  William G. Griswold,et al.  Getting started with ASPECTJ , 2001, CACM.

[21]  Eric Kerfoot,et al.  Maintaining Invariants Through Object Coupling Mechanisms , 2007 .

[22]  Sérgio Soares,et al.  Implementing Java modeling language contracts with AspectJ , 2008, SAC '08.

[23]  Vijay Saraswat Java is not type-safe , 2007 .

[24]  J. van Katwijk,et al.  VDM++, a formal specification language for object-oriented designs , 1992, CompEuro 1992 Proceedings Computer Systems and Software Engineering.

[25]  Einar Broch Johnsen,et al.  Minimal Ownership for Active Objects , 2008, APLAS.

[26]  Jean-Raymond Abrial,et al.  The B-book - assigning programs to meanings , 1996 .

[27]  Robin Milner,et al.  Definition of standard ML , 1990 .

[28]  Joe Armstrong,et al.  Programming Erlang: Software for a Concurrent World , 1993 .

[29]  Gary T. Leavens Modular specification and verification of object-oriented programs , 1991, IEEE Software.

[30]  Amr Sabry,et al.  What is a purely functional language? , 1998, Journal of Functional Programming.

[31]  A. Church An Unsolvable Problem of Elementary Number Theory , 1936 .

[32]  K. Rustan M. Leino,et al.  The Spec# Programming System: Challenges and Directions , 2005, VSTTE.

[33]  Eric Kerfoot,et al.  Deadlock freedom through object ownership , 2009 .

[34]  Denis Caromel,et al.  Toward a method of object-oriented concurrent programming , 1993, CACM.

[35]  Jan Vitek,et al.  Flexible Alias Protection , 1998, ECOOP.

[36]  Abhay Bhorkar,et al.  A Run-time Assertion Checker for Java using JML , 2000 .

[37]  Alex Borgida The frame problem in object-oriented specifications: an exhibition of problems and approaches , 1992 .

[38]  K. Rustan M. Leino,et al.  Object Invariants in Dynamic Contexts , 2004, ECOOP.

[39]  K. Rustan M. Leino,et al.  Extended static checking , 1998, PROCOMET.

[40]  Craig Chambers,et al.  Ownership Domains: Separating Aliasing Policy from Mechanism , 2004, ECOOP.

[41]  John Hughes,et al.  Why Functional Programming Matters , 1989, Comput. J..

[42]  B. A. Wichmann High Integrity Ada , 1997, SAFECOMP.

[43]  Bertrand Meyer,et al.  Eiffel: The Language , 1991 .

[44]  Liuba Shrira,et al.  Ownership types for object encapsulation , 2003, POPL '03.

[45]  Jim Davies,et al.  From Predicates to Programs: The Semantics of a Method Language , 2007, Electron. Notes Theor. Comput. Sci..

[46]  Ralph Johnson,et al.  design patterns elements of reusable object oriented software , 2019 .

[47]  Rok Strniša Fixing the Java Module System , in Theory and in Practice , 2008 .

[48]  Bernhard Beckert,et al.  The KeY tool , 2005, Software & Systems Modeling.

[49]  Andrew William Roscoe,et al.  The Theory and Practice of Concurrency , 1997 .

[50]  Sophia Drossopoulou,et al.  Java is Type Safe - Probably , 1997, ECOOP.

[51]  Tobias Nipkow,et al.  Javalight is type-safe—definitely , 1998, POPL '98.

[52]  Martin Odersky,et al.  Making the future safe for the past: adding genericity to the Java programming language , 1998, OOPSLA '98.

[53]  Jan Vitek,et al.  Confined types , 1999, OOPSLA '99.

[54]  Tom Ridge,et al.  Ott: effective tool support for the working semanticist , 2007, ICFP '07.

[55]  Sophia Drossopoulou,et al.  Generic Universe Types , 2007, ECOOP.

[56]  James Gosling,et al.  The Java Language Specification, 3rd Edition , 2005 .

[57]  Paulo Sérgio Almeida Balloon Types: Controlling Sharing of State in Data Types , 1997, ECOOP.

[58]  Matthew J. Parkinson,et al.  jStar: towards practical verification for java , 2008, OOPSLA.

[59]  K. R Leino,et al.  Towards Reliable Modular Programs , 1995 .

[60]  Gary T. Leavens,et al.  Modular invariants for layered object structures , 2006, Sci. Comput. Program..

[61]  J. L Bank,et al.  Parameterized Types and Java , 1996 .

[62]  Matthew J. Parkinson,et al.  The java module system: core design and semantic definition , 2007, OOPSLA.

[63]  John Mylopoulos,et al.  On the Frame Problem in Procedure Specifications , 1995, IEEE Trans. Software Eng..

[64]  Carroll Morgan,et al.  Programming from specifications , 1990, Prentice Hall International Series in computer science.

[65]  John Barnes,et al.  High Integrity Ada: The Spark Approach , 1997 .

[66]  Alan Mycroft,et al.  Kilim: Isolation-Typed Actors for Java , 2008, ECOOP.

[67]  Jim Davies,et al.  Formality, Evolution, and Model-driven Software Engineering , 2005, Electron. Notes Theor. Comput. Sci..

[68]  Philip Wadler,et al.  Featherweight Java: a minimal core calculus for Java and GJ , 1999, OOPSLA '99.

[69]  Peter Müller,et al.  Universes: Lightweight Ownership for JML , 2005, J. Object Technol..

[70]  Eric Kerfoot,et al.  Checking concurrent contracts with aspects , 2010, SAC '10.

[71]  James Noble,et al.  Ownership types for flexible alias protection , 1998, OOPSLA '98.

[72]  Matthew J. Parkinson,et al.  Local reasoning for Java , 2005 .

[73]  John Hogg,et al.  Islands: aliasing protection in object-oriented languages , 1991, OOPSLA '91.

[74]  D. A. Turner,et al.  Miranda: A Non-Strict Functional language with Polymorphic Types , 1985, FPCA.

[75]  James Noble,et al.  Featherweight generic confinement , 2006, Journal of Functional Programming.

[76]  Matthew S. Hecht,et al.  Flow Analysis of Computer Programs , 1977 .

[77]  Sophia Drossopoulou,et al.  Formalization of Generic Universe Types , 2006 .

[78]  Denis Caromel,et al.  Towards seamless computing and metacomputing in Java , 1998 .

[79]  Stephen J. Garland,et al.  Larch: Languages and Tools for Formal Specification , 1993, Texts and Monographs in Computer Science.

[80]  Rob Pike,et al.  The Inferno Programming Book: An Introduction to Programming for the Inferno Distributed System , 2005 .

[81]  C. A. R. Hoare,et al.  The verifying compiler: A grand challenge for computing research , 2003, JACM.

[82]  James Noble,et al.  Saving the world from bad beans: deployment-time confinement checking , 2003, OOPSLA 2003.

[83]  Tobias Nipkow,et al.  A Proof Assistant for Higher-Order Logic , 2002 .

[84]  Douglas C. Schmidt,et al.  Active object: an object behavioral pattern for concurrent programming , 1996 .

[85]  Dines Bjørner,et al.  The Vienna Development Method: The Meta-Language , 1978, Lecture Notes in Computer Science.

[86]  Egon Börger,et al.  A Programmer Friendly Modular Definition of the Semantics of Java , 1999, Formal Syntax and Semantics of Java.

[87]  J. Michael Spivey,et al.  The Z notation - a reference manual , 1992, Prentice Hall International Series in Computer Science.

[88]  Edward F. Walker,et al.  Asynchronous remote operation execution in distributed systems , 1990, Proceedings.,10th International Conference on Distributed Computing Systems.

[89]  Mark Lillibridge,et al.  Extended static checking for Java , 2002, PLDI '02.

[90]  Michael Barnett,et al.  Friends Need a Bit More: Maintaining Invariants Over Shared State , 2004, MPC.

[91]  Martin C. Rinard,et al.  ACM Conference on Object-Oriented Programming, Systems, Languages and Applications (OOPSLA), November 2002 Ownership Types for Safe Programming: Preventing Data Races and Deadlocks , 2022 .

[92]  Jonathan Aldrich,et al.  Using Types to Enforce Architectural Structure , 2008, Seventh Working IEEE/IFIP Conference on Software Architecture (WICSA 2008).

[93]  Patrick Th. Eugster,et al.  Can Aspects Implement Contracts? , 2005, RISE.

[94]  K. Rustan M. Leino,et al.  Data groups: specifying the modification of extended state , 1998, OOPSLA '98.

[95]  Liuba Shrira,et al.  Promises: linguistic support for efficient asynchronous procedure calls in distributed systems , 1988, PLDI '88.

[96]  Cristina V. Lopes,et al.  A study on exception detection and handling using aspect-oriented programming , 2000, Proceedings of the 2000 International Conference on Software Engineering. ICSE 2000 the New Millennium.

[97]  Matthias Felleisen,et al.  Classes and mixins , 1998, POPL '98.

[98]  K. Rustan M. Leino,et al.  The Spec# Programming System: An Overview , 2004, CASSIS.

[99]  Yuri Gurevich,et al.  Evolving algebras 1993: Lipari guide , 1995, Specification and validation methods.

[100]  Don Syme,et al.  Proving Java Type Soundness , 1999, Formal Syntax and Semantics of Java.

[101]  C. A. R. Hoare,et al.  Communicating Sequential Processes (Reprint) , 1983, Commun. ACM.

[102]  A classical mind: essays in honour of C. A. R. Hoare , 1994 .

[103]  Gordon D. Plotkin,et al.  A structural approach to operational semantics , 2004, J. Log. Algebraic Methods Program..

[104]  Luca Cardelli,et al.  Squeak: a language for communicating with mice , 1985, SIGGRAPH.

[105]  José C. Cunha,et al.  Grid Computing: Software Environments and Tools , 2005 .

[106]  Gerard J. Holzmann,et al.  The SPIN Model Checker - primer and reference manual , 2003 .

[107]  K. Rustan M. Leino,et al.  Verification of Object-Oriented Programs with Invariants , 2003, J. Object Technol..

[108]  Bor-Yuh Evan Chang,et al.  Boogie: A Modular Reusable Verifier for Object-Oriented Programs , 2005, FMCO.

[109]  Klaus-Peter Löhr,et al.  The Jac System: Minimizing the Differences between Concurrent and Sequential Java Code , 2006, J. Object Technol..